Script to fix SCCM Multicast Issue (KB2419357)

I've been working with getting multicast distribution points working with SCCM 2007 R2 recently and one of the challenges is that there is a bug where some WDS settings are not correctly updated on the target server. Microsoft Knowledge Base article KB2419357 documents the issue.

I wrote the following script to update the required settings instead of having to do this manually. The script also makes a change to the ‘ApBlockSize’ setting for WDS, in our environment, where the server is on a 1GB switch port and the clients are on a remote segment on a 100MB switch port, this setting significantly reduced packet fragmentation and increased the speed of the multicast download. I have it in a package and advertise the script to servers hosting multicast enabled distribution points.

# ------------------------------------------------------------------
# Purpose: Applies some registry settings, mostly related to the 
# problem identified in KB2419357. It also makes a change to WDS 
# network settings to improvea packet fragmentation issue identified
# during testing of multicast with SCCM
# 
# Usage : powershell.exe -file .\wdsconfig.ps1
# 
# Version 1.0
# 
# Maintenance History
# ------------------------------------------------------------------
# Version - Date - Change - Author
# ------------------------------------------------------------------
# 1.0 21/11/12 Script Created JustAnotherTechnicalBlog
# 
# ------------------------------------------------------------------

# Set variables
$WDSRegRoot = "HKLM:System\CurrentControlSet\Services\WDSServer"
$WDSService = "Windows Deployment Services Server"


# Write the required SCCM options to the WDS configuration settings
# to the registry
If (Test-Path $WDSRegRoot\Parameters)
{
 Set-ItemProperty -Path $WDSRegRoot\Parameters -Name McStartAddr `
                                               -Value "239.10.10.10"
 Set-ItemProperty -Path $WDSRegRoot\Parameters -Name McEndAddr `
                                               -Value "239.10.10.10"
 Set-ItemProperty -Path $WDSRegRoot\Parameters -Name UdpStartPort `
                                               -Value "63000"
 Set-ItemProperty -Path $WDSRegRoot\Parameters -Name UdpEndPort `
                                               -Value "64000"
}


# Tune the network settings for the WDS server to reduce likelihood
# of packet fragmentation
If (Test-Path $WDSRegRoot\Providers\WDSMC\Protocol)
{
 Set-ItemProperty -Path $WDSRegRoot\Providers\WDSMC\Protocol `
                                               -Name ApBlockSize `
                                               -Value 1385
}


# Restart the Windows Deployment Services Server service
if (Get-Service $WDSService -ea SilentlyContinue)
{
 Restart-Service -displayname $WDSService
}

Windows 7, VDI and IOPS

When I started this blog I was not going to go down the path of just linking stuff others have posted, and if I did, only if I was adding something to it.  However, I found the following article so interesting that I'm linking it here really just for my own benifit.  Well worth a read.

 Windows 7 IOPS for VDI: Deep Dive

Scripting Balloon Messages in Windows

Do you know those balloons that pop-up in the notification area in Windows to tell you something? I've always thought it would be nice to be able to use those in certain situations when doing something to an end user computer in the corporate environments I work in. Several months ago I figured this out and then today I was reminded of it when I was shown a script at a new customer site that uses the same idea. With that thought in my head I figured it would make a good topic to write about here. I'm going to show two examples.

The first example is the script I've 'borrowed' from a colleague today. In the environment this script was written for, the available Configuration Manager notification options after software updates have been installed doesn't quiet meet the business requirements so a script has been created to notify the user a restart is required and the Configuration Manager software update deployments have been configured to neither notify the end user nor restart the computer. The script is triggered whenever an end user logs on or unlocks their workstation. I’ll explain how that has been configured later.

