Who can do this?
Configuration Manager administrators with permissions to create Task Sequences in Configuration Manager.
What is it for?

When an In-Place upgrade is not possible, and you need to reformat and partition the disk before installing the OS, user data and applications on it.

What you need to do

In Configuration Manager, create the WSA Script Package first. Next, create the base task sequence first in Configuration Manager and then customize it with logic to execute the Capture Data and Settings Task Sequence.

What is the Wipe and Load Destructive Task Sequence?

For some types of migration, a Windows 10 In-place Upgrade is not possible. Migrating from x86 to x64 architectures, third party disk encryption to Bitlocker or base OS languages, will all require a Wipe and Load Task Sequence deployment.

A Wipe and Load Task Sequence is designed to perform a fresh installation of the OS with user applications being installed and data restored. The process defined on this page builds a Destructive Wipe and load Task Sequence. A Destructive Task Sequence includes steps that reformat and partition the disk prior to installing the OS image. In this case all data currently on the disk is lost.

 

On this page:

WSS supports the configuration of separate Destructive and Non-Destructive Task Sequences. Both Task Sequences support WSA and non-WSA type deployments. The task sequences are also configured to support BIOS to UEFI conversion and firmware configuration. Although not yet supported by WSA, the Destructive Task Sequence also supports the Bare-Metal deployment scenario. Using boot media or PXE, this allows a deployment to be launched  from within WinPE i.e. an existing OS installation is not required.

Before creating the Wipe and load Destructive task sequence, create the following Packages in Configuration Manager:

  1. An Operating System Image Package. Refer to https://docs.microsoft.com/en-us/sccm/osd/get-started/manage-operating-system-images for further details.
  2. A WSA Scripts package. Refer to Windows Servicing Assistant Scripts package for further details.
  3. A Setup WinPE Boot package. Refer to Setup WinPE Boot Package for further details.
  4. The 1E OEM Toolkit package. Refer to BIOS to UEFI 1.4 - Installation: Launching the Create 1E OEM Toolkit Package wizard for details of creating this package.

Wipe and load without user state migration

The Task Sequence detailed below assumes the Windows Servicing Assistant will be used to capture data and settings from the current OS and migrate these, along with applications, to the new OS. If you only want to migrate applications using the Windows Servicing Assistant and want to skip user state migration, you can add a condition to the Capture Files and Settings group and Restore User Files and Settings group so they only execute if the TS variable 1ESkipUserStateCapture is not true. 1ESkipUserStateCapture is set by the WSA Actions - Initialize step if the option Do not capture user files and settings is enabled in the Data Capture tab of the Wipe and Load Destructive WSA Application settings. If you will never use user state migration, you can remove the Capture Files and Settings group and Restore User Files and Settings group altogether, but you must still enable the option Do not capture user files and settings in the Data Capture tab of the Wipe and Load Destructive WSA Application settings, otherwise WSA will fail as it will attempt to locate these steps in the Task Sequence when it determines how much space is required.

This feature requires Nomad hotfixes Q20391 (Nomad Branch client) and Q20393 (Nomad Branch Tools), which update the WSA Actions - Initialize step to create the 1ESkipUserStateCapture variable.

Creating the Wipe and Load Destructive base task sequence

Nested Task Sequences

The Windows Servicing Assistant (WSA) does not currently support nested Task Sequences (Task Sequences that include the Run Task Sequence step). If your Task Sequence includes Run Task Sequence steps, WSA will fail. You will need to copy the steps from the included Task Sequence and paste them into a group in the WSA Task Sequence.

The process and procedure is described below.

To create the Wipe and Load Destructive Task Sequence:

  1. From the Configuration Manager console, select the Software Library workspace.
  2. Expand the Operating Systems tree and choose Task Sequences.

