Adding PowerShell support to WinPE using MDT 2012 RC1

After my last post about adding PowerShell support to WINPE I installed the latest MDT build.

Adding PowerShell support to WINPE is much easier using MDT.

Download MDT from connect Join the beta

Once installed add or create a deployment share.

Right click on the share and click properties.

Go to the Windows PE tab then click the features tab.

Select the features you want to add, click apply.

Close all the properties. Right click on the deployment share and click on update deployment share.

Once the update is complete you can use the WINPE ISO that MDT created to run PowerShell.

When PE starts up press F8 and run PowerShell by simply typing PowerShell

Thanks

Paul

Make a Powershell Windows PE ISO

Oh I’ve been waiting a long time for this. PowerShell within WinPE

I was really excited about this functionality mainly for deployments but with the new ADK Windows Assessment and Deployment Kit (ADK) for Windows® 8 Consumer Preview http://www.microsoft.com/download/en/details.aspx?id=28997 it is possible to create WinPE ISO files and UDF/USB drives with a fully functioning PowerShell V3 shell inside.

Follow these instructions to install PowerShell within PE

These instructions are for installing PowerShell only, it does not include any instructions for adding network drivers or additional PE configurations required for production environments

Download the adkadksetup.exe from here http://www.microsoft.com/download/en/details.aspx?id=28997

Install the ADK to a location of your choice

Once installed open the deployment and imaging tools as an administrator

Create the WinPE files by running the command copype amd64 c:winpe_amd64

or for x86

copype x86 c:winpe_x86

Create a directory like c:mount

Mount the PE boot.wim by running the command

dism /mount-wim /wimfile:C:winpe_x86mediasourcesboot.wim /index:1 /mountdir:C:mount

or for X64

dism /mount-wim /wimfile:C:winpe_amd64mediasourcesboot.wim /index:1 /mountdir:C:mount

once mounted add the required packages from the location you installed the .. Assessment and Deployment KitWindows Preinstallation Environmentx86WinPE_OCs

or for X64

Assessment and Deployment KitWindows Preinstallation Environmentx64WinPE_OCs

Please note..For my testing, I added every package apart from the WinPE-Setup.cab as this caused issues within PE.

You can add the packages by running the DISM command..

dism /image:c:mount /add-package /packagepath:"C:Program Files (x86)Windows Kits8.0Assessment and Deployment KitWindows Preinstallation Environmentx86WinPE_OCsWinPE-WMI.cab"

Once you have added the packages, drivers ect you must unmount the file and commit the changes with DISM

dism /unmount-wim /mountdir:c:mount /commit

The last step is to create the WINPE bootable image. By using the MakeWinPEMedia file you can create a udf or iso file from the contents of the c:winpe_x86 or x64 directory.

makewinpemedia /iso c:winpe_x86 c:winPE_x86.iso

or

makewinpemedia /iso c:winpe_x64 c:winPE_x64.iso

For this demonstration I created an ISO to test on Hyper-V

Powershell runs when typing the command Powershell into the command prompt.

Powershell is running on V3 within the host and get-command shows 366 cmdlets

Thanks

Paul

 

Hey, I’m on the radio!

Last week I had the pleasure of being interviewed for the Get scripting podcast. In the podcast I talk about PowerShell and MDT, why PowerShell is the best thing since slice bread, and meeting men on the Severn bridge! Listen to the podcast here.

Links

Get scripting podcast

Twitter

Follow @jonathanmedd !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=”//platform.twitter.com/widgets.js”;fjs.parentNode.insertBefore(js,fjs);}}(document,”script”,”twitter-wjs”);Follow @alanrenouf !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=”//platform.twitter.com/widgets.js”;fjs.parentNode.insertBefore(js,fjs);}}(document,”script”,”twitter-wjs”);Follow @GetScripting !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=”//platform.twitter.com/widgets.js”;fjs.parentNode.insertBefore(js,fjs);}}(document,”script”,”twitter-wjs”);

 

Facebook

http://www.facebook.com/pages/Get-Scripting-Podcast/115820275240

Monitoring MDT 2012 deployments

The latest beta release of MDT 2012 allows deployments to be tracked within the deployment workbench.