The script is very simple in that it queries the operating system to see if it is waiting for a restart after patching. If Windows Update is waiting for a restart the script pops a balloon message to the end user.  Here is the script:

#
# 
# Purpose:  Prompts end user to restart if Windows is waiting for a restart after
#           patching
# 
# Usage : powershell.exe -file .\PatchingRestartNagBalloon.ps1
# 
# Version 1.0
# 
# Maintenance History
# ----------------------------------------------------------------------
# Version   -    Date      -    Change           -       Author
# ----------------------------------------------------------------------
# 1.0            25/06/12       Script Created           justanothertechnicalblog
# 
# 


$SoftwareUpdateRestartStatus = New-Object -ComObject "Microsoft.Update.SystemInfo"
$IsRebootRequired = $SoftwareUpdateRestartStatus.RebootRequired

If ($IsRebootRequired -eq $True)
{
[void] [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)

$notification = New-Object System.Windows.Forms.NotifyIcon 

#Define the icon for the system tray
$notification.Icon = [System.Drawing.SystemIcons]::Information

#Display title of balloon window
$notification.BalloonTipTitle = “Software Updates”

#Type of balloon icon
$notification.BalloonTipIcon = “Info”

#Notification message
$notification.BalloonTipText = “Software updates have been installed on your computer. Please save your work and restart your computer as soon as possible”

#Make balloon tip visible when called
$notification.Visible = $True

#Call the balloon notification
$notification.ShowBalloonTip(0)
start-sleep -s 10

#Make balloon tip invisible when called
$notification.Visible = $False
 Exit-PSSession
}
Else
{
 Exit-PSSession
}

The second example is the script I wrote some months ago for another customer. When we built new machines for that customer, new computer objects were created in a 'Provisioning' OU in Active Directory and it was up to the technical staff who built machines to then move the new computer object to the correct Active Directory OU. Like busy first level support teams the world over, these guys were busy and often forgot this step, especially when the rest to of the workstation provisioning process was fully automated. Trying to dynamically determin the correct OU for a new machine was not possible for several reasons, so instead I wrote this script to notify the end user to take action if the machine was still in the OU where the Configuration Manager task sequence put it. I wanted a notification balloon and if the user clicked the balloon I wanted Ineternet Explorer to open to the Service Delivery team's web site so a ticket could be logged. This is what I came up with after stealing ideas from a number of places and asking for a bit of help from the resident Exchange guru who knew his PowerShell better than me. I'd reference where I got the ideas from, but it was months ago and I don't recall them all.  I also don't have enough comments in the script to remind me why I've done certain things, but that just makes reading the code more fun right?

#
# 
# Purpose:  Prompts end user to contact the Service Desk and opens IE to the
#           Service Desk home page
# 
# Usage : powershell.exe -f .\ActiveDirectoryOUNagBalloon.ps1
# 
# Version 1.0
# 
# Maintenance History
# ----------------------------------------------------------------------
# Version   -    Date      -    Change           -       Author
# ----------------------------------------------------------------------
# 1.0            25/06/12       Script Created           justanothertechnicalblog
# 
# 

function Show-BalloonTip
{
    # Requires -Version 2.0
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true, Position = 0)]
        [ValidateNotNull()]
        [String]$BalloonTipText,
        [Parameter(Position = 1)]
        [String]$BalloonTipTitle = 'PowerShell Event Notificaton',
        [Parameter(Position = 2)]
        [ValidateSet('Error', 'Info', 'None', 'Warning')]
        [String]$BalloonTipIcon = 'Info'
    )
    end 
    {
        Add-Type -AssemblyName System.Windows.Forms
        Add-Type -AssemblyName System.Drawing
        [Windows.Forms.ToolTipIcon]$BalloonTipIcon = $BalloonTipIcon
        $NotifyIcon = New-Object Windows.Forms.NotifyIcon -Property @{
            BalloonTipIcon = $BalloonTipIcon
            BalloonTipText = $BalloonTipText
            BalloonTipTitle = $BalloonTipTitle
            Icon = [Drawing.Icon]::ExtractAssociatedIcon((Get-Command powershell).Path)
            Text = -join $BalloonTipText[0..62]
            Visible = $true
        }
        switch ($BalloonTipIcon) 
        {
            Error {[Media.SystemSounds]::Hand.Play()}
            Info {[Media.SystemSounds]::Asterisk.Play()}
            None {[Media.SystemSounds]::Beep.Play()}
            Warning {[Media.SystemSounds]::Exclamation.Play()}
        }
        $NotifyIcon.ShowBalloonTip(0)
        switch ($Host.Runspace.ApartmentState) 
        {
            STA 
            {
                $null = Register-ObjectEvent -InputObject $NotifyIcon -SourceIdentifier "BalloonTipClicked_event" -EventName BalloonTipClicked -Action{
                    #Write-Host "Starting IE"
                    Start-Process 'c:\Program Files\Internet Explorer\iexplore.exe' -ArgumentList 'http://justanothertechnicalblog.blogspot.com.au/' -WindowStyle Maximized -Verb Open
                    $Sender.Dispose()
                    $global:clicked = $true
                    Unregister-Event $EventSubscriber.SourceIdentifier
                    Remove-Job $EventSubscriber.Action
                }
            }
            default 
            {
                continue
            }
        }
     }
 }
 
