AD Auth, Pre-flight, RegEx examples

new

« Prev
1
Next »

happysccm
New Member

Happy

Posts: 5

AD Auth, Pre-flight, RegEx examples May 15, 2020 5:45:44 GMT Jason likes this

Quote

Post by happysccm on May 15, 2020 5:45:44 GMT

I'm able to replace 90% of my MDT Wizard preflight - Can't set a warning for existing AD computer name, and nested group membership check (These are on Jason's roadmap and not big deals).

Thanks to CC for the nice example. I took it and customized it for my workplace. Still tweaking it bit by bit

My Task sequence starts by setting variable IsVirtualMachine to 'True' with a wmi query

SELECT * FROM Win32_ComputerSystem WHERE Model = 'Virtual Machine'

Then a powershell script puts the AssetTag output to the variable SystemAssetTag

(Get-CimInstance Win32_SystemEnclosure).SMBIOSAssetTag
Then a powershell script validates the AssetTag against a naming standard, output to AssetTagValid

Physical: MUXXXXXXXX

$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$assetTagRegex = '^(mu|MU|Mu|mU)[0-9]{8}'
$assetTag = $tsenv.Value('SystemAssetTag')
$assetTag -match $assetTagRegex

VM: MUXXXXXXXX-SOE

$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$assetTagRegex = '^(mu|MU|Mu|mU)[0-9]{8}(-)(SOE|soe|Soe)'
$assetTag = $tsenv.Value('SystemAssetTag')
$assetTag -match $assetTagRegex

If AssetTagValid = True

OSDComputerName is set to SystemAssetTag

Then the first UI++ is loaded. This copy is stored on the boot media so it can run before formatting the disk

UI++64.exe /disabletsvareditor /config:"CheckGroupMembership.xml"

<UIpp Title="SOE - Authenticate" Color="#3366ff">
<Actions>
<!-- User Auth to run the TS. Skip if location is off site imaging facility -->
<Action Type="UserAuth" Title="User Authentication" Domain="ad.happysccm.com" Group="All-Admin-Accounts" GetGroups="True" ShowBack="True">
<Field Name="Domain" ReadOnly="True" />
</Action>
</Actions>
</UIpp>

Then, I re-use format disk steps from MDT task sequence.

Then the main UI++ runs from a package.

This will prompt for a computer name if the AssetTag isn't valid. Enforcing the naming standard for physical machines.

Then set the computer name to uppercase

Then run preflight steps with the option to re-try

On Lan
Plugged in
Supported Model or VM - A script runs before and sets the variable ModelSupported to True if it's in our supported models list
UEFI Bios Mode or VM
TPM On or VM

<UIpp Title="Windows 10 - GUC" Color="#3366ff">

<Actions>
<!-- Set dummy values so logic below works  -->
<Action Type="TSVar" Name="XTPMAvailable">""</Action>
<Action Type="TSVar" Name="XTPMActivated">""</Action>

<Action Type="DefaultValues" ValueTypes="TPM" ShowProgress="True">
</Action>

    <!-- This step is for virtual machines  -->

    <Action Type="Input" Name="OSDComputerNameVM" Title="System Name" ShowBack="True" Condition='"%AssetTagValid%" <> "True"  And "%IsVirtualMachine%" = "True"'>       

     <TextInput Prompt="Computer Name" Hint="Enter the name for this system" Variable="OSDComputerName" Question="Please enter a computer name" Default="%_SMSTSMachineName%" /> 

    </Action>

    <!-- bare metal machines -->

    <Action Type="Input" Name="OSDComputerName" Title="System Name" Condition='"%AssetTagValid%" <> "True"  And "%IsVirtualMachine%" <> "True"'>

        <TextInput Prompt="System Asset Tag" Question="Enter the MU number of this system" RegEx="^(mu|MU|Mu|mU)[0-9]{8}" Variable="OSDComputerName" Default="%_SMSTSMachineName%" />

    </Action>

    <!-- Convert OSDComputerName to uppercase  -->

	<Action Type="TSVar" Name="OSDComputerName">UCase("%OSDComputerName%")</Action>

	<!-- Supported Model Check -->

	<Action Type="ExternalCall" Title="External Command">cscript.exe //NOLOGO //B WIN10OSDCheckHWModel.vbs</Action>

<ActionGroup Name="Preflight">
<Action Type="DefaultValues" ValueTypes="Asset,Network" ShowProgress="True" />
<Action Type="Preflight" Title="Preflight checks" ShowBack="True">

