Sccm Task Sequence Windows Update
- Sccm 2012 Task Sequence
- Sccm Task Sequence Uninstall Software
- Sccm Task Sequence Windows Updates
- Sccm 2012 Task Sequence Install Windows Updates
- Sccm Update Task Sequence
Applies to: System Center Configuration Manager (Current Branch)
The following task sequence steps can be added to a Configuration Manager task sequence. For information about editing a task sequence, see Edit a task sequence.
The following settings are common to all task sequence steps:
Properties tab
Name: The task sequence editor requires that you specify a short name to describe this step. When you add a new step, the task sequence editor sets the name to the Type by default. The Name length can't exceed 50 characters.
Description: Optionally, specify more detailed information about this step. The Description length can't exceed 256 characters.
Oct 26, 2017 How to Create Windows 10 1709 in-place Upgrade Task Sequence Navigate via SCCM CB console – Software Library workspace – right-click the Task Sequences node, and then select Create Task Sequence. On the Create a new task sequence page, select Upgrade an operating system from upgrade package and then click Next. Apr 03, 2018 Wondering if it is possible to add Windows updates to my task sequence. I'm looking for some start to finish instructions on how to do this if possible. Starting with where to download these updates, how to get them in to sccm, and then how to add them into the task sequence.
Jan 03, 2018 How to Install Software Updates During Task Sequences. If you try and update Windows 7 from the ‘latest’ ISO using a VM with one CPU, a couple GBs of memory, and 20 Gb of disk things will not turn out well for you. More details on this issue here: Task sequence fails in Configuration Manager if software updates require multiple. May 25, 2017 Install Updates during (Windows 10) SCCM OSD Task Sequence System Center Configuration Manager (Current Branch) Configuration Manager. Sep 20, 2016 In an upgrade task sequence, you will need to have the full Windows 10 1607 media imported in Operating System Upgrade Packages node in SCCM: Open the SCCM Console Go to Software Library Operating Systems Operating System Upgrade Packages Select Add Operating System Upgrade Packages. Feb 21, 2019 Use this step to install software updates on the destination computer. The destination computer isn't evaluated for applicable software updates until this task sequence step runs. At that time, the destination computer is evaluated for software updates like any other Configuration Manager client.
The rest of this article describes the other settings on the Properties tab for each task sequence step.
Options tab
Disable this step: The task sequence skips this step when it runs on a computer. The icon for this step is greyed out in the task sequence editor.
Continue on error: If an error occurs while running the step, the task sequence continues. For more information, see Planning considerations for automating tasks.
Add Condition: The task sequence evaluates these conditional statements to determine if it runs the step. For an example of using a task sequence variable as a condition, see How to use task sequence variables.
The sections below for specific task sequence steps describe other possible settings on the Options tab.
Apply Data Image
Use this step to copy the data image to the specified destination partition.
This step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Images, and select Apply Data Image.
Properties
On the Properties tab for this step, configure the settings described in this section.
Image Package
Select Browse to specify the Image Package used by this task sequence. Select the package you want to install in the Select a Package dialog box. The bottom of the dialog box displays the associated property information for each existing image package. Use the drop-down list to select the Image you want to install from the selected Image Package.
Note
This task sequence action treats the image as a data file. This action doesn't do any setup to boot the image as an OS.
Destination
Configure one of the following options:
Next available partition: Use the next sequential partition that an Apply Operating System or Apply Data Image step in this task sequence has not already targeted.
Specific disk and partition: Select the Disk number (starting with 0) and the Partition number (starting with 1).
Specific logical drive letter: Specify the Drive Letter that Windows PE assigns to the partition. This drive letter can be different from the drive letter assigned by the newly deployed OS.
Logical drive letter stored in a variable: Specify the task sequence variable that contains the drive letter assigned to the partition by Windows PE. This variable is typically set in the Advanced section of the Partition Properties dialog box for the Format and Partition Disk task sequence step.
Delete all content on the partition before applying the image
Specifies that the task sequence deletes all files on the target partition before installing the image. By not deleting the content of the partition, this action can be used to apply additional content to a previously targeted partition.
Apply Driver Package
Use this step to download all of the drivers in the driver package and install them on the Windows OS.
The Apply Driver Package task sequence step makes all device drivers in a driver package available for use by Windows. Add this step between the Apply Operating System and Setup Windows and ConfigMgr steps to make the drivers in the package available to Windows. The Apply Driver Package task sequence step is also useful with stand-alone media deployment scenarios.
Put similar device drivers into a driver package, and distribute them to the appropriate distribution points. For example, put all drivers from one manufacturer into a driver package. Then distribute the package to distribution points where the associated computers can access them.
The Apply Driver Package step is useful for stand-alone media. This step is also useful to install a specific set of drivers. These types of drivers include devices that Windows plug-and-play doesn't detect, such as network printers.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
- OSDInstallDriversAdditionalOptions (starting in version 1806)
To add this step in the task sequence editor, select Add, select Drivers, and select Apply Driver Package.
Properties
On the Properties tab for this step, configure the settings described in this section.
Driver package
Specify the driver package that contains the needed device drivers. Select Browse to launch the Select a Package dialog box. Select an existing driver package to apply. The bottom of the dialog box displays the associated package properties.
Select the mass storage driver within the package that needs to be installed before setup on pre-Windows Vista operating systems
Specify any mass storage drivers needed to install a classic OS.
Driver
Select the mass storage driver file to install before setup of a classic OS. The drop-down list populates from the specified package.
Model
Specify the boot-critical device that is needed for pre-Windows Vista OS deployments.
Do unattended installation of unsigned drivers on version of Windows where this is allowed
This option allows Windows to install drivers without a digital signature.
Apply Network Settings
Use this step to specify the network or workgroup configuration information for the destination computer. The task sequence stores these values in the appropriate answer file. Windows Setup uses this answer file during the Setup Windows and ConfigMgr action.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Settings, and select Apply Network Settings.
Properties
On the Properties tab for this step, configure the settings described in this section.
Join a workgroup
Select this option to have the destination computer join the specified workgroup. Enter the name of the workgroup on the Workgroup line. The value that the Capture Network Settings task sequence step captures can override this value.
Join a domain
Select this option to have the destination computer join the specified domain. Specify or browse to the domain, such as fabricam.com
. Specify or browse to a Lightweight Directory Access Protocol (LDAP) path for an organizational unit. For example: LDAP//OU=computers, DC=Fabricam.com, C=com
.
Account
Select Set to specify an account with the necessary permissions to join the computer to the domain. In the Windows User Account dialog box, enter the user name in the following format: DomainUser
. For more information, see Domain joining account.
Adapter settings
Specify network configurations for each network adapter in the computer. Select New to open the Network Settings dialog box, and then specify the network settings.
- If you also use the Capture Network Settings step, the task sequence applies the previously captured settings to the network adapter.
- If the task sequence didn't previously capture network settings, it applies the settings you specify in this step.
- The task sequence applies these settings to network adapters in Windows device enumeration order.
- The task sequence doesn't immediately apply the settings you specify in this step to the computer.
Apply Operating System Image
Tip
Beginning with Windows 10, version 1709, media includes multiple editions. When you configure a task sequence to use an OS upgrade package or OS image, be sure to select a supported edition.
Use this step to install an OS on the destination computer.
Note
The Setup Windows and ConfigMgr step starts the installation of Windows.
After the Apply Operating System action runs, it sets the OSDTargetSystemDrive variable to the drive letter of the partition containing the OS files.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Images, and select Apply Operating System Image.
This step performs actions depending on whether it uses an OS image or an OS upgrade package.
OS image actions
The Apply Operating System Image step performs the following actions when using an OS image:
Delete all content on the targeted volume, except files in the folder specified by the _SMSTSUserStatePath variable.
Extract the contents of the specified .wim file to the specified destination partition.
Prepare the answer file:
Create a new default Windows Setup answer file (sysprep.inf or unattend.xml) for the deployed OS.
Merge any values from the user-supplied answer file.
Copy Windows boot loaders into the active partition.
Set the boot.ini or the Boot Configuration Database (BCD) to reference the newly installed OS.
OS upgrade package actions
The Apply Operating System Image step performs the following actions when using an OS upgrade package:
Delete all content on the targeted volume, except files in the folder specified by the _SMSTSUserStatePath variable.
Prepare the answer file:
Create a fresh answer file with standard values created by Configuration Manager.
Merge any values from the user-supplied answer file.
Properties
On the Properties tab for this step, configure the settings described in this section.
Apply operating system from a captured image
Installs an OS image that you captured. Select Browse to open the Select a package dialog box. Then select the existing image package you want to install. If multiple images are associated with the specified Image package, select from the drop-down list the associated image to use for this deployment. You can view basic information about each existing image by selecting it.