Get-EventSubscriber | Unregister-Event | Out-Null
#Write-Host $Host.Runspace.ApartmentState
Show-BalloonTip "Some location information for this computer has not been configured correctly.  Please contact the Service Desk resolve this issue.  This is a minor issue and should not impact your use of this machine" "Computer Configuration Warning" "Warning"

$global:clicked = $false
$timeOut=20 #20 Seconds
for($timeOut;$timeOut -gt 0;$timeOut--)
{
    if($global:clicked)
    {
        break;
    }
    #Write-Host "Sleeping 1 second"
    Start-Sleep -Milliseconds 1000
    
}

NOTE: This script doesn't exit properly when run from the PowerShell ISE. It runs without issue if run from the command prompt.

Update: After doing some reading today I found this article from Microsoft. I definately used this when I originaly wrote my script above:

Displaying a Message in the Notification Area

How and when do I run these scripts?  Well in both instanaces at both customers the scripts are run via a scheduled task.  Group Policy Preferences lets you schedule tasks across your desktop fleet and that is what has been used.  The task scheduler can fire a scrript on an event and two very useful events are a logon event and a screen unlock event.  I'm not going to detail how to set up scheduled tasks using Group Policy Preferences today, that sounds like a nice topic for another post, but take a look at GPP and you'll figure it out.

The other thing to note about the scripts above is that they display a command prompt when run.  Yuk.  This is no good when you have gone to the work to implement a nice neat balloon pop-up solution to notify your end users of something.  How do we stop PowerShell displaying the command prompt window?  Well, that is also a topic for another post, but I've written it along with this one.  Click here to view two solutions I've used.

Hide the PowerShell Window

I have a number of scripts I run in the desktop environment that are triggered using scheduled tasks.  These scripts run in the user context.  An unfortunate problem with PowerShell is that it displays a window when it runs, even if it is running as a batch job and no user input or output is involved.  I don't want my end users seeing this window (a black command window), so have tried a number of things and have found two ways to hide it.  Neither of these are ideal, it would be nice to hide this window using PowerShell itself but I haven't found a way to do that.

Method One
This is the method I've used for some time, though I think that the second method below might be the better solution as it uses native tools available in Windows, where this solution requires a third party tool.

Download Hidden Start

Once you have the utility, you can use it like this to hide a running PowerShell script:

%SystemDir%\Scripts\hstart.exe /NOCONSOLE /SILENT "POWERSHELL.EXE -FILE %SystemDir%\Scripts\MyScript.ps1"

Warning:  Some security software suites will detect this tool as 'bad' so if you have problems with it, check you security software logs to see if the utility is being treated as malware.

Update: While writing this post I found the Hidden Start now requires a license for commercial use. I'm pretty sure this was a free tool in the past when I've downloaded it.  This will rule it out for a lot of you I'm sure.

