Saturday, 30 May 2020

Deploying Packages in Intune with a Task Sequence - Part 1

A Task Sequence Bridging Solution

There are a number of modern type packages that  Intune solution can deliver.  From a business and usability perspective it may not be possible to upgrade legacy packages to APPX or MSIX packages.  In addition, it may not be financially worth the packaging effort.  There will be many companies with a large repository of SCCM applications and SCCM packages, as well as SCCM Task Sequenced based installation.

The following solution has been tested as a proof of concept and confirmed to address the following requirements
1)    The ability to run SCCM task Sequences on mobile devices registered in Intune.
2)    The ability to allow SCCM Application based packages in SCCM to be installed using Intune (via the Task Sequence as a workaround)
3)    The ability to allow SCCM standard packages in SCCM to be installed using Intune (via the Task Sequence as a workaround)
4)    The ability to run advanced system configuration changes (via the Task Sequence workaround)
5)    The ability to do the above in Intune standalone or Intune comanaged environments.
Many companies have thousands of applications and packages registered in SCCM and these packages represent a vast investment over the years in which SCCM has been used for software distribution.  

 Creating the TS Bridge for Intune.


The process will be documented using a Task Sequence that does the following.
1)    Installs the SCCM client without any site assignment
2)    Puts the installed client into provisioning mode – using a WMI modification script
3)    Enables the client to install packages in standalone mode using a WMI modification script
4)    Uses USMT to make a backup of user data
5)    Copies the CMTrace tool to c:\Windows – this demonstrates a Run Command Line TS action step
6)    Installs Edit Plus application as a software package
7)    Installs the Visio viewer application as a software package





At the time of writing the solution is still in development mode and consists of some manual steps the need to be scripted.  These will be highlighted accordingly.

The process relies on the Stand Alone Media feature within SCCM.  The standalone media feature is based upon the OSD migration task sequence.  You cannot create a stand alone media file for a task sequence that that only contains application installations and run command line installations.  The workaround to this is to create a standard Operating System Migration task sequence that contains the required applications, and then to disable the OSD steps that are not required.  This allows us to create a stand alone media file iso file that will only install the required applications or command line configuration steps.

The main steps to the solution are as follows

1)    Creation of the Task Sequence to install the required applications.
2)    Copy of the SCCM client source files to the user’s device
3)    Creation of the Stand alone Task Sequence media as an ISO file and the creation of a prestart batch file to install the SCCM client.
4)    Creation of a virtual disk and copying the stand alone media task sequence files onto the disk
5)    Copying the virtual hard drive to the device and connecting the d: drive to this virtual disk
6)    Creating an Intune Win32 application that runs a batch file that installs the SCCM client and runs the stand alone task sequence.
Steps 2 and 5 can be automated and actioned by the Intune agent – for now they are manual steps to prove the feasibility of the concept.
To demonstrate this process as a proof of concept you will require
1)    A DC and a SCCM instance
2)    A task sequence to deploy an operating system and apply the required packages
3)    A virtual or a real machine with the Company Portal installed and enrolled into the Intune tenant (the device does not need to be a member of the on premise domain.

Creating the Stand Alone Task Sequence


Action
Display
In SCCM create the required packages and applications that are to be installed.  In this example we have created the following packages in the screen shot to the right.  The boot image package and Operating System Image packages are only required to allow us to create the standalone task Sequence.  We disable these before creating the standalone task sequence.  Even though they are not required or used, this allows us to proceed with the stand alone media creation.


Log onto a device with the SCCM console installed. In this document we will refer to this as your resource server. In the CM con


sole navigate to Software Software Library\overview\task Sequences.
Right click and select Create  New Task Sequence.  Select the Install an existing image package and click Next
Enter a name for the Task Sequence – in this case we enter Deploy SCCM TS with Intune and select a boot image (note this will not be used – it’s purpose is to allow us to create the TS).  Click on Next
Select an Operating System Image and click on Next
Type in a workgroup name and click on Next
Select a package with the SCCM client source files and click on Next
If USMT data capture is required, select a USMT package and click on Next
If software updates installation is required select  an option, otherwise click on Do Not install software updates and click on Next.