    Creating a new task sequence in Configuration Manager

    1. Right-click Task Sequences.
    2. From its context menu, choose Create Task Sequence.
  3. On the Create New Task Sequence screen:

    Creating a new custom task sequence

    1. Select the Install an existing image package option.
    2. Click Next.
  4. On the Task Sequence Information screen:

    Populating the Task Sequence Information screen

    1. In Task sequence name, enter a logical name for it. For example, Computer Refresh with Reformat.
    2. In Description, enter a description for it.
    3. Browse for the Boot Image to be used with this Task Sequence
  5. On the Install Windows screen:

    Populating the Install Windows screen

    1. In Image package, select the image package you want.
    2. In Image index, select the image index you want.
    3. Ensure the Partition and format the target computer before installing the operating system option is checked
    4. In Product key, enter your Windows operating system licence key.
    5. For the administrator password, choose how you want it generated – either randomly or with an existing password.
    6. Click Next.
  6. On the Configure Network screen:

    Selecting the domain to join in the Configure Network screen

    1. Select the Join a domain option.
    2. Enter the Domain and Domain OU for the domain you are joining.
    3. In Account, enter the name of the account you want to use to join the domain.
    4. Click Next.
  7. On the Install Configuration Manager screen:

    Installing the Configuration Manager client

    1. Add any Installation Properties specific to your environment as required and click Next.
  8. On the State Migration screen:

    1. By default, the Capture user settings and files option should be selected and the default USMT Package populated - confirm these are correct.
    2. Ensure the Save user settings and files on a State Migration Point option is selected.
    3. Click Next.

    Although these settings suggest a State Migration point is required, with the Windows Servicing Suite, the Peer Backup Assistant will take care of temporary storage of user data on peers without any State Migration points being required.

  9. On the Include Updates screen:

    Choosing the upgrades to include in the Include Upgrades screen

    1. Select the Required for installation – Mandatory software updates only option.
    2. Click Next.
  10. On the Install Applications screen:

    Choosing the applications to install after the OS upgrade

    1. Define any applications to be installed by the task sequence after the OS has been upgraded.
    2. Click Next.

    Use this step to add applications that will be installed on all PCs. The Windows Servicing Suite enables existing applications to be dynamically migrated, upgraded, replaced or removed. Later, you will add steps to the task sequence to perform this dynamic application migration.

  11. On the Nomad Settings screen:

    Enabling Nomad

    1. Select the Enable Nomad – Modifies currently associated reference packages option.
    2. Click Next.
  12. On the Summary screen:

    Reviewing you settings before the wizard starts

    1. Review your settings.
    2. Click Next.
    3. When the Create Task Sequence wizard completes, click Close.

The process for customizing the base task sequence

The base Wipe and Load Destructive Task Sequence

The Task Sequence to the left is the base task sequence created from the previous steps. We are going to use this base task sequence and extend its functionality by adding action steps, groups and sub groups to extend its functionality. As you build the task sequence, define the behavior for groups and add the logic to each of the steps you create.

In our example, at the root of the task sequence we are going to create:

  • two 1E WSA Actions steps (one to initialize the task sequence and the other to finalize it)
  • Main group (to contain all the other action groups and sub-groups)

Within the Main group, we are going to customise by:

  • adding new groups to it
  • adding new steps to it
  • changing the position and renaming some of base task sequence groups

The process and procedures follows:

  1. On the Configuration Manager console, right-click the base Wipe and Load Destructive Task Sequence from the list of task task sequences.
  2. From its context menu, choose Edit.

