Cross-site Images in ConfigMgr

Patch My Pc | install & update thousands of apps

If you create your OS images using ConfigMgr one potential issue is that the ConfigMgr client agent is embedded in your image. In and of itself, this isn’t a huge deal if you are also deploying the image to systems that will be managed in that same ConfigMgr site or hierarchy. If however, you need to use that image in another site or hierarchy, say for example in a lab environment, then you will run into issues during the deployment task sequence with many tasks.

Build and capture task sequences and capture media do include a task for cleaning up the client agent and preparing it for existence within an image (the task is actually called Prepare ConfigMgr Client for Capture); however, this task doesn’t go quite far enough when cleaning up the client agent. So, what are our options:

  • Use MDT to build our images. This is a technically sound choice and is recommended by many. It also completely separates the image build process from the image deployment process. This can be a good thing if these need or should be completely separate but can also a bad thing as it causes some (even a lot) of duplication of effort, configuration, and maintenance.
  • Use ConfigMgr CB 1606. It’s kind of hard to do this in production right now, but once released for production use and assuming the feature makes the production cut, 1606 will automatically remove the client agent during the task noted above. See Improvements to the Prepare ConfigMgr Client for Capture task sequence step for further details.
  • Export your build and capture task sequence and import it into the other site or hierarchy and re-capture the image. This works, but is a lot of work and time just to re-use an image.
  • Manually clean-up the ConfigMgr client agent in the deployment task sequence. For this, you simply run a script to further clean up the agent contained in the image before Windows setup starts in the task sequence; i.e., before the Setup Windows and ConfigMgr task but after the Apply OS Image task runs. You could also mount the image and perform these actions *gasp* manually *choke*, but then we run into that yucky manual work that we should be avoiding at all costs because it’s not consistently repeatable or documented.

Per this last option, I created a simple batch script to add to a task sequence that does just as described. Simply add the script to a package, add a Run Command-line task that references this package, and run the script.

CMAgent-Cleanup.bat Placement
[sourcecode language="plain" title="CMAgent-Cleanup.bat"]
@ECHO OFF

reg.exe load HKLM\OfflineSoftware "C:\Windows\System32\config\SOFTWARE"

reg.exe delete "HKLM\OfflineSoftware\Microsoft\CCM" /f
reg.exe delete "HKLM\OfflineSoftware\Microsoft\SMS" /f
reg.exe delete "HKLM\OfflineSoftware\Microsoft\ccmsetup" /f

reg.exe unload HKLM\OfflineSoftware
[/sourcecode]

You could take the script a step further and delete the keys for the client agent’s service as well but that felt like a bit of overkill to me.

One other possibility here is to run the above script during the capture phase (after the Prepare ConfigMgr Client for Capture task) to completely remove the client agent’s configuration. In this case, you’d probably want to also remove the service keys as mentioned above as well as the binaries. The following is an expanded script for this.

[sourcecode language="plain" title="CMAgent-Cleanup2.bat"]
@ECHO OFF

reg.exe load HKLM\OfflineSoftware "C:\Windows\System32\config\SOFTWARE"

reg.exe delete "HKLM\OfflineSoftware\Microsoft\CCM" /f
reg.exe delete "HKLM\OfflineSoftware\Microsoft\SMS" /f
reg.exe delete "HKLM\OfflineSoftware\Microsoft\ccmsetup" /f

reg.exe unload HKLM\OfflineSoftware

reg.exe load HKLM\OfflineSystem "C:\Windows\System32\config\SYSTEM"

reg.exe delete "HKLM\OfflineSystem\CurrentControlSet\services\CcmExec" /f
reg.exe delete "HKLM\OfflineSystem\CurrentControlSet\services\CcmFramework" /f
reg.exe delete "HKLM\OfflineSystem\CurrentControlSet\services\CmRcService" /f
reg.exe delete "HKLM\OfflineSystem\CurrentControlSet\services\smstsmgr" /f
reg.exe delete "HKLM\OfflineSystem\CurrentControlSet\services\eventlog\Application\Configuration Manager Agent" /f

reg.exe unload HKLM\OfflineSystem

rd /s /q C:\Windows\CCM
rd /s /q C:\Windows\ccmcache
rd /s /q C:\Windows\ccmsetup
[/sourcecode]

Note that both of the above scripts have the C drive hard-coded so that may need to be adjusted. Also, the second script does not account for WMI data in any way. I have no idea how to load and/or manipulate WMI offline so for now, that’s unaccounted for but should be completely benign.

Leave a Reply

Your email address will not be published. Required fields are marked *

40  +    =  47

Proudly powered by WordPress | Theme: Wanderz Blog by Crimson Themes.