_SMSTSORGNAME does not work with SMS 2003

By arwidmark / January 29, 2008

The _SMSTSORGNAME value does not work with ZTI and SMS 2003, only with SCCM 2007 or Lite Touch.

The problem happens because with ZTI and SMS 2003, Microsoft Deployment call the task sequencing engine TSMbootstrap directly from the DP.  Since it is running from the DP the variables.dat file would also need to be on the DP to pick up the variables.  Microsoft Deployment store the variables in the OSDENV.INI and synch up the variables after the task sequencer starts but by then it is too late to set the _SMSTSORGNAME variable.

Here is the workaround (gracely provided by Tim Mintner)

Create a variables.dat file in your package source and distribute that to your DP’s.  The contents of that variables.dat file should be the following:

My CorpName

Hidden Actions in Microsoft Deployment

By arwidmark / December 18, 2007

If you attended the Microsoft Deployment labs this year in Barcelona (IT-Forum) you might have seen that you could configure a lot more roles in the pre-release version that was used in the labs, compared with the RTM version.

Well those roles are still there, you just need to enable them by renaming actions_full.xml to actions.xml in the Bin directory 

There are bugs in the other roles that haven’t been fixed and won’t be fixed until the next release (R2)
There is no compatibility guarantee between the R1 “hidden” actions and the R2 “no longer hidden” actions.
Use at your own risk.


Leftover junk prevents new installation in MDT 2008/2010 and BDD 2007

By arwidmark / November 1, 2007

One of the most common issues with MDT 2008/2010 and BDD 2007, LiteTouch and ZeroTouch, is leftover junk from a previous installation preventing a second installation to continue… The solution… Get rid of the junk…

Note: Make sure to do these changes only to the winpe images used for bare metal installations… (wiping the disk in the middle of a refresh installation might lead to , ehh, unexpected, results)

Create a script that removes the MININT and _SMSTaskSequence folders (if present).


If Exist C:\MININT\nul rd C:\MININT /s /q
If Exist C:\_SMSTaskSequence\nul rd C:\_SMSTaskSequence /s /q

Call the script from unattend.xml (in WInPE)



                    Lite Touch PE
                    cmd /c CleanSetupInProgress.cmd

                    Lite Touch PE
                    wscript.exe X:\Deploy\Scripts\LiteTouch.wsf




ZeroTouch (SMS 2003 OSD FP)
Just add a winbom.ini that will wipe and format the disk… se below example…


[Factory] WinBOMType=WinPE
[WinPE] Quiet=Yes
[PnPDriverUpdate] [PnPDrivers] [NetCards] [UpdateInis] [FactoryRunOnce] [Branding] [AppPreInstall]

Disk1 = Disk1.Config

WipeDisk = Yes
Size1 = *
PartitionType1 = Primary
FileSystem1 = NTFS
QuickFormat1 = Yes
SetActive1 = Yes

Using BDD 2007 ZTI with only 256 MB Ram

By arwidmark / October 4, 2007

BDD 2007 ZTI by default will break on less than 512 MB RAM

The error you get in the ZTIValidate.log is ERROR – 255MB of memory is insufficient.  At least 448MB of memory is required. However, the fix is easy:

1. Make sure you reduce the WinPE size per step 4 in the below article:

Adding a Windows PE 2005 image to WDS (boot-in RAM) 

2. Configure customsettings.ini with the ImageMemory value

[Settings] Priority=Default

[Default] ImageMemory=256

A Pretty Good Frontend (IMHO)

By arwidmark / August 25, 2007

Summer 2007 in Sweden is one for the record books, for being the rainiest one in a long time… So if you can’t hit the beach, what do you do?  Some serious coding of course! 🙂

So today I have released a Frontend for ZTI (BDD 2007) to the web…

Credits goes to Morgan Hjalmarsson, Sami Lehtonen, Martin Hultstrom and Kristoffer Lindblad for their efforts and continuous support…

Best Regards / Johan Arwidmark
Microsoft MVP – Setup & Deployment

The name: Pretty Good Frontend

Download link

– Only appears if computer is not in the BDD Database already
– Allows for entering a computer name
– Allows for Selecting target OU (Selection list is from live Actice Directory data)
– Allows for entering UDDIR folder (for replace scenarios)
– Allows for OSD/ZTI Image selection (Selection list is from live SMS data)
– Allows for role selection (Selection list is from live BDD database)
– Configured from rules in bootstrap.ini, no hardcoded values in the Frontend
– Started as a userexit (no scripts on the winpe image)

