Who can do this?

Configuration Manager administrators with permissions to create Task Sequences in Configuration Manager.

What is it for?
To upgrade an existing Windows 7, 8, 8.1 operating system to the latest Windows 10 version.
What you need to do
Create the base task sequence first in Configuration Manager and then customize it with additional tasks and logic to execute the In-place Upgrade using the 1E automation.

What is the In-place Upgrade Task Sequence?

The In-Place Upgrade Task Sequence is used to upgrade an existing Windows 7, 8, 8.1 or 10 to the latest Windows 10 version (Feature Upgrade). Applications, user data and settings are retained during an in-place upgrade so there is no requirement to store user data and settings. Although installed applications are retained during an in-place upgrade, they can be replaced or upgraded using 1E Application Migration.

Before creating the In-Place Upgrade task sequence, create the following Packages in Configuration Manager:

  1. An Operating System Upgrade Package. Refer to the following Microsoft documentation for further details. https://docs.microsoft.com/en-us/sccm/osd/get-started/manage-operating-system-upgrade-packages
  2. A WSA Scripts package. Refer to Windows Servicing Assistant Scripts package for further details.
  3. A Setup WinPE Boot package. Refer to Setup WinPE Boot Package for further details.
  4. The 1E OEM Toolkit package. Refer to Launching the Create 1E OEM Toolkit Package wizard for details of creating this package using the 1E OEM Toolkit Package wizard.
On this page:

Creating the In-Place base task sequence

Nested Task Sequences

The Windows Servicing Assistant (WSA) does not currently support nested Task Sequences (Task Sequences that include the Run Task Sequence step). If your Task Sequence includes Run Task Sequence steps, WSA will fail. You will need to copy the steps from the included Task Sequence and paste them into a group in the WSA Task Sequence.


To create the In-Place Upgrade Task Sequence:

  1. From the Configuration Manager console, select the Software Library workspace then navigate to Operating Systems > Task Sequences.
  2. Expand the Operating Systems tree and choose Task Sequences.

    Creating a new task sequence in Configuration Manager

    1. Right-click Task Sequences.
    2. From its context menu, choose Create Task Sequence.
  3. On the Create New Task Sequence screen:

    Creating a new custom task sequence

    1. Select the Upgrade an operating system from an upgrade package option.
    2. Click Next.
  4. On the Task Sequence Information screen:

    Population the Task Sequence Information screen

    1. In Task sequence name, enter a logical name for it. For example, In-Place Upgrade to Windows 10 1607.
    2. In Description, enter a description for it.
    3. Click Next.
  5. On the Upgrade the Windows Operating System screen:

    1. In Upgrade package, select the upgrade package.
    2. In Edition index: select a value from the list.
    3. In Product key:, enter the key for it,
    4. Click Next.
  6. On the Include Updates screen:

    Selecting the update options for your environment

    1. Select the the Required for installation – Mandatory software updates only option.
    2. Click Next.
  7. On the Install Applications screen:

    Choosing the applications to install after the OS upgrade

    1. Define the applications that should be installed by the task sequence after the OS has been upgraded.
    2. Click Next.

     

     

  8. On the Summary screen:

    Reviewing your settings before the wizard runs

    1. Review your settings.
    2. Click Next.
    3. When the Create Task Sequence wizard completes, click Close.
  9. Once the Task Sequence has been created, double-click it to open the Properties. Select the Advanced tab then configure the boot image as indicated below

    A typical In-place Upgrade task sequence will not require a boot image. This Task Sequence is designed to perform the BIOS to UEFI conversion using 1E BIOS to UEFI to reconfigure the firmware and Microsoft's MBR2GPT to convert the disk from MBR to GPT. We recommend executing MBR2GPT in Windows PE, so a boot image needs to be added to the Task Sequence.

    1. Check Use a boot image.
    2. Browse to the boot image to be used with this task sequence.

The process for customizing the task sequence

The steps in this section describe how to build out the Task Sequence to include additional steps, groups and logic to incorporate the 1E automation.

  1. From the Configuration Manager console, double-click the In-place Upgrade to Windows 10 1607 (or whatever name you created it with) task sequence.
  2. In the Properties dialog:

    Enabling Nomad

    1. Select the Enable Nomad option.
    2. Click Apply and then OK.
  3. Right-click the In-place Upgrade to Windows 10 1607 (or whatever you named the in-place upgrade Task Sequence when you created it) from the list of task task sequences.
  4. From its context menu, choose Edit.