Method Two
This method uses a vbScript to call the PowerShell script as a hidden window. This is not sophisticated but does work. There are a number of ways to do this, but the following little script is quiet cute as you can reuse this code and just pass a new script to it on the command line. The scheduled task would run something like this:

cscript.exe %SystemDrive%\Scripts\RunPowerShellScriptHidden.vbs %SystemDrive%\Scripts\MyScript.ps1

' ----------------------------------------------------------------------

' 
' Purpose:  Prompts end user to contact the Service Desk and opens IE to the
'           Service Desk home page
' 
' Usage : cscript.exe RunPowerShellScriptHidden.vbs mypath\myscript.ps1
' 
' Version 1.0
' 
' Maintenance History
' ----------------------------------------------------------------------
' Version   -    Date      -    Change           -       Author
' ----------------------------------------------------------------------
' 1.0            25/06/12       Script Created           justanothertechnicalblog
' 
' 


Option Explicit

'Variables
Dim oShell, ScriptName, appCmd

' Read target script path from command line argument or echo usage details if arguments are wrong
If WScript.Arguments.Count = 1 Then
ScriptName = WScript.Arguments.Item(0)
Else
Wscript.Echo "Usage: RunPowerShellScriptHidden path\powershellscript"
Wscript.Quit
End If


'Create objects
Set oShell = CreateObject("WScript.Shell")

' Build the command line
appCmd = "PowerShell.exe -file " + ScriptName 

'Run the PowerShell script now
oShell.Run appCmd, 0, false

Configuration Manager: Pre-stage Distribution Point Data

When I started to write this post I was just going to discuss pre-staging data on distribution points.  I get there in the end, but some comments about PXE Service Points and low latency networks slips in also.  Read on ....

A recent customer of mine had a global network and many of their remote offices had low bandwidth and high latency network connections. Most of the remote offices had a fairly small number of managed clients and only two servers, both functioning as a domain controller and file server with the second server being a hot standby for the first. They used some basics scripts to keep the file server data on the two servers in sync with each other. The customer wanted a flat Configuration Manager hierarchy if possible, though more importantly, didn’t want IIS installed on their domain controllers. That ruled out secondary sites. With this in mind I implemented Branch Distribution Points at these sites and the solution worked well, though we did sometimes have issues where package distributions would stall, so it wasn’t perfect, but for the most part we learnt how to live with that issue and knew how to fix it. We also introduced PXE Service Points at these remote sites but these proved problematic on high latency networks and design work to either script the management of the remote WDS servers outside of Configuration Manager (perhaps using SCCM to run the scripts) or the introduction of Secondary Sites is now being conducted. The following blog article explains the PSP issue exactly as we experienced it. We also opened a support ticket with Microsoft and their advice was the same as this blog suggests – use secondary sites:

Remote site systems and network latency

That above is background. What I wanted to discuss today was actually on the topic of moving package data around networks via a courier instead of over the network. This requirement was important with the above customer because of the network limitations. One advantage of using Branch Distribution Points we found was it is very easy to copy data to the BDP that had been couriered to the remote site. Because of the network limitations, it was often easier, faster and cheaper to courier packages (particularly OSD packages) to these remote sites and copy them manually to the BDP. Microsoft calls this pre-staging packages and documents how to do that. We scripted this process to a degree so it was easy to execute and one of the technical team could take data to a remote site on their laptop or we could courier data on removable media. I can’t share the scripts because they are fairly customer centric, but the manual process works well and is documented below and you should see how this could be scripted with PowerShell and Robocopy quite easily I think:

How to Prestage Packages on a Branch Distribution Point

What if you are using secondary sites (like the above customer is likely to do soon)? Well, there are two options that I’m aware of. I don’t have much experience with either of these but I started doing some reading for my customer above, and have also just started with a new customer were bandwidth isn’t as much of a problem in normal circumstances, but the large amount of data they need to deploy to new sites when they build them is with 40GB+ of data needing to be copied to new secondary site servers.  They are rapidly building new sites as they open new offices or combine offices after a major business merger. I imagine I’ll know more on this topic in the coming weeks but I thought I’d write about what I’ve initially found.

