Windows 7 / Getting Started

Targeting and Execution

Like other deployable objects in ConfigMgr, task sequences must be deployed to a set of systems defined by a collection. Targeting a task sequence is similar to software distribution. Deployments can be either required or available. (This is the new terminology for ConfigMgr 2012; in ConfigMgr 2007, these were respectively referred to as mandatory or nonmandatory advertisements.) Required task sequences execute according to the defined schedule and require no human intervention.

CAUTION: REQUIRED TASK SEQUENCES
Poorly planned or executed required task sequences have wiped out production Exchange servers, CFO's laptops, and entire casinos, to name just a few known examples. Be careful when using required task sequences and ensure that you target the systems that you think you are targeting. There is no technical way to prevent administrator misconfiguration, whether accidental or willful.

You must define a network access account for task sequences to execute successfully. This is because part of the task sequence executes in an environment-WinPE-that has no identity on the network but requires access to network resources in the form of content on the DPs. Therefore, OSD uses the network access account as its identity for those tasks that require authentication across the network. The network access account requires no special permissions; it should be a normal user account and following the least-user privilege paradigm should not be any sort of administrator. Follow these steps:

  1. In the console, navigate to Administration → Site Configuration → Sites.
  2. In the right pane, select the site where you want to configure the Network Access account.
  3. Choose Software Distribution from the Configure Site Components fly-out menu on the ribbon bar or the right-click context-menu.
  4. In the Software Distribution Component Properties dialog, select the Network Access Account tab. On this tab, select the Specify the account that accesses network locations option and use the Set button to configure the account.

To create a task sequence deployment, select the task sequence in the console, and choose Deploy from the ribbon bar or right-click content menu. This displays the Deploy Software Wizard with the following significant pages:

  • General: On this page, choose the collection to target with this task sequence.
  • Deployment Settings: Choose the purpose for the task sequence on this page: either Available or Required. Also, choose to make the task sequence available to boot media and PXE. Not choosing this option prevents the task sequence from being used for new computer scenarios.
  • Scheduling: This page is for setting the available and expired times for the task sequence. For required deployments, you must also add an assignment schedule and choose the rerun behavior from these self-explanatory options:
    • Never rerun deployed program
    • Always rerun program
    • Rerun if previous attempt failed
    • Rerun if succeeded on previous attempt
    Do not confuse the start time with the assignment schedule times. Deployment start times merely indicate when the deployment is visible to the targeted system, and assignment schedule times are when required deployments are actually set to run.
  • User Experience: The following check box-based options exist on this page:
    • Allow users to run independently of assignments-this option is always checked for available deployments
    • Show Task Sequence progress
    • Allow software installation outside the maintenance windows
    • Allow system restart outside the maintenance window
    • Allow task sequence to run for client on the Internet
  • Alerts: This page is for setting up console-based alerts according to a threshold for successful or failed deployments. Only failed deployment alerts are available for available deployments.
  • Distribution Points: On this page, specify if content is downloaded locally when needed by the running task sequence or if content is downloaded locally before starting the task sequence. In addition, the following two check boxes are provided to direct DP selection for content:
    • When no local distribution point is available, use a remote distribution point
    • Allow clients to use a fallback source location for content

Known Computers As the name implies, known computers are those ConfigMgr has knowledge of. These are easy to target because they already exist as resources in ConfigMgr. You can add known resources to specific collections that have specific task sequences targeted at them. For example, you may have different task sequences for different Windows versions or editions or different departments in your organization. The requirements for each of these deployment types is separated into different task sequences that in turn are deployed to distinct collections. Placing the system into one of these collections deploys the corresponding task sequence to that system.

It is possible to pre-stage resources in ConfigMgr as long as you know the system's Media Access Control (MAC) address or SMBIOS GUID. Pre-staging computers is often used for new computer deployment scenarios. Pre-staging the systems allows you to place the computer resource in a specific collection so that it automatically receives a specific task sequence targeted at that collection. To pre-stage systems, follow these steps:

  1. In the console, navigate to Assets and Compliance → Overview → Devices . Choose Import Computer Information from the ribbon bar or right-click context menu.
  2. This launches the Import Computer Information Wizard, where you can add a single or multiple systems to the ConfigMgr database as a computer resource.
    • To add a single computer, choose Import single computer from the first page of the wizard. The next page is the Single Computer page. Enter the desired computer name and either the MAC address or SMBIOS GUID of the new system; both are not required and using the MAC address is preferred because it is usually easier to obtain. If both are supplied, the SMBIOS GUID is tried first. You can obtain this information when PXE booting a system from the PXE boot screen or by checking smspxe.log. You can also get this information shipped to you by the computer manufacturer when it sends you the hardware. (Although ConfigMgr administrators often don't see the shipment manifest.)
      TIP : LOCATING THE SMSPXE.LOG
      If the PXE deployment point is on a site server, the smspxe.log is located in % ProgramFiles %\SMS_CCM\Logs; otherwise, you can find it in % windir %\system32\ccm\logs.
      You can also specify a source computer to import user and system state settings from; this creates a computer association with the specified computer as the source and the new system as the target. Do not confuse importing a computer using this wizard with creating a computer association. By specifying a source computer in this wizard, a computer association will also be created for you automatically; these are by no means the same thing though.
    • Importing computers one at a time can be time-consuming; alternatively, you can import multiple computers at once using a file formatted with commaseparated values (CSV). Create this file with Microsoft Excel, Notepad, or any other text editor and save the file using plain text format. The file must contain the desired names of the systems and either their MAC addresses or SMBIOS GUIDs, comma-separated. Optionally, you can specify the source computer for user and system state migration.