    In our example, at the root of task sequence, we are going to create:
    • two 1E WSA Actions steps (one to initialize the task sequence and the other to finalize it)
    • two groups (the Main group for the actions in the task sequence which contains multiple sub-groups and the Rollback group)

    within the Main group, we are going to customize it by:

    • moving groups from the base task sequence in it
    • adding new steps to it

    The process and procedure is described below.

  1. Add the 1E WSA Action step and customize it.
  2. Create the Main group and define its behavior.
    1. add the Set Nomad as Download Program step.
    2. Create the Test Connection group, define its behavior and add its child steps.
      1. add the Validate WiFi VPN Connection step.
      2. add the Filter return codes from Validation script step
      3. add the 1E WSA Connect VPN step.
    3. add the Set SMSTSPostAction step.
    4. add the OSDBitlockerStatus step.
    5. Move the Prepare for Upgrade group into the Main group.
    6. Add these steps to the Upgrade the Operating System group:
      1. add the Install RasdialDisconnect service step.
      2. add the 1E WSA Actions step.
      3. add the Connect to VPN step.
    7. Move the the Post-Processing group into the Main group and::
      1. configure Install Updates step.
      2. add the 1E WSA Actions step.
      3. add the Connect to VPN step.
    8. Create the 1E BIOS to UEFI group, define its behavior and add its child steps.
      1. add the Disable BitLocker step.
      2. add the Setup WinPE Boot step.
      3. add the Restart in WinPE step.
      4. add the 1E WSA Actions step.
      5. add the Install and Configure Nomad in Windows PE step.
      6. add the Save Nomad Cache step.
      7. add the Delete temporary USB disk fill step.
      8. add the MBR2GPT in WinPE step.
    9. Create the Firmware Settings group, define its behavior and add its child steps.
      1. add the 1E BIOS to UEFI Define Password step.
      2. add the 1E BIOS to UEFI Boot Order step.
      3. add the 1E BIOS to UEFI OEM – with Secure Boot step.
      4. add the 1E BIOS to UEFI Password Set step.
    10. Create the Restart and Initialize group, define its behavior and add its child steps.
      1. add the Restart Computer step.
      2. add the 1E WSA Actions step.
      3. add the Restore Nomad Cache step.
      4. add the Connect to VPN step.
      5. add the Enable BitLocker step.
    11. Create the Install Migrated Applications group, define its behavior and add its child steps.
      1. add the 1E Application Migration step.
    12. Create the Install Migrated Apps group, define its behavior and add its child steps.
      1. add the Sleep Time for CM Client Initialise step.
      2. add the Install Migrated Applications step.
    13. Add the Install Migrated Packages step and customize it.
    14. Add the Uninstall RasdialDIsconnect service step.
  3. Create the Rollback group and define its behavior.
    1. add the Return Windows 10 Setup Exit Code step.
  4. Add the 1E WSA Action step and customize it.

Customising the base task sequence

To customize the newly created task sequence with sequential step to specifically address the in-place upgrade:

  1.  Initializing the 1E WSA Action step

    In the Task Sequence Editor, select the first step in the task sequence, click Add and from the menu, choose 1E OSD > 1E WSA Actions.

    This step connects to 1E Shopping to determine if the deployment was initiated through the Windows Servicing Assistant (i.e. if a WSA order exists for this PC). If so, and the installed Nomad version supports WSA, it will define a number of Task Sequence variables based on the WSA deployment settings and selections made by the user when they ran the assistant. If there is no WSA order for the PC, the step will simply exit and the Task Sequence will continue as a standard deployment. Refer to 1E WSA Actions for further details on using this step.


    Move the 1E WSA Actions step to the top of the task sequence as indicated in the screenshot at the top of this page and configure it as follows:

    On the Properties tabOn the Options tab
    1. Select the Initialize option.
    2. In Shopping URL:, enter the location for the Shopping Web. For example: http://<ShoppingHostHeader>/Shopping/
    1. Click Add Condition > Registry Setting.
    2. Enter the following details:

      Root KeyHKEY_LOCAL_MACHINE
      KeySOFTWARE\1E\NomadBranch
      Conditiongreater than or equals
      Value nameProductVersion
      Value typeREG_SZ
      Value6.3.200
    3. Click OK.
    4. Click Apply.
  2. With the 1E WSA Actions step highlighted, click Add and choose New Group

    Each WSA enabled task sequence is configured with a Main group where the majority of the task sequence actions occur (outside of the initialize, rollback and finalize steps). The behavior of the Main group is Continue on error, meaning that should any step fail within the group or any of it's child groups, the task sequence will continue with the groups and steps defined outside this group, i.e. the Rollback group and 1E WSA Actions ( Finalize) step. This ensures WSA is able to report on any task sequence failures.
    On the Properties tabOn the Options tab
    • Name the group Main and ensure that it is positioned just below the 1E WSA Action step.
    • Select the Continue on error option and click Apply

     

    1.  Setting Nomad as the download program

      With the Main group highlighted, click Add and from the menu, choose 1E Nomad > Set Nomad as Download Program. Right-click the step and from the context menu, choose Move Up so it becomes a child of the Main group and click OK. No additional settings are required for this step.

