0: ForeWord


The reason I am writing this is because this actually took me couple of days to accomplish. Also I have sourced a lot through google.  However there is not yet a completed guide that I can use for tablet, especially for some specific steps I have to spend more than 2 hours to test for per parameter change ,  I do not want you to waste that time.

Reference and thanks to:

1. http://www.windows-noob.com/forums/topic/2336-password-protect-a-task-sequence/  from Windows Noob

2. https://www.sole.dk/vbscript-to-join-computers-to-domain-with-specific-user-and-avoid-having-to-manually-place-them-in-ad/ from Soles` Blog

and numorious authers and helpers in internet SCCM comunities. Without those people who shared knowledge I could never make it.

 


 

 

0.0 Reading order


I `d like to make it exetremely detailed since this post covered a lot of aresa of SCCM deployment, it also contains useful resources I sourced from internet. I put the reason under each little title to explain as much as I can, however for Technical reading(Know how other than know why) you can go to 2.0 task sequence and just do it step by step.

I expect you know the basic stuff, like how to create application packages, how to integrate MDT packages and create Task sequences, how to import drivers and etc. Since those information is available everywhere I will not explain any of those.

 

0.1 Usage


This is for Dell 3147, it is a typical tablet without a NIC, where you need apply a usb Dongle, in a enterprise level enviroment, Usb dongle means shared MAC address, computer naming need to be  Serial number based or certain rules, in my case I use Serial number.

 

0.2 (OPT)


I will put an (OPT) in some area for things not purly designed for 3147.
A general problem of using serial number as computer name is: sometimes the serial number is too long, and when serial number + your code is longer than 15(or 13 or 12) digits, it will not apply, then you will get a computer name like minit-something. I have used a solution in all my deployment for this case (2.2.1), I will put an option in front of it, so you can opt it out if not the case. In my case, some replaced mother board and Hyper V virtual machine can get 25 digits serial number, it need to be cut.

0.3 Scripts


Scripts are written in VBS and run as HTA application. You need enable HTML in your boot Image to support HTA. 

 


 


1: Preparation

 

1.1 Drivers


There are drivers you need to download from Dell`s official websites, I have also get one driver from intel for Bluetooth. 
Anyway, the idea of applying drivers are two steps, 1st is using the OOB "apply drivers" by SCCM, second is creating a package contains most of the drivers, copy them into local client, run each driver installation manually through task sequence since some drivers can not be installed by SCCM, I know there will be better ways however since W10 just came out recently, the drivers are not so up to date, I solved the problem my own way to secure that drivers are installed since I don’t like the yellow mark on Device manager. And this can be applied to any computer with a silent-install-enabled driver.

 

1.2 Scripts

There are scripts in my task sequence, in general they can be used everywhere, some are for OSD protection, some for serial number processing. I will list the details later.

1.3 Packages


There are only two packages in my deployment, acutally 3 if MDT package is counted, but I think you should have it ready if you are reading this.
Those 2 packages are:


1.3.1 Package contains all the scripts for general computer tasks(I.E. Serial number scripts, Change Registry...) .
1.3.2 Package contains all the 3147 drivers that can not be picked up. So if you are working on a different tablet, you only need to do a minor change in this area.
I will explain the details in each area.

 

2: Task Sequence - Lets get started!

 

 Whole Task Sequence

00 TaskSequence

 


2.1 (OPT) Validation


This area I have a script to lock the task sequence since I do not use a generic PXE password. The reason is I let some teachers to do deployment themselve in their lab room, however I will not tell them the ICT password, So i set up password for them and only certain people knows the right password for the right task.


2.1.1 Setup password Variable - This task set up a password you can use in next step.

3147 02


2.1.2 Setup Computer model variable


I use this only because some computers got different computer model numbers for same mode, I.E. Yoga 2. so the OOB gather -> get model number can not be used or you have to add each model number to it. Since I know all the Yoga 2 got similar serial number, I created this for Yoga with a scripts later.