The first option is the inbuilt Courier Sender. I used this back in SMS 2.0 days and it worked but I remember it being labour intensive but don’t really remember why I didn’t like it. The following blog post explains the Courier Sender and the linked document at the end of the post provides a visual guide to using it. I think one issue I had with the Courier Sender was you had to set up the package to use it and that isn’t ideal when you are using the network (Standard Sender) to deliver the package to some DPs and the Courier Sender to others, but I can’t speak from recent experience:

Configuring and using the Courier Sender component in ConfigMgr 2007

The other option, completely new to me but one that looks promising for certain situations, is a Microsoft tool called the ‘Preload Package Tool for Configuration Manager 2007’. It does have limitations. If I’ve understand this tool correctly, it can be used to copy packages to SDPs at child sites. I looks most useful perhaps for preloading packages during initial set up of a new site. It does look like you need to be very aware of your package versions (both the source package versions and the package (.pck file) versions). It also seems to be a tool you can only use once per package per DP. Read the links to the blog posts below that cover the tool in detail.

You can source the tool from here:

Preload Package Tool for Configuration Manager 2007

This blog post gives some guidance and advice about using the tool:

ConfigMgr 2007: The Preload Package Tool (PreloadPkgOnSite.exe) Explained

This blog post also expands on the above one a little:

Packages Will Not Uncompress After Using Preloadpkgonsite.exe

I hope to either update this post or post more on this topic in the future as I get to know these tools better.

Setting Power Management Options on a Network Card

I'm currently working on implementing Wake on LAN (WOL) for a customer's network.  I'll probably post more on what I've found out will researching this in the future.  Today I thought I'd share a script I've created to enable the correct power management options, that are needed on the appropriate network adaptors, to ensure WOL works.
 I wanted a script to ensure the three options in the screen grab below are enabled.  PowerShell is my preferred scripting solution, and this customer also wants as much scripting done in PowerShell as possible.  I found a number of VBScripts examples that I then used to construct my PowerShell script, so I don't take credit for the logic here but I couldn't find a complete PowerShell solution so I hope this is useful for someone.  I'm no PowerShell guru, so if anyone sees ways to improve this script - please feel free to share ideas.


Anyway, here is the screen grab showing the settings I wanted to set:

Here are some links to where I got my logic and ideas from:


ConfigMgr 2007: Implementing Wake-on-LAN (WoL):  This article explains setting up WOL with ConfigMgr very well and includes a VBScript that was my main source for understanding what WMI exposed that I could use for my script


Configure a Network Adapter to Wake a Computer Via PowerShell:  This article was where I found the base I used for my script in PowerShell, it shows how to get at one of the properties via WMI, after figuring this out the rest of the script was easy.


My script follows below.  One thing I've added that is different from the two great articles above is that I look only for physical ethernet adaptors.  I don't try to configure these settings on virtual adaptors or wireless adaptors (others might want to do this for wireless adaptors, Windows 7 does support WOL over wireless, but that isn't a requirement for my customer).  Eliminating virtual adaptors from being configured stops the script touching the various virtual adaptors that various remote access solutions like to add to Windows.

#
# 
# Purpose:  Enables Wake on LAN (WOL) settings on active wired network cards
# 
# Usage : powershell.exe -f .\EnableWOL.ps1
# 
# Version 1.0
# 
# Maintenance History
# ----------------------------------------------------------------------
# Version   -    Date      -    Change           -       Author
# ----------------------------------------------------------------------
# 1.0            18/06/12       Script Created           justanothertechnicalblog
# 
# 

$nics = Get-WmiObject Win32_NetworkAdapter -filter "AdapterTypeID = '0' AND PhysicalAdapter = 'true'"
 
 
foreach ($nic in $nics)
  {

   $nicName = $nic.Name

   Write-Host "--- Enable `"Allow the computer to turn off this device to save power`" on $nicName ---"
   $nicPower = Get-WmiObject MSPower_DeviceEnable -Namespace root\wmi | where {$_.instancename -match [regex]::escape($nic.PNPDeviceID) }
   $nicPower.Enable = $True
   $nicPower.psbase.Put()
  