      This step sets Nomad as the download program for all Task Sequence content so should be added at the top of the Main group before any content is required.
    2.  Creating the Test Connection group

      With the Set Nomad as Download Program step highlighted, click Add and choose New Group.

      This group contains steps that will validate the WiFi and VPN credentials entered by the user in the Windows Servicing Assistant. If the Task Sequence was not initiated through WSA (i.e. 1EWSA is not true), this group will be skipped. If the Task Sequence was initiated through WSA, this group will validate the credentials by disconnecting WiFi and VPN (if applicable) and attempting to reconnect using the supplied credentials. If the validation fails, the Task Sequence will fail and the user will be notified through the final WSA page that there was a problem with either the WiFi or VPN credentials. This group is included in the Task Sequence to fail before doing anything destructive on the PC if there are any problems with the supplied credentials.
      On the Properties tabOn the Options tab
      1. Name the group Test Connection

       

      1. Click Add Condition > Task Sequence Variable.
      2. Enter the following details.

        Variable1EWSA
        Conditionequals
        ValueTrue
      3. Click OK.
      4. Click Apply.

      When the task sequence runs, connectivity to the Configuration Manager site must be maintained after any system restart into the full OS. Throughout the task sequence, the 1E WSA Actions step attempts to automatically establish WiFi connections (using WSA gathered credentials) when either of the Refresh Content Locations or Switch Between online and offline content options are selected.

      For locations using VPN, the Connect to VPN step uses the ConnectVPN.PS1 PowerShell script to establish a VPN connections. Provided the VPN profile name has been defined in the task sequence, VPN connection credentials have been entered during running of the Assistant  and an external network exists, the script will attempt to establish the connection.

      Currently, WSA has been developed for use with the Microsoft VPN Client. The VPN connection process within WSA can be extended to accommodate other VPN client solutions. Future releases of WSA will also supports solutions implementing two factor authentication, where user input may be required at the time the connection is established.

      The steps defined within the Test Connections group are designed to exercise those connection credentials supplied by the user when they ran WSA wizard and establish their validity before proceeding any further in the task sequence. 

      1. With the Test Connection group highlighted, click Add and from the menu choose General > Run Powershell Script.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameValidate WiFi VPN Credentials
          DescriptionTest WiFi and VPN connection credentials before allowing the task sequence to continue
          PackageBrowse to the WSA Scripts package
          Script nameValidateWiFiVPNCreds.ps1
          Parameters -VPNProfile <VPNProfile>
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass.
        2. Click Apply.
        • Select Continue on error.

        There is a known issue where a Run PowerShell Script step can erroneously return 1 to the Task Sequence, causing this step to fail even though the script completes successfully. This step is configured to continue on error, but the next step will report back any actual error to the Task Sequence if the return code from this step is neither 0 or 1.

        Both the ValidateWiFiVPNCreds.ps1 script and the VPN connection script ConnectVPN.PS1, require a VPN profile name in order to establish the connection. <VPNProfile> must be the same name defined in the rasphone.pbk included in the WSA Scripts Package. If the profile name includes spaces, surround it in single quotes (e.g. '1E (UK)'). If rasphone.pbk includes multiple profiles (e.g. US and UK), the parameter can be configured to use a Collection variable (e.g. -VPNProfile '%VPNProfile%') - if you use this approach, ensure there is a Collection variable named VPNProfile defined for all clients that will run WSA otherwise this step in the Task Sequence will fail.
      2. Click Add and from the menu choose General > Run command line.

        This step is to work around an issue when running PowerShell script steps where a command in the script returns 1 but the script does not error and completes successfully. CM reports this as an error even though the ValidateWiFiVPNCreds.ps1 script finally exits with 0. The step will be skipped if the last action (Validate WiFi VPN Credentials) returns either 0 or 1 and the Task Sequence will continue to execute. Otherwise it will return the actual return code from the Validate WiFi VPN Credentials and the TS will fail.
        On the Properties tabOn the Options tab

         

        1. Enter the following details, leaving the remaining options unchecked.

          Step parameterValue
          NameFilter return codes from Validation script
          DescriptionAllows TS to continue if the previous step returns 0 or 1, otherwise fails with the return code of the previous step
          Command linecmd /c exit %_SMSTSLastActionRetCode%
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable
        2. Enter the following details:

          Variable_SMSTSLastActionRetCode
          Conditionnot equals
          Value1
        3. Click OK.
        4. Click Add Condition and choose Task Sequence Variable.
        5. Enter the following details:

          Variable_SMSTSLastActionRetCode
          Conditionnot equals
          Value0
        6. Click OK.
      3. Click Add and from the menu, choose General > Run PowerShell script.

