Powershell – Searches for file in C:\users\*, removes any instance of the file

Powershell – Scan for AD Computers with MS Update(s) installed

Dell Client Configuration Toolkit (DCC/CCTK) – Adding a BIOS password using an executable

Using Dell Client Configuration Toolkit, make sure you change the variables that you want to change – in this case, the Setup Password.

Then, create an executable to deploy using DCC’s “Export .EXE” button.

Once this is exported, you can run this portable .exe on any Dell computer that can accept these packages to input the System Password.

You should be set!

If you already have a previous BIOS password in place and are looking to replace it with the contents of the executable, the executable will return an error with the following line The old password must be provided to set a new password using --valsetuppwd.. You will need to re-run the .exe as follows:

The BIOS Setup Password has now been set.

MDT – Create install.wim from install.esd

Create install.wim from install.esd

Download a fresh ISO using Microsoft’s MediaCreationTool.exe . Download link: https://go.microsoft.com/fwlink/?LinkId=691209

It does not matter which edition is selected, for this is defined later in the instructions.

Once downloaded, copy the ISO’s source files to the system so that you can browse and edit the files/folders.

Find the file C:\RemoteInstall\-ISOs\Windows10Prox64-2017-08-11Extracted\sources\install.esd . From this file, we will extract the install.wim file.

Open Command Prompt and ‘cd’ into the sources directory.
*You must use Command Prompt; PowerShell will return errors.

To make sure we select the correct Index, verify by typing the following. (WIM files by nature include multiple images):

***If this is on Windows 7, we need to run these commands from the location of the installed ADK. In this case, we navigate to: cd C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\x86\DISM"
From here, we can run the following command, such as:
dism /get-wiminfo /wimfile:C:\DeploymentShare\-ISO\install.esd

Lets say we verify that we are using Index:1 (SourceIndex), the next command is as follows:

This will create the install.wim that we need.

On the WDS/MDT server, we will import this .WIM by opening Deployment Workbench (MDT). Right-click Operating Systems and select the newly created .WIM .

Select ‘Custom image file’.

Once you reach Finish, the Operating System has been imported. You can now move on to adding a Task Sequence to reference this Operating System.

How to add a shared network printer to a Domain Controller, and add it as a Group Policy Object

In this process, we will learn how to add a shared network printer to a Domain Controller, and then add it as a Group Policy Object.

 

Part 1 – Configuring the TCP/IP print driver on the server

Open “Devices and Printers”.

Click “Add Printer”. Click “The printer that I want isn’t listed”.

Click “Add a local or network printer as an administrator”.

Select “The printer that I want isn’t listed” again.

Select “Add a printer using a TCP/IP address or hostname”.

Enter the IP Address of the printer. The port name will fill itself in.

You will then be prompted to install a print driver. If Windows doesn’t automatically find a driver for you, you may need to download the driver files. I had to manually download a print driver specifically Brother’s site. To specify the location of the downloaded files, click “Have Disk…”.

Browse to the folder containing the driver files and select said folder.

Once the correct driver is selected, click “Next”.

Type the desired name of the printer.

Once the print driver is installed, you can choose to share or not share this printer. As this is the default option, select “Share this printer”. This option can be changed after the setup is complete.

Now that the printer is installed on the server, edit the printer properties to verify the printer is shared and listed in the directory. Right-click the printer and select “Printer properties”.

Click the second tab “Sharing” and click “Change Sharing Options” so that you can edit the settings. Tick the box “List in the directory” and click “Apply”.

Part 2 – Creating a GPO for the printer install

Now that the printer is listed in the directory, we will create a Group Policy Object (GPO) for the printer install. Open Group Policy Management.

Create a new Group Policy Object by selecting your Domain, right-click “Group Policy Objects”, and select “New”.

Create a name for your new policy. I will use the GPO title “Printer – Upstairs Reception Brother L5900DW”.

Right-Click the new GPO and click “Edit”.