3147 03

 


2.1.3 Ask for Password - Scripts as below, this will prompt a window, when user type in right password they can proceed.

3147 04

<-----------------------ASK For PassWORD. HTA--------------------------------------->

<html>
<head>
<title>Prompt for password</title>
<HTA:APPLICATION 
ID="objAutoRefresh"
APPLICATIONNAME="Auto Refresh"
SCROLL="no"
SINGLEINSTANCE="yes"
WINDOWSTATE="maximize"
icon="icon.ico"
SHOWINTASKBAR="no"
SYSMENU="no"
>
<link rel="stylesheet" type="text/css" href="/skin.css">
</head>
<SCRIPT LANGUAGE="VBScript">
on error resume next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")
Set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI") 
oTSProgressUI.CloseProgressDialog 
Set oTSProgressUI = Nothing
Sub Window_Onload
PasswordArea.Focus
End Sub
Sub RunScript
If PasswordArea.value <> objOSD("Password") Then
Exit Sub
Else
on error resume next
objOSD("ALLOWOSDBUILD") = "YES"
Set objOSD = Nothing
window.close()
End If 
End Sub
Sub KeyMonitor
If window.event.keyCode = 13 Then
RunScript
End If
End Sub
</SCRIPT>
<body onkeydown="KeyMonitor">
Please type in password to continue <br>
<input type="password" name="PasswordArea" size="30" >
<input id=runbutton class="button" type="button" value="GO" name="run_button" onClick="RunScript">
</body>
</html>

 

This HTA application will protect task sequence from running without a password protection. Also it will automattically zoom into the type area, also detect keyboard "Enter" so after the right password accepted, the Task Sequence can continue.

The interface of password challenge

3147 07


2.1.4 Shutdown


This is a scripts to prevent hacker close the HTA, since if no right password received, the required variable will not be passed to system, this application will shutdown the computer.

3147 05

<job id="setEnv">
<script language="VBScript" src="/..\ZTIUtility.vbs"/>
<script language="VBScript">
Dim oTSProgressUI
set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI")
oTSProgressUI.CloseProgressDialog()

On error resume next
Dim fso, WShell, oFile
Set WShell = CreateObject("WScript.Shell")
Set fso = CreateObject("scripting.filesystemobject")
scriptroot = oEnvironment.Item("SCRIPTROOT")
MsgBox "Please click OK to shutdown the computer.",0, "Task Sequence Aborted"
WShell.Run "wpeutil shutdown",0, True
</script>
</job>

 

2.2 Installing Operation System
2.2.1 Get Model Number


This part is directly copied from MDT general deployment tasks, restart in winPE, partition Harddisk, Get Model Number, in this area I have DIYed a scripts to Modify Serial Number since some motherboard has 25 digits serial number which can not be used as computer name, my HTA will cut the serial number and make the enviroment variable OSDSerialNumber into 7 digits.
This Script will also set the Computer Model Variable for Yoga if the model number starts wil 20C. Since I have at least 6 different model numbers for Lenovo Yoga 2, I give up adding each of them but set a batch model name for them, "YOGA2".

3147 06

 


*------------ Script of SN.HTA --------------------------------*

<html>
<head>
<title>PC Information</title>
<HTA:APPLICATION 
ID="objAutoRefresh"
APPLICATIONNAME="Auto Refresh"
SCROLL="yes"
SINGLEINSTANCE="yes"
WINDOWSTATE="normal"
icon="icon.ico"
SHOWINTASKBAR="no"
SYSMENU="no"
>
<link rel="stylesheet" type="text/css" href="/skin.css">
</head>

<SCRIPT LANGUAGE="VBScript">
On Error Resume Next
Set WshShell = CreateObject("WScript.Shell")
Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")
Set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI") 
oTSProgressUI.CloseProgressDialog 
Set oTSProgressUI = Nothing
Dim dtmStartTime

Sub Wait(Time)
Dim wmiQuery, objWMIService, objPing, objStatus
wmiQuery = "Select * From Win32_PingStatus Where Address = '1.1.1.1' AND Timeout = " & Time
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set objPing = objWMIService.ExecQuery(wmiQuery)
For Each objStatus in objPing
Next
End Sub