        This step establishes a VPN connection if the Task Sequence was initiated by a remote user.
        On the Properties tabOn the Options tab

         

        1. Enter the following details:

          Step parameterValue
          Name1E WSA Connect VPN
          DescriptionConnect VPN using WSA Gathered credentials
          PackageBrowse to the WSA Scripts package
          Script nameConnectVPN.ps1
          Parameters -VPNProfile <VPNProfile>
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass.

          <VPNProfile> must match the name of the profile defined in rasphone.pbk.

        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_RemoteUser
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
    3.  Setting the SMSTSPostAction step

      Click Add and from the menu, choose General > Set Task Sequence Variable.

      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step Parameter aaaaValue
        NameSet SMSTSPostAction
        Task Sequence VariableSMSTSPostAction
        Valueshutdown.exe /r /t 30Select
      2. Click Apply.
      • No action required
    4.  Setting the OSDBitLocker status

      Click Add and from the menu, choose General > Set Task Sequence Variable.

      This step sets the OSDBitLockerStatus variable to Protected if the C: drive is protected when the Task Sequence starts. It is used later in the Task Sequence to enable BitLocker if it was enabled and the drive was protected before the upgrade when the Task Sequence started.
      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameSet OSDBitLockerStatus
        Task Sequence VariableOSDBitLockerStatus
        ValueProtected
      2. Click Apply.
      1. Click Add Condition and choose WMI Query.
      2. Enter the following details:

        WMI Namespace: root\cimv2\Security\MicrosoftVolumeEncryption
        SELECT *
        FROM win32_encryptablevolume
        WHERE driveletter = 'c:'
        AND protectionstatus = '1'
      3. Click OK.
      4. Click Apply.
    5.  Relocating the Prepare for Upgrade group
      Select the Prepare for Upgrade group and move it up so it becomes a child of the Main group. 
    6.  Customising the Upgrade the Operating System group
      Select the Upgrade the Operating System group and move it up so it becomes a child of the Main group. 
      1. With the Upgrade the Operating System group selected, click Add and from the menu, choose General > Run a command line

        This is an optional step to work around an issue identified on some Dell PCs where restarting the PC when connected to VPN on a wireless connection would cause the PC to blue-screen. It installs a service that disconnects the VPN connection when a shutdown is requested by the OS, which has been observed to prevent the blue-screen.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameInstall RasdialDisconnect service
          Command lineInstallRasdialDisconnectService.bat
        2. Check the Package option and browse to the WSA Scripts package.
        3. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_RemoteUser
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      2. Select the Restart Computer step, click Add and from the menu, choose 1E OSD > 1E WSA Actions.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      3. Click Add and from the menu, choose General > Run PowerShell script and configure it as follows:

        On the Properties tabOn the Options tab
        Step parameterValue
        NameConnect to VPN
        PackageBrowse to the WSA Scripts package
        Script nameConnectVPN.PS1
        Parameters-VPNProfile <VPNProfile>
        PowerShell Execution PolicySet the PowerShell execution policy to Bypass


        <VPNProfile> must match the name of the profile defined in rasphone.pbk.

        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_RemoteUser
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
    7.  Setting the post-processing behavior
      Select the Post-Processing group and move it up so it becomes a child of the Main group
      1. Select the Install Updates step and configure as follows

        In the Properties tabIn the Options tab

        No changes required

        1. Uncheck the option Retry this step if computer unexpectedly restarts

        2. Click Apply.

        A software update may require one or more restarts of the host to complete its installation. For a WSA deployment, it is important to note that in order for the Install Updates step to complete successfully, only a single restart of the host is permissible at completion of the step. If multiple restarts are anticipated, then multiple Install Update steps must be configured with subsequent 1E WSA Actions and Connect to VPN steps (as detailed in the following two steps). This allows a site connection to be established, before the next update is installed. In this task sequence it is anticipated that no update will require more than one restart of the host.

      2. Select Install Updates and click Add and from the menu, choose 1E OSD > 1E WSA Actions.

        In the Properties tabIn the Options tab

        Adding the 1E WSA step to the Post-Processing group

        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      3. Click Add and from the menu, choose General > Run PowerShell script.

