<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:358896890;
mso-list-type:hybrid;
mso-list-template-ids:510804378 -1 -1 -1 -1 -1 -1 -1 -1 -1;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:534468383;
mso-list-type:hybrid;
mso-list-template-ids:510804378 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2
{mso-list-id:900366191;
mso-list-type:hybrid;
mso-list-template-ids:1110180164 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3
{mso-list-id:1906646175;
mso-list-type:hybrid;
mso-list-template-ids:1939875714 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l3:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">One thing I forgot to mention. The current image provided by SBCTC doesn’t deploy properly using MDT. So, if you’re having any issues with MDT not deploying your image with the proper computer name or the deployment is completing with errors,
then you will need to create your own Image from scratch. I did this by copying the OPE folder from the C:\ProgramData directory on an existing laptop image to a fresh image.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="mso-ligatures:none">Thank you,<br>
<br>
Brandon Henness<br>
IT Customer Support<br>
Grays Harbor College<br>
Stafford Creek Corrections Center<br>
191 Constantine Way<br>
Aberdeen, WA 98520<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-ligatures:none">(360) 537-2018<br>
<a href="mailto:brandon.henness@ghc.edu">brandon.henness@ghc.edu</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-ligatures:none"><a href="mailto:Brandon.henness@doc1.wa.gov">Brandon.henness@doc1.wa.gov</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="mso-ligatures:none">From:</span></b><span style="mso-ligatures:none"> Henness, Brandon J. 'GHC' (DOC)
<br>
<b>Sent:</b> Wednesday, March 13, 2024 10:05 AM<br>
<b>To:</b> corrections_edu_IT@lists.ctc.edu<br>
<b>Cc:</b> Peterson, Jayme L. 'GHC' (DOC) <jlpeterson@DOC1.WA.GOV><br>
<b>Subject:</b> Laptop Deployment Tools and Tips<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello everyone, this is probably going to be a long email, but the information and tools contained in it should be invaluable to you and your site. From the day I started working in this position I’ve been slowly optimizing and automating
the deployment of windows images at my site using Microsoft Deployment Toolkit (MDT). I’ve almost torn my hair out on plenty of occasions because of the countless quirks with automated deployment of windows but I think I’ve finally gotten it mastered. So,
if you have questions about setting up your own site to use MDT, I can help you. For the rest of this email, I’ll break it up into sections so that you can skip the section that pertain to your particular site.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><u>Group Policy to Enable Microsoft Store Apps<o:p></o:p></u></b></p>
<p class="MsoNormal">Setting this group policy to “Enabled” on the laptops will allow your students to use built in Microsoft apps like Calculator and Photos.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">On a
<b>locked</b> and <b>credentialed</b> laptop set the group policy to “Enabled” using the attached “Enable or Disable Microsoft Store Apps in Windows 10 _ Tutorials” pdf file.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Open an elevated CMD prompt.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Run the command “mgmt export_group_policy”.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Run the command “mgmt unlock_machine”.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Open file explorer and enable hidden files.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Navigate to “C:\ProgramData\OPE\Services\mgmt\rc\exported_gpo”.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Copy this GPO export folder contained here to a flash drive or a network share.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">On your base laptop image navigate to “C:\ProgramData\OPE\Services\mgmt\rc\post_gpo” and past the exported GPO folder here.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1">Capture a new base image.<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any time you credential a laptop with your new image it will use these new GPOs which means Calculator and Photos will work for all your students. While you’re doing this, I would also make sure the
<a href="https://www.thewindowsclub.com/turn-off-windows-store-application">“Turn off the Store Application” group policy</a> is also enabled. If there are specific store apps you don’t want your students having access to you can
<a href="https://www.thewindowsclub.com/how-to-block-exe-files-from-running-using-group-policy-in-windows-11-10">
block these individually using Group Policy Editor</a> or you can completely remove them from the image by
<a href="https://learn.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=windowsserver2022-ps">
uninstalling the Appx package</a> for that windows store app. I used a script called Windows Decrapifier that I can’t seem to find the GitHub Page for. So,
<a href="https://github.com/Sycnex/Windows10Debloater">here is an alternative debloater script</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><i>The remaining instructions require you to have MDT installed and a Deployment Share set up. If you don’t, go ahead and do that now.<o:p></o:p></i></b></p>
<p class="MsoNormal"><b><i>All scripts linked in the email can be downloaded from
<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210">this GitHub Gist</a> by clicking the Download ZIP button.<o:p></o:p></i></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><u>Automatically Setting Computer Names on Deployment<o:p></o:p></u></b></p>
<p class="MsoNormal">Using this UserExit script it will automatically set your deployed computer’s name to the OSN required naming convention. “OSNE + S/N” This script used to be a lot more complicated when I was trying to handle GEN2 laptops as well. But now