To set up remote monitoring right click on the deployment share, select properties then select the monitoring tab. Within this tab you can choose a monitoring host, and which ports to use for events and data. The default ports are 9800 and 9801.

Once a deployment has started the monitoring node within the workbench will display the progress of the deployment. By right clicking the deployment progress and selecting properties the progress of the deployment will be shown in more detail.

MDT monitors the progress of the deployment, the step, start and end, time elapsed, and any errors or warnings. MDT also assesses the deployment and will show options for remotely connecting to a machine if certain criteria have been met.

Remote desktop

The remote desktop button is displayed as default within the monitor. But will not establish a remote connection to WinPE, it will only connect to a system that has an operating system and remote desktop enabled.

DART remote control

The new version of DART (Diagnostic and recovery toolset) allows remote connections to be made to systems running WINPE.

The MDT monitoring tool will display a button for DART remote control if DART is detected running on the remote computer

VM remote control

The VM connection button allows a remote connection to a virtual machine running in Hyper-V.

MDT monitoring will display the button if Hyper-V integration components are detected running on the remote machine.

Windows PowerShell cmdlets for monitoring a deployment

The new MDT beta comes with PowerShell cmdlets to monitor the progress of a deployment.

As usual you can use the MDT cmdlets by running the PowerShell one liner

Add-PSSnapin ‘Microsoft.BDD.PSSNAPIN’

You must then attach a PSDRIVE to the deployment share

New-PSDrive -Name mdt -Root ‘D:deployment’ -PSProvider MDTPROVIDER

To get the monitoring data for a particular deployment run the get-mdtmonitordata cmdlet

Get-MDTMonitorData -Path mdt:

You will get back something like this

To stop monitoring the deployment use the remove-mdtmonitoringdata cmdlet

The task being monitored by MDT will then be removed

To add a monitor use the Set-MDTMonitorData cmdlet

Set-MDTMonitorData -Path mdt: -MacAddress ’00-15-5d-50-50-01′

NOTE:

This cmdlet would only allow me to load up the monitor if I used a MAC Address.

After loading up the monitor, get-mdtmonitordata reports that there are 2 deployments instead of 1 and when I try viewing the monitor node MDT will crash. Just a warning that this still is a Beta and issues like this will arise.

When I remove the extra monitor using PowerShell everything starts to work properly.

Conclusion

My way of remotely checking the progress of a deployment normally relies on somebody on the phone telling me its done or not. I also use the SLShareDynamicLogging customsettings property along with trace32 to monitor the real time logs.

By adding this monitoring capability MDT allows deployments to be carried out remotely with ease. I hope more functionality is added to this feature such as being able to view the logs.

MDT 2012 Beta 2 changes

I have just downloaded the MDT 2012 Beta 2. On first look it seems to be the same old MDT mmc look.

On opening the deployment share properties right click on deployment share, select properties everything looks different.

MDT Deployment share properties

MDT comes with 4 tabs. General, Rules, Windows PE, Monitoring

General and rules tab have not changed but within Windows PE MDT now has multiple tabs within to specify features and driver packages.

The last tab is the monitoring tab, with MDT 2012 deployments can be monitored from the monitoring node within the deployment share. The progress of the LTI deployment process is displayed as a percentage of completion. More on this later.

Within a task sequence properties there is now a run PowerShell step, MDT now allows PowerShell scripts to interact with task sequence variables and add to logs. PowerShell uses the Microsoft.BDD.TaskSequenceModule to create the TSENV: and TSENVLIST: Windows PowerShell drives. So I wasn’t going mad when I discovered this feature a few months ago in Beta1, more later.

PowerShell snapin improvements

Speaking of PowerShell MDT 2012 beta 2 has updated cmdlets for the monitoring solution. Once again, more on this later.

Disable-MDTMonitorService
Enable-MDTMonitorService
Get-MDTMonitorData
Remove-MDTMonitorData
Set-MDTMonitorData
Test-MDTMonitorData

There have been some major improvements in Beta 2. Ill do some more digging and testing and post more about this update soon.

