/build/static/layout/Breadcrumb_cap_w.png

Custom Deployments

Custom Deployments is a new feature in version 6.0 of the KACE Systems Deployment Appliance (SDA) that allow users to deploy a set of tasks to a Windows workstation without deploying an image or scripted install. 

With a custom deployment, no hidden tasks are automatically assigned like in an image or scripted install.  This means that everything needing to run will have to be manually assigned and for this reason, it is considered an advanced feature.  The 6.0 release of the SDA includes 2 custom deployments by default; x86 and x64 variations of "Scan User States Offline and Shutdown".  This is a perfect example of a custom deployment because after the task is complete and the shutdown command is given, the deployment shows as completed.  In the past, you would need to do a batch script to shut down, and because the built in tasks did not run, it would never display as successfully completed and it would stay in the Progress portion of the UI until removed.  This is just one example of a custom deployment, there are other great ways to leverage them.

We are including these downloads to get you started, you must be a member of the K2000 community on ITNinja to gain access.  After extracting the download, the package can be imported into the SDA.  The import is a task group (another new feature of 6.0) that contains all the tasks needed for the custom deployment. Since each custom deployment is assigned a specific architecture, it is easier to provide them as a single package with task groups

To use the imported item, create a new custom deployment, apply the appropriate task group, and save.  All the tasks are named with [CU] as a prefix, as CU is the prefix used when exporting custom deployments. By implementing this naming scheme it is easy to find the tasks commonly used for custom deployments.  I also name my custom deployments with the [CU] prefix.


The title of the Custom Deployments below are links to download a .zip file, you must be a member of the K2000 Community.  Extract the zip once it is downloaded and you will have a .pkg file and an .xml file.  You can import the Task Group one of two ways.  Since these are small packages you can browse to Settings | Package Management | Import Packages on the SDA web UI.  Then from the choose action drop down menu select "Upload Package for Import."  Select the .pkg file and click on the "Import Package" button.  You can also browse to the SDA Restore UNC path (\\sda_ip\restore).  Place both the .pkg and .xml file in the restore share.  Then on the SDA web UI browse to Settings | Package Management | Import Packages. You should see the Task Group on the list page.  Select the checkbox next to the Task Group to import and then from the choose action drop down menu choose "Import Selected."


******NOTE
Do not import these tasks into any version less than 6.0, it will cause issues.

Windows 10 in-place upgrade.  This custom deployment is used when an in-place upgrade of Windows 10 is needed, either from Windows 7/8 or an earlier build of Windows 10.  The same edition must be used when upgrading.  The auto logon and prepare Windows 10 tasks need to be customized for your environment, make sure to read the notes field for those two tasks.

Run tasks in an operating system.  If you have tasks that need to be run within the OS, then this task group is needed for everything to run the way you would expect. Some tasks need to be customized for your environment, make sure to read the notes.

USMT, DoD Wipe and Shutdown.  This task group will scan user states offline, partition/format the drive, perform a 7-pass DoD wipe and then shut the machine down.  We have referenced the SysInternals tool SDelete.  We cannot include the executables as we do not have rights to distribute them, but the task "[CU] Run SDelete (7-pass)" has a link to download SDelete from Microsoft.Once you have downloaded SDelete from Microsoft, extract the executable file. Next using the SDA WebUI download the SDelete.bat file from the usmt_wipe_shutdown task you previously imported and then ZIP the 3 files together. Use the resulting ZIP file to replace the BAT file in the task.  The BAT file will determine which architecture is running and run the appropriate application.  No other changes are needed unless you want to change some of the SDelete parameters, those changes would need to be made in the BAT file before it is added to the ZIP.

How will you use custom deployments?  If you have any interesting ideas that you believe others can use, export your tasks as a task group, making sure to have the tasks named with [CU].  Please review the tasks that are included here first and try to reuse those so we can stay consistent. Email your exported task groups to Corey Serrins [corey dot serrins at quest dot com] and we will add those to this page.




Comments

  • Great news! I will use it to deploy linux only boxes, or porteus kiosk. But other usages may come. - gwir 6 years ago
    • How will you use it to deploy linux only boxes or porteus kiosk, quite interested. - cserrins 6 years ago
      • The same way I'm deploying dual boot machine https://www.itninja.com/blog/view/chaining-windows-and-linux-deployment but I put all the tasks (partitioning and copying things) in pre-install task followed by a reboot task. For Porteus it's more tricky, I need a third party tool to raw copy an iso image on a disk. - gwir 6 years ago
  • Corey, Win10 and KACE folders and files is placed on the C drive. Computer auto logs in but it never kicks back to KACE to do the upgrade. Windows 10 source is there as I can manually click the setup in the Win10 folder and it starts. What am I missing? Do you know why it might not be handing it back off to KACE for the post install?

