Harvesting drivers from C:WindowsSystem32DriverStoreFileRepository and PNF files

  In my blog article with harvesting drivers tool here I described how to harvest drivers from the repository. I’ve being used that process on a different projects, and I noticed, that exactly the same driver with an exception of one file gets imported creating a duplicate. After a little bit of digging, we’ve found the culprit…


Compare two ZTIWindowsUpdate logs with this script to see which patches added and removed

The standard MDT step called “Install Windows Updates” calls ZTIWindowsUpdate.wsf script that essentially installs all updates from Microsoft Updates site. I, personally, recommend this method when building your golden images. Now, when somebody asks you, what has changed, the answer “the image was updated with latest patches” may not be sufficient. The attached script will…


Back to blogging!

I have not written any new blogs due to some technical difficulties and being extremely busy in last 8 months. Now the technical issues have been fixed, and I will share everything I was working on lately. It’s going to be about OSD, SCCM, MDT, Windows Client and more. Stay tuned 🙂


Bullet-proof version of ZTIWindowsUpdate.wsf

  I’m removing this page soon, since the new ZTIWindowsUpdate.wsf from MDT 2013 U1 works just fine.   Many of you use ZTIWindowsUpdate.wsf script that is a part of MDT to build your golden images. So do I. I came across two issues, that I fixed and I would like to share the modified version of…


Mask all important passwords in all MDT logs

By default, MDT logging routine masks the entire line if it sees the word “password”. I came across the problem with UDI, when using ZTIUserSatat.wsf, the encryption key is exposed in clear text in the logs with command line when ScanState.exe or LoadState.exe is called because there is no word “password” in the logging line. Regardless, you…


StartMBAMEncryption script updated!

In my previous blog post here: http://blogs.msdn.com/b/alex_semi/archive/2013/08/12/start-mbam-encryption-on-bitlocker-pre-provisioned-and-windows-to-go-drives.aspx?CommentPosted=true#commentmessage I talk about starting MBAM encryption as a part of SCCM Task Sequence, saving the key to MBAM database. Apparently, the script did not work on Surface Pro or pretty much any other tablet – it needs one more registry key under Policy\FVE – OSEnablePrebootInputProtectorsOnSlates I added this…


Dart Remote recovery starts too late in your OSD MDT Deployment? Here is the fix.

I hope everybody leverages DART Remote Recovery remote agent in their OSD task sequences with MDT integration. It works in conjunction with MDT Monitoring, and it starts when first “Use MDT Package” step runs in PE. This step is calling ZTISCCM.WSF script. The problem is, that there are lots of other errors, related to drive…


Prevent "half-baked" computers in your environment with special handling of failing steps in State Restore phase

I bet you’ve seen technicians, imaging computers, ignore failed task sequences when in Live OS already and giving those computers to the users. They make a judgment that computer was imaged “good enough” and it’s a hassle to escalate it and have some SCCM admin to look at it, investigating what happened. This simple script…


Meaningful error messages in SCCM OSD Task Sequence

How many times a technician came back to you reading some “4005” generic error back to you expecting your reaction and ability to troubleshoot by this error number? Endless times.   We all know you need SMSTS.LOG, a few minutes to find the “real” error somewhere above and only after that you can tell –…