Sub Window_Onload
width = "600"
height = "400"
' This moves the window to the middle of the screen
window.resizeTo width,height 
window.moveTo 0, 0

serialNumber.Value=objOSD("SERIALNUMBER")
make.Value=objOSD("MAKE")
model.Value=objOSD("MODEL")

if Left(objOSD("MODEL"),3) = "20C" THEN
objOSD("BSCPCMODEL") = "YOGA2"
addtionalInfo.Value = "This PC is YOGA 2"
End if

dim sn
sn=Replace(objOSD("SERIALNUMBER")," ","")

if Len(sn) > 7 THEN 
sn=Right(sn,7)
addtionalInfo.Value = "This PC has SN more than 7 digits, which will be trimmed"
End if

pcName.Value="Win10-" & sn
objOSD("SERIALNUMBER") = sn
Wait(30000)
Set objOSD = Nothing
window.close()


End Sub

Sub PAUSE
Wait(60000)
End Sub

Sub SHUTDOWN
Set OpSysSet = GetObject("winmgmts:{authenticationlevel=Pkt," _
& "(Shutdown)}").ExecQuery("select * from Win32_OperatingSystem where "_
& "Primary=true")
for each OpSys in OpSysSet
retVal = OpSys.Win32Shutdown(6)
next
End Sub
</script>
<body>
<table>
<tr><td>THIS TABLE WILL DISAPPEAR IN 30 SECONDS</td></tr>
<tr><td>MAKE:</td><td><input Name=make></input></td></tr>
<tr><td>MODEL:</td><td><input Name=model></input></td></tr>
<tr><td>SERIAL NUMBER:</td><td><input Name=serialNumber></input></td></tr>
<tr><td><input Name=pcName ></input></td></tr>
<tr>
<td>ADDITIONAL INFORMATION</td>
<td><input Name=addtionalInfo style="color:red;"></input></td>
</tr>
<tr>
<td><a href="#" class="BSCButton" onclick="PAUSE">PAUSE</a></td>
<td><a href="#" class="BSCButton" onclick="SHUTDOWN">SHUTDOWN</a></td>
</tr>
</table>
</body>

 

3147 16

2.2.2 Student - Set Computer Name


This will set up the computer as W10-%SERIALNUMBER%, the serial number has been processed by SN.HTA. So the computer name will not exceed the limits.

 

3147 29

 

2.2.3 Apply operating system and windows settings

2.2.4 Copy Scripts to windows setup

This is my favorite part, this area will copy 2 packages into C drive, one is the scripts for general WIN 10 tasks, the other one is for drivers, I found sometimes tablet using USB dongle may lose connection to server after login to installed OS during OSD, this area make it totally accessible with or without network. I will explain this area in setup operting system area.
 
3147 09

3147 10

3147 11

3147 12

3147 13

3147 14


2.2.5 Apply drivers


Apply drivers based on model number.

3147 183147 19

3147 20

3147 21

 

2.2.5 Apply network setting

3147 15


 

 

3. Setup Operating System.


3.1 Setup windows and configuration manager
3.2 BSCPC- This is a batch file has serveral funtions, which can extended as much as you can. Currently it contains:

3147 28

3.2.1 - ADOBE CS6 Serialization :

 

--------------------BSCPC.BAT--------------------------------------------------------------

@echo off
SETLOCAL
echo -------------Reimage - Serialization Log Start-------------------------- >> c:\system.log 2>&1 
For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%a-%%b) >> c:\system.log 2>&1 
For /f "tokens=1-2 delims=/:" %%a in ('time /t') do (set mytime=%%a%%b)
echo Start Serialization at %mydate%_%mytime% >> c:\system.log 2>&1
"c:\windows\setup\scripts\Adobe.exe" --tool=VolumeSerialize --provfile="c:\windows\setup\scripts\prov.xml" >> c:\system.log 2>&1
Change Registry to disable google update and etc...:
reg import "c:\windows\setup\scripts\Google.reg"
Connect to WIFI:
certutil -importpfx -p eduSTAR.NET "c:\windows\setup\scripts\student2015.pfx"
netsh wlan add profile filename="c:\windows\setup\scripts\Win10.xml"
netsh wlan connect name="eduSTAR"
Timeout /T 60