        On the Properties tabOn the Options tab
        1. Browse to the VPN connection script package and enter these details:

          Step parameterValue
          NameConnect to VPN
          PackageBrowse to the WSA Scripts package
          Script nameConnectVPN.PS1
          Parameters-VPNProfile <VPNProfile>
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass.

          <VPNProfile> must match the name of the profile defined in rasphone.pbk

        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_RemoteUser
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
    8.  Creating the BIOS to UEFI group and its child steps

      With the Connect to VPN step highlighted, click Add and from the menu, choose Add > New Group > 1E BIOS to UEFI.

      On the Properties tabOn the Options tab

      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        Variable_SMSTSBootUEFI
        Conditionequals
        ValueFalse
      3. Click OK.
      4. For the newly created condition, click Add Condition > If Statement > Any Condition > WQL Query and create a query condition for each of the following>

        WMI Namespace: root\cimv2
        SELECT *
        FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%Dell%"
        SELECT *
        FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%HP%"
        SELECT *
        FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%Lenovo%"
        Select *
        FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%Hewlett-Packard%"

      The 1E BIOS to UEFI group is responsible for converting the host system disk from legacy BIOS to UEFI and configuring those firmware settings required to implement the associated security features and settings.

      UEFI is a firmware standard required to support modern security features such as Secure Boot, Device Guard and Credential Guard. In configuring this task sequence, the BIOS to UEFI conversion is performed using the native Windows utility MBR2GPT.exe located in C:\Windows\System32 on Windows 10 1703 editions and later. In the task sequence, conversion is conditioned to take place only if the host is running legacy BIOS. The 1E BIOS to UEFI application is a packaged and ready set of task sequence steps that automate the necessary firmware reconfigurations on Dell, Lenovo and HP systems in order to allow Secure Boot, Device Guard, Credential Guard and other settings to be turned on once the disk has been converted. Full details on how to use 1E BIOS to UEFI and the supported hardware models, can be found here 1E BIOS to UEFI.

      1. Click Add and from the menu, choose General > Run Command Line.

        This step disables BitLocker if it was enabled when the Task Sequence started (i.e. if OSDBitLockerStatus=Protected). The command line disables it indefinitely (so for any subsequent reboots), until it is enabled later in the Task Sequence.
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameDisable Bitlocker
          Command linemanage-bde -protectors -disable C: -RC 0
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          VariableOSDBitLockerStatus
          Conditionequals
          ValueProtected
        3. Click OK.
        4. Click Apply.
      2. Click Add and from the menu, choose General > Run PowerShell script.

        This step is a workaround for an issue where Configuration Manager may stage the Windows PE boot image on a connected USB disk if it is larger than the local disk and then not be able to boot from it. The step creates a temporary file on the USB drive that fills it so CM cannot stage the boot image on the disk. The temporary file is later removed with the Teardown.ps1 script.


        On the Properties tabOn the Options tab
        1. Browse to the script package and enter these details:

          Step parameterValue
          NameSetup WinPE Boot
          DescriptionPrevents TS staging the boot image onto a large USB disk by temporarily filling it.
          PackageBrowse to the Setup WinPE Boot package
          Script nameSetupWinPEBoot.ps1
          Parameters 
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass.
        2. Click Apply.
        • No action required
      3. Click Add and from the menu, choose General > Restart Computer.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameRestart in WinPE
          The boot image assigned to this task sequenceSelected
          Notifiy the user before restartingChecked
           Beginning the UEFI and MBR2GPT conversion. The computer must restart to continue
        2. Click Apply.
        • No action required
      4. Click Add and from the menu, choose 1E OSD > 1E WSA Actions.

        The WSA Actions step must be executed after each reboot where drive letters may change or when switching between the full OS and Windows PE
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      5. Click Add and from the menu, choose 1E Nomad  > Install and Configure Nomad in WinPE.

        This step installs the Nomad agent in Windows PE. Refer to Install and configure Nomad in WinPE for further details on using this step.
        On the Properties tabOn the Options tab
        • Enter the License Key and ActiveEfficiency URL fields. Configure the remaining fields according to your environment.
        • No action required
      6. Click Add and from the menu, choose 1E Nomad > Save Nomad Cache.

        This step saves the Nomad cache to the temporary Task Sequence storage. Refer to Save Nomad cache for further details on using this step
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          OperationMove
          Wipe CCM CacheChecked
        2. Click Apply.
        • No action required
      7. Click Add and from the menu, choose General > Run PowerShell script.

