More UEFI Fun: Apply Operating System Fails Again and Again

Y’know, I’m just going to stop mentioning 0x80004005 because we all know it’s the most common thing that happens when a deployment craps out, and it’s the least useful error code ever anyway.

The situation was that, on yet another Latitude E7470 with UEFI boot, my Win 10 1703 EDU task sequences are failing at the very early “Apply Operating System” step.  Consistently.  SMSTS.log tells me stuff about the system drive and partitions, so I’m wondering then if it can’t find the drive for some reason.

I do a search on “Unable to find the partition that contains the OS boot loaders. Please ensure the hard disks have been properly partitioned”

CMTrace also identified this information:

Unspecified error (Error: 80004005; Source: Windows) ApplyOperatingSystem 6/16/2017 8:54:50 AM 2004 (0x07D4)

I happened upon Henk’s blog post.  Flippin’ Secure Boot.

I went into BIOS after a reboot, turned off Secure Boot…..and now I’m watching a beautiful vision of task sequence that’s actually applying.

 

UEFI? Book it!

This past week, my Win10 task sequences were failing on the Latitude E7470s.  Yet they were fine on my testbed Intel NUCs.  The same task sequences, so it wasn’t the software.  What the hell was going on here?

Then I started piecing it together.  Intel NUCs vs. Lat 7470s.  The task sequence on the Lats go really quickly to Applying Operating System where it failed.  SMSTS.log said:

There are no more volumes available for use.

The requested target could not be resolved to a valid volume on this computer. Check your task sequence to ensure this drive is correct and that it is being createdThe requested target could not be resolved to a valid volume on this computer. Check your task sequence to ensure this drive is correct and that it is being createdThe parameter is incorrect. (Error: 80070057; Source: Windows) ApplyOperatingSystem 6/15/2017 9:03:44 AM 1596 (0x063C)

I then noticed that the step where the TS should be formatting my drive to UEFI was not actually starting.  Why?  It had to be that step, because the NUCs, which are on legacy boot, partition normally as BIOS.  I looked at my task sequence variables, because everything else looked fine.  Then, I saw it:

The variable “_SMSTSBootUEFI” had somehow changed to “_SMSTSBookUEFI.”

And since I copy/paste tasks from sequence to sequence, I had inadvertently copied this error to all of my Win 10 task sequences.  After correcting that, my Lat 7470s partitioned, formatted, and applied the OS correctly.

But how in the hell did that get changed in the first place?

Deploying Sketchup 2017 with SCCM & Windows 10 1703 EDU

For the past few months, I’ve been struggling to deploy Sketchup 2017 with SCCM.  2015 seemed to deploy much more smoothly, despite having to implement a few kludgy workarounds.  But no matter what I tried, 2017 would fail during a task sequence with the dreaded 0x80004005.

Sketchup’s support site mentioned that 2017 requires .NET Framework 4.5.2, and seemed to imply that 4.5.2 was the only version that it supported.  That sounded strange to me, especially since attempting to install 4.5.2 on an updated and patched Win10 introduced even more work than I wanted to put in.  And once I ran updates, I had .NET 4.7 anyway.

But they also mentioned needing to install the Visual C++ 2015 Redistributable.  My vanilla Win10 install has 2013 installed.  OK, so let me give that a try!

I manually installed VC++ 2015, then installed Sketchup.  Success!

I wiped the machine and tried to install Sketchup by itself.  FAILURE!  I forget the exact error message, but it would fail:

For our friendly neighborhood search engine crawlers, the text of the error is:

Module C:\Program Files\SketchUp\SketchUp 2017\ThumbsUp.dll failed to register. HRESULT -214024770. Contact your support personnel.

 

I grabbed the stand-alone installer for VC++ 2015, packaged that up, then applied it to my task sequence.  I also created some basic .CMD files to copy the volume license file and to clean the desktop of the shortcuts that Sketchup created.

In my source folder, I have four files: the Sketchup MSI installer itself, my activation_info.txtcleanuplinks.cmd, and actinfo.com.

cleanuplinks.cmd:

@echo off
del "C:\users\public\Desktop\Layout 2017.lnk"
del "C:\users\public\Desktop\SketchUp 2017.lnk"
del "C:\users\public\Desktop\Style Builder 2017.lnk"

:SUCCESS
exit /b 0

actinfo.cmd:

@echo off
copy "\\systemcenter\sources\Apps\SketchUp Pro 2017\Files\activation_info.txt" "c:\programdata\sketchup\sketchup 2017"

Naturally, both could be combined into a single batch file, but I kept them separate so that I could activate & deactivate either in my task sequence while I’m still testing.

Finally, how the task sequence is built:

 

 

Customizing Windows 10 for Schools

Using Windows 10 1703 Education, I applied a number of customizations, drawn from several expert sources and cobbled together into my own Frankenstein’s-Monster of a deployment, with SCCM 1702.