Apply operating system image from an original installation source
Installs an OS using an OS upgrade package, which is also an original installation source. Select Browse to open the Select an Operating System Upgrade Package dialog box. Then select the existing OS upgrade package you want to use. You can view basic information about each existing image source by selecting it. The results pane at the bottom of the dialog box displays the associated image source properties. If there are multiple editions associated with the specified package, use the drop-down list to select the Edition you want to use.
Note
Operating System Upgrade Packages are primarily meant for use with in-place upgrades and not for new installations of Windows. When deploying new installations of Windows, use the Apply operating system from a captured image option and install.wim from the installation source files.
Deploying new installations of Windows via Operating System Upgrade Packages is still supported, but it's dependant on drivers being compatible with this method. When installing Windows from an OS upgrade package, drivers are installed while still in Windows PE versus simply being injected while in Windows PE. Some drivers aren't compatible with being installed while in Windows PE.
If drivers aren't compatible with being installed while in Windows PE, then create an Operating System Image with the install.wim from the original installation source files. Then deploy via the Apply operating system from a captured image option instead.
Use an unattended or sysprep answer file for a custom installation
Use this option to provide a Windows setup answer file (unattend.xml, unattend.txt, or sysprep.inf) depending on the OS version and installation method. The file you specify can include any of the standard configuration options supported by Windows answer files. For example, you can use it to specify the default Internet Explorer home page. Specify the package that contains the answer file and the associated path to the file in the package.
Note
The Windows setup answer file that you supply can contain embedded task sequence variables of the form %varname%
, where varname is the name of the variable. The Setup Windows and ConfigMgr step substitutes the variable string for the actual value of the variable. You can't use these embedded task sequence variables in numeric-only fields in an unattend.xml answer file.
If you don't supply a Windows setup answer file, the task sequence automatically generates an answer file.
Destination
Configure one of the following options:
Next available partition: Use the next sequential partition not already targeted by an Apply Operating System or Apply Data Image step in this task sequence.
Specific disk and partition: Select the Disk number (starting with 0) and the Partition number (starting with 1).
Specific logical drive letter: Specify the Drive Letter assigned to the partition by Windows PE. This drive letter can be different from the drive letter assigned by the newly deployed OS.
Logical drive letter stored in a variable: Specify the task sequence variable containing the drive letter assigned to the partition by Windows PE. This variable is typically set in the Advanced section of the Partition Properties dialog box for the Format and Partition Disk task sequence step.
Options
Besides the default options, configure the following additional settings on the Options tab of this task sequence step:
Access content directly from the distribution point
Configure the task sequence to access the OS image directly from the distribution point. For example, use this option when you deploy operating systems to embedded devices that have limited storage capacity. When selecting this option, also configure the package share settings on the Data Access tab of the OS image properties.
Note
This setting overrides the deployment option that you configure on the Distribution Points page in the Deploy Software Wizard. This override is only for the OS image that this step specifies, not for all task sequence content.
Important
For greatest security, it is strongly recommended not to select this option. This option is mainly designed for use on devices with limited storage capacity. This option is not meant to help increase the speed of the task sequence. When this option is selected, the package hash is not verified for the operating system package. Therefore, package integrity cannot be ensured because it is possible for users with administrative rights to alter or tamper with package contents.
Apply Windows Settings
Use this step to configure the Windows settings for the destination computer. The task sequence stores these values in the appropriate answer file. Windows Setup uses this answer file during the Setup Windows and ConfigMgr step.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Settings, and select Apply Windows Settings.
Properties
On the Properties tab for this step, configure the settings described in this section.
User name
Specify the registered user name to associate with the destination computer. The value that the Capture Windows Settings task sequence step captures can override this value.
Organization name
Specify the registered organization name to associate with the destination computer. The value that the Capture Windows Settings task sequence step captures can override this value.
Product key
Specify the product key to use for the Windows installation on the destination computer.
Server licensing
Specify the server licensing mode.
- Select Per server or Per user as the licensing mode.
- If you select Per server, also specify the maximum number of connections permitted per your license agreement.
- If the destination computer isn't a server, or you don't want to specify the licensing mode, select Do not specify.
Maximum connections
Specify the maximum number of connections that are available for this computer as stated in your license agreement.
Randomly generate the local administrator password and disable the account on all supported platforms (recommended)
Select this option to set the local administrator password to a randomly generated string. This option also disables the local administrator account on platforms that support this capability.
Enable the account and specify the local administrator password
Select this option to enable the local administrator account using the specified password. Enter the password on the Password line and confirm the password on the Confirm password line.
Time Zone
Specify the time zone to configure on the destination computer. The value that the Capture Windows Settings task sequence step captures can override this value.
Auto Apply Drivers
Use this step to match and install drivers as part of the OS deployment.
The Auto Apply Drivers task sequence step performs the following actions:
Scan the hardware and find the plug-and-play IDs for all devices present on the system.
Send the list of devices and their plug-and-play IDs to the management point. The management point returns a list of compatible drivers from the driver catalog for each hardware device. The list includes all enabled drivers regardless of what driver package they are in, and drivers tagged with the specified driver category.
For each hardware device, the task sequence picks the best driver. This driver is appropriate for the deployed OS, and is on an accessible distribution point.
The task sequence downloads the selected drivers from a distribution point, and stages the drivers on the target OS.
When using an OS image, the task sequence places the drivers into the OS driver store.
When using an OS upgrade package as an original installation source, the task sequence configures Windows Setup with the drivers' location.
During the Setup Windows and ConfigMgr step in the task sequence, Windows Setup finds the drivers staged by this step.
Important
Stand-alone media can't use the Auto Apply Drivers step. The task sequence has no connection to the Configuration Manager site in this scenario.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Drivers, and select Auto Apply Drivers.
Properties
On the Properties tab for this step, configure the settings described in this section.
Install only the best matched compatible drivers
Specifies that the task sequence step installs only the best matched driver for each hardware device detected.
Install all compatible drivers
The task sequence installs all drivers compatible for each detected hardware device. Windows Setup then chooses the best driver. This option takes more network bandwidth and disk space. The task sequence downloads more drivers, but Windows can select a better driver.
Consider drivers from all categories
The task sequence searches all available driver categories for the appropriate device drivers.
Limit driver matching to only consider drivers in selected categories
The task sequence searches in the specified driver categories for the appropriate device drivers.
If you select multiple categories, it returns all matching drivers that are present in any of the categories. It's equivalent to an OR
operation.
Do unattended installation of unsigned drivers on versions of Windows where this is allowed
This option allows Windows to install drivers without a digital signature.
Important
Free wedding reception program sample. This option doesn't apply to operating systems where you can't configure driver signing policy.
Capture Network Settings
Use this step to capture Microsoft network settings from the computer running the task sequence. The task sequence saves these settings in task sequence variables. These settings override the default settings you configure on the Apply Network Settings step.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Settings, and select Capture Network Settings.
Properties
On the Properties tab for this step, configure the settings described in this section.
Migrate domain and workgroup membership
Captures the domain and workgroup membership information of the destination computer.
Migrate network adapter configuration
Captures the network adapter configuration of the destination computer. It captures the following information:
- Global network settings
- Number of adapters
- The following network settings associated with each adapter: DNS, WINS, IP, and port filters
Capture Operating System Image
This step captures one or more images from a reference computer. The task sequence creates a Windows image (.wim) file on the specified network share. Then use the Add Operating System Image Package wizard to import this image into Configuration Manager for image-based OS deployments.
Configuration Manager captures each volume (drive) from the reference computer to a separate image within the .wim file. If the referenced computer has multiple volumes, the resulting .wim file contains a separate image for each volume. This step only captures volumes that are formatted as NTFS or FAT32. It skips volumes with other formats, and USB volumes.
The installed OS on the reference computer must be a version of Windows that Configuration Manager supports. Use the SysPrep tool to prepare the OS on the reference computer. The installed OS volume and the boot volume must be the same volume.
Specify an account with write permissions to the selected network share. For more information on the capture OS image account, see Accounts.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Images, and select Capture Operating System Image.
Properties
On the Properties tab for this step, configure the settings described in this section.
Target
File system path to the location that Configuration Manager uses when storing the captured OS image.
Description
An optional user-defined description of the captured OS image that's stored in the image file.
Version
An optional user-defined version number to assign to the captured OS image. This value can be any combination of letters and numbers. It's stored in the image file.
Created by
The optional name of the user that created the OS image. It's stored in the image file.
Capture operating system image account
Enter the Windows account that has permissions to the specified network share. Select Set to specify the name of the Windows account.
Capture User State
This step uses the User State Migration Tool (USMT) to capture user state and settings from the computer running the task sequence. This task sequence step is used in conjunction with the Restore User State task sequence step. This step always encrypts the USMT state store by using an encryption key that Configuration Manager generates and manages.
For more information about managing the user state when deploying operating systems, see Manage user state.
If you want to save and restore user state settings from a state migration point, use this step with the Request State Store and Release State Store steps.