<Check Text="WLAN disconnected" CheckCondition='"%XWLANDisconnected%" = "True"' ErrorDescription="Only systems physically connected to the LAN can be upgraded to Windows 10." />
<Check Text="Not on battery" CheckCondition='"%XOnBattery%" = "False"' ErrorDescription="Only systems connected to AC power can be upgraded to Windows 10." />
<Check Text="Check hardware model" CheckCondition='"%ModelSupported%" = "True" OR "%IsVirtualMachine%" = "True"' ErrorDescription="This Model is not currently supported to run the Windows 10 SOE." />
<Check Text="Check bios mode" CheckCondition='("%XSystemUEFI%" = "True" AND %XSystemUEFI% = "True") OR "%IsVirtualMachine%" = "True"' ErrorDescription="Please update the BIOS firmware, ensure the boot mode is set to UEFI and Secure boot is enabled." />
<Check Text="TPM is available and activated" CheckCondition='("%XTPMAvailable%" = "True" AND %XTPMActivated% = "True") OR "%IsVirtualMachine%" = "True"' ErrorDescription="Enable and Activate TPM in the BIOS"/>

</Action>
</ActionGroup>

</Actions>
</UIpp>

Last Edit: May 15, 2020 5:51:15 GMT by happysccm

happysccm
New Member

Happy

Posts: 5

AD Auth, Pre-flight, RegEx examples Jul 7, 2020 2:46:52 GMT

Quote

Post by happysccm on Jul 7, 2020 2:46:52 GMT

Have made a few changes for ui++ 3.00 and it shows computer name step for asset tag all the time, people sometimes put the wrong asset tag in BIOS.. The ADvalidate for computer names needs a login from check group membership, so at the start of the task sequence, we connect to a network drive and copy the latest UI++ config down and run it in one UI++ step

Map U:

xcopy U:\*.* X:\SMS\PKG\SMS10000\ /Y

UI++64.exe /disabletsvareditor /config:"GUC.xml"
- Start-in: X:\SMS\PKG\SMS10000

<UIpp Title="Windows 10 - GUC" Color="#3366ff">



<Actions>







    <!-- Set dummy values so logic below works  -->

<Action Type="TSVar" Name="XTPMAvailable">""</Action>

<Action Type="TSVar" Name="XTPMActivated">""</Action>







<Action Type="DefaultValues" ValueTypes="TPM" ShowProgress="True">



</Action>



<Action Type="UserAuth" Title="User Authentication" Domain="ad.happysccm.com" Group="All-Admin-Accounts" GetGroups="True" ShowBack="True" Condition='"%TesAMM%" <> "True"'>



<Field Name="Domain" ReadOnly="True" />



</Action>



    <!-- This step is for virtual machines  -->

    <Action Type="Input" Name="OSDComputerNameVM" Title="System Name" ShowBack="True" Condition='"%AssetTagValid%" <> "True"  And "%IsVirtualMachine%" = "True"'>       

     <InputText Prompt="Computer Name" Hint="Enter the name for this system" Variable="OSDComputerName" Question="Please enter a computer name" Default="%_SMSTSMachineName%" ADValidate="ComputerWarning" /> 

    </Action>



    <!-- bare metal machines -->

    <Action Type="Input" Name="OSDComputerName" Title="System Name" Condition='"%AssetTagValid%" <> "True"  And "%IsVirtualMachine%" <> "True"'>

        <InputText Prompt="System Asset Tag" Question="Enter the MU number of this system" RegEx="^(mu|MU|Mu|mU)[0-9]{8}" Variable="OSDComputerName" Default="%_SMSTSMachineName%" ADValidate="ComputerWarning" />

    </Action>

	

	

	<!-- bare metal machines -->

    <Action Type="Input" Name="OSDComputerName" Title="System Name" Condition='"%AssetTagValid%" = "True" And "%IsVirtualMachine%" <> "True"'>

        <InputText Prompt="System Asset Tag" Question="Enter the MU number of this system" RegEx="^(mu|MU|Mu|mU)[0-9]{8}" Variable="OSDComputerName" Default="%SystemAssetTag%" ADValidate="ComputerWarning" />