  1. Add the 1E WSA Actions step and customize it.
  2. Create the Main group and define its behavior.
    1. Add the Set Nomad as Download Program step
    2. Create the Test Connections group, define its behavior and add its child steps.
      1. add the Validate WiFi VPN Connection step.
      2. add the Filter return codes from Validation step.
      3. add the Connect VPN step.
    3. Add the Set OSDBitLockerStatus step
    4. Add the Set SMSTSPostAction step
    5. Create the New Computer group, and add its child steps:
      1. add the Set StartedInWinPE=True step.
      2. move the Partition Disk 0 – BIOS step up from the Install Operating System group into the New Computer group.
      3. move the Partition Disk 0 – UEFI step up from the Install Operating System group into the New Computer group.
      4. add the Install and Configure Nomad in Windows PE step.
    6. Move the Capture Files and Settings group up so it becomes a direct child of the Main group and remove the Disable BitlLocker step at the end of this group
      1. add the Set DEPLOYMENTTYPE=Refresh step to the Capture Files and Settings group.
    7. In the Capture User Files and Settings group remove the Request User State Storage step.
      1. add the Get Migration Settings step.
      2. add the Update OSDMigrateAdditionalCaptureOption step.
      3. add the Set OSDMigrateAdditionalCaptureOptions step.
      4. add the Peer Backup Assistant: Provision Nomad PBA Data Store step.
      5. configure the Capture User Files and Settings step
      6. add the Peer Backup Assistant: Finalize Nomad PBA Data Store step.
    8. Create the Restart group, define its behavior and add its child steps.
      1. add the Disable BitLocker step.
      2. add the Setup WinPE Boot step.
      3. add the Install RasdialDisconnect service step
      4. add the Restart in Windows PE step.
      5. add the 1E WSA Actions step.
      6. add the Install and Configure Nomad in Windows PE step.
      7. add the Save Nomad Cache step.
      8. add the Delete temporary USB disk fill step.
    9. Create the 1E BIOS to UEFI group, define its behavior and add its child steps.
      1. add the 1E BIOS to UEFI Define Password step.
      2. add the 1E BIOS to UEFI OEM step.
      3. add the 1E BIOS to UEFI – TPM step.
      4. add the 1E BIOS to UEFI Password set step.
      5. add the Partition Disk – UEFI step.
      6. add the Reset Nomad Cache step.
      7. add the Restart in Windows PE step.
      8. add the 1E WSA Actions step.
    10. Create the Repartition Disk group.
      1. copy the Partition Disk 0 – BIOS step from the New Computer group.
      2. copy the Partition Disk 0 – UEFI step from the New Computer group.
      3. add the 1E WSA Actions step.
      4. add the Install and Configure Nomad in Windows PE step.
    11. Modify the Install Operating System group by renaming it to the Install and Setup Operating system group and remove the following steps
        • Restart in Windows PE step.
        • Partition Disk 0 – BIOS step.
        • Partition Disk 0 – UEFI step.
      1. configure the Apply Windows Settings step to suit your environment.
      2. rename Apply Network Settings to Apply Network Settings (Wired in Office) .
      3. copy Apply Network Settings (Wired in Office) , rename it to Apply Network Settings (Remote or on WiFi) and configure it to join a workgroup.
      4. create the Drivers sub group and add steps for the drivers.
      5. add the Copy CMTrace step.
      6. add the Stage Nomad Package step.
      7. move the Setup Windows and Configuration Manager step up from the Setup Operating System group to the Install and Setup Operating System group.
      8. add the Install Nomad step.
      9. add the Restart Computer step.
      10. add the 1E WSA Actions step.
      11. create the Remote/Wfi Domain Join group, define its behavior and add its child steps:
        1. add the Connect to VPN step.
        2. add the Install RasdialDisconnect service step
        3. add the Join Domain or Workgroup step.
        4. add the 1E WSA Actions step.
        5. add the Connect to VPN step.
      12. add the Restore Nomad Cache step.
    12. Add the Create Nomad Application Policy step
    13. Add the Restart CM service step
    14. Move the Enable BitLocker step up from the Setup Operating System group into the Install and Setup Operating System group.
    15. Move the Install Updates step up from the Setup Operating System group into the Install and Setup Operating System group.
    16. Add the 1E WSA Actions step.
    17. Add the Connect to VPN step.
    18. Add the Restart CM service step.
    19. Add the Sleep time for CM Client to Initialise step.
    20. Add the Install Tachyon Agent step.
    21. Rename the Setup Operating System group (this should now be empty) to Install Migrated Applications .
      1. add the Get Migration Settings step.
      2. add the 1E Application Migration step.
      3. Create the Install Migrated Apps group, and add its child steps:
        1. add the Sleep Time for CM Client Initialise step.
        2. add the Install Migrated Applications step.
      4. add the Install Migrated Packages step.
    22. Move the Restore User Files and Settings group so that it becomes a direct child of the Main group.
      1. replace the Request User State Storage step with the Peer Backup Assistant: Locate Existing Nomad PBA Data Store step.
      2. add the Set Restore Status step.
      3. replace the Release User State Storage step with the Peer Backup Assistant: Release Nomad PBA Data Store step.
    23. Add the Uninstall RasdialDisconnect service step
  3. Add the 1E WSA Actions step.

Customizing the base task sequence

To cusomize the newly created task sequence with sequential steps to specifically address the destructive wipe and load:

  1.  Initializing the 1E WSA Action step

    In the Task Sequence Editor, click Add and from the menu, choose 1E OSD > 1E WSA Actions.

