Custom Deployments is a new feature in version 6.0 of the KACE Systems Deployment Appliance (SDA) that allow users to deploy a set of tasks to a Windows workstation without deploying an image or scripted install.
With a custom deployment, no hidden tasks are automatically assigned like in an image or scripted install. This means that everything needing to run will have to be manually assigned and for this reason, it is considered an advanced feature. The 6.0 release of the SDA includes 2 custom deployments by default; x86 and x64 variations of "Scan User States Offline and Shutdown". This is a perfect example of a custom deployment because after the task is complete and the shutdown command is given, the deployment shows as completed. In the past, you would need to do a batch script to shut down, and because the built in tasks did not run, it would never display as successfully completed and it would stay in the Progress portion of the UI until removed. This is just one example of a custom deployment, there are other great ways to leverage them.
We are including these downloads to get you started, you must be a member of the K2000 community on ITNinja to gain access. After extracting the download, the package can be imported into the SDA. The import is a task group (another new feature of 6.0) that contains all the tasks needed for the custom deployment. Since each custom deployment is assigned a specific architecture, it is easier to provide them as a single package with task groups.
To use the imported item, create a new custom deployment, apply the appropriate task group, and save. All the tasks are named with [CU] as a prefix, as CU is the prefix used when exporting custom deployments. By implementing this naming scheme it is easy to find the tasks commonly used for custom deployments. I also name my custom deployments with the [CU] prefix.
The title of the Custom Deployments below are links to download a .zip file, you must be a member of the K2000 Community. Extract the zip once it is downloaded and you will have a .pkg file and an .xml file. You can import the Task Group one of two ways. Since these are small packages you can browse to Settings | Package Management | Import Packages on the SDA web UI. Then from the choose action drop down menu select "Upload Package for Import." Select the .pkg file and click on the "Import Package" button. You can also browse to the SDA Restore UNC path (\\sda_ip\restore). Place both the .pkg and .xml file in the restore share. Then on the SDA web UI browse to Settings | Package Management | Import Packages. You should see the Task Group on the list page. Select the checkbox next to the Task Group to import and then from the choose action drop down menu choose "Import Selected."
******NOTE
Do not import these tasks into any version less than 6.0, it will cause issues.
Windows 10 in-place upgrade. This custom deployment is used when an in-place upgrade of Windows 10 is needed, either from Windows 7/8 or an earlier build of Windows 10. The same edition must be used when upgrading. The auto logon and prepare Windows 10 tasks need to be customized for your environment, make sure to read the notes field for those two tasks.
Run tasks in an operating system. If you have tasks that need to be run within the OS, then this task group is needed for everything to run the way you would expect. Some tasks need to be customized for your environment, make sure to read the notes.
USMT, DoD Wipe and Shutdown. This task group will scan user states offline, partition/format the drive, perform a 7-pass DoD wipe and then shut the machine down. We have referenced the SysInternals tool SDelete. We cannot include the executables as we do not have rights to distribute them, but the task "[CU] Run SDelete (7-pass)" has a link to download SDelete from Microsoft.Once you have downloaded SDelete from Microsoft, extract the executable file. Next using the SDA WebUI download the SDelete.bat file from the usmt_wipe_shutdown task you previously imported and then ZIP the 3 files together. Use the resulting ZIP file to replace the BAT file in the task. The BAT file will determine which architecture is running and run the appropriate application. No other changes are needed unless you want to change some of the SDelete parameters, those changes would need to be made in the BAT file before it is added to the ZIP.
How will you use custom deployments? If you have any interesting ideas that you believe others can use, export your tasks as a task group, making sure to have the tasks named with [CU]. Please review the tasks that are included here first and try to reuse those so we can stay consistent. Email your exported task groups to Corey Serrins [corey dot serrins at quest dot com] and we will add those to this page.
Done this with your older Windows 10 in place upgrade before version 6.0 and worked perfect. Can't get this one in custom deployment version 6.0 to workout right. - scrocafella 6 years ago
rd %systemdrive%\win10 /Q /S
%systemdrive%\KACE\Engine\KACEEngine.exe - scrocafella 6 years ago
%systemdrive%\KACE\engine\kaceengine.exe
It's there. Very weird. It puts all in the spots they need to go but never kicks back off for some reason for post installs. - scrocafella 6 years ago
I check the KACEEngineTrace and it shows the tries to run and fails, and looks to be stopping on the configure_po_tasks script. If I run that script manually, I get this error:
configure_po_tasks.vbs(41,1) Microsoft VBScript runtime error: Object required
Line 41 in that script is:
usbValue = usbNode.Text
It happens each time, and this system is one I freshly imaged to test with. I did get past this point before but it died with a windows 10 upgrade bug so I had to start over, hence the reimage. - largomason 6 years ago
I need to avoid using a domain user at this time.
UPDATE: It's not even working with an AD domain account. Tested account password as sanity check. What am I missing??? - mcnaugha 5 years ago
and probably does not have nic driver loaded during the upgrade so no connection - SMal.tmcc 5 years ago
It boots from the local storage and copy of Windows to upgrade it. The NIC driver should be there as normal when it goes to read the registry keys injected by this CU. You can manually enter AD credentials and they work. It's just the automation that's letting us down. - mcnaugha 5 years ago
net user administrator /active:yes
net user administrator Password
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d Administrator /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /f - SMal.tmcc 5 years ago
I think the real question is, does this work for anyone? Why has it been supplied the way it has if it doesn't work?
Those suggested keys don't look temporary. Don't they have to go in a HKLM\TEMP branch? - mcnaugha 5 years ago
My answer file does this:
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>VwBpAG4Avkldsn;gljkadg;lIQBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>7</LogonCount>
<Username>administrator</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>false</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
Then as the first post task I refresh the autologon with these registry keys.
net user administrator /active:yes
net user administrator Password
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d Administrator /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /f
The machine logs in with the administrator account to start processing the post tasks.
I later join the machine to the domain and switch to our domain install user:
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 10 /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d tmccacad /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d installer /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f
cscript.exe c:\windows\w2d\join_domain.vbs tmccacad.tmcc.edu installer Password
net localgroup administrators tmccacad\installer /add
c:\windows\w2d\ksleep 20
For my last task I reset the keys to kill autologon. - SMal.tmcc 5 years ago
EDIT: I have tracked down the issue to the [CU] Record & Disable UAC not working correctly. It doesn't appear that it's recording or disabling UAC. It's consistent across all our PCs but some don't seem to have a problem running with it enabled. - scott.bunik 5 years ago