Navigate to “User Configuration” – “Preferences” – “Control Panel Settings” – “Printers”.

Right-click in the white space and select “New” – “TCP/IP Printer”.

Enter the IP Address of the network printer, give the printer a local name that the user will see, and select the printer from the directory listing. Click OK, then click Apply.

The GPO has been created. Apply this GPO to an Organizational Unit (OU). When the user in that OU logs on, the printer will be installed on their local workstation.

Enable Powershell Remoting

Here is a quick script to run on client and host computers to Enable-PSRemoting connectivity between both computers:

MDT Network error – WinRM – Change the network connection type

During my MDT Task Sequence, I have a Powershell script that runs to configure a few settings. One of those settings is to enable Powershell remoting with the WinRM command. (although there are a few commands that must be run to enable Powershell remoting, I had only experienced an error with this command). This is done by

Unfortunately, MDT cannot run this command it it’s native Network Connection Status/Category. This is the error I was receiving:

Code=”2150859113″
“WinRM firewall exception will not work since one of the network connection types of this machine is set to Public. Change the network connection type to either Domain or Private and try again.

In order to run the winrm command successfully, the Network Connection type must be changed to ‘Private’. So at the top of my script, I have the following Powershell command that allows winrm to be run with no interference.

 

Deploy/Image a system with the pre-configured MDT/WDS settings

  1. Boot up the computer that will be receiving the image.
  2. Boot into PXE. This can be done by pressing F12. Once a connection to the DC (WDS Server) is established, press F12 again to pull up a list of WDS Boot Images.
  3. Select the boot image: “Lite Touch Windows PE (x64)”.
  4. Microsoft Deployment Toolkit will load up. First, click “Run the Deployment Wizard to install a new Operating System”. Then proceed to connect to the Deployment Share by finding the server/share: \\SERVER01\deploymentshare$\
  5. Enter Domain Admin credentials.
  6. Select the desired MDT Task Sequence. The current desired Task Sequence is of Windows 10 Pro full deployment: “Win10Prov1703 2017-08-11 No Metro Apps”. Select Next.
  7. Keep the current computer name by pressing Next.
  8. Select “Do not move user data and settings” and press Next.
  9. Select “Do not restore user data and settings” and press Next.
  10. Select “No product key is required” and press Next.
  11. Select the correct Time Zone and press Next.
  12. When MDT asks to install program, do not select any, as this is already defined in the Task Sequence. Press Next.
  13. Enter the Administrator password and press Next.
  14. Select “Do not enable BitLocker for this computer” and press Next.
  15. Press “Begin”.
  16. After about 30 minutes, the system will be imaged, and all of the predefined Task Sequences will have been run.
  17. The only other task that must be manually run is to add the computer to the domain. This will require a reboot.
  18. Once this is completed, the computer is ready for Active Directory user login.

Active Directory – OU is protected from accidental deletion

By default, an Organizational Unit is protected from accidental deletion upon creation. In order to delete the OU, you can edit the OU’s properties by Right-Clicking on the OU and selecting ‘Properties’. From here, we have two ways of doing this:

1. Select the ‘Object’ tab and un-check “Protect object from accidental deletion”.

 

2. As an alternative, what un-checking this tab really does behind the scenes is remove the group ‘Everyone’ to the Security tab, without any permissions defined. If we remove the group ‘Everyone’ from the Security tab, this also allows the deletion of the OU as well. To revert these settings, we can re-check “Protect object from accidental deletion”.

Spiceworks – Enable Network Discovery and WMI

In order to allow Spiceworks to pull system information, you must make sure that Network Discovery is on, WMI is enabled, and Remote Administration is enabled. These commands are to be run on the client computer.

You can use the following 6 lines of cmd:

# Turn On Network Discovery:

# Enable Remote WMI:

# Turn on Remote Admin. Next line must be run if it can run, kept for redundancy. This is not a problem if the command doesn’t process:

After running these commands, Spiceworks should be able to audit the workstation.