that we don’t need to worry about GEN2 laptops the script is really simple now.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Navigate to the “Scripts” directory of your deployment share.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Paste the “<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210#file-getcomputername-vbs">GetComputerName.vbs</a>” script in it.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Add the following lines to your deployment share rules under the [Default] section:<br>
(<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210#file-rules-txt">You can find a full copy of my deployment share rules here.</a>)<o:p></o:p></li><ol style="margin-top:0in" start="1" type="a">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level2 lfo2">UserExit=GetComputerName.vbs<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level2 lfo2">OSDComputerName=#GetOSDComputerName("%SERIALNUMBER%")#<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level2 lfo2">_SMSTSORGNAME=Deploying Image to %OSDCOMPUTERNAME%<o:p></o:p></li></ol>
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Run the “Update Deployment Share Wizard”.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Choose “Completely regenerate the boot images”.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Open Windows Deployment Services (WDS).<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Right Click your Boot image and choose “Replace Image…”<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2">Navigate to and select your newly generated boot image.<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Your computers will now be named automatically on deployment.<o:p></o:p></p>
<p class="MsoNormal"><b><u>Laptop Setup Script<o:p></o:p></u></b></p>
<p class="MsoNormal">The “<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210#file-mdtlaptopsetupscript-bat">MDTLaptopSetupScript.bat</a>” batch file automates a few tasks when deploying laptops like disabling Secure Time Seeding,
syncing the laptop’s time automatically with the time server, activate windows with your KMS server, and activate office with your KMS server.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Modify the configuration section of the “<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210#file-mdtlaptopsetupscript-bat">MDTLaptopSetupScript.bat</a>”
batch file to point to your time server and your KMS server.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Navigate to the “Scripts” directory of your deployment share.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Paste the modified “<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210#file-mdtlaptopsetupscript-bat">MDTLaptopSetupScript.bat</a>” script in it.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Open the “Properties of the Task Sequence you use for deploying images to your laptops.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Navigate to the “Task Sequence” tab at the top of the window.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Add a new task sequence step to the bottom of the “State Restore” section.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Edit the new task sequence to match the following picture:<br>
%SCRIPTROOT%\MDTLaptopSetupScript.bat<br>
<span style="mso-ligatures:none"><img border="0" width="721" height="650" style="width:7.5083in;height:6.775in" id="Picture_x0020_1" src="cid:image001.png@01DA7533.69D59D80" alt="Graphical user interface, application
Description automatically generated"></span><o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3">Press “Apply”<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When you deploy an image using this task sequence it will now run this script at the end of the deployment.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><u>Start Credential Script Task Sequence Step<o:p></o:p></u></b></p>
<p class="MsoNormal">The following task sequence will automatically start the laptop credentialing script on deployment allowing you credential the laptop immediately after deployment without needing to run the script manually. Only apply this task sequence
step to task sequences that are for file deployment.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo4">Open the “Properties of the Task Sequence you use for deploying images to your laptops.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo4">Navigate to the “Task Sequence” tab at the top of the window.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo4">Add a new task sequence step to the bottom of the “State Restore” section.<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo4">Edit the new task sequence to match the following picture:<br>
cmd /c start "" "C:\ProgramData\OPE\tmp\ope_laptop_binaries\CredentialLaptop.cmd"<br>
<span style="mso-ligatures:none"><img border="0" width="721" height="650" style="width:7.5083in;height:6.775in" id="Picture_x0020_2" src="cid:image002.png@01DA7533.69D59D80"></span><o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo4">Press “Apply”<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">On deployment, the laptop credentialing script will automatically start running and by the time the computer is done deploying the script will already be on the SMC login step of the script.<o:p></o:p></p>
<p class="MsoNormal"><b><u>Additional Files<o:p></o:p></u></b></p>
<p class="MsoNormal">This “<a href="https://gist.github.com/Henness0666/3e2e9a72902e7ddd64967be864609210#file-bootstrap-ini">Bootstrap.ini</a>” is the boot strap settings I use for my deployment share you can use this if you’re setting up your own deployment
share.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="mso-ligatures:none">Hope this helps!<br>
</span><br>
<span style="mso-ligatures:none">Brandon Henness<br>
IT Customer Support<br>
Grays Harbor College<br>
Stafford Creek Corrections Center<br>
191 Constantine Way<br>
Aberdeen, WA 98520<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-ligatures:none">(360) 537-2018<br>
<a href="mailto:brandon.henness@ghc.edu">brandon.henness@ghc.edu</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-ligatures:none"><a href="mailto:Brandon.henness@doc1.wa.gov">Brandon.henness@doc1.wa.gov</a><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>