Sunday 28 April 2013

ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 13c: Create MDT Boot Image

Back to main menu

There are two ways to create an MDT Boot Image

1. Using the Create MDT Boot Image wizard (standalone)
2. As part of the Create MDT Task Sequence Wizard

Part 13c of my Config Mgr 2012 SP1 Step by Step Guide describes #1 - using the Create MDT Boot Image wizard

Navigate to Software Library > Operating Systems > Boot Images.


Right click and see the additional option added by the MDT/Config Mgr Integration. Choose "Create Boot Image using MDT"


Specify a folder that will contain the boot image. Note that the folder must exist.



Enter a suitable name.





Enable command line support


Click Next to create the image




Verify progress


Boot image has been created



See new boot image


Folder has been populated with new boot image.

ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 13b: Installing and Integrating MDT 2012

Back to main menu

Why do you need to integrate MDT 2012 with Config Mgr 2012? The answer is you don't and it very much depends on your requirements. However a combination of the two products is much more powerful than Config Mgr alone - it provides a much richer OSD capability.

Here are two examples of situations I encountered when MDT was required:

1. I needed an additional boot image to boot into Windows PE and force the NIC to use 100Mbps/Full Duplex rather than Auto - required due to the local switching environment. I edited the inf file of the NIC driver to change the default behaviour. I then created a new MDT Boot Image and imported the edited NIC driver - it worked very nicely.

2. I was creating an OSD solution for a company with a multi-domain environment. They wanted a User Driven Installation (UDI) Task Sequence so that an administrator could be prompted to choose the correct domain during the installation. The administrator could also choose to install applications by selecting from a list. I achieved this using an MDT Task Sequence.

Part 13b of my Config Mgr 2012 SP1 Step by Step Guide describes how to install MDT 2012 and how to integrate this with Config Mgr 2012. Parts 13c and 13d show how to create MDT Boot Images and Task Sequences.

Download MDT 2012 here

Microsoft Deployment Toolkit (MDT) 2012 Update 1

Run the installer as administrator and choose the default installation settings. The installation is very short and straighforward.








MDT 2012 has now been installed. 

Now configure the Config Mgr integration.




Click Start > All Programs > Microsoft Deployment Toolkit > Configure ConfigMgr Integration



This starts the Integration wizard. Choose your Site Server and ensure the Site Code is correct. Click Next.



Verify that the integration has completed successfully.

Saturday 27 April 2013

ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 16: Software Updates (Non-Microsoft)

Back to main menu

Part 15 describes the process of configuring a Microsoft Software Update solution. Part 16 now extends the solution to include Non-Microsoft updates using System Center Updates Publisher 2011 (SCUP 2011). I will be concentrating on Adobe updates for the purposes of demonstration.

I wish to acknowledge that I learned how to deploy SCUP by following this excellent guide by Kent Agerlund.

http://blog.coretech.dk/kea/the-complete-scup-2011-installation-and-configuration-guide/

Download SCUP 2011 here and save to a folder on your Config Mgr server

SystemCenterUpdatesPublisher.msi


1. SCUP Installation
2. SCUP Configuration - Integration with WSUS and Config Mgr
3. Certificates
4. GPO
5. Config Mgr package to distribute certificate
6. SCUP Configuration - Publish Updates


1. SCUP Installation

Open a command prompt as Administrator and run the command


The SCUP 2011 installation wizard starts


Click Next to continue


Ignore this as we are using a later version of WSUS. Click Next to continue through the wizard.






SCUP 2011 has now installed. See the console.



2. SCUP Configuration - Integration with WSUS and Config Mgr

Click Options on the SCUP console ribbon

Update Server: Click to "enable publishing to an update server" and Test Connection




Test is successful but we are informed that we have no signing certificate. Click to Create one.



See Certificate



Select the ConfigMgr tab



Enable Configuration Manager integration, choose whether your server is local or remote and Test Connection.



3. Certificates

Open Certificates Console

Type mmc and Add Certificate snap-in



Choose Computer Account



Choose Local Computer





Click OK



See WSUS Publishers Self-Signed Certificate that we created earlier.

Copy and Paste the certificate into Trusted Root Certification Authorities/Certificates and Trusted Publishers/Certificates.




Now we will export the certificate to use in a Config Mgr package (to deploy the certificate to the estate of computers).



Right Click the certificate and choose to Export




Choose "No, do not export the private key".



Choose DER encoded binary X.509



Choose a path for the .cer file



Finish the wizard


OK

4. GPO

Create GPO to "Allow signed updates from an intranet Microsoft update service location"




Right click required OU and "Create GPO, link it here"



Name the object



Edit the object




Computer Configuration, Administrative Templates, Windows Components, Windows Update

Enable "Allow signed updates from an intranet Microsoft update service location"




5. Config Mgr package to distribute certificate

Copy the following to a folder

yourcert.cer (mine is scupcert.cer)
certadm.dll
certutil.exe



You can find certadm.dll and certutil.exe in SysWOW64 folder




Create Config Mgr package










Create a Program to add the cert to the local Root store






certutil.exe -addstore Root scupcert.cer




Create a Program to add the cert to the Trusted Publisher store




certutil.exe -addstore TrustedPublisher scupcert.cer 


Configure to run "Add SCUP cert to local Root store" first




Distribute the package to your DPs

Deploy the package to your computers collection (I have chosen a test collection)













6. SCUP Configuration - Publish Updates

Open SCUP console. Select Catalogs tab/ Add Catalogs




Select the Adobe Catalogs and Add





Select the Updates tab and click Import




This starts the Import Software Updates Catalog wizard



Choose all the Adobe Catalogs and click Next




Click Next to continue and accept all the Security Warnings






Close the Wizard




See the Software Updates that have been imported. Highlight the updates you need, right click and choose Assign. This starts the Assign Updates Wizard




Choose "Full Content" and create a new publication. You can add multiple updates to a publication. Click OK to create the publication

Navigate to the Publication tab and select your publication





Select Publish to start the Publish Software Updates Wizard






On Summary page click Next to commence publishing



Verify progress




Wizard is complete



Verify update download and publishing via SCUP,log (log can be found in user profile - see path in screenshot)





Confirmation that updates have been published

Configure Config Mgr Software Update Point for Adobe Products






Verify synchronization via WSYNCMGR.log



See Adobe Updates in Config Mgr. They can now be deployed in the same way as the Microsoft Updates.