This step provides control over a limited subset of the most commonly used USMT options. Specify additional command-line options using the OSDMigrateAdditionalCaptureOptions task sequence variable.
This task sequence step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select User State, and select Capture User State.
Properties
On the Properties tab for this step, configure the settings described in this section.
User state migration tool package
Specify the package that contains the User State Migration Tool (USMT). The task sequence uses this version of USMT to capture the user state and settings. This package doesn't require a program. Specify a package containing the 32-bit or 64-bit version of USMT. The architecture of USMT depends upon the architecture of the OS from which the task sequence is capturing state.
Capture all user profiles with standard options
Migrate all user profile information. This option is the default.
If you select this option, but don't select Restore local computer user profiles in the Restore User State step, the task sequence fails. Configuration Manager can't migrate the new accounts without assigning them passwords.
When you use the Install an existing image package option of the New Task Sequence wizard, the resulting task sequence defaults to Capture all user profiles with standard options. This default task sequence doesn't select the option to Restore local computer user profiles, or non-domain user accounts.
Select Restore local computer user profiles and provide a password for the account to migrate. In a manually created task sequence, this setting is found under the Restore User State step. In a task sequence created by the New Task Sequence wizard, this setting is found under the step Restore User Files and Settings wizard page.
If you have no local user accounts, this setting doesn't apply.
Customize how user profiles are captured
Select this option to specify a custom profile file for migration. Select Files to select the configuration files for USMT to use with this step. Specify a custom .xml file that contains rules that define the user state files to migrate.
Click here to select configuration files
Select this option to select the configuration files in the USMT package you want to use for capturing user profiles. Select the Files button to launch the Configuration Files dialog box. To specify a configuration file, enter the name of the file on the Filename line and select the Add button.
Enable verbose logging
Enable this option to generate more detailed log file information. When capturing state, the task sequence by default generates ScanState.log in the task sequence log folder, %WinDir%ccmlogs
.
Skip files using encrypted file system
Enable this option to skip capturing files encrypted with the Encrypted File System (EFS). These files include user profile files. Depending on the OS and USMT versions, encrypted files might not be readable after you restore. For more information, see the USMT documentation.
Copy by using file system access
Enable this option to specify any of the following settings:
Continue if some files cannot be captured: Enable this setting to continue the migration process even if it can't capture some files. If you disable this option, and a file can't be captured, then this step fails. This option is enabled by default.
Capture locally by using links instead of by copying files: Enable this setting to use NTFS hard-links to capture files.
For more information about migrating data using hard-links, see Hard-Link Migration Store.
Capture in off-line mode (Windows PE only): Enable this setting to capture the user state while in Windows PE instead of the full OS.
Capture by using Volume Copy Shadow Services (VSS)
This option allows you to capture files even if they're locked for editing by another application.
Capture Windows Settings
Use this step to capture the Windows settings from the computer running the task sequence. The task sequence saves these settings in task sequence variables. These captured settings override the default settings that you configure on the Apply Windows Settings step.
This task sequence step runs in either Windows PE or the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Settings, and select Capture Windows Settings.
Properties
On the Properties tab for this step, configure the settings described in this section.
Migrate computer name
Capture the NetBIOS computer name of the computer.
Migrate registered user and organization names
Capture the registered user and organization names from the computer.
Migrate time zone
Capture the time zone setting on the computer.
Check Readiness
Use this step to verify that the target computer meets the specified deployment prerequisite conditions.
To add this step in the task sequence editor, select Add, select General, and select Check Readiness.
Properties
On the Properties tab for this step, configure the settings described in this section.
Ensure minimum memory (MB)
Verify that the amount of memory, in megabytes (MB), meets or exceeds the specified amount. The step enables this setting by default.
Ensure minimum processor speed (MHz)
Verify that the speed of the processor, in megahertz (MHz), meets or exceeds the specified amount. The step enables this setting by default.
Ensure minimum free disk space (MB)
Verify that the amount of free disk space, in megabytes (MB), meets or exceeds the specified amount.
Ensure current OS to be refreshed is
Verify that the OS installed on the target computer meets the specified requirement. The step sets this setting to CLIENT by default.
Options
Note
If you enable the Continue on error setting on the Options tab of this step, it only logs the readiness check results. If a check fails, the task sequence doesn't stop.
Connect To Network Folder
Use this step to create a connection to a shared network folder.
This task sequence step runs in the full OS or Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select General, and select Connect To Network Folder.
Properties
On the Properties tab for this step, configure the settings described in this section.
Path
Select Browse to specify the network folder path. Use the format servershare
.
Drive
Select the local drive letter to assign for this connection.
Account
Select Set to specify the user account with permissions to connect to this network folder. For more information on the task sequence network folder connection account, see Accounts.
Disable BitLocker
Use this step to disable BitLocker encryption on the current OS drive, or on a specific drive. This action leaves the key protectors visible in clear text on the hard drive. It doesn't decrypt the contents of the drive. This action completes almost instantly.
Note
BitLocker drive encryption provides low-level encryption of the contents of a disk volume.
If you have multiple encrypted drives, disable BitLocker on any data drives before disabling BitLocker on the OS drive.
This step runs only in the full OS. It doesn't run in Windows PE.
Starting in version 1906, use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Disks, and select Disable BitLocker.
Properties
On the Properties tab for this step, configure the settings described in this section.
Current operating system drive
Disables BitLocker on the current OS drive.
Specific drive
Disables BitLocker on a specific drive. Use the drop-down list to specify the drive where BitLocker is disabled.
Resume protection after Windows has been restarted the specified number of times
Starting in version 1906, use this option to specify the number of restarts to keep BitLocker disabled. Instead of adding multiple instances of this step, set a value between 1 (default) and 15.
You can set and modify this behavior with the task sequence variables OSDBitLockerRebootCount and OSDBitLockerRebootCountOverride.
Download Package Content
Use this step to download any of the following package types:
- OS images
- OS upgrade packages
- Driver packages
- Packages
- Boot images (in version 1810 and earlier)
This step works well in a task sequence to upgrade an OS in the following scenarios:
To use a single upgrade task sequence that can work with both x86 and x64 platforms. Include two Download Package Content steps in the Prepare for Upgrade group. Specify conditions on the Options tab to detect the client architecture, and download only the appropriate OS upgrade package. Configure each Download Package Content step to use the same variable. Use the variable for the media path on the Upgrade Operating System step.
To dynamically download an applicable driver package, use two Download Package Content steps with conditions to detect the appropriate hardware type for each driver package. Configure each Download Package Content step to use the same variable. Use the variable for the Staged content value in the Drivers section of the Upgrade Operating System step.
Note
When you deploy a task sequence that contains this step, don't select Download all content locally before starting the task sequence or Access content directly from a distribution point for Deployment options on the Distribution Points page of the Deploy Software Wizard.
This step runs in either the full OS or Windows PE. The option to save the package in the Configuration Manager client cache isn't supported in Windows PE.
Note
The Download Package Content task isn't supported for use with stand-alone media. For more information, see Unsupported actions for stand-alone media.
To add this step in the task sequence editor, select Add, select Software, and select Download Package Content.
Properties
On the Properties tab for this step, configure the settings described in this section.
Select package
Select the icon to choose the package to download. After you choose one package, select the icon again to choose another package.
Place into the following location
Choose to save the package in one of the following locations:
Task sequence working directory: This location is also referred to as the task sequence cache.
Configuration Manager client cache: Use this option to store the content in the client cache. By default, this path is
%WinDir%ccmcache
.Custom path: The task sequence engine first downloads the package to the task sequence working directory. It then moves the content to this path you specify. The task sequence engine appends the path with the package ID.
Save path as a variable
Save the package's path into a custom task sequence variable. Then use this variable in another task sequence step.
Configuration Manager adds a numerical suffix to the variable name. For example, you specify a variable of %MyContent%
as a custom variable. It's the root for where the task sequence stores all referenced content for this step. This content may contain multiple packages. When you refer to the variable, add a numerical suffix. For the first package, refer to %MyContent01%
. When you refer to the variable in subsequent steps, such as Upgrade Operating System, use %MyContent02%
or %MyContent03%
, where the number corresponds to the order that the Download Package Content step lists the packages.
If a package download fails, continue downloading other packages in the list
If the task sequence fails to download a package, it starts to download the next package in the list.
Enable BitLocker
Use this step to enable BitLocker encryption on at least two partitions on the hard drive. The first active partition contains the Windows bootstrap code. Another partition contains the OS. The bootstrap partition must remain unencrypted.
Use the Pre-provision BitLocker step to enable BitLocker on a drive while in Windows PE. For more information, see Pre-provision BitLocker.
Note
BitLocker drive encryption provides low-level encryption of the contents of a disk volume.