        If the Setup WinPE Boot step created a temporary file to fill an attached USB disk (to prevent CM from staging the boot image on the USB disk), this step deletes that file.
        On the Properties tabOn the Options tab
        1. Browse to the script package and enter these details:

          Step parameterValue
          NameDelete temporary USB disk fill
          DescriptionDeletes temporary file created to fill large USB disk
          Script nameTeardown.ps1
          Parameters 
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass.
        2. Click Apply.
        • No action required
      8. Click Add and from the menu, choose General > Run Command Line.

        This step converts the disk from MBR to GPT to support UEFI, using the Microsoft MBR2GPT tool
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameMBR2GPT in WinPE
          Command lineMBR2GPT.EXE /disk:0 /convert /AllowFullOS /logs:%_SMSTSLogPath%
        2. Click Apply.
        1. Select the Continue on Error option.
        2. Click Add Condition and choose Task Sequence Variable.
        3. Enter the following details:

          Variable_SMSTSBootUEFI
          Conditionequals
          ValueFalse
        4. Click OK.
        5. Click Add Condition > WQL Query and create this query condition

          WMI Namespace: root\cimv2
          SELECT *
          FROM win32_diskpartition
          WHERE deviceid LIKE '%partition #0%'
          AND type LIKE '%Installable%'
        6. Click OK.
        7. Click Apply.
    9.  Creating the Firmware Settings group and adding its steps

      Click Add and from the menu, choose New Group.

      On the Properties tabOn the Options tab

      Creating the Firmware Settings group

      • Name the group Firmware Settings
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        Variable_SMSTSLastActionSucceeded
        Conditionequals
        ValueTrue
      3. Click OK.
      4. Click Apply.

      The following steps included in this group are provided as an example of the 1E BIOS to UEFI feature, which can:

      • Unlock the BIOS using a whitelist of password values defined in the step – this step can be added multiple times with appropriate conditions to enable different passwords to be used on different device classes
      • Set the boot order – to ensure that the host will boot from the System partition following conversion to UEFI, if may be necessary to explicitly set the boot order in the firmware
      • Enable Secure Boot
      • Set the BIOS password – if BIOS passwords are used and need to be standardized

      Each of the steps require the 1E OEM Toolkit Package. Refer to Launching the Create 1E OEM Toolkit Package wizard for details on how to create the 1E OEM Toolkit Package.

      1. Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI Password Setup.

        This step defines the BIOS admin password(s) that will be attempted when the subsequent 1E BIOS to UEFI steps attempt to make changes to the firmware settings. Refer to Automating password authentication for changing BIOS settings for further details on using this step.
        On the Properties tabOn the Options tab
        1. Name the step 1E BIOS to UEFI Define Password
        2. Add your current BIOS password(s) in the Password List.
        3. Browse for the OEM Toolkit Package
        4. Click Apply.
        • No action required
      2. Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI Boot Order.

        This step defines the UEFI boot order, which should typically be set to Windows Boot Manager. Refer to Changing the BIOS boot order for further details on using this step
        On the Properties tabOn the Options tab
        1. Ensure Windows Boot Manager is selected in the UEFI Boot Order drop-down
        2. Browse for the OEM Toolkit Package.
        3. Click Apply.
        • No action required
      3. Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI OEM.

        This step configures the firmware settings to enable UEFI, Secure Boot and other options. Refer to Working with BIOS to UEFI for further details on using this step. In order to ensure builds are successful when you enable Secure Boot, we recommended:

        • Client firmware is updated to the latest version
        • You test Secure Boot on those hardware models targeted by the task sequence before deploying into a production environment.
        On the Properties tabOn the Options tab
        1. Select the UEFI Configuration option and select UEFI Native with Secure Boot.
        2. Browse for the OEM Toolkit Package.
        3. Click Apply.
        • No action required
      4. Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI Password Setup .

        This optional step sets the BIOS password to a predefined password and can be used to standardize on a single BIOS password. Refer to Automating password authentication for changing BIOS settings for further details on using this step.
        On the Properties tabOn the Options tab
        1. Add any current BIOS passwords and the password you want to set to the Password List.
        2. Select Set New Password and select the password from the drop list provided.
        3. Browse for the OEM Toolkit Package.
        4. Click Apply.
        • No action required
    10.  Creating the Restart and Initialize group and its steps

      Highlight the 1E BIOS to UEFI Password Setup step, click Add and from the menu, choose New Group.

