MDT PowerShell: Connect to MDT Function


Todays post is a time-saver function I wrote to connect to MDT shares. It allows me to just type Connect-MDT to import the module then enter to the MDT PSdrive.

It discovers the location of the MDT module(from the registry) and uses the Restore-MDTPersistentDrive cmdlet to restore the hosts existing MDT PSDrives. It will then set the location to the first MDT PSDrive thus eliminating the need to hard code the deployment share path. Ta-daa!



I’ve uploaded it to the Technet script repository and below is the simplified version.

Function Connect-MDT {

 If (!(Get-Module MicrosoftDeploymentToolkit)) {

     [String]$MDTInstall = ((Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Deployment 4').Install_Dir)

     Import-Module ($MDTInstall +'Bin\MicrosoftDeploymentToolkit.psd1') -Scope Global


 $MDTPSDrive = Restore-MDTPersistentDrive -verbose

 Set-Location ($MDTPSDrive.Name +':')

Posted in MDT 2010, MDT 2012, MDT 2013, PowerShell | Tagged , , | 5 Comments

The malware apocalypse for Windows XP begins in just 1 day! Or does it?


It doesn’t seem like 12 years since Windows XP and Office 2003 first arrived but now their time will draw closer to the end in less than 2 days. At this point Microsoft will drop Enterprise support for the products potentially making the products legacy and an increasing security risk?

What does this really mean for security? Well if I was a ‘bad guy’ I’d be waiting until the 8th April 2014 before unleashing any exploits I discovered for Windows XP and Office 2003. The reason is Microsoft will no longer engineer security patches for the products. Experts are describing this time as the malware apocalypse for Windows XP.


The fact that most UK cashpoints, Self service retail tills and NHS hospitals are still on XP is really surprising. There is a wealth of free information on the internet to help organisations make the move from XP. This kinda makes me think of my mum’s old Jamaican saying:

“Those who wont hear, must feel!”

As with Y2K, the apocalypse came and went without so much as a flutter and I was looking forward this time to observe this foretold carnage however, this time the government has stepped in to try to stay the execution. This gives the public sector security patches for a further 12 months while they migrate from XP. After then perhaps the darkness will really begin.


Posted in Uncategorized | 5 Comments

LTI/ZTI Scripting: Add computer to an AD Group

I’m currently doing some intense SCCM 2012 training so I’ve not been posting or in the forums recently. I’ve still been responding to emails though.

I received an email from a reader earlier this week. He wanted to add the current computer to an AD security group during his deployment.

It turns out that I wrote such a script a few weeks earlier. It’s in the repository here.

The script will add the current computer to an AD Group that is set in the customsettings.ini

The script is then run in a task sequence with the command line:

cscript.exe “%SCRIPTROOT%\ZTIAddMember.wsf

The code below is a sample of the customsettings.ini changes.

Properties=CustomProperty, ADGroup 

ADGroup = LDAP://CN=IT Computers,OU=Groups,DC=corp,DC=continuum,DC=com

The code is “As is”. No refunds!

Posted in MDT 2010, MDT 2012, SCCM, Scripting | Tagged , , , , | 24 Comments

Hotfix rollup released for Windows 7 SP1 and Windows Server 2008 R2 SP1.


Big news in deployment right now. Microsoft has release a hotfix rollup is for Windows 7 SP1 and Windows Server 2008 R2 SP1. So it’s kinda like Service Pack 1 and a half. There are 4 flavours 2008R2 Itanium/x64 and Windows 7 x86/x64.

You can get it from Microsoft Update Catalog by clicking the link here.


You can then add the updates to your basket and download them.

There’s a Microsoft KB article here. Article KB2775511

The updates are in a format suitable for importing into the Packages folder of your MDT deployment share.


Posted in Deployment, Windows 7 | Tagged , , , , | 9 Comments

Deployment Terminology

There are a many terms used to describe the deployment of operating systems and its associated practices. Here are some of the most popular ones and an explanation of when to use them.

The process of applying operating system images to a computer(sometimes called build). This may also include it’s associated framework inc. drivers, patches, service packs, applications etc. The term is a general phrase that describes the process as a whole.

Windows Image Deployment (WIM Imaging).
This term describes any of the methods used to apply images based on the Windows Imaging file format.  

Operating System Deployment(OSD).
This term can be used literally but usually refers to the deployment of images using the OSD feature of System Center Configuration Manager.

Lite-Touch Deployment (LTI).
This describes the use of Microsoft Deployment Toolkit to apply images. This includes any such  methods including PXE boot with Windows Deployment Services

Zero-Touch Deployment (ZTI).
This describes applying images with System Center Configuration Manager with Microsoft Deployment Toolkit integrated.