This step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
When you specify TPM Only, TPM and Startup Key on USB, or TPM and PIN, the Trusted Platform Module (TPM) must be in the following state before you can run the Enable BitLocker step:
- Enabled
- Activated
- Ownership Allowed
This step completes any remaining TPM initialization. The remaining steps don't require physical presence or reboots. The Enable BitLocker step transparently completes the following remaining TPM initialization steps, if necessary:
- Create endorsement key pair
- Create owner authorization value and escrow to Active Directory, which must have been extended to support this value
- Take ownership
- Create the storage root key, or reset if already present but incompatible
If you want the task sequence to wait for the Enable BitLocker step to complete the drive encryption process, then select the Wait option. If you don't select the Wait option, the drive encryption process happens in the background. The task sequence immediately proceeds to the next step.
BitLocker can be used to encrypt multiple drives on a computer system, both OS and data drives. To encrypt a data drive, first encrypt the OS drive and complete the encryption process. This requirement is because the OS drive stores the key protectors for the data drives. If you encrypt the OS and data drives in the same task sequence, select the Wait option on the Enable BitLocker step for the OS drive.
If the hard drive is already encrypted, but BitLocker is disabled, then the Enable BitLocker step re-enables the key protectors and completes quickly. Re-encryption of the hard drive isn't necessary in this case.
To add this step in the task sequence editor, select Add, select Disks, and select Enable BitLocker.
Properties
On the Properties tab for this step, configure the settings described in this section.
Choose the drive to encrypt
Specifies the drive to encrypt. To encrypt the current OS drive, select Current operating system drive. Then configure one of the following options for key management:
TPM only: Select this option to use only Trusted Platform Module (TPM).
Startup Key on USB only: Select this option to use a startup key stored on a USB flash drive. When you select this option, BitLocker locks the normal boot process until a USB device that contains a BitLocker startup key is attached to the computer.
TPM and Startup Key on USB: Select this option to use TPM and a startup key stored on a USB flash drive. When you select this option, BitLocker locks the normal boot process until a USB device that contains a BitLocker startup key is attached to the computer.
TPM and PIN: Select this option to use TPM and a personal identification number (PIN). When you select this option, BitLocker locks the normal boot process until the user provides the PIN.
To encrypt a specific, non-OS data drive, select Specific drive. Then select the drive from the list.
Use full disk encryption
By default, this step only encrypts used space on the drive. This default behavior is recommended, as it's faster and more efficient. Starting in version 1806, if your organization requires encrypting the entire drive during setup, then enable this option. Windows Setup waits for the entire drive to encrypt, which takes a long time, especially on large drives.
Choose where to create the recovery key
To specify for BitLocker to create the recovery password and escrow it in Active Directory, select In Active Directory. This option requires that you extend Active Directory for BitLocker key escrow. BitLocker can then save the associated recovery information in Active Directory. Select Do not create recovery key to not create a password. Creating a password is the recommended option.
Wait for BitLocker to complete the drive encryption process on all drives before continuing task sequence execution
Select this option to allow BitLocker drive encryption to complete prior to running the next step in the task sequence. If you select this option, BitLocker encrypts the entire disk volume before the user is able to sign in to the computer.
The encryption process can take hours to complete when encrypting a large hard drive. Not selecting this option allows the task sequence to proceed immediately.
Format and Partition Disk
Use this step to format and partition a specified disk on the destination computer.
Important
Every setting you specify for this step applies to a single specified disk. To format and partition another disk on the destination computer, add an additional Format and Partition Disk step to the task sequence.
This step runs only in Windows PE. It doesn't run in the full OS.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Disks, and select Format and Partition Disk.
Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings described in this section.
Disk Number
The physical disk number of the disk to format. The number is based on Windows disk enumeration ordering.
Disk Type
The type of the disk to format. There are two options to select from the drop-down list:
- Standard (MBR): Master Boot Record
- GPT: GUID Partition Table
Note
If you change the disk type from Standard (MBR) to GPT, and the partition layout contains an extended partition, the task sequence removes all extended and logical partitions from the layout. The task sequence editor prompts to confirm this action before changing the disk type.
Volume
Specific information about the partition or volume that the task sequence creates, including the following attributes:
- Name
- Remaining disk space
To create a new partition, select New to launch the Partition Properties dialog box. Specify the partition type and size, and if it's a boot partition. To modify an existing partition, select the partition to be modified, and then select the Properties button. For more information about how to configure hard drive partitions, see one of the following articles:
To delete a partition, choose the partition, and then select Delete.
Install Application
This step installs the specified applications, or a set of applications defined by a dynamic list of task sequence variables. When the task sequence runs this step, the application installation begins immediately without waiting for a policy polling interval.
The applications must meet the following criteria:
The application must have a deployment type of Windows Installer or Script installer. Windows app package (.appx file) deployment types aren't supported.
It must run under the Local System account and not the user account.
It must not interact with the desktop. The program must run silently or in an unattended mode.
It must not initiate a restart on its own. The application must request a restart by using the standard restart code, 3010. This behavior makes sure that this step correctly handles the restart. If the application returns a 3010 exit code, the task sequence engine restarts the computer. After the restart, the task sequence automatically continues.
Note
If the application checks for running executable files, the task sequence will fail to install it. If you don't configure this step to continue on error, then the entire task sequence fails.
When this step runs, the application checks the applicability of the requirement rules and detection method on its deployment types. Based on the results of this check, the application installs the applicable deployment type. If a deployment type contains dependencies, the dependent deployment type is evaluated and installed as part of this step. Application dependencies aren't supported for stand-alone media.
Note
To install an application that supersedes another application, the content files for the superseded application must be available. Otherwise this task sequence step fails. For example, Microsoft Visio 2010 is installed on a client or in a captured image. When the Install Application step installs Microsoft Visio 2013, the content files for Microsoft Visio 2010 (the superseded application) must be available on a distribution point. If Microsoft Visio isn't installed at all on a client or captured image, the task sequence installs Microsoft Visio 2013 without checking for the Microsoft Visio 2010 content files.
If you retire a superceded app, and the new app is referenced in a task sequence, the task sequence fails to start.This behavior is by design: the task sequence requires all app references.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
Note
If the client fails to retrieve the management point list from location services, use the SMSTSMPListRequestTimeoutEnabled and SMSTSMPListRequestTimeout task sequence variables. These variables specify how many milliseconds a task sequence waits before it retries installing an application. For more information, see Task sequence variables.
To add this step in the task sequence editor, select Add, select Software, and select Install Application.
Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings that are described in this section.
Install the following applications
The task sequence installs these applications in the specified order.
Configuration Manager filters out any disabled applications, or any applications with the following settings:
- Only when a user is logged on
- Run with user rights
These applications don't appear in the Select the application to install dialog box.
Install applications according to dynamic variable list
The task sequence installs applications using this base variable name. The base variable name is for a set of task sequence variables defined for a collection or computer. These variables specify the applications that the task sequence installs for that collection or computer. Each variable name consists of its common base name plus a numerical suffix starting at 01. The value for each variable must contain the name of the application and nothing else.
For the task sequence to install applications by using a dynamic variable list, enable the following setting on the General tab of the application Properties: Allow this application to be installed from the Install Application task sequence action instead of deploying manually.
Note
You can't install applications by using a dynamic variable list for stand-alone media deployments.
For example, to install a single application by using a task sequence variable called AA01, specify the following variable:
Variable Name | Variable Value |
---|---|
AA01 | Microsoft Office |
To install two applications, specify the following variables:
Variable Name | Variable Value |
---|---|
AA01 | Microsoft Lync |
AA02 | Microsoft Office |
The following conditions affect the applications installed by the task sequence:
If the value of a variable contains any information other than the name of the application. The task sequence doesn't install the application, and the task sequence continues.
If the task sequence doesn't find a variable with the specified base name and '01' suffix, the task sequence doesn't install any applications.
Important
These values are case-sensitive. For example, 'install' is different than 'Install'. If you need to change the value, the task sequence editor doesn't detect a change of case. Make another edit at the same time, for example, modify the step description.
If an application fails, continue installing other applications in the list
This setting specifies that the step continues when an individual application installation fails. If you specify this setting, the task sequence continues regardless of any installation errors. If you don't specify this setting, and the installation fails, the step immediately ends.
Clear application content from cache after installing
Starting in version 1906, delete the app content from the client cache after the step runs. This behavior is beneficial on devices with small hard drives or when installing lots of large apps in succession.
Options
Note
When you select Continue on error on the Options tab of this step, the task sequence continues when an application fails to install. When you don't enable this option, the task sequence fails, and doesn't install remaining applications.
Besides the default options, configure the following additional settings on the Options tab of this task sequence step:
Retry this step if computer unexpectedly restarts
If one of the application installations unexpectedly restarts the computer, retry this step. The step enables this setting by default with two retries. You can specify from one to five retries.
Install Package
Use this step to install a software package as part of the task sequence. When this step runs, the installation begins immediately without waiting for a policy polling interval.