 

--------------------------------------------------------------------------------------------

3.3 - Dell 3147 Only


In this area it will run 10 commands, it will firstly join domain if it did not previous, then install drivers one by one.
This was before the windows sccm 2012 r2 sp1 update, and I found a lot drivers are picked up by new SCCM and MDT 2013 update 1 recently, however it will not affect the purpose of this post, show you how to install drivers through SCCM manually.

At least you need can not install BIOS from task sequence- > apply drivers.

3147 233147 24

3.3.1 - Last Domain Join Check

3147 22

<------------------------JoinDomain10.vbs ------------------------------->

on error resume next
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
strDomain = "<domainName>" 
strPassword = "<password>" 
strUser = "<UserName>" 
strOU = "<OUName>" 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, strOU, _
JOIN_DOMAIN + ACCT_CREATE + DOMAIN_JOIN_IF_JOINED)

Select Case ReturnValue
Case 0 Status = "Success"
Case 2 Status = "Missing OU"
Case 5 Status = "Access denied"
Case 53 Status = "Network path not found"
Case 87 Status = "Parameter incorrect"
Case 1326 Status = "Logon failure, user or pass"
Case 1355 Status = "Domain can not be contacted"
Case 1909 Status = "User account locked out"
Case 2224 Status = "Computer Account allready exists"
Case 2691 Status = "Allready joined"
Case Else Status = "UNKNOWN ERROR " & ReturnValue

' Show Status MSGBOX "Join domain status: " & Status End Select

 

<------------------------JoinDomain10.vbs ------------------------------->

3.3.2 Install Bios


I will only use this one as an example to show you how to install drivers manually. I actually spent most of the time about the Run this step as the folloing account area where I have tried ".\administrator" or %computerName%\administrator or "Domainname\Username", in the end I found it actually works if you leave it blank. Also since I have copied all the drivers to local computer, it makes it a lot easier.

3147 24

 

3.4 ImageLog - Write a log into local computer for future reference or investigation

<-----------------ImageLog.BAT------------------------------>

@echo off
echo ---------------------Image Log Start-------------------------- >> c:\System.log 2>&1 
For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%a-%%b) >> c:\System.log 2>&1 
For /f "tokens=1-2 delims=/:" %%a in ('time /t') do (set mytime=%%a%%b) >> c:\System.log 2>&1
echo This computer has been imaged at %mydate%_%mytime% >> c:\System.log 2>&1
echo ----------------------Image Log End------------------------- >> c:\System.log 2>&1

3147 25

 

3.5 Restart computer
3.6 CleanUp - This will delete scripts folder since you do not want leave sensitive information on the client computer do you.

 3147 26

About Lei

I am an IT specialist with over 10 year experience - years on Automation, on-Premise or Azure.

I am happy to develop however never want be a full time developer. Only do what I have to do. If it has to be PowerShell,HTML, PHP, CSS, C#, VBS or JS, front end or backend, so be it, doesn't matter!

Spent years with Windows, SCCM, SharePoint, SQL and Exchange servers. For last several years, I have been actively working under On Premise > Azure environment.

THERE IS NO WAY BACK!!!

Current Certificates:
    Microsoft® Certified-
  • -Enterprise Administrator
  • -Database Administrator
  • -SharePoint Administrator
  • -Administering and Deploying SCCM 2012
Red Hat Certified Technician
ITIL V3 Foundation - Practitioner

Working on Azure Certificates now and hopefully they can stop upgrading their questions one day! GIVE ME A BREAK!

Contact Lei

Name *
Email *
Comments *

Traffic since 10/08/2016

Today13
Yesterday83
This week637
This month1933
Total416293

Visitor Info

  • IP: 54.221.73.186
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

1
Online

2017-12-17

Login