      This group contains steps that will restart the computer into the new OS, reconnect the WiFi and VPN if applicable, restore the Nomad cache and enable BitLocker
      On the Properties tabOn the Options tab
      Creating the Restart and Initialize crop
      1. Name the group Restart and Initialize.
      2. Use the down arrow to move the group so that it becomes a child of 1E BIOS to UEFI – at the same level as the Firmware Settings group.
      • No action required
      1. With the Restart and Initialize group highlighted, click Add and from the menu, choose General > Restart Computer. Ensure the step is set to restart into The currently installed default operating system.
      2. Click Add and from the menu, choose 1E OSD > 1E WSA Actions.

        The WSA Actions step must be executed after each reboot where drive letters may change or when switching between the full OS and Windows PE
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
          1. Click Add and from the menu, choose 1E Nomad > Restore Nomad Cache.

            This step restores the Nomad cache from the temporary Task Sequence store. Refer to Restore Nomad cache for further details on using this step.
            On the Properties tabOn the Options tab
            1. Enter the following details:

              Step parameterValue
              OperationLink
              Activate All ContentChecked
            2. Click Apply.
            • No action required
          2. Click Add and from the menu, choose Run PowerShell script.

            On the Properties tabOn the Options tab
            1. Browse to the VPN connection script package and enter the step details:

              Step parameterValue
              NameConnect to VPN
              Script nameConnectVPN.PS1
              Parameters-VPNProfile <VPNProfile>
              PowerShell Execution PolicySet the PowerShell execution policy to Bypass.

              <VPNProfile> must match the name of the profile defined in rasphone.pbk.

            2. Click Apply.
            1. Click Add Condition and choose Task Sequence Variable.
            2. Enter the following details:

              Variable1EWSA_RemoteUser
              Conditionequals
              ValueTrue
            3. Click OK.
            4. Click Apply.
          3. Click Add from the menu, choose Disks > Enable BitLocker.

            This step enables BitLocker if the disk was BitLocker protected when the Task Sequence started
            On the Properties tabOn the Options tab
            • Configure the step according to the requirements of your organization.
            1. Click Add Condition and choose Task Sequence Variable.
            2. Enter the following details:

              VariableOSDBitLockerStatus
              Conditionequals
              ValueProtected
            3. Click OK.
            4. Click Apply.
    11.  Creating the Install Migrated Application group and its steps

      With the Enable BitLocker step highlighted, click Add and from the menu, choose New Group. Use the down arrow to move the group so that it becomes a child of the Post-Processing group – at the same level as the 1E BIOS to UEFI group.

      This group contains steps that automate the upgrade or replacement of applications during the In-place Upgrade using 1E Application Migration. It will be executed unless the Task Sequence was initiated by a WSA deployment that has Application Migration disabled.
      On the Properties tabOn the Options tab
      Creating the Install Migrated Applications group
      1. Name the group Install Migrated Applications.
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        Variable1EWSA_AppMigrationEnabled
        Conditionnot equals
        ValueFalse
      3. Click OK.
      4. Click Apply.
      1. With the Install Migrated Applications group highlighted, click Add and from the menu, choose 1EOSD > AppMigration.

        This step gets a list of Applications and Packages that need to be installed according to the migration rules defined in Application Migration. The list of Applications and Packages are returned as a series of Task Sequence variables that are then used in the dynamic Install Application and Install Package steps. Refer to Using Application Migration in a task sequence for further details on using this step.
        On the Properties tabOn the Options tab
        1. Enter the following details.

          Step parameterValue
          Web Servicehttp://[SLA platform URL]/Platform/api/applicationmigration/getApplicationsToBeInstalled
          Domain\User NameThe credentials of a user defined in the SLA platform
          DomainThe FQDN of the domain that the current machine is in
          Source Computer Name Variable_SMSTSMachineName (In an In-Place Upgrade, the source computer name is the current computer name, defined by this built-in variable)
          Application Variable
          Choose a base variable that will be used to define dynamic Applications i..e APPMIG
          Package Variable
          Choose a base variable that will be used to define dynamic Packages i.e. PKGMIG
        2. Click Apply.
        • No action required

        Although an in-place upgrade is not destructive and applications are preserved on the disk, Application Migration can be added to the In-Place Upgrade Task Sequence to upgrade or replace applications that are currently installed as part of the upgrade process based on the application migration rules. The following caveats apply when using Application Migration in an in-place upgrade scenario:

        If a Retain Migration rule applies:

        • if the target application is a Configuration Manager Application, the Application installation should not execute as it is already present (based on the Detection Method defined in the Deployment Type).
        • if the target application is a Configuration Manager Program, the Program will execute (even though the application is already installed). It is therefore important that the Program can execute without error and without adversely affecting the installed application.