The package must meet the following criteria:
It must run under the Local System account and not a user account.
It shouldn't interact with the desktop. The program must run silently or in an unattended mode.
It must not initiate a restart on its own. The software must request a restart using the standard restart code, 3010. This behavior makes sure that the task sequence properly handles the restart. If the software does return a 3010 exit code, the task sequence engine restarts the computer. After the restart, the task sequence automatically continues.
Programs that use the Run another program first option to install a dependent program aren't supported when deploying an OS. If you enable the package option Run another program first, and the dependent program already ran on the destination computer, the dependent program runs and the task sequence continues. However, if the dependent program hasn't already run on the destination computer, the task sequence step fails.
Note
The central administration site doesn't have the necessary client configuration policies required to enable the software distribution agent during the task sequence. When you create stand-alone media for a task sequence at the central administration site, and the task sequence includes an Install Package step, the following error might appear in the CreateTsMedia.log file:
'WMI method SMS_TaskSequencePackage.GetClientConfigPolicies failed (0x80041001)'
For stand-alone media that includes an Install Package step, create the stand-alone media at a primary site that has the software distribution agent enabled. Alternatively, add a Run Command Line step after the Setup Windows and ConfigMgr step and before the first Install Package step. The Run Command Line step runs a WMIC command to enable the software distribution agent before the first Install Package step. Use the following command in the Run Command Line step:
WMIC /namespace:rootccmpolicymachinerequestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName='Enable SWDist', Enabled='true', LockSettings='TRUE', PolicySource='local', PolicyVersion='1.0', SiteSettingsKey='1' /NOINTERACTIVE
For more information about creating stand-alone media, see Create stand-alone media.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
- OSDDoNotLogCommand (starting in version 1806)
To add this step in the task sequence editor, select Add, select Software, and select Install Package.Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings described in this section.
Install a single software package
This setting specifies a Configuration Manager software package. The step waits until the installation completes.
Install software packages according to dynamic variable list
The task sequence installs packages using this base variable name. The base variable name is for a set of task sequence variables defined for a collection or computer. These variables specify the packages that the task sequence installs for that collection or computer. Each variable name consists of its common base name plus a numerical suffix starting at 001. The value for each variable must contain a package ID and the name of the software separated by a colon.
For the task sequence to install software by using a dynamic variable list, enable the following setting on the Advanced tab of the package Properties: Allow this program to be installed from the Install Package task sequence without being deployed.
Note
You can't install software packages by using a dynamic variable list for stand-alone media deployments.
For example, to install a single software package by using a task sequence variable called AA001, you specify the following variable:
Variable Name | Variable Value |
---|---|
AA001 | CEN00054:Install |
To install three software packages, you would specify the following variables:
Variable Name | Variable Value |
---|---|
AA001 | CEN00054:Install |
AA002 | CEN00107:Install Silent |
AA003 | CEN00031:Install |
The following conditions affect the packages installed by the task sequence:
If you don't create the value of a variable in the correct format, or it doesn't specify a valid package ID and name, the software installation fails.
If the package ID contains lowercase characters, the software installation fails.
If the task sequence doesn't find a variable with the specified base name and '001' suffix, the task sequence doesn't install any packages. The task sequence continues.
Important
These values are case-sensitive. For example, 'install' is different than 'Install'. If you need to change the value, the task sequence editor doesn't detect a change of case. Make another edit at the same time, for example, modify the step description.
If installation of a software package fails, continue installing other packages in the list
This setting specifies that the step continues if an individual software package installation fails. If you specify this setting, the task sequence continues regardless of any installation errors. If you don't specify this setting, and the installation fails, the step immediately ends.
Install Software Updates
Use this step to install software updates on the destination computer. The destination computer isn't evaluated for applicable software updates until this task sequence step runs. At that time, the destination computer is evaluated for software updates like any other Configuration Manager client. For this step to install software updates, first deploy the updates to a collection of which the target computer is a member.
Important
For best performance, install the latest version of the Windows Update Agent.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
Note
If the client fails to retrieve the management point list from location services, use the SMSTSMPListRequestTimeoutEnabled and SMSTSMPListRequestTimeout variables. These variables specify how many milliseconds a task sequence waits before it retries installing an application or software update. For more information, see Task sequence variables.
To add this step in the task sequence editor, select Add, select Software, and select Install Software Updates.
Manage this step with the following PowerShell cmdlets:
For more recommendations and a technical flow chart diagram for this step, see Install Software Updates.
Properties
On the Properties tab for this step, configure the settings described in this section.
Required for installation - Mandatory software updates only
Select this option to install all mandatory software updates with administrator-defined installation deadlines.
Available for installation - All software updates
Select this option to install all available software updates. First deploy these updates to a collection of which the computer is a member. The task sequence installs all available software updates on the destination computers.
Evaluate software updates from cached scan results
By default, this step uses cached scan results from the Windows Update Agent. Disable this option to instruct the Windows Update Agent to download the latest catalog from the software update point. Enable this option when using a task sequence to capture and build an OS image. A large number of software updates is likely in this scenario.
Many of these updates have dependencies. For example, install update ABC before update XYZ appears as applicable. When you disable this setting, and deploy the task sequence to many clients, they all connect to the software update point at the same time. This behavior results in performance issues during the process and download of the update catalog.
In most circumstances, use the default setting to use cached scan results.
The SMSTSSoftwareUpdateScanTimeout variable controls the software updates scan timeout during this step. The default value is 60 minutes. For more information, see Task sequence variables.
Options
Besides the default options, configure the following additional settings on the Options tab of this task sequence step:
Retry this step if computer unexpectedly restarts
If one of the updates unexpectedly restarts the computer, retry this step. The step enables this setting by default with two retries. You can specify from one to five retries.
Note
Configure the SMSTSWaitForSecondReboot variable to specify how many seconds the task sequence pauses after the computer restarts in this scenario. For more information, see Task sequence variables.
Join Domain or Workgroup
Use this step to add the destination computer to a workgroup or domain.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select General, and select Join Domain or Workgroup.
Properties
On the Properties tab for this step, configure the settings described in this section.
Join a workgroup
Select this option to have the destination computer join the specified workgroup. If the computer is currently a member of a domain, selecting this option causes the computer to reboot.
Join a domain
Select this option to have the destination computer join the specified domain.
Optionally, enter or browse for an organizational unit (OU) in the specified domain for the computer to join. If the computer is currently a member of some other domain or a workgroup, this option causes the computer to reboot. If the computer is already a member of another OU, since Active Directory Domain Services doesn't allow changing the OU via this method, Windows Setup ignores this setting.
Enter the account which has permission to join the domain
Select Set to enter the username and password for an account with permissions to join the domain. Enter the account in the format: Domainaccount
. For more information on the task sequence domain joining account, see Accounts.
Prepare ConfigMgr Client for Capture
Use this step to remove or configure the Configuration Manager client on the reference computer. This action prepares the computer for capture as part of the imaging process.
This step completely removes the Configuration Manager client, instead of only removing key information. When the task sequence deploys the captured OS image, it installs a new Configuration Manager client each time.
Note
The task sequence engine only removes the client during the Build and capture a reference operating system image task sequence. The task sequence engine doesn't remove the client during other capture methods, such as capture media or a custom task sequence.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
To add this step in the task sequence editor, select Add, select Images, and select Prepare ConfigMgr Client for Capture.
Properties
This step doesn't require any settings on the Properties tab.
Prepare Windows for Capture
Use this step to specify the Sysprep options when capturing an OS image on the reference computer. This step runs Sysprep, and then reboots the computer into the Windows PE boot image specified for the task sequence. This action fails if the reference computer is joined to a domain.
This step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Images, and select Prepare Windows for Capture.
Properties
On the Properties tab for this step, configure the settings described in this section.
Automatically build mass storage driver list
Select this option to have Sysprep automatically build a list of mass storage drivers from the reference computer. This option enables the Build Mass Storage Drivers option in the sysprep.inf file on the reference computer. For more information about this setting, see the Sysprep documentation.
Do not reset activation flag
Select this option to prevent Sysprep from resetting the product activation flag.
Shutdown the computer after running this action
Starting in version 1806, this option instructs Sysprep to shutdown the computer instead of its default restart behavior.
Starting in version 1810, this step is used in the Windows Autopilot for existing devices task sequence.
If you want the task sequence to refresh the device and then immediately start OOBE for Autopilot, leave this option off.
Enable this option to shutdown the device after imaging. Then you can deliver the device to a user, who starts OOBE with Autopilot when they turn it on for the first time.
Pre-provision BitLocker
Use this step to enable BitLocker on a drive while in Windows PE. By default, only the used drive space is encrypted, so encryption times are much faster. You apply the key management options by using the Enable BitLocker step after the OS installs.
This step runs only in Windows PE. It doesn't run in the full OS.