Note: This procedure has not been tested for the installation of software updates
Select any Applications that are required and click on next.  If desired click on the option to allow the TS to continue if an app fails

Note:  At the time of writing the process has only been tested against SCCM packages
On the Summary window click on Next to Continue
The TS creation completes
Right click on the created TS and disable the steps that are necessary for the OS installation, but not for a TS that installs applications, packages and required configuration changes.
In this example we disable most steps from the start of the TS and to the end of the Setup Operating System sections
Note: do not delete these steps – only disable them.
Add your required applications and packages, and any other functions such as running scanstate.  Organise the steps for general tidiness as shown
For a belts and braces approach add the following Run Command line to enable the software distribution component of the SCCM client (We will also be adding the WMI steps to the script that installs the sccm client)

The command is as follows:

WMIC /namespace:\\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName="Enable SWDist", Enabled="true", LockSettings="TRUE", PolicySource="local", PolicyVersion="1.0", SiteSettingsKey="1" /NOINTERACTIVE
Note: The Run Command line can also be used as an alternative to installing apps via SCCM applications or packages – one advantage of this is there is no requirement to install the SCCM client.  The disadvantage of this is all existing applications and packages will need to be tested and possibly modified to install as Run Command Line installations


SCCM Client Source Files and Folders

Note:  In this scenario we prepare the SCCM client source files and the installation batch file and copy them to the test client.  This is to be automated in the completed solution

Step
Display
Create the following folder tree on your resource server – c:\SCCMTSClient\client.  Copy your SCCM client source files into this directory.

In this folder created a batch file called ccminst2.cmd. 

Add the following lines of code to this batch file and save it.
cd c:\
cd sccmtsclient
cd client
echo %time% >> time.txt
ccmsetup.exe
WMIC /namespace:\\root\ccm path sms_client CALL SetClientProvisioningMode "True" /NOINTERACTIVE
WMIC /namespace:\\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName="Enable SWDist", Enabled="true", LockSettings="TRUE", PolicySource="local", PolicyVersion="1.0", SiteSettingsKey="1" /NOINTERACTIVE



Copy the above directory to the root of your test client.  Thus on your test client you will have a structure similar to the one on the right of this table

On your test client create the following directory c:\buildtools\VHDPopulated



Step
Display
On your resource server create the following folders c:\buildtools\StandAloneMedia.
C:buildtools\EmptyVHD
C:\Buildtools\PopulatedVHD
C:\buildtools\Standaloneiso
 Copy c:\SMSTSClient\client\ccminst2.cmd to c:\buildtools

On your resource server open the SCCM console and navigate to Software Library\Overview\Operating Systems\Task Sequences

Right click and select Create Task Sequence Media.  Select Stand-alone media option.

Click Next.  In the media type windows click cd/dvd and set the size to unlimited.  In the media file part enter in c:\buildtools\standalone\tsintunebridge.iso
Click on Next

Deselect protect password media with a password and click on Next.

Note:  If desired you can add a password however the solution has not been tested with that configuration

In the select task sequence windows browse to the SCCM Task sequence created earlier and click on Next

In our example we are only installing SCCM packages thus there are no application source files to select in the Select Application window.  Click on Next

In the Select package content to add section click on Next

In the Select Driver package window click on Next

In the select distribution points for media add the required Distribution point and click on Next





In the Customize Task sequence media window click on Enable prestart command

In the Command Line box enter in cmd.exe /c c:\SMSTSClient\client\ccminst2.cmd

Note: The above can be modified so that the various files for the SCCM client installation can be placed into a package – the way the Include files for the prestart command option can be used.

Click on Next

The standalone iso is created.

No comments:

Post a Comment

Deploy Windows 11 with MDT - Supported

 Introduction The Microsoft Deployment Toolkit (MDT)  has been used by many companies for the provisioning of operating systems.  It does ha...