Don’t you just wish you could set all your clients to boot from network, and let the PXE server evaluate whether or not it should load the WinPE image to redeploy the computer? Well you can with SCCM using mandatory advertisements of course… but I’ve written a little script that will achieve the same functionality using native MDT, without the use of the SCCM infrastructure :)

Here’s how you do it:

  • Requirements:
    • MDT2010 (beta 2) /WDS installed on Windows Server 2008
    • Powershell enabled on the WDS server
    • MDT deployment share configured to use the database (i’m using an SQLEXPRESS instance configured on the same machine as MDT/WDS in this example)
    • SQL Server Management Studio or equal SQL server management tooling for editing the database.

Ok here we go and setting it up. First some simple stuff :)

  • Set your WDS server to admin approval mode

image

  • On the Directory Services tab, make sure you set the OU location in which the WDS server will create the temporary computer object for approved devices

image

  • Make sure your WDS server account has full control on the OU set in the WDS directory services

image

Ok, that was easy now wasn’t it?

Now let’s edit the MDT database to fit our needs. This assumes your already set up your database using the database wizard in the MDT Workbench.

  • Start the SQL Management Studio application and expand the MDT database (MDT_DB in this example)
  • Browse to Tables –> dbo.Settings –> Columns

image

  • Right click Collumns and select New Column

image

  • Give the new column the name of netBoot and type nvarchar(50)

image

  • Save and close the SQL management studio
  • Verify the database expansion was successful by opening the MDT Workbench and navigating to the database view > Computers > properties

image

  • Select the Details tab and browse all the way to the bottom to verify that the netBoot value is there

image

Ok, that was part 1 of the configuration. Now we have to know what to actually do with this extra field in the database. Well that’s where my script comes in. Here’s how you install it.

  • Run the following command as an administrator on the WDS/MDT server:
    • Server 2008: Powershell.exe –command “ & {Set-ExecutionPolicy Unrestricted } “
    • Server 2008 R2: Powershell.exe –command “ & {Set-ExecutionPolicy Bypass } “
  • Download the MDT-ZTI.ps1 file to your WDS/MDT server (in this example I’m using D:\MDT-ZTI.ps1)
  • Start Task Scheduler and Right click library > Create Task

image

  • Give the task a name of your liking. I’m using MDT-ZTI in this example.

image

  • On the triggers tab select: New

image

  • Begin the task: On an event

image

  • Log: Microsoft-Windows-Deployment-Services-Diagnostics/Operational
  • Source: Deployment-Services-Diagnostics
  • EventID: 4096
  • Click Ok and go to the Actions tab and select New

image

  • Add action

image

  • Start a Program
  • Program/Script: Powershell.exe
  • Add Arguments(optional): –command D:\MDT-ZTI.ps1

Ok the ZeroTouch “service” is almost ready to go. Now there’s another thing that we need to configure… we have expanded the MDT database to contain an extra column…  but how does the service know what database and what database server to use?. Well that is hardcoded in the top of the configuration of the MDT-ZTI.ps1 file. In the future I will be using params() from powershell, but for now just change it in the top of the script.

# //***************************************************************************
# // Configuration:
# // Notes: Set the database name and datasource for your environment here.
# // For SQLEXPRESS on the same server use "\SQLEXPRESS" as datasource  # //***************************************************************************
$Database = "MDT_DB"
$DataSource = ".\SQLEXPRESS"

 

 

Now how does the “service” know what computers are allowed to boot into WinPE and what computers should boot to the next boot device? That’s a simple 3 part answer:

  1. Every computer that is NOT in the MDT database will be rejected (pxeabort.com) by the ZTI.
  2. Every computer that IS IN the MDT database will be polled for the value of netBoot.
  3. If the value of netBoot does not equal FALSE it will approve the device so it will load the boot image, and then set netBoot to FALSE so the device won’t load the boot image on the next reboot :)

So if you have a computer which is not booting into winPE just clear the netBoot field in the database and on the next reboot it will boot into winPE.

IMPORTANT: Please be sure to test this first in a test environment first, it is not recommended to implement this in production directly.

Download:  MDT-ZTI