Important
Pre-provisioning BitLocker requires at least Windows 7. The computer must also contain a supported and enabled Trusted Platform Module (TPM).
To add this step in the task sequence editor, select Add, select Disks, and select Pre-provision BitLocker.
Properties
On the Properties tab for this step, configure the settings described in this section.
Apply BitLocker to the specified drive
Specify the drive for which you want to enable BitLocker. BitLocker only encrypts the used space on the drive.
Use full disk encryption
By default, this step only encrypts used space on the drive. This default behavior is recommended, as it's faster and more efficient. Starting in version 1806, if your organization requires encrypting the entire drive during setup, then enable this option. Windows Setup waits for the entire drive to encrypt, which takes a long time, especially on large drives.
Skip this step for computers that do not have a TPM or when TPM is not enabled
Select this option to skip drive encryption on a computer that doesn't contain a supported or enabled TPM. For example, use this option when you deploy an OS to a virtual machine.
Release State Store
Use this step to notify the state migration point that the capture or restore action is complete. Use this step in conjunction with the Request State Store, Capture User State, and Restore User State steps. You use these steps to migrate user state data using a state migration point and the User State Migration Tool (USMT).
For more information about managing the user state when deploying operating systems, see Manage user state.
If you use the Request State Store step to request access to a state migration point to capture user state, this step notifies the state migration point that the capture process is complete. The state migration point then marks the user state data as available for restore. The state migration point sets the access control permissions for the user state data so that only the restoring computer has read-only access.
If you use the Request State Store step to request access to a state migration point to restore user state, this step notifies the state migration point that the restore process is complete. The state migration point then activates its configured data retention settings.
Important
Set the Continue on Error option for any steps between the Request State Store and Release State Store steps. Every Request State Store step must have a matching Release State Store step.
This step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select User State, and select Release State Store.
Properties
This step doesn't require any settings on the Properties tab.
Request State Store
Use this step to request access to a state migration point when capturing or restoring state.
For more information about managing the user state when deploying operating systems, see Manage user state.
Use this step in conjunction with the Release State Store, Capture User State, and Restore User State steps. You use these steps to migrate computer state using a state migration point and the User State Migration Tool (USMT).
Note
When creating a new state migration point, user state storage isn't available for up to one hour. To expedite availability, adjust any property settings on the state migration point to trigger a site control file update.
This step runs in the full OS and in Windows PE for offline USMT.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select User State, and select Request State Store.
Properties
On the Properties tab for this step, configure the settings described in this section.
Capture state from the computer
Find a state migration point that meets the minimum requirements as configured in the state migration point settings. For example, Maximum number of clients and Minimum amount of free disk space. This option doesn't guarantee sufficient space is available at the time of state migration. This option requests access to the state migration point for the purpose of capturing the user state and settings from a computer.
If the Configuration Manager site has multiple active state migration points, this step finds a state migration point with available disk space. The task sequence queries the management point for a list of state migration points, and then evaluates each until it finds one that meets the minimum requirements.
Restore state from another computer
Request access to a state migration point to restore previously captured user state and settings to a destination computer.
If there are multiple state migration points, this step finds the state migration point that has the state for the destination computer.
Number of retries
The number of times that this step tries to find an appropriate state migration point before failing.
Retry delay (in seconds)
The amount of time in seconds that the task sequence step waits between retry attempts.
If computer account fails to connect to a state store, use the network access account
If the task sequence can't access the state migration point using the computer account, it uses the network access account credentials to connect. This option is less secure because other computers could use the network access account to access the stored state. This option might be necessary if the destination computer isn't domain joined.
Restart Computer
Use this step to restart the computer running the task sequence. After the restart, the computer automatically continues with the next step in the task sequence.
This step can be run in either the full OS or Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select General, and select Restart Computer.
Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings described in this section.
The boot image assigned to this task sequence
Select this option for the destination computer to use the boot image assigned to the task sequence. The task sequence uses the boot image to run subsequent steps in Windows PE.
The currently installed default operating system
Select this option for the destination computer to reboot into the installed OS.
Notify the user before restarting
Select this option to display a notification to the user before the destination computer restarts. The step selects this option by default.
Notification message
Enter a notification message to display to the user before the destination computer restarts.
Message display time-out
Specify the amount of time in seconds before the destination computer restarts. The default is 60 seconds.
Restore User State
Use this step to initiate the User State Migration Tool (USMT) to restore user state and settings to the destination computer. You use this step in conjunction with the Capture User State step.
For more information about managing the user state when deploying operating systems, see Manage user state.
Use this step with the Request State Store and Release State Store steps to save or restore the state settings with a state migration point. This option always decrypts the USMT state store by using an encryption key that Configuration Manager generates and manages.
The Restore User State step provides control over a limited subset of the most commonly used USMT options. Specify additional command-line options with the OSDMigrateAdditionalRestoreOptions variable.
Important
If you're using this step for a purpose unrelated to an OS deployment scenario, add the Restart Computer step immediately following the Restore User State step.
This step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select User State, and select Restore User State.
Properties
On the Properties tab for this step, configure the settings described in this section.
User state migration tool package
Specify the package that contains the version of USMT for this step to use. This package doesn't require a program. When the step runs, the task sequence uses the version of USMT in the specified package. Specify a package containing the 32-bit or 64-bit version of USMT. The architecture of USMT depends upon the architecture of the OS to which the task sequence is restoring state.
Restore all captured user profiles with standard options
Restores the captured user profiles with the standard options. To customize the options that USMT restores, select Customize user profile capture.
Customize how user profiles are restored
Allows you to customize the files that you want to restore to the destination computer. Select Files to specify the configuration files in the USMT package you want to use for restoring the user profiles. To add a configuration file, enter the name of the file in the Filename box, and then select Add. The Files pane lists the configuration files that USMT uses. The .xml file you specify defines which user file USMT restores.
Restore local computer user profiles
Restores the local computer user profiles. These profiles aren't for domain users. Assign new passwords to the restored local user accounts. USMT can't migrate the original passwords. Enter the new password in the Password box, and confirm the password in the Confirm Password box.
Continue if some files cannot be restored
Continues restoring user state and settings even if USMT is unable to restore some files. The step enables this option by default. If you disable this option, and USMT encounters errors while restoring files, this step fails immediately. USMT doesn't restore all files.
Enable verbose logging
Enable this option to generate more detailed log file information. When restoring state, the task sequence by default generates Loadstate.log in the task sequence log folder, %WinDir%ccmlogs
.
Run Command Line
Use this step to run the specified command line.
This step can be run in the full OS or Windows PE.
Use the following task sequence variables with this step:
- OSDDoNotLogCommand (starting in version 1902)
To add this step in the task sequence editor, select Add, select General, and select Run Command Line.
Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings described in this section.
Command line
Specifies the command line that the task sequence runs. This field is required. Include file name extensions, for example, .vbs and .exe. Include all required settings files and command-line options.
If you don't specify the file name extension, Configuration Manager tries .com, .exe, and .bat. If the file name has an extension that's not an executable type, Configuration Manager tries to apply a local association. For example, if the command line is readme.gif, Configuration Manager starts the application specified on the destination computer for opening .gif files.
Examples:
setup.exe /a
cmd.exe /c copy Jan98.dat c:salesJan98.dat
Note
To run successfully, precede command-line actions with the cmd.exe /c command. Example of these actions include output redirection, piping, and copy commands.
Disable 64-bit file system redirection
By default, 64-bit operating systems use the WOW64 file system redirector to run command lines. This behavior is to properly find 32-bit versions of OS executables and libraries. Select this option to disable the use of the WOW64 file system redirector. Windows runs the command using native 64-bit versions of OS executables and libraries. This option has no effect when running on a 32-bit OS.
Start in
Specifies the executable folder for the program, up to 127 characters. This folder can be an absolute path on the destination computer or a path relative to the distribution point folder that contains the package. This field is optional.
Examples:
c:officexp
i386
Note
The Browse button browses the local computer for files and folders. Anything you select must also exist on the destination computer. It must exist in the same location and with the same file and folder names.
Package
When you specify files or programs on the command line that aren't already present on the destination computer, select this option to specify the Configuration Manager package that contains the necessary files. The package doesn't require a program. If the specified files exist on the destination computer, this option isn't required.
Time-out
Specifies a value that represents how long Configuration Manager allows the command line to run. This value can be from one minute to 999 minutes. The default value is 15 minutes. This option is disabled by default.
Important
If you enter a value that doesn't allow enough time for the specified command to complete successfully, this step fails. The entire task sequence could fail depending on step or group conditions. If the time-out expires, Configuration Manager terminates the command-line process.
Run this step as the following account
Specifies that the command line is run as a Windows user account other than the Local System account.
Note
To run simple scripts or commands with another account after installing the OS, first add the account to the computer. Additionally, you may need to restore Windows user profiles to run more complex programs, such as a Windows Installer.