    This step connects to 1E Shopping to determine if the deployment was initiated through the Windows Servicing Assistant (i.e. if a WSA order exists for this PC). If so, and the installed Nomad version supports WSA, it will define a number of Task Sequence variables based on the WSA deployment settings and selections made by the user when they ran the assistant. If there is no WSA order for the PC, the step will simply exit and the Task Sequence will continue as a standard deployment. Refer to Nomad 6.3 - 1E WSA Actions  for further details on using this step.

    On the Properties tabOn the Options tab
    1. Select the Initialize option.
    2. In Shopping URL:, enter the location for the Shopping Web. For example, http://<ShoppingHostHeader>/Shopping
    1. Choose Add Condition > Registry Setting.
    2. Enter the following details:

      Root KeyHKEY_LOCAL_MACHINE
      KeySOFTWARE\1E\NomadBranch
      Conditiongreater than or equals
      Value nameProductVersion
      Value tupeREG_SZ
      Value6.3.200
    3. Click OK.
    4. Click Apply.
  2. With the 1E WSA Actions step highlighted, click Add and choose New Group

    Each WSA enabled task sequence is configured with a Main group where the majority of the task sequence actions occur. The behavior of the Main  group is  Continue on error , meaning that should any step fail within the group or any of it's child groups, the task sequence will continue with the groups and steps defined outside this group, i.e. the  1E WSA Actions (   Finalize)  step. This ensures WSA is able to report on any task sequence failures.

    On the Properties tabOn the Options tab

    Creating the Main group

    • Name the group Main and ensure that it is positioned just below the 1E WSA Action step.
    • Select the Continue on error option and click Apply.
    1.  Setting Nomad as the download program

      With the Main group highlighted, click Add and from the menu, choose 1E > Nomad > Set Nomad as Download Program. Right-click the step and from the context menu, choose Move Up so it becomes a child of the Main group and click OK. No additional settings are required for this step.

      This step sets Nomad as the download program for all Task Sequence content so should be added at the top of the Main group before any content is required. Refer to Set Nomad as download program for further details on using this step.

    2.  Creating the Test Connections group and adding its child steps

      Click Add and choose New Group.

      This group contains steps that will validate the WiFi and VPN credentials entered by the user in the Windows Servicing Assistant. If the Task Sequence was not initiated through WSA (i.e. 1EWSA is no true), this group will be skipped. If the Task Sequence was initiated through WSA, this group will validate the credentials by disconnecting WiFi and VPN (if applicable) and attempting to reconnect using the supplied credentials. If the validation fails, the Task Sequence will fail and the user will be notified through the final WSA page that there was a problem with either the WiFi or VPN credentials. This group is included in the Task Sequence to fail before doing anything destructive on the PC if there are any problems with the supplied credentials.

      On the Properties tabOn the Options tab
      • Name the group Test Connection
      1. Choose Add Condition > Task Sequence Variable.
      2. Enter the following details:

        Variable1EWSA
        Conditionequals
        ValueTrue
      3. Click OK.
      4. Click Apply.

      When the task sequence runs, connectivity to the Configuration Manager site must be maintained after any system restart into the full OS. Throughout the task sequence, the 1E WSA Actions step attempts to automatically establish WiFi connections (using WSA gathered credentials) when either of the Refresh Content Locations or Switch Between online and offline content options are selected.

      For locations using VPN, the Connect to VPN step uses the ConnectVPN.PS1 PowerShell script to establish a VPN connections. Provided the VPN profile name has been defined in the task sequence, VPN connection credentials have been entered during running of the Assistant  and an external network exists, the script will attempt to establish the connection.

      Currently, WSA has been developed for use with the Microsoft VPN Client. The VPN connection process within WSA can be extended to accommodate other VPN client solutions. Future releases of WSA will also supports solutions implementing two factor authentication, where user input may be required at the time the connection is established.

      The steps defined within the Test Connections group are designed to exercise those connection credentials supplied by the user when they ran WSA wizard and establish their validity before proceeding any further in the task sequence.

       

      1. With the Test Connection  group highlighted, click Add and from the menu, choose General > Run PowerShell Script.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step Parameter
          Value
          NameValidate WiFi VPN Credentials
          DescriptionValidate WiFi and VPN connections using WSA gather credentials.
          PackageBrowse to the WSA Scripts package  
          Script nameValidateWiFiVPNCreds.ps1
          Parameters-VPNProfile <VPN Profile>
          PowerShell Execution PolicySet this to Bypass
        2. Click Apply.