    </Action>



    <!-- Convert OSDComputerName to uppercase  -->

	<Action Type="TSVar" Name="OSDComputerName">UCase("%OSDComputerName%")</Action>

	<!-- Supported Model Check -->

	<Action Type="ExternalCall" Title="External Command">cscript.exe //NOLOGO //B WIN10OSDCheckHWModel.vbs</Action>





<ActionGroup Name="Preflight">

<Action Type="DefaultValues" ValueTypes="Asset,Network" ShowProgress="True" />

<Action Type="Preflight" Title="Preflight checks" ShowBack="True">



<Check Text="WLAN disconnected" CheckCondition='"%XWLANDisconnected%" = "True"' ErrorDescription="Only systems physically connected to the LAN can be upgraded to Windows 10." />



<Check Text="Not on battery" CheckCondition='"%XOnBattery%" = "False"' ErrorDescription="Only systems connected to AC power can be upgraded to Windows 10." />



<Check Text="Check hardware model" CheckCondition='"%ModelSupported%" = "True" OR "%IsVirtualMachine%" = "True"' ErrorDescription="This Model is not currently supported to run the Windows 10 SOE." />



<Check Text="Check bios mode" CheckCondition='("%XSystemUEFI%" = "True" AND %XSystemUEFI% = "True") OR "%IsVirtualMachine%" = "True"' ErrorDescription="Please update the BIOS firmware, ensure the boot mode is set to UEFI and Secure boot is enabled." />



<Check Text="TPM is available and activated" CheckCondition='("%XTPMAvailable%" = "True" AND %XTPMActivated% = "True") OR "%IsVirtualMachine%" = "True"' ErrorDescription="Enable and Activate TPM in the BIOS"/>

</Action>

</ActionGroup>

</Actions>



</UIpp>

krys
New Member

Posts: 11

AD Auth, Pre-flight, RegEx examples Sept 23, 2020 22:09:28 GMT

Quote

Post by krys on Sept 23, 2020 22:09:28 GMT

To add to this, not sure where you got your Win10OSDCheckHWModel.vbs from so I went looking and had to make some edits to make it useful to me.
This looks at 'ComputerModels.txt' file in the same directory.
Here's an example.


'---------------------------------------------------------
'Validate Supported hardware model
'---------------------------------------------------------

'Option Explicit
On Error Resume Next

Dim objWMIService
Dim colItems
Dim model
Dim objItem
Dim ModelSupported
Dim objFSO

	wscript.echo ModelSupported
	Set objWMIService = GetObject("winmgmts:\\" & "." & "\root\cimv2")
	Set colItems = objWMIService.ExecQuery("Select Name from Win32_ComputerSystemProduct",,48)
	For Each objItem in colItems
		strName = Trim(objItem.Name)
	Next
	
	Const ForReading = 1
	Set objDictionary = CreateObject("Scripting.Dictionary")
	Set objFSO = CreateObject("Scripting.FileSystemObject")
		StrFilePath = objFSO.GetAbsolutePathName(".")
		StrFile=StrFilePath & "\ComputerModels.txt"
	Set objFile=objFSO.OpenTextFile(strFile,ForReading)
		Do Until objFile.AtEndOfStream
			strModel = objFile.ReadLine
				If Not objDictionary.Exists(strModel) Then
					objDictionary.Add strModel, strModel
				End If
	Loop	
	If objDictionary.Exists(strName) Then
			IsSupportedHardwareModel = "True"
			wscript.echo IsSupportedHardwareModel

	Else
			IsSupportedHardwareModel = "False"
			wscript.echo IsSupportedHardwareModel

	End If
	
	set env = CreateObject("Microsoft.SMS.TSEnvironment")
	env("IsSupportedHardwareModel") = IsSupportedHardwareModel
	objFile.Close

baunai
New Member

Posts: 3

AD Auth, Pre-flight, RegEx examples Oct 13, 2020 18:04:28 GMT

Quote

Post by baunai on Oct 13, 2020 18:04:28 GMT

I was able to replace customsetting.ini from MDT by running powershell script to detect and output to variable SystemName:

$Namespace = "ROOT\cimv2"
$Classname = "Win32_SystemEnclosure"
$SystemDetails = Get-CimInstance -Class $Classname -Namespace $Namespace | Select-Object * -ExcludeProperty PSComputerName, Scope, Path, Options, ClassPath, Properties, SystemProperties, Qualifiers, Site, Container