User-Driven Installation (UDI).
This is Zero-Touch deployment that is initiatedby a user using the User Driven Installation feature of MDT. It could also refer to any other method of deployment where the user user initiates the build.

The term ‘imaging’ when appending a noun can refer to where the image is being deployed from but it’s not totally accurate terminology. eg WDS Imaging, File Share Imaging, 

Below are a few useful links to various articles on this topic.

Operating System Deployment Terminology This is a glossary of most of the popular imaging process technical terms.

Choosing a Deployment Strategy This post will demystify the terms High Touch, Lite-Touch and Zero-Touch.

Deployment Dilemmas This post will explain the following terms – In-Place Upgrade, New Installation, Refresh and Replace.

Posted in Uncategorized | 1 Comment

MDT: Refreshing computers with Static IP Addresses

No DHCP? No Problem

In this scenario, you have a computer with static IP Address assignments that you wish to maintain during a REFRESH.

There’s a Task Sequence step called Capture Network Settings. This runs the script ZTINICConfig.wsf that can capture network settings and store them in the Variables.dat file.


There are 2 switches of use here in the ZTINICConfig.wsf script. (From the manual)

/ForceCapture –  If there are any local networking adapters with static IP addresses saved, this script captures those settings and saves them to the local environment—for example, C:\MININT\SMSOSD\OSDLogs\Variables.dat. This script can be useful in capturing static IP settings for a large number of computers for automation.

/RestoreWithinWinPE – When specified, applies any saved static IP network settings to the local computer, when appropriate; used for internal processing only.


Use both switches to capture adapter settings in a refresh.

Posted in Deployment, MDT 2010, MDT 2012 | Tagged , , , , | 15 Comments

MDT: Automating Static IP during Bare metal boot

No DHCP? No Problem

In this scenario, the requirement is to boot a lite touch boot image with a static IP address, where is no DHCP available. You can use a custom answer file (unattend.xml) to configure your static IP settings at boot. Below are 2 methods

Method 1 – Netshell

Use the answer file in your extra files folder to run a command line like netsh  during boot. I’ve previously explained how to use the extra files for BGInfo and the process is pretty much the same.

  1. Create a folder called ‘ExtraFiles’ (or Extrafiles64) in your deployment share.
  2. Next, create a folder called Windows with a subfolder called System32 beneath it.
  3. In the Deployment Workbench, Right-Click on the Deployment Share and select properties. Then click on the Windows PE x86 Settings (or Windows PE x86 Settings )Tab
  4. In the Windows PE Customizations section browse to the ExtraFiles (or Extrafiles64) folder


  1. Open Windows System Image Manager and select a DeploymentShare
  2. Then select a Windows Image
  3. Then create a New AnswerFile
  4. Add the following settings to the Answer File in the WindowsPE configuration Pass

Microsoft-Windows-Setup | RunSynchronous | RunSynchronousCommand

5. Add the following settings:

Description=Set Static IP Address
Path=netsh interface ip set address Ethernet static

Description=Set Background
Path=Bginfo.exe Win_PE.bgi /silent /timer:0 /NOLICPROMPT

Description=Lite Touch PE
Path=wscript.exe X:\Deploy\Scripts\LiteTouch.wsf


In this example I am placing the command before BGInfo and Lite Touch PE. Ommit the BGInfo section if you’ve not configured it.

6.  Save the file in your deployment share as \ExtraFiles\Unattend.XML then update the deployment share to recreate the LiteTouchPE_x86.wim (or ISO or x64)

Method 2 – Set a Unicast IP Address

In this method, we use the native settings of the WindowsPE answer file configuration pass.

1. Navigate to Microsoft-Windows-TCPIP | Interfaces | Interface | Ipv4Settings and select Add Setting to Pass 1 windowsPE.


2. Add the following settings:



3. Under Microsoft-Windows-TCPIP | Interfaces | Interface | UnicastIpAddresses

and select Add Setting to Pass 1 windowsPE.


4. Add an IP Address with the following settings:


5. Navigate to Microsoft-Windows-TCPIP | Interfaces | Interface

and change the Identifier to “Ethernet”.


6. Again, save the file in your deployment share as \ExtraFiles\Unattend.XML then update the deployment share to recreate the LiteTouchPE_x86.wim (or ISO or x64)

Be aware that this method only has very basic IP settings.

Posted in Deployment, MDT 2010, MDT 2012 | Tagged , , , | 2 Comments