   Write-Host "--- Enable `"Allow this device to wake the computer`" on $nicName ---"
   $nicPowerWake = Get-WmiObject MSPower_DeviceWakeEnable -Namespace root\wmi | where {$_.instancename -match [regex]::escape($nic.PNPDeviceID) }
   $nicPowerWake.Enable = $True
   $nicPowerWake.psbase.Put()
  
   Write-Host "--- Enable `"Only allow a magic packet to wake the computer`" on $nicName ---"
   $nicMagicPacket = Get-WmiObject MSNdis_DeviceWakeOnMagicPacketOnly -Namespace root\wmi | where {$_.instancename -match [regex]::escape($nic.PNPDeviceID) }
   $nicMagicPacket.EnableWakeOnMagicPacketOnly = $True
   $nicMagicPacket.psbase.Put()
  }

UPDATE 19 June 2012:
Testing today on a laptop I found the above script will identify the inbuilt Intel Centrino Ultimate-N 6300 AGN on a Dell Latitude E6510 as an Ethernet adaptor when it plainly isn't. It then fails to set some of the properties above as they are not supported. Not a big deal, the inbuilt Ethernet adaptor is treated correctly so the result is successful, but messy.  I might have to use the 'netenabled' filter used in the PowerShell Guys' posting above.

UPDATE 06 July 2012:
Here is my updated script to exclude wireless and other cards:

# ---------------------------------------------------------------------- 
#
# Purpose:  Enables Wake on LAN (WOL) settings on active wired network cards
#
# Usage : powershell.exe -f .\EnableWOL.ps1
#
# Version 1.0
#
# Maintenance History
# ----------------------------------------------------------------------
# Version   -    Date      -    Change           -       Author
# ---------------------------------------------------------------------- 
# 1.0            18/06/12       Script Created           justanothertechnicalblog
# 2.0            04/07/12       Updated to exclude       justanothertechnicalblog
#                               Wireless/WiFi/Bluetooth


# Get all physical ethernet adaptors
$nics = Get-WmiObject Win32_NetworkAdapter -filter "AdapterTypeID = '0' `
                                                    AND PhysicalAdapter = 'true' `
                                                    AND NOT Description LIKE '%Centrino%' `
                                                    AND NOT Description LIKE '%wireless%' `
                                                    AND NOT Description LIKE '%WiFi%' `
                                                    AND NOT Description LIKE '%Bluetooth%'"


foreach ($nic in $nics)
  {
  
  $nicName = $nic.Name
  
   Write-Host "--- Enable `"Allow the computer to turn off this device to save power`" on $nicName ---"
   $nicPower = Get-WmiObject MSPower_DeviceEnable -Namespace root\wmi | where {$_.instancename -match [regex]::escape($nic.PNPDeviceID) }
   $nicPower.Enable = $True
   $nicPower.psbase.Put()
   
   Write-Host "--- Enable `"Allow this device to wake the computer`" on $nicName ---"
   $nicPowerWake = Get-WmiObject MSPower_DeviceWakeEnable -Namespace root\wmi | where {$_.instancename -match [regex]::escape($nic.PNPDeviceID) }
   $nicPowerWake.Enable = $True
   $nicPowerWake.psbase.Put()
   
   Write-Host "--- Enable `"Only allow a magic packet to wake the computer`" on $nicName ---"
   $nicMagicPacket = Get-WmiObject MSNdis_DeviceWakeOnMagicPacketOnly -Namespace root\wmi | where {$_.instancename -match [regex]::escape($nic.PNPDeviceID) }
   $nicMagicPacket.EnableWakeOnMagicPacketOnly = $True
   $nicMagicPacket.psbase.Put()
  }

Windows 7, App-V and Slow Start-up and Logon

On a Windows 7 SOE I've just built for a customer, start-up and logon times were unacceptable.  There was a number of reasons for this, but one was actually caused by App-V.  Who would have thought?  Microsoft has released several hotfix rollup packages for App-V and the last one certainly improved start-up and logon times for this customer. 