# Load Microsoft.SMS.TSEnvironment COM object
if ($PSCmdLet.ParameterSetName -like "Execute") {
try {
$TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Continue
}
catch [System.Exception] {
Write-Warning -Message "Unable to construct Microsoft.SMS.TSEnvironment object"
}
}

function Set-OSDComputerName {
# Set computername prefix
if (($SystemDetails | Select-Object -ExpandProperty ChassisTypes) -match "8|9|10|11|12|14|18|21|31" -and ($SystemDetails | Select-Object -ExpandProperty Manufacturer) -notmatch "GETAC") {
# Laptop chassis type detected
$SystemType = "HUBL"
}
elseif (($SystemDetails | Select-Object -ExpandProperty ChassisTypes) -match "3|4|5|6|7|13|15|16|35|36") {
# Desktop chassis type detected
$SystemType = "HUBD"
}
elseif (($SystemDetails | Select-Object -ExpandProperty ChassisTypes) -match "30|32") {
# Tablet chassis type detected
$SystemType = "HUBT"
}
elseif (($SystemDetails | Select-Object -ExpandProperty ChassisTypes) -match "23|28") {
# Server chassis type detected
$SystemType = "HUBS"
}
elseif (($SystemDetails | Select-Object -ExpandProperty Manufacturer) -match "GETAC") {
# Getac device detected
$SystemType = "MCD"
}
else {
# Fallback to VM
$SystemType = "VM"
}

# Add assettag number and set value
if ($($SystemDetails.SMBIOSAssetTag).Count -lt 6) {
# Measure assettag number and extract assettag if less than 6 characters
$ComputerName = $SystemType + $($SystemDetails.SMBIOSAssetTag).Substring(0, ($SystemDetails.SMBIOSAssetTag | Measure-Object -Character | Select-Object -ExpandProperty Characters))
}
else {
# Capture first 6 characters of the assettag number
$ComputerName = $SystemType + $($SystemDetails.SMBIOSAssetTag).Substring(0, 6)
}

if ($SystemType -eq "VM") {
if ($($SystemDetails.SerialNumber).Count -lt 8) {
# Measure serial number and extract the number if less than 8 characters
$ComputerName = $SystemType + $($SystemDetails.SerialNumber).Substring(0, ($SystemDetails.SerialNumber | Measure-Object -Character | Select-Object -ExpandProperty Characters))
} else {
# Capture first 8 characer of the serial number
$ComputerName = $SystemType + $($SystemDetails.SerialNumber).Substring(0,8)
}
}

# Set OSDComputerName variable
$TSEnvironment.value("OSDComputerName") = $ComputerName
Return $ComputerName
}

Set-OSDComputerName

Then my xml set as below:

<?xml version="1.0" encoding="utf-8"?>
<UIpp Title="OS Deploy" Icon="hub.ico" Color="#00008B">
<Actions>
<Action Type="DefaultValues" ValueTypes="All" ShowProgress="True" />

<Action Type="Preflight" Title="Preflight checks" ShowCancel="True">
<Check Text="WLAN Disconnected" CheckCondition='"%XWLANDisconnected%" = "True"' ErrorDescription="Only systems physically connected to the LAN can be upgraded to Windows 10." />
<Check Text="Not on battery" CheckCondition='"%XOnBattery%" = "False"' ErrorDescription="Only systems connected to AC power can be upgraded to Windows 10." />
<Check Text="Minimum memory > 2GB" CheckCondition='%XHWMemory% >= 2048' WarnCondition='%XHWMemory% >= 4096' ErrorDescription="Please ensure that the system has at least 4 GB of memory." WarnDescription="For best results, this system should have at least 4 GB of memory"/>
<Check Text="CPU Supports Windows 10" CheckCondition='%XCPUPAE% AND %XCPUNX% AND %XCPUSSE2% = True' />
</Action>

<Action Type="UserAuth" Title="User Authentication" Domain="HUB.LAB" Group="SCCMAdmin" GetGroups="True" MaxRetryCount="3" >
<Field Name="Domain" ReadOnly="True" />

</Action>

<Action Type="Input" Name="OSDComputerName" Title="System Name" ShowBack="True" >

<TextInput Prompt="ComputerName" Question="Please enter a computer name" Hint="Enter either HUB/HUBL/HUBT/MCD + AssetTag number of this system" RegEx=".{6,15}" Variable="OSDComputerName" ForceCase="Upper" Default="%SystemName%" />

</Action>
</Actions>
</UIpp>