To import multiple computers, choose the Import computers using a file option from the Import Computer Information Wizard. The wizard prompts you for the CSV file to use and allows you to map the data in the file to the correct columns. The last page of the wizard is the same whether you import a single or multiple computers: Choose to add the new systems to the All Systems collection or to one you specify. You should choose to import the new systems into one of your OSD collections, so the appropriate task sequence-based deployments also apply to your new systems.

A major limitation at RTM for importing systems is you can only import new computer resources into collections directly limited by the All Systems collection. For larger environments making extensive use of role-based administration (RBA), this may pose a serious challenge and should be considered when designing your collection hierarchy and RBA strategy.

CAUTION: UNIQUE SMBIOS GUIDS
SMBIOS GUIDs are values set by the computer manufacturer at the factory. By definition, SMBIOS GUIDs are unique; however, this is not always the case. Many manufacturers of custom hardware solutions or generic systems do not configure unique values; this has also been known to happen with motherboard replacements by tier-one hardware vendors. For the most part, ConfigMgr does not have an issue with this; however, during PXE boot operations, the PXE booted system identifies itself to ConfigMgr using the SMBIOS GUID. With non-unique values, this becomes problematic. There is no supported solution to address this in ConfigMgr because the hardware vendors are not following their own accepted guidelines and standards for populating this value.

Unknown Computers Prestaging all systems is a potentially labor-intensive task. An alternative to pre-staging systems not already in ConfigMgr is to use the two built-in unknown computer resources: one for x86 systems and one for x64. These resources do not represent a real computer but are used to target task sequence deployments for any system not yet known to ConfigMgr. Thus, any time a system not already managed by ConfigMgr begins the OSD process, one of these two objects is used to determine which task sequences are applicable. Unknown computer targeting is only applicable to new computer deployment scenarios in which the system is either PXE booted or booted from media directly into WinPE.

The All Unknown Computers collection is not a special collection in any way. It is often used because by default it contains the unknown computer objects. It is perfectly acceptable to add the unknown computer objects to other collections or remove them from the All Unknown Computers collection to manipulate task sequence deployment targeting; however, adding the unknown computer objects to multiple collections makes all task sequences deployed to those collections available to any unknown system starting a task sequence.

Each primary site has its own corresponding unknown computer objects. In practical terms, there is no real functional difference between the unknown objects of different sites: Unknown is unknown no matter which site the object lives in. If a system is unknown, it uses the unknown object of whichever site's management point it connects to during the initial start-up phase of the task sequence. With dynamic boot media, this could be variable based upon a client's location, making it possible to use different task sequences for unknown computers in different sites.

You must separately enable unknown computer support on each PXE-enabled DP and any boot media that you create. You may have reasons not to enable it for each and every one of these, though; this is perfectly valid.

Perform these steps to enable unknown computer support for your PXE-enabled DPs:

  1. In the console, navigate to Administration → Site Configuration → Servers and Site System Roles , and select the site system hosting the DP.
  2. In the Detail pane at the bottom, select Distribution Point , and then choose Properties from the ribbon bar or right-click context menu.
  3. Select the PXE tab in the resulting Properties dialog, and check the Enable unknown computer support check box.

You can only enable boot media for unknown computer support at the time you create the media using the Create Task Sequence Media Wizard.

If a computer resource in ConfigMgr contains either the SMBIOS GUID or MAC address of a system, that system is known by ConfigMgr whether it has an active ConfigMgr client agent on it or not. This, by definition, means that the system is not unknown, and therefore task sequences targeted to the unknown computer resources are not applicable to it. To make a system unknown, simply delete the computer resource in ConfigMgr that contains that system's MAC address or SMBIOS GUID.

Sometimes it is difficult to locate which resource in the console references a system's MAC address or SMBIOS GUID.

Content Availability For a task sequence to be successful, all the content it references and needs to execute must be available to the client while the task sequence runs. The first thing that the task sequence engine does when it executes a task sequence is verify that all content referenced in the task sequence is available on an accessible DP. Instead of manually having to find all the content in the task sequence and individually assigning each to a DP (as you had to in ConfigMgr 2007), the new Distribute Content Wizard in ConfigMgr 2012 determines all the content statically referenced in a given task sequence and assigns it to a DP. To launch this wizard, select any task sequence in the console and choose Distribute Content from the ribbon bar or right-click context menu. The only choice to make during the wizard is to choose a target DP or set of target DPs.

[Previous] [Contents] [Next]