Account
Specifies the Windows user account this step uses to run the command line. The command line runs with the permissions of the specified account. Select Set to specify the local user or domain account. For more information on the task sequence run-as account, see Accounts.
Important
If this step specifies a user account and runs in Windows PE, the action fails. You can't join Windows PE to a domain. The smsts.log file records this failure.
Options
Besides the default options, configure the following additional settings on the Options tab of this task sequence step:
Success codes
Include other exit codes from the script that the step should evaluate as success.
Run PowerShell Script
Use this step to run the specified Windows PowerShell script.
This step can be run in the full OS or Windows PE. To run this step in Windows PE, enable PowerShell in the boot image. Enable the WinPE-PowerShell component from the Optional Components tab in the properties for the boot image. For more information about how to modify a boot image, see Manage boot images.
Note
PowerShell isn't enabled by default on Windows Embedded operating systems.
Use the following task sequence variables with this step:
- OSDLogPowerShellParameters (starting in version 1902)
To add this step in the task sequence editor, select Add, select General, and select Run PowerShell Script.
Manage this step with the following PowerShell cmdlets:
Note
Use signed PowerShell scripts in Unicode format. ANSI format, which is the default, doesn't work with this step.
Properties
On the Properties tab for this step, configure the settings described in this section.
Package
Specify the Configuration Manager package that contains the PowerShell script. One package can contain multiple PowerShell scripts.
Script name
Specifies the name of the PowerShell script to run. This field is required.
Enter a PowerShell script
Starting in version 1902, directly enter Windows PowerShell code in this step. This feature lets you run PowerShell commands during a task sequence without first creating and distributing a package with the script.
When you add or edit a script, the PowerShell script window provides the following actions:
Edit the script directly
Open an existing script from file
Browse to an existing approved script in Configuration Manager
Important
To take advantage of this new Configuration Manager feature, after you update the site, also update clients to the latest version. While new functionality appears in the Configuration Manager console when you update the site and console, the complete scenario isn't functional until the client version is also the latest.
Parameters
Specifies the parameters passed to the PowerShell script. These parameters are the same as the PowerShell script parameters on the command line.
Provide parameters consumed by the script, not for the Windows PowerShell command line.
The following example contains valid parameters:
-MyParameter1 MyValue1 -MyParameter2 MyValue2
The following example contains invalid parameters. The first two items are Windows PowerShell command-line parameters (-NoLogo and -ExecutionPolicy Unrestricted). The script doesn't consume these parameters.
-NoLogo -ExecutionPolicy Unrestricted -File MyScript.ps1 -MyParameter1 MyValue1 -MyParameter2 MyValue2
If a parameter value includes a special character, use single quotation marks ('
) around the value. Using double quotation marks ('
) may cause the task sequence step to incorrectly process the parameter.
For example: -Arg1 '%TSVar1%' -Arg2 '%TSVar2%'
PowerShell execution policy
Determine which PowerShell scripts (if any) you allow to run on the computer. Choose one of the following execution policies:
AllSigned: Only run scripts signed by a trusted publisher
Undefined: Don't define any execution policy
Bypass: Load all configuration files and run all scripts. If you download an unsigned script from the internet, Windows PowerShell doesn't prompt for permission before running the script.
Important
PowerShell 1.0 doesn't support Undefined and Bypass execution policies.
Output to task sequence variable
Starting in version 1902, save the script output to a custom task sequence variable.
Start in
Starting in version 1902, specify the starting folder for the script, up to 127 characters. This folder can be an absolute path on the destination computer or a path relative to the distribution point folder that contains the package. This field is optional.
Note
The Browse button browses the local computer for files and folders. Anything you select must also exist on the destination computer. It must exist in the same location and with the same file and folder names.
Time-out
Starting in version 1902, specify a value that represents how long Configuration Manager allows the PowerShell script to run. This value can be from one minute to 999 minutes. The default value is 15 minutes. This option is disabled by default.
Important
If you enter a value that doesn't allow enough time for the specified script to complete successfully, this step fails. The entire task sequence could fail depending on step or group conditions. If the time-out expires, Configuration Manager terminates the PowerShell process.
Run this step as the following account
Starting in version 1902, specify that the PowerShell script is run as a Windows user account other than the Local System account.
Note
To run simple scripts or commands with another account after installing the OS, first add the account to the computer. Additionally, you may need to restore Windows user profiles to run more complex actions.
Account
Starting in version 1902, specify the Windows user account this step uses to run the PowerShell script. The specified account must be a local administrator on the system and the script runs with the permissions of this account. Select Set to specify the local user or domain account. For more information on the task sequence run-as account, see Accounts.
Important
If this step specifies a user account and runs in Windows PE, the action fails. You can't join Windows PE to a domain. The smsts.log file records this failure.
Options
Besides the default options, configure the following additional settings on the Options tab of this task sequence step:
Success codes
Starting in version 1902, include other exit codes from the script that the step should evaluate as success.
Run Task Sequence
Note
Configuration Manager doesn't enable this optional feature by default. Enable this feature before using it. For more information, see Enable optional features from updates.
This step runs another task sequence. It creates a parent-child relationship between the task sequences. With child task sequences, you can create more modular, reusable task sequences.
To add this step in the task sequence editor, select Add, select General, and select Run Task Sequence.
Starting in version 1906, manage this step with the following PowerShell cmdlets:
- Get-CMTSStepRunTaskSequence
- New-CMTSStepRunTaskSequence
- Remove-CMTSStepRunTaskSequence
- Set-CMTSStepRunTaskSequence
For more information, see 1906 release notes - New cmdlets.
Specifications and limitations
Consider the following points when you add a child task sequence to a task sequence:
The parent and child task sequences are effectively combined into a single policy that the client runs.
The environment is global. If the parent task sequence sets a variable, and then the child task sequence changes that variable, it retains the latest value. If the child task sequence creates a new variable, it's available for the rest of the parent task sequence.
Status messages are sent per normal for a single task sequence operation.
The task sequence writes entries to the smsts.log file, with new log entries that make it clear when a child task sequence starts.
You can't select a task sequence with a boot image reference. For any deployment that requires a boot image, specify it on the parent task sequence.
If a child task sequence is disabled, the deployment fails. You can't use the Continue on error option to work around this limitation.
If a child task sequence contains steps that are considered high impact, Software Center doesn't detect it and show the high-impact notification. Modify the properties of the parent task sequence, on the User Notification tab, to specify that This is a high-impact task sequence.
If a child task sequence has a missing package reference, viewing the parent task sequence doesn't detect this state. If you edit the parent task sequence, it detects any missing references in child task sequences when you make changes to the parent.
Properties
On the Properties tab for this step, configure the settings described in this section.
Select task sequence to run
Select Browse to select the child task sequence. The Select a Task Sequence dialog box doesn't display the parent task sequence.
Set Dynamic Variables
Use this step to perform the following actions:
Gather information from the computer and its environment. Then set specified task sequence variables with the information.
Evaluate defined rules. Set task sequence variables based on the rules that evaluate to true.
The task sequence automatically sets the following read-only task sequence variables:
This step can be run in either the full OS or Windows PE.
To add this step in the task sequence editor, select Add, select General, and select Set Dynamic Variables.
Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings described in this section.
Dynamic rules and variables
To set a dynamic variable for use in the task sequence, add a rule. Then set a value for each variable specified in the rule. Additionally, add one or more variables without adding a rule. When you add a rule, choose from the following categories:
Computer: Evaluate values for hardware asset tag, UUID, serial number, or MAC address. Set multiple values as necessary. If any value is true, then the rule evaluates as true. For example, the following rule evaluates as true if the device serial number is 5892087 and the MAC address is 22-A4-5A-13-78-26:
IF Serial Number = 5892087 OR MAC address = 26-78-13-5A-A4-22 THEN
Location: Evaluate values for the default network gateway
Make and Model: Evaluate values for the make and model of a computer. Both the make and model must evaluate to true for the rule to evaluate to true.
Specify an asterisk (
*
) and question mark (?
) as wild cards characters. The asterisk matches multiple characters and the question mark matches a single character. For example, the stringDELL*900?
matches bothDELL-ABC-9001
andDELL9009
.Task Sequence Variable: Add a task sequence variable, condition, and value to evaluate. The rule evaluates to true when the value set for the variable meets the specified condition.
Specify one or more variables to set for a rule that evaluates to true, or set variables without using a rule. Select an existing variable, or create a custom variable.
Existing task sequence variables: Select one or more variables from a list of existing task sequence variables. Array variables aren't available to select.
Custom task sequence variables: Define a custom task sequence variable. You can also specify an existing task sequence variable. This setting is useful to specify an existing variable array, such as OSDAdapter, since variable arrays aren't in the list of existing task sequence variables.