The screenshot

System Requirements
– A Windows PE 2005 image generated from the BDD 2007 Deployment Workbench
– Added support for ADSI (not terribly hard, just copy activeds.tlb and adsldp.dll from Windows Server 2003 SP1 to System32)

– From the download, copy the following files to ZTI$ Share: Z-Frontend.vbs and Z-Frontend.hta
– From the \distribution\scripts folder, copy the following files to ZTI$ Share: wizard.css and wizard.ico
– Using Deployment Workbench, update bootstrap.ini using info from the sample files and update the Deployment Point (Update files only)
– I’m assuming your are running the BDD database on the SMS SiteServer (SMS Database)

The following values need to be configured in bootstrap.ini (sample for single and multiple locations included)

SMSSiteDatabaseServer:  The Server name of the SMS SiteServer (database)
SMSSiteDatabaseName:  The SMS database name
DomainController1:  A domain controller to bind to
BDDDataBaseName:  The BDD dataabase name
StartingOU:   OU to list subOUs from (1 level only)
ListADUserName:  User to Bind with AD
ListADPassword:  Password for AD user

Note 1: Minimum Memory requirement is set to 256, you shouldn’t deploy windows XP or higher versions with less, nor use WinPE 2005… 🙂

Note 2: If you have used Microsoft sample file (SERVERSP1-REMOVELIST.TXT) to reduce WinPE 2005 size, make sure you configure it to not delete the following



Note 3: As for usual I recommend configuring winbom.ini to always wipe the disk (otherwise leftover junk may prevent the setup)

Sample winbom.ini

[Factory] WinBOMType=WinPE
[WinPE] Quiet=Yes
[PnPDriverUpdate] [PnPDrivers] [NetCards] [UpdateInis] [FactoryRunOnce] [Branding] [AppPreInstall] [DiskConfig]
Disk1 = Disk1.Config

WipeDisk = Yes
Size1 = *
PartitionType1 = Primary
FileSystem1 = NTFS
QuickFormat1 = Yes
SetActive1 = Yes


Configuring WinPE 2.0 scratch space (RAM Drive)

By arwidmark / August 22, 2007

If you want to run applications or are dealing with large driver sets in WinPE 2.0 it might be useful to increase the scratch space size. Credit goes to Paul Foty…

Here is the registry key and the settings for adjusting the size.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FBWF] “WinPECacheThreshold”=dword:00000010

;dword:00000010 = 16
; 0x10 = 16Mb
; 0x18 = 24Mb
; 0x20 = 32Mb
; 0x30 = 48Mb
; 0x40 = 64Mb
; 0x48 = 72Mb
; 0x60 = 96Mb
; 0x80 = 128Mb
; 0x100 = 256Mb 

Proper Rebooting as the final step in BDD 2007 Lite Touch Task Sequence

By arwidmark / August 15, 2007

Most times it’s useful to add a reboot as the final step in the LiteTouch Sequence…

First we need to get rith of the BDD Wizard Summary Window, this is done by adding SkipFinalSummary=YES to cs.ini

Second we need to reboot, this is done by adding a custom reboot task as the final step in the sequencer.

C:\windows\system32\shutdown.exe -r -t 10 -c “Rebooting the PC to complete the Build”

How to configure IPSec in WinPE 2.0

By arwidmark / July 31, 2007


This explains the necessary steps for configuring certificate based IPSec in Win PE 2.0.

For improvement suggestions (or bugs) in this guide, please drop a note to johan [dot] arwidmark [at] truesec [dot] com, or at myitforum.com (alias jarwidmark).

You might also find me in the public Microsoft desktop deployment newsgroups (microsoft.public.deployment.desktop)


Johan Arwidmark
Microsoft MVP – Setup & Deployment

The guide covers the following steps

o   Create the IPSec Policy

o   Installing the certificate in WinPE

Step 1 – Creating the IPSec Policy

  1. On the deployment server, create a IPSec Policy
  2. Using Regedit, export the assigned IPSec policy to a text file  (*.reg). The policy is stored in  (HKLM\Software\policies\Microsoft\windows\ipsec\policy\local
  3. On a client, install the IPSec certificate and then using the certificates mmc, export the IPSec certificate, and include the Root CA in the export

Step 2 – Install the Certificate in WinPE

  1. From a Vista machine, copy the certutil.exe and  en-US\certutil.exe to system32 of your WinPE Image
  2. Using Regedit.exe import the previously exported IPSec policy to the Registry
  3. Using an undocumented switch to certutil, -ImportPFX, import the previously exported certificate into WinPE
  4. Start the IPSec Policy Agent in WinPE



Page 12 of 15