        If an Upgrade Migration rule applies:

        • if the target application is a Configuration Manager Application and the target application is not already installed, it will be installed. If the Application installation does not successfully upgrade the original version of the application, the result will be both the original version and the upgraded version being installed. In this scenario, Application Supersedence can be used to ensure the original version is removed when the newer version is installed.
        • if the target application is a Configuration Manager Program, the Program will be executed. If the Program (command line) does not successfully upgrade the original version of the application, the result will be both the original version and the upgraded version being installed.

        If a Replace Migration rule applies:

          • if the target application is a Configuration Manager Application and the target application is not already installed, it will be installed. The original application that was to be replaced will remain installed. In this scenario, Application Supersendence can be used to ensure the application to be replaced gets removed when the replacement application is installed.
          • if the target application is a Configuration Manager Program, the Program will be executed. The result will be both the original application and the replacement application being installed
    12.  Creating the Install Migrated Apps group and its steps

      With the 1E Application Migration step highlighted, click Add and from the menu choose New Group.

      This group contains a step that waits for 3 minutes for the CM client to fully initialize (in some environments Application installations can fail if attempted too soon after a restart). It then executes the Install Applications step, which dynamically installs the applications returned by the 1E Application Migration step.
      On the Properties tabOn the Options tab
      Creating the Install Migrated Apps group
      • Name the group Install Migrated Apps
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        VariableAPPMIG01
        Conditionexists

        Append 01 to the application variable you used in the step above.

      3. Click OK.
      4. Click Apply.
      1. Click Add and from the menu choose General > Run Comand Line.

        This step introduces a 3-minute pause to allow the CM client to fully initialize before attempting to install Applications
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameSleep Time for CM Client Initialise
          Command linecmd /c ping localhost -n 180 > NUL
        2. Click Apply.
        • No action required
      2. Click Add and from the menu choose, Software > Install Application.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameInstall Migrated Applications
          Install applications according to the dynamic variable listSelected
          Base variable nameEnter the base variable name used in 1E Application Migration step, for example APPMIG
          If an application installation fails, continue installing other applications in the listCheck if required
        2. Click Apply.
        • No action required
    13.  Adding and customizing the Install Migrated Packages step

      Highlight the Install Migrated Applications step, click Add and from the menu, choose Software > Install Package. Move the step down so that is appears as a child of Install Migrated Applications – at the same level as the Install Migrated Apps group.

      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameInstall Migrated Packages
        Install software packages according to the dynamic variable listSelected
        Base variable nameEnter the base variable name used in the 1E Application Migration step, for example PKGMIG
        If installation of a software package fails, continue installing other packages in the listCheck if required
      2. Click Apply.
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        VariablePKGMIG01
        Conditionexists

        Append 01 to the application variable you used in the step k.

      3. Click OK.
      4. Click Apply.
    14.  Uninstalling the RAS dial service

      Select the Install Migrated Packages step, click Add and from the menu choose General > Run Command Line. Move the step down so it becomes a child of the Main group (at the same level as Install Migrated Applications (k) in the screen shot at the top of this page). Configure the step as indicated below

      This step uninstalls the RasdialDisconnect service that works around the issue on some Dell systems where rebooting while on WiFi with an active VPN connection causes a blue-screen system crash.
      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameUninstall RasdialDisconnect service
        Command lineUnInstallRasdialDisconnectService.bat
      2. Check the Package option and browse to the WSA Scripts package.
      3. Click Apply.
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        Variable1EWSA_RemoteUser
        Conditionequals
        ValueTrue
      3. Click OK.
      4. Click Apply.
  3.  Creating the Rollback group

    Click Add and from the menu choose New Group.

    On the Properties tabOn the Options tab
    • Name the group Rollback group
    • No action required
    1. Click Add and from the menu choose General > Run Command Line.

      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameReturn Windows 10 Setup Exit Code
        Command linecmd /c EXIT %_SMSTSOSUpgradeActionReturnCode%
      2. Click Apply.
      • No action required
  4.  Finalizing the task sequence

    Click Add and from the menu, choose 1E OSD > 1E WSA Actions. Move the step down to the root of the task sequence – at the same level as the Main group. 

    On the Properties tabOn the Options tab
    1. Enter the following details:

      Step parameterValue
      Name1E WSA Action
      FinalizeChecked
        
    2. Click Apply.
    1. Click Add Condition and choose Task Sequence Variable.
    2. Enter the following details:

      Variable1EWSA
      Conditionequals
      ValueTrue
    3. Click OK.
    4. Click Apply.
  5. Click OK to save the task sequence.