I was just looking for details to post here and found the following blog post on TechNet that also covers this topic:

App-V: Refresh “On-login” and Slow Startups in Windows 7


Here is a link to the latest hotfix rolloup package:

http://support.microsoft.com/kb/2571168

Experiance with this customer certainly showed the hotfix rollup is worth installing

iTunes Metadata and iTunes Match

My iTunes metadata is a mess.  I signed up to iTunes Match when it was first released in Australia and think it is a good solution.  If iTunes Match knows what my music is, why can't I use Apple's metadata to clean up the metadata in my iTunes library?

I can!!!

This isn't bullet proof, I find perhaps twenty percent of songs that are matched but don't seem to have metadata available from Apple.  I also find songs from some albums will get marked as the single or an iTunes release and mess up groupings via album, but I can fix that up afterwards.  All in all though it works pretty well.  See this post.  Like the original poster, I'm in Australia his script is perfect for me.

http://beaugil.es/2012/03/fix-metadata-with-itunes-match/

NOTE:  I'm using OS-X 10.6.8 so had to install the XCode from my Snow Leopard media and not the App Store, but otherwise the instructions in the above post worked perfectly.

UPDATE 01 JULY 2012:  After a recent update from Apple installed on my computer the ruby script stopped working.  I think it was an iTunes update.  Follow this link for details on how to fix this issue:

http://www.apeth.com/rbappscript/04appobject.html#staticterminology

Hewlett-Packard, TPM and Task Sequences

After posting on this topic for Toshiba machines I was going to do the same for Hewlett-Packard machines today, but there is a fair bit of information out there already on this topic so I will not repeat it.  There wasn't when I originally built my task sequences in 2010 for our HP fleet and it took me a while to discover how to do it.  Anyway, here are a several of good links:

• Enable TPM via Task Sequence on HP Boxes

• Enable BitLocker on HP Laptops via OSD

• ConfigMgr, Bitlocker, TPM and HP

Checking if TPM is Enabled and Activated

Yesterday I posted about a tool that you can use to configure TPM on Toshiba machines.  In our task sequence we also check to see if TPM is already enabled and activated and skip running the TPM tool if it is.  How?

We just have the following two WMI queries as conditions on in the task sequence group where that contains the task sequence action that runs the Toshiba tool.  The other task sequence action in this group is a 'Restart Computer' TSA.

Query One

WMI Namespace:

root\CIMV2\Security\MicrosoftTpm

SQL Query:

SELECT * FROM Win32_Tpm WHERE IsEnabled_InitialValue = FALSE

Query Two

WMI Namespace:

root\CIMV2\Security\MicrosoftTpm

SQL Query:

SELECT * FROM Win32_Tpm WHERE IsActivated_InitialValue = FALSE

The Deployment Guys at Microsoft have a more sophisticated way of doing this.  See their post over here:

http://blogs.technet.com/b/deploymentguys/archive/2010/12/22/check-to-see-if-the-tpm-is-enabled.aspx

Toshiba, TPM and Task Sequences

TPM can be activated on Toshiba notebooks using the 'Toshiba TPM Control Utility'. This utility allows the activation of TPM and can suppress the prompt to authorise this activation at the next reboot.  At time of writing, the utility is not available on the Toshiba web site, but talk to you sales team and your sales engineer should be able to source it for you.

This tool, when packaged in Configuration Manager and called using a ConfigMgr program causes the Task Sequence to fail, I'm not sure why. However, using a 'Run Command Line' task sequence action instead gets around this problem.  Package the utility in a software package but instead of creating a program just use the following command from a Run Command Line task sequence action and reference the package with the utility in it.

TTpmCtrl.exe /Enable /NoPPIProvision

Hello World

So I thought I'd give blogging a go as a way of saving things I learn as I build and support IT solutions.  This blog is starting off as something for me, but if the information becomes useful for others, who knows where it might go.

Now all I have to do is come up with what I'll post first.