Enabling MDT items with with Windows PowerShell

If you use Windows PowerShell to access and manipulate your MDT deployment share you might have trouble enabling disabled items. To enable all the drivers within your deployment share run this PowerShell 1 liner within your out of the box drivers directory.

get-childitem|Foreach {Set-ItemProperty -Path $_.name -Name Enable -Value ‘True’}

To disable

get-childitem|Foreach {Set-ItemProperty -Path $_.name -Name Enable -Value ‘False’}

This one liner can also be used to enable and disable task sequences.

Thank you to Ben Hunter, senior program manager at Microsoft solution accelerators for helping me with this. Ben blogs at Deployment guys

MDT PowerShell database bulk import

Using PowerShell to read through a CSV file to add computer entries into the MDT 2010 Database

Tonight on Twitter there were a few mentions about a blog post importing computers in bulk into the MDT database using VbScript. The blog post in question was http://www.myitforum.com/myITToolbar/frame-click.asp?url=http://skatterbrainz.blogspot.com/2011/05/vbscript-bulk-import-for-mdt-2010.html

Skatterbrainz had to convert a PowerShell Module into VBScript. The module can be found here.

http://blogs.technet.com/b/mniehaus/archive/2009/05/15/manipulating-the-microsoft-deployment-toolkit-database-using-powershell.aspx

I use the scripts contained within this module all the time, here is the command I use to Bulk import my computer items.

I have a CSV file with my computer information.

With each heading being a setting used in the database.

I then run the following script.

Import-Module mdtdb

$assets = Import-Csv “.Book2.csv”
connect-mdtdatabase -sqlserver yourdatabaseserver -database MDTDB4

ForEach($asset In $assets)

{

new-mdtcomputer -serialnumber $asset.SerialNumber -settings @{OSInstall=’YES’; OSDComputerName=$asset.OSDComputername; _SMSTSORGNAME=$asset._SMSTSORGNAME}

}

This will run through the CSV file and add them names and settings to the MDT database.

If you need to add different settings, just add SETTINGNAME=$asset.SETTINGNAME within the { }

So quite an easy way to quickly import items into the MDT database.

Finding out more about PowerShell cmdlets, snap ins, and modules

I’m just getting myself ready for the Scripting games .. http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/19/2011-scripting-games-all-links-on-one-page.aspx

So I’m brushing up on some basic Windows PowerShell commands.

In order to successfully manage a powerful management tool like PowerShell you really need to know what each cmdlet is capable of.

Before running any cmdlet for the first time I always check what members it contains, what parameters it accepts. Here are some tips I’ve thought of on the way.

Get the parameters a cmdlet accepts.

(Get-Command cmdletname).parameters

Get the properties of a cmdlet

Get-Command cmdletname | Get-Member

Get the cmdlets within a pssnapin

Get-Command –pssnapin *snapinname*

Get the cmdlets within a module

Get-Command –module *modulename*

Get the location of the pssnapin dll

Get-Command –pssnapin pssnapinname|fl dll

Diolch

Paul

Reading Powershell books on the Amazon Kindle

For my birthday I bought myself a Kindle. I love to read technical books but they are so big I decided to invest in some O’Reilly ebook upgrades, allowing me to read my favourite books in a convenient form. The Kindle sounded like a good way to read these books in an easy way.

The Kindle is a small slate like device which has a small monochrome screen. I was a bit dubious about the quality of the print and how it would render technical text such as Powershell code.

I was delighted to find that the Kindle works quite well with this kind of text.

 

Windows Powershell Cookbook 2nd Edition

Windows Powershell 2.0 Best Practices

I have tested both mobi and PDF versions of these books.

The PDF version are just too small. As PDF is a true representation of the books page. The screen is too small to read on a long term basis.

Windows Powershell 2.0 Best Practices in PDF

Windows Powershell 2.0 Administrator’s Pocket Consultant in MOBI format

I find that MOBI and Kindle versions of the books work really well in Portrait mode and Landscape mode.