Strategy and Design

Like with all good projects, we need to figure out what the hell we’re trying to do in the first place before leaping into actually doing it.  So we’re going to move all of our deployed computers throughout the district to Windows 10.

Great.

How?

It’s not as simple as “build an image, slap in some software that’s common to everyone, wait for the summer, and hit the uncooled classrooms in the middle of July.”  The default installation of W10 is, at first glance, geared more toward a home-user/personal-experience motif than a professional environment where we take things seriously.

We need to get rid of the superfluous stuff in the Start menu, provide only what’s necessary in the task bar, shut down all the privacy holes, but at the same time still allow staff and students to be able to customize the computing experience (within reason).  We’re not so draconian as to prohibit changing wallpapers and color themes, but we’d also like to provide at least a more organization-centric set of options to begin with.

We’d like to see some simplified task sequences in SCCM, so that if we need to make updates district-wide, we’re not stumbling over the entire console, making repetitive changes to every task sequence.  This means more creative use of task sequence variables and making sure our OUs in AD are cleaner (hah!) and appropriate (hee!).

Setting the Stage

In my SC deployment share (\\[SCCMShare]\sources\packages), I created a folder named “Win10Customizations.”  This will house all of the files, scripts, and folders.

The Details

Start Layout

I wanted to use a partial Start layout so that the commonly used apps in our organization are available immediately, all the superfluous nonsense removed, and still allow users customization ability.  I used my reference machine to build out the Start Menu the way I wanted to see it, then exported its XML with Powershell (see Links & Resources below).

I created a GPO simply titled “Win 10 Start Layout Customization” and made the following changes:

Computer Config > Policies > Administrative Templates > Start Menu and Taskbar set to Enabled and added the path to where my XML would reside on the local drive (in my case, C:\StartLayout\start17.xml)

The second step is to use a Powershell script to create the folder and copy start17.xml to the local drive from our SCCM share.  The script that I used (through lots of trial and error, as I’m quite a PS newbie) is:

$folder = "C:\StartLayout"
$file = "start17.xml"
$fullPath = "$folder\$file"

$source = "\\systemcenter\sources\packages\Win10Customizations\Start Layout\start17.xml"

# Check if folder & file already exist

if (!(Test-Path -path $fullPath)) {
 # File & folder do not exist, so check if the folder by itself exists
 if (!(Test-Path -path $folder)) {
 try {
 New-Item $folder -ItemType Directory
 }
 Catch {
 Write-Warning "Error in creating folder: $error"
 break
 }
 }

}


# Folder has been created or already existed, so copy the file to it

try {
 Copy-Item -path $source -destination $folder
}
Catch {
 write-warning "File already exists."
 break
}

As I’m looking at this code, I realize that I made a few inefficient moves already, but again, I’m still learning!  If you have a cleaner or more robust way of accomplishing the same thing, I’m all ears!  But I think you get the point of what I’m trying to do here.

I placed both the Powershell script and the Start layout XML in the same folder.  Then, I created a no-program package in SCCM for the Start Layout.  This is then added to my task sequence, calling a Powershell script referencing the above:

Next, I wanted to get rid of some of the apps in the Start Menu that we’re not going to need in-district.  To do this, I followed Jörgen Nilsson’s instructions for grabbing a list of apps and then manipulating the script to remove them.

Links & Resources

https://blogs.technet.microsoft.com/deploymentguys/2016/03/07/windows-10-start-layout-customization/#Partial

Pin apps to the Taskbar in Windows 10 1607 with Group Policy

Behavior Management vs. Technology Management

A question came up on one of my mailing lists about what some school districts do to manage students’ personal devices connecting to district networks.  The inquirer’s administration wanted to shut down all guest wifi access as a way to curb social media bullying and other antics, with the assumption that giving students the alternative of having to use their plan minutes would be sufficient as a deterrent.

This seems like an overreaction instead, as well as relying on external forces to manage internal forces.  This is a behavior management issue, as the technology is a tool being misused.  While reducing or eliminating access to those tools would address the issue, how does that impact the rest of the population?

If a handful of students are misbehaving and misusing the technology made available to all students, and that technology is taken away from all students, what are the consequences?  If guest-access wifi is removed, not only does that impact the entire student body, but also any guest speaker, parents, business contacts, and even visitors from neighboring schools.

Drunk driving could easily be resolved by banning all vehicles and alcohol.  Is that the right solution, though?

If there are flies buzzing around from something that’s spoiled in the kitchen, do we remove the entire kitchen?  Or do we hunt around for the rotten meat that fell behind the stove, which is where the flies have congregated?  Yes, it more work to trace the source and to clean up the meat, but it doesn’t go overboard by demolishing the whole kitchen.