    Done this with your older Windows 10 in place upgrade before version 6.0 and worked perfect. Can't get this one in custom deployment version 6.0 to workout right. - scrocafella 6 years ago
    • is setupcomplete.cmd in the correct location and have the right commands? - cserrins 6 years ago
      • It's on the root of the KACE folder.

        rd %systemdrive%\win10 /Q /S
        %systemdrive%\KACE\Engine\KACEEngine.exe - scrocafella 6 years ago
      • That looks right, I should have also asked if KACEEngine.exe was in the registry key at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run? - cserrins 6 years ago
      • KACETaskEngine =
        %systemdrive%\KACE\engine\kaceengine.exe

        It's there. Very weird. It puts all in the spots they need to go but never kicks back off for some reason for post installs. - scrocafella 6 years ago
      • Yeah, the registry key should kick off taskengine, which should start the deployment. Maybe run taskengine manually and see if that kicks things off? That would tell us if something is blocking taskengine from running. UAC should be off, so it shouldn't be an issue. - cserrins 6 years ago
      • I double clicked on the kaceengine.exe from the KACE\engine\ folder and nothing happens. UAC as you said is off. Computer doesn't have any anti-virus to stop it. When you spoke about something blocking it made me look in AD to see what OU it was in just in case. It's in the installationOU and still not running. As said before your older in-place upgrade runs perfectly but this new 6.0 custom deployment version for some odd reason won't kick off after the mid-level tasks are in place. - scrocafella 6 years ago
      • Just wanted to try out your older in-place upgrade since I haven't used it in a while to see if it would still run. Running like a charm. Not sure what's making these two different. - scrocafella 6 years ago
      • When you created this custom deployment, did you manually assign the tasks yourself? or did you apply the Task Group? - cserrins 6 years ago
      • I clicked the drop down: Task Groups - clicked [CU] Windows 10 In-place Upgrade than clicked Apply. This auto filled mid-level and post install. Made the changes to "Auto Logon" and "prepare windows 10 upgrade" than clicked save. - scrocafella 6 years ago
    • Hello, I'm having the same issue and found out that for some reason the config.xml for Kace Engine is listing a wrong drive letter for the paths. D is used instead of C despite I only have one drive. - npicchi 5 years ago
      • Can you please email me details of what you found? Maybe I can figure out why that is happening, and if not if you allow tethers I could look at the backend to see why this is happening. Every test I perform works, so will be nice to be able to look at what is not working. - cserrins 5 years ago
      • I noticed the same issue with my config.xml except it assigned the drive letter as E, I edited the xml then ran the KACEEngine.exe and it ran successfully. Thanks for the comment. - ryan.stradling 5 years ago
    • There is a know issue that devices with more than one partition do not work with the current tasks, we are working to improve that scenario, but until then tasks may need to be hard coded with appropriate information. - cserrins 5 years ago
      • Thank you for the reply. Do you have an example to create the xml file with the C drive? - ryan.stradling 5 years ago
      • Do you have an example to create the xml file with the C drive? - sassenmacher 5 years ago
  • I'm running into the same behavior as others. Everything is copied over in preparation for the Post-Install Phase. After finishing Sysprep, the image will log in to the built-in admin (UAC Disabled), try to launch KACEEngine.exe and then stop. Trace Log for KACEEngine has the following in it . "Start|Failed to load tasks - unable to continue." - Kiyolaka 6 years ago
  • I've got the same/similar problem in my in-place upgrade tests. It copies everything down fine from the KBE boot, but when it reboots to run setup, nothing happens.
    I check the KACEEngineTrace and it shows the tries to run and fails, and looks to be stopping on the configure_po_tasks script. If I run that script manually, I get this error:
    configure_po_tasks.vbs(41,1) Microsoft VBScript runtime error: Object required

    Line 41 in that script is:
    usbValue = usbNode.Text

    It happens each time, and this system is one I freshly imaged to test with. I did get past this point before but it died with a windows 10 upgrade bug so I had to start over, hence the reimage. - largomason 6 years ago
  • I'm having trouble using a local machine account with the Auto Logon task. I've tried various options... the default which is to leave localhost in place, replacing localhost with a single period character and finally adding dot backslash in front of the username. None seem to work. Something's getting lost in translation. Everything else for a Windows 10 in-place upgrade is working. Just not the auto logon.