The search and contents support in MOBI and Kindle versions makes this method of learning Powershell very easy. Its simple to quick to find a chapter to help in writing a Powershell script.

I just hope that Powershell in Action 2nd edition by Bruce Payette is released on the Kindle soon.

Here is a quick video I did to show off Powershell books on the Kindle. Its recorded on a phone so I apologise about the low quality.

Reading Powershell books on and Amazon Kindle

Diolch

Paul

Intel V-Pro PowerShell module Version 3 –Unboxing

As I mentioned in my previous post, Intel has released V3 of their VPRO Powershell module.

The module uses WinRM to access AMT enabled VPRO systems. Now you can do most of what these cmdlet’s can do by using Powershell’s WSMAN cmdlet’s but why on earth would you when Intel have done all the hard work for you!

After a day of chasing Intel about a dodgy link on their website they finally emailed me this link. http://software.intel.com/file/34909/

This link will take you to a ZIP file containing an x86 and x64 installer. Along with a handy PDF detailing the cmdlets contained within the module.

Once installed you can find the module within

Program FilesIntel CorporationPowerShellModules

Once installed open Powershell and type the command get-module –listavailable

This should show the intelvpro module, you can then import-module intelvpro to get to the cmdlets.

Running the command get-command –module intelvpro gives the following list of cmdlet’s

Name : Remove-AllITProfiles	Name : Get-AMT3PDS
Name : Remove-AllUserProfiles	Name : Get-AMTAccessMonitor
Name : Remove-AmtDirectoryObject	Name : Get-AMTAlarmClock
Name : Set-AMT3PDS	Name : Get-AmtCertificate
Name : Set-AmtAdminAcl	Name : Get-AmtCredential
Name : Set-AMTAlarmClock	Name : Get-AmtCredentialPath
Name : Set-AmtClock	Name : Get-AmtDigestRealm
Name : Set-AmtHost	Name : Get-AmtDirectoryObject
Name : Set-AMTSystemDefense	Name : Get-AMTEventLog
Name : Set-MebxPassword	Name : Get-AMTFirmwareVersion
Name : Start-AmtConfiguration	Name : Get-AMTHardwareAsset
Name : Start-AMTIDER	Name : Get-AmtHostSetupRecord
Name : Start-AMTUserConsent	Name : Get-AMTIDER
Name : Stop-AmtConfiguration	Name : Get-AMTPowerState
Name : Stop-AMTIDER	Name : Get-AmtProduct
Name : Stop-AMTUserConsent	Name : Get-AmtSession
Name : Write-AmtCredential	Name : Get-AmtSetup
Name : Get-AmtSignature	Name : Clear-AMT3PDS
Name : Get-AMTSystemDefense	Name : Clear-AMTAlarmClock
Name : Get-AmtUri	Name : Clear-AMTSystemDefense
Name : Get-AMTUserConsent	Name : ConvertFrom-Sid
Name : Get-AmtValueMap	Name : ConvertTo-AmtPassword
Name : Get-CertificateChain	Name : ConvertTo-Sid
Name : Invoke-AMTForceBoot	Name : Disable-Amt
Name : Invoke-AMTGUI	Name : Disable-AmtClientMode
Name : Invoke-AMTPowerManagement	Name : Disable-AmtTls
Name : Invoke-AMTSOL	Name : Enable-AmtAdminMode
Name : New-AmtConnection	Name : Enable-AmtClientMode
Name : New-AmtDirectoryObject	Name : Enable-AmtTrace
Name : New-AmtPassword	Name : Enter-AmtRemoteConfiguration
Name : New-AmtSession	Name : Enter-AmtSession
Name : New-AmtWirelessProfile	Name : Exit-AmtSession
Name : Read-AmtCredential	Name : Export-CertForAMT

Compared to version 2 of the Cmdlet’s there seems to be a lot more going on in version 3

there is also a provider included in V3 which allows the creation of AMT drives.

There are also IDER cmdlet’s allowing 1:n IDE redirection, which could come in handy for Zero- touch type installations.

One thing that’s disappointing is the lack of Cmdlet help especially the examples.

But either way, a very useful module for organisations using Vpro enabled hardware.