After you select the variables for a rule, provide a value for each variable. The variable is set to the specified value when the rule evaluates to true. For each variable, you can select Secret value to hide the value of the variable. By default, some existing variables hide values, such as the OSDCaptureAccountPassword variable.
Important
Configuration Manager removes any variable values marked as a Secret value when you import a task sequence with the Set Dynamic Variables step. Re-enter the value for the dynamic variable after you import the task sequence.
Set Task Sequence Variable
Use this step to set the value of a variable that's used with the task sequence.
This step can be run in either the full OS or Windows PE.
Task sequence variables are read by task sequence actions and specify the behavior of those actions. For more information about specific task sequence variables and how to use them, see the following articles:
To add this step in the task sequence editor, select Add, select General, and select Set Task Sequence Variable.
Sccm 2012 Task Sequence
Manage this step with the following PowerShell cmdlets:
Properties
On the Properties tab for this step, configure the settings described in this section.
Task sequence variable
Specify the name of a task sequence built-in or action variable, or specify your own user-defined variable name.
Do not display this value
Starting in version 1806, enable this option to mask sensitive data stored in task sequence variables. For example, when specifying a password.
Note
Enable this option and then set the value of the task sequence variable. Otherwise the variable value isn't set as you intend, which may cause unexpected behaviors when the task sequence runs.
Value
The task sequence sets the variable to this value. Set this task sequence variable to the value of another task sequence variable with the syntax %varname%
.
Setup Windows and ConfigMgr
Use this step to perform the transition from Windows PE to the new OS. This task sequence step is a required part of any OS deployment. It installs the Configuration Manager client into the new OS, and prepares for the task sequence to continue execution in the new OS.
This step is responsible for transitioning the task sequence from Windows PE to the full OS. The step runs both in Windows PE and the full OS because of this transition. However, since the transition starts in Windows PE, it can only be added during the Windows PE portion of the task sequence.
Use the following task sequence variables with this step:
This step replaces sysprep.inf or unattend.xml directory variables, such as %WINDIR%
and %ProgramFiles%
, with the Windows PE installation directory, X:Windows
. The task sequence ignores variables specified by using these environment variables.
To add this step in the task sequence editor, select Add, select Images, and select Setup Windows and ConfigMgr.
Manage this step with the following PowerShell cmdlets:
Step actions
This step performs the following actions:
Preliminaries: Windows PE
Substitute task sequence variables in the unattend.xml file.
Download the package that contains the Configuration Manager client. Add the package to the deployed image.
Set up Windows
Image-based installation
Disable the Configuration Manager client in the image, if it exists. In other words, disable Autostart for the Configuration Manager client service.
Update the registry in the deployed image to start the deployed OS with the same drive letter as the reference computer.
Restart to the deployed OS.
Windows mini-setup runs by using the previously specified sysprep.inf or unattend.xml answer file that has all end-user interaction suppressed. If you use the Apply Network Settings step to join a domain, then that information is in the answer file. Windows mini-setup joins the computer to the domain.
Setup.exe-based installation. Runs Setup.exe that follows the typical Windows setup process:
Copy the OS upgrade package, specified in the Apply Operating System step, to the hard disk drive.
Restart to the newly deployed OS.
Windows mini-setup runs by using the previously specified sysprep.inf or unattend.xml answer file that has all user interface settings suppressed. If you use the Apply Network Settings step to join a domain, then that information is in the answer file. Windows mini-setup joins the computer to the domain.
Set up the Configuration Manager client
After Windows mini-setup finishes, the task sequence resumes by using setupcomplete.cmd.
Enable or disable the local Administrator account, based on the option selected in the Apply Windows Settings step.
Install the Configuration Manager client by using the previously downloaded package, and installation properties specified in this step. The client installs in 'provisioning mode'. This mode prevents the client from processing new policy requests until the task sequence completes. For more information, see Provisioning mode.
Wait for the client to be fully operational.
The step completes
The task sequence continues running the next step.
Note
Windows group policy normally doesn't process until after the task sequence is complete. This behavior is consistent across different versions of Windows. Other custom actions during the task sequence can trigger group policy evaluation.
Properties
On the Properties tab for this step, configure the settings described in this section.
Client package
Select Browse, then choose the Configuration Manager client installation package to use with this step.
Use pre-production client package when available
If there's a pre-production client package available, and the computer is a member of the piloting collection, the task sequence uses this package instead of the production client package. The pre-production client is a newer version for testing in the production environment. Select Browse, then choose the pre-production client installation package to use with this step.
Installation Properties
The task sequence step automatically specifies site assignment and the default configuration. Use this field to specify any additional installation properties to use when you install the client. To enter multiple installation properties, separate them with a space.
Specify command-line options to use during client installation. For example, enter /skipprereq: silverlight.exe
to inform CCMSetup.exe to not install the Microsoft Silverlight prerequisite. For more information about available command-line options for CCMSetup.exe, see About client installation properties.
Options
Note
Don't enable Continue on error on the Options tab. If there's an error during this step, the task sequence fails whether or not you enable this setting.
Upgrade Operating System
Tip
Beginning with Windows 10, version 1709, media includes multiple editions. When you configure a task sequence to use an OS upgrade package or OS image, be sure to select a supported edition.
Use this step to upgrade an older version of Windows to a newer version of Windows 10.
This task sequence step runs only in the full OS. It doesn't run in Windows PE.
Use the following task sequence variables with this step:
To add this step in the task sequence editor, select Add, select Images, and select Upgrade Operating System.
Properties
On the Properties tab for this step, configure the settings described in this section.
Upgrade package
Select this option to specify the Windows 10 OS upgrade package to use for the upgrade.
Source path
Specifies a local or network path to the Windows 10 media that Windows Setup uses. This setting corresponds to the Windows Setup command-line option /InstallFrom
.
You can also specify a variable, such as %MyContentPath%
or %DPC01%
. When you use a variable for the source path, set its value earlier in the task sequence. For example, use the Download Package Content step to specify a variable for the location of the OS upgrade package. Then, use that variable for the source path for this step.
Edition
Specify the edition within the OS media to use for the upgrade.
Sccm Task Sequence Uninstall Software
Product key
Sccm Task Sequence Windows Updates
Specify the product key to apply to the upgrade process.
Provide the following driver content to Windows Setup during upgrade
Add drivers to the destination computer during the upgrade process. This setting corresponds to the Windows Setup command-line option /InstallDriver
. The drivers must be compatible with Windows 10. Specify one of the following options:
Driver package: Select Browse and choose an existing driver package from the list.
Staged content: Select this option to specify the location for the driver package. You can specify a local folder, network path, or a task sequence variable. When you use a variable for the source path, set its value earlier in the task sequence. For example, by using the Download Package Content step.
Time-out (minutes)
Specify the number of minutes before Configuration Manager fails this step. This option is useful if Windows Setup stops processing but doesn't terminate.
Perform Windows Setup compatibility scan without starting upgrade
Perform the Windows Setup compatibility scan without starting the upgrade process. This setting corresponds to the Windows Setup command-line option /Compat ScanOnly
. Deploy the entire OS upgrade package with this option.
Sccm 2012 Task Sequence Install Windows Updates
Starting in version 1806, when you enable this option, this step doesn't put the Configuration Manager client into provisioning mode. Windows Setup runs silently in the background, and the client continues to function as normal. For more information, see Provisioning mode.
Setup returns an exit code as a result of the scan. The following table provides some of the more common exit codes:
Exit code | Details |
---|---|
MOSETUP_E_COMPAT_SCANONLY (0xC1900210) | No compatibility issues ('success'). |
MOSETUP_E_COMPAT_INSTALLREQ_BLOCK (0xC1900208) | Actionable compatibility issues. |
MOSETUP_E_COMPAT_MIGCHOICE_BLOCK (0xC1900204) | Selected migration choice isn't available. For example, an upgrade from Enterprise to Professional. |
MOSETUP_E_COMPAT_SYSREQ_BLOCK (0xC1900200) | Not eligible for Windows 10. |
MOSETUP_E_COMPAT_INSTALLDISKSPACE_BLOCK (0xC190020E) | Not enough free disk space. |
For more information about this parameter, see Windows Setup Command-Line Options.
Ignore any dismissible compatibility messages
Specifies that Setup completes the installation, ignoring any dismissible compatibility messages. This setting corresponds to the Windows Setup command-line option /Compat IgnoreWarning
.
Sccm Update Task Sequence
Dynamically update Windows Setup with Windows Update
Enable setup to perform Dynamic Update operations, such as search, download, and install updates. This setting corresponds to the Windows Setup command-line option /DynamicUpdate
. This setting isn't compatible with Configuration Manager software updates. Enable this option when you manage updates with stand-alone Windows Server Update Services (WSUS) or Windows Update for Business.
Override policy and use default Microsoft Update
Temporarily override the local policy in real time to run Dynamic Update operations. The computer gets updates from Windows Update.