Wednesday, March 29, 2017

Improve Your Windows 10 Deployment with Powershell and Configuration Manager

My favorite part of my IT work is finding a way to automate, speed-up, and take away busy work. We end up purchasing about 50 new workstations each year. A few years ago we invested in a product that was supposed to speed up our workstation image deployments. It made it easy to build an image, but unfortunately deploying that image still meant a lot of walking around to PCs, backing up settings, and then loading those settings back in. It made the actual task of deploying the new PCs take months. That's why when it came to our latest PC purchase, I was excited to try out System Center Configuration Manager with MDT. I was also looking forward to the many improvements Windows 10. And last but not least: using PowerShell to automate as much of the build process as possible. I won't talk too much about the basics of using SCCM to deploy Windows 10 because that is well-documented, but I will talk about the ways that I used Powershell to save a little time on the way, customize the computer naming and start menu, and add default file associations. It took me a while to wrap my head around the many ways to achieve those goals and figure out the right path.

Whenever I start an automation project, something like the XKCD comic above pops up into my head.

It's probably true. Switching our imaging product was a big project. I learned a ton, but I also invested a lot of time. However, it was a lot more fun than the alternative. I'm hopeful you can benefit from my learning, and get the fun without the invested time!

I used PowerShell mostly in little ways to help deploy Windows 10.

MDT: PowerShell sped up adding applications. I copied the applications to e:\downloads, added the application names to a CSV, and used a quick script to import all of those applications into MDT.

Import-module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root $mdtpath

$apps = import-csv .\applications.csv

foreach ($app in $apps) {
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $app.Name -ShortName $app.Name -CommandLine $app.CommandLine -WorkingDirectory (".\Applications\"+$ -ApplicationSourcePath $app.ApplicationSourcePath -DestinationFolder $ -Verbose

We took the opportunity of moving to Windows 10 to remove admin rights from our users. PowerShell was helpful here, too. I manually created applications for many third-party apps that are not part of our base image. We subscribe to the SCUP catalog. For several of the more popular third-party applications, I was able to use the PatchMyPC silent installer and copy over the detection rules, which saved a lot of time. Then I used PowerShell to deploy those new applications.

First, connect to the CM Powershell Console:

I didn't want to deploy all applications,  just the ones created in a certain date range. I also created a special user collection to deploy the applications to, "User-installable Applications". If you deploy to a device collection, the deployment will not be listed in the Application Catalog. Use the start-cmapplicationdeployment cmdlet to create the actual deployment as show below:
$apps = Get-CMApplication | where datecreated -gt (get-date 1/25/2017) 
foreach ($app in $apps) { Start-CMApplicationDeployment -collectionname "User-installable Applications" -inputobject $app -deploypurpose Available -usernotification DisplaySoftwareCenterOnly}
I borrowed the work of others for two other key aspects of our Windows 10 deployment: the custom start menu and assigning a name to the computer. I tweaked all of these, so my examples may still be interesting to the reader.

Because it may be helpful for others, I've put together a copy of the custom default associations, start layout, and other related files on GitHub here.

No comments:

Post a Comment