    I need to avoid using a domain user at this time.

    UPDATE: It's not even working with an AD domain account. Tested account password as sanity check. What am I missing??? - mcnaugha 5 years ago
    • delete the defaultdomain key

      and probably does not have nic driver loaded during the upgrade so no connection - SMal.tmcc 5 years ago
      • Thanks. I'll try deleting the domain key.

        It boots from the local storage and copy of Windows to upgrade it. The NIC driver should be there as normal when it goes to read the registry keys injected by this CU. You can manually enter AD credentials and they work. It's just the automation that's letting us down. - mcnaugha 5 years ago
      • ahh
        net user administrator /active:yes
        net user administrator Password
        reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
        reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
        reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d Administrator /f
        reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f
        reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /f - SMal.tmcc 5 years ago
  • Deleting the domain key didn't help. Same result, no auto logon.

    I think the real question is, does this work for anyone? Why has it been supplied the way it has if it doesn't work?

    Those suggested keys don't look temporary. Don't they have to go in a HKLM\TEMP branch? - mcnaugha 5 years ago
    • Yes it has worked fine for me for over 8 years. Do not need to mess with any temp branch. I helped pilot the custom deployments so here is what I do:
      My answer file does this:
      <settings pass="oobeSystem">
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <AutoLogon>
      <Password>
      <Value>VwBpAG4Avkldsn;gljkadg;lIQBQAGEAcwBzAHcAbwByAGQA</Value>
      <PlainText>false</PlainText>
      </Password>
      <Enabled>true</Enabled>
      <LogonCount>7</LogonCount>
      <Username>administrator</Username>
      </AutoLogon>
      <OOBE>
      <HideEULAPage>true</HideEULAPage>
      <HideLocalAccountScreen>false</HideLocalAccountScreen>
      <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
      <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
      <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
      <ProtectYourPC>3</ProtectYourPC>

      Then as the first post task I refresh the autologon with these registry keys.

      net user administrator /active:yes
      net user administrator Password
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d Administrator /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f
      reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /f

      The machine logs in with the administrator account to start processing the post tasks.

      I later join the machine to the domain and switch to our domain install user:

      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d tmccacad /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d installer /f
      reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f

      cscript.exe c:\windows\w2d\join_domain.vbs tmccacad.tmcc.edu installer Password

      net localgroup administrators tmccacad\installer /add
      c:\windows\w2d\ksleep 20

      For my last task I reset the keys to kill autologon. - SMal.tmcc 5 years ago
  • Hi Corey, regarding usmt_wipe_shutdown, is there also a version that covers SSD drives? - terry.jolley@pcc.edu 5 years ago
    • Does SDelete not work on SSD drives? - cserrins 5 years ago
      • SDelete uses disk defragmentation logic. This works well for spindle based disks which write data from sector 0 to their end but not well with SSDS. SSDS use write optimization and SDelete would result in some parts of the drive being overwritten numerous times and other parts not being touched in a single pass. For an SSD one would want to Clear the partitions on the drive and then force a TRIM. https://www.howtogeek.com/165472/6-things-you-shouldnt-do-with-solid-state-drives/ https://serverfault.com/questions/927832/does-diskpart-clean-send-a-trim-command - Kiyolaka 5 years ago
      • There are tools specifically for SSD's , but I've yet to come across a (good) free one. - RD94 5 years ago
  • The Windows 10 in place upgrade tasks have been fixed and replaced. It is suggested that you delete all previously associated tasks and the task group from your box prior to importing the new version. This fix resolves issues with multi partition images including UEFI machines. - cserrins 5 years ago
    • Hello, thank you! I'm starting testing the new scripts. - npicchi 5 years ago
  • I'm having problems with the Clear Auto Logon and the Reset UAC tasks running consistently. On certain PCs it will work every time but on some other models it fails.

    EDIT: I have tracked down the issue to the [CU] Record & Disable UAC not working correctly. It doesn't appear that it's recording or disabling UAC. It's consistent across all our PCs but some don't seem to have a problem running with it enabled. - scott.bunik 5 years ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