ConfigMgr Task Sequence Collection

This is my “Clip Show” blog post, but hopefully you still find it useful.

I’ve been building out a Task Sequence that is just a collection of Task Sequence sections, or handy steps.  I’ll use this TS to pull sections from when I create new Task Sequences, and add / modify as I test in “Real” deployment Task Sequences. DOWNLOAD HERE *Note, this is not an actual Deployment TS, it’s meant to be imported and then have parts copied into your own TS.  All content, including some not used directly in this TS is included.

I have several sections, also a few handy steps for pause, wait, copying CMTrace local, and so on.  Many of these are borrowed from great community leaders such as Mike Terrill, Jason Sandys, Jörgen Nilsson, Mark Godfrey, and others (Sorry if I missed anyone)

  • Power Settings, CCMEXEC Change & Revert – This section will grab your current power settings, place in variable, set system to high performance, then restore them at the end of your TS.  It also has steps for changing the CCMEXEC service to auto start, instead of delayed, and back.
  • Upgrade Lockscreen – This section will change your lockscreen, designed for the Win10 In place upgrades.
  • User Lockouts – This section will use local group policy to block any users, either via AD Group, or users from local machine
  • AutoLogon – This adds account and keys for auto logon (for testing in lab)
  • Enable Mouse Support – This will enable the mouse cursor in the Windows 10 TS after WinPE steps are complete.
  • Windows 10 Tweaks – Several sub-sections of Customization gathered over the past years, many demo’d @ MMS2017

Power Settings info: https://garytown.com/change-and-restore-power-plan-during-ts

image

CCMExec Sevice to Auto & Back:

cmd.exe /c sc.exe config CcmExec start= auto
cmd.exe /c sc.exe config CcmExec start= delayed-auto

 

Upgrade LockScreen & User Lockout : https://garytown.com/change-lock-screen-image-during-upgrade-ts
I’ve made a few modifications since the post about this, moving the cleanup to a scheduled tasks, that will run during the upgrade deleting the Lock Screen images / Keys & cleaning up the Locked Out users, so users can log back in after.  It will also clean up the scheduled tasks.  I’ve left in the steps for you to add after the upgrade to do clean up as well, leaving you many options on how to implement this idea.  Each step has detailed notes in the descriptions.

image

 

AutoLogon: https://garytown.com/configmgr-osd-lab-add-autologon-account
Nothing changed from the blog post, just a reminder, don’t do this in production.
image

 

Enable Mouse Support: https://garytown.com/enable-mouse-support-in-win10-osd-during-state-restore
or Microsoft’s Official Post 13 days later: https://blogs.technet.microsoft.com
image

Enable

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableCursorSuppression /t REG_DWORD /d 0 /f

Reset (Disable)

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableCursorSuppression /t REG_DWORD /d 1 /f

 

Windows 10 Customizations / Tweaks

SetOSDInfo: https://home.configmgrftw.com/configmgr-osd-information-script/

Most of this section is straight from MMS: https://garytown.com/windows-10-customizations-mms2017-demos
Windows 10 Features, enable or disable some “features” in win10
OEM Info, allows you to set the information that is displayed in “System”
Explorer Tweaks – Covers things that modify things displayed on Desktop or Explorer

image

Group Branding includes changing the Lock Screen, Wall Papers, User Icons, Start Menu
Default Profile are tweaks that apply only at the user level, so these are added to the default profile.

image

Remove Default Apps, either a script to remove everything (That is specified in the script, not actually everything) at once, or a line by line option to be granular.
image

16 thoughts on “ConfigMgr Task Sequence Collection”

  1. Hey Gary thanks for putting all this in one place! I just wanted to let you know that our AV engine is flagging “TSModulesExport\TSModules_files\OSD-MMS-DEMO\StartMenuShortcuts\DMCabs\Sales\Vacation Planner.exe” as possible malware with a hash value of 6E2CA5D0F1E2C9BA 40B830B0419A0264 913B62A3417D5F34 252EEF69733D695F. I know it’s probably a false positive but wanted to make you aware.

    Reply
    • Thank you for the info. I have a few dummy EXE files that I used to create shortcuts for the custom start menu demos. I had several different fake apps to demo different departments getting different start menus.

      Reply
  2. Thank you so much for this wonderful collection of task sequence modules. I’ve been having a blast testing these out and cutting down on deployment time. Really nice work!

    This isn’t the first time I’ve read your stuff and I just wanted to thank you for making these kinds of contributions to the community.

    Reply
  3. First off, you’re awesome and this is one of the best posts I’ve ever seen on a blog!

    I broke out a few of the things that I wanted from your demo and made individual packages for my production environment. In doing so, I “broke” the Load_ComputerName.cmd script for the “Change This PC icon to Machine Name”. It was looking for the hard coded path so I ended up changing the path to the running directory variable.

    %~dp0setacl.exe -on “HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}” -ot reg -actn setowner -ownr “n:Administrators”
    %~dp0SetACL.exe -on “HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}” -ot reg -actn ace -ace “n:Administrators;p:full”
    %~dp0SetACL.exe -on “HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}” -ot reg -actn ace -ace “n:SYSTEM;p:full”
    reg import %~dp0ComputerName.reg /reg:64

    Reply
    • You are correct, most of my scripts are that way, as I’ve made sub-folders for them to keep them more organized. Glad you found these useful, and thanks for the comment to help others who just want to grab pieces.

      Reply
  4. It took a little convincing and explanation to our Security Analyst, it wasn’t the most comfortable conversation but we got past it. The product we use that detected it was McAfee. Despite ultimately verifying that the .exe was empty and benign, he suggested there may have been some attributes of the file itself that may have triggered the alert.

    On the other hand, the TS collection is helpful and really nice. I appreciate you willingness to share. Thanks.

    Reply
    • I’ve removed all of the exe files from the download that were part of the start menu demo. They were used as placeholder apps to better show off customized Start menus. I had several “dummy apps” in the download in the OSD-MMS-DEMO\StartMenuShortcuts\DMCabs\ folder, which were the sources for the icons in the customized start menu. That should clear up any issues, let me know if it still gets flagged, and I’ll see what else I can do.

      Reply
  5. Hi Gary,

    Any plans to update the removal aspects of this article as it pertains to Windows 10 1709? It seems that previous removal methods work for certain Apps only. I have come across some other sites with scripts and such that try to address this, however, they don’t have it well documented or packaged like you have done with this article.

    Reply
    • Hopefully sometime in the new year, it’s back burner though. Perhaps I’ll try to write up how you can find the new apps to add.

      Reply

Leave a Reply to Joe Novo Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.