         

        • Set Continue on error

          There is a known issue where a Run PowerShell Script step can erroneously return 1 to the Task Sequence, causing this step to fail even though the script completes successfully. This step is configured to continue on error, but the next step will report back any actual error to the Task Sequence if the return code from this step is neither 0 or 1.

         

        Both the  ValidateWiFiVPNCreds.ps1 script and the  VPN connection script  ConnectVPN.PS1 , require a VPN profile name in order to establish the connection. <VPNProfile> must be the same name defined in the rasphone.pbk included in the WSA Scripts Package. If the profile name includes spaces, surround it in single quotes (e.g. '1E (UK)'). If rasphone.pbk includes multiple profiles (e.g. US and UK), the parameter can be configured to use a Collection variable (e.g.  -VPNProfile '%VPNProfile%' ) - if you use this approach, ensure there is a Collection variable named VPNProfile defined for all clients that will run WSA otherwise this step in the Task Sequence will fail.

      2. Click Add and from the menu choose  General > Run command line.

        This step is to work around an issue when running PowerShell script steps where a command in the script returns 1 but the script does not error and completes successfully. CM reports this as an error even though the ValidateWiFiVPNCreds.ps1 script finally exits with 0. The step will be skipped if the last action (Validate WiFi VPN Credentials) returns either 0 or 1 and the Task Sequence will continue to execute. Otherwise it will return the actual return code from the Validate WiFi VPN Credentials and the TS will fail.
        On the Properties tabOn the Options tab
        1. Enter the following details, leaving the remaining options unchecked.

          Step parameterValue
          NameFilter return codes from Validation script
          DescriptionAllows TS to continue if the previous step returns 0 or 1, otherwise fails with the return code of the previous step
          Command linecmd /c exit %_SMSTSLastActionRetCode%
        2. Click Apply.

        Click Add Condition and choose Task Sequence Variable, configure the condition as follows and click OK.

        Variable_SMSTSLastActionRetCode
        Conditionnot equals
        Value1

        Click Add Condition and choose Task Sequence Variable, configure the condition as follows and click OK.

        Variable_SMSTSLastActionRetCode
        Conditionnot equals
        Value0
      3. Click Add and from the menu, choose General > Run PowerShell Script.

        This step establishes a VPN connection if the Task Sequence was initiated by a remote user.
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step ParameterValue
          NameConnect VPN
          DescriptionConnect VPN using WSA collected credentials
          PackageBrowse to the WSA Scripts package  
          Script NameConnectVPN.ps1
          Parameters-VPNProfile <VPN Profile>
          PowerShell Execution PolicySet this to Bypass

          <VPNProfile> must be the same name defined in the rasphone.pbk included in the WSA Scripts Package

           

        2. Click Apply.
        • Click Add Condition and choose Task Sequence Variable, configure the condition as follows and click OK.
        Variable1EWSA_RemoteUser
        Conditionequals
        Valuetrue
    3.  Setting the OSDBitLocker status

      Click Add and from the menu, choose General > Set Task Sequence Variable.

      This step sets the OSDBitLockerStatus variable to Protected if the C: drive is protected when the Task Sequence starts. It is used later in the Task Sequence to enable BitLocker if it was enabled and the drive was protected before the upgrade when the Task Sequence started.
      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameSet OSDBitLockerStatus
        Task Sequence VariableOSDBitLockerStatus
        ValueProtected
      2. Click Apply.
      1. Click Add Condition and choose WMI Query.
      2. Enter the following details:

        WMI Namespace: root\cimv2\security\MicrosoftVolumeEncryption
        SELECT *
        FROM win32_encryptablevolume
        WHERE driveletter = 'c:'
        AND protectionstatus = '1'
      3. Click OK.
      4. Click Apply.
    4.  The SMSTSPostAction step

      Click Add and from the menu, choose General > Set Task Sequence Variable.

      SMSTSPostAction is a native TS variable that can be used to run a process after the task sequence has completed. Restarting the PC once the TS has completed, expedites the processing of site policy for the newly installed ConfigMgr client agent, reducing the time taken for the agent to be become fully operational.

      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameSet SMSTSPostAction
        Task Sequence VariableSMSTSPostAction
        Valueshutdown.exe /r /t 30Select
      2. Click Apply.
      • No action required.
    5.  Creating the New Computer group and adding its child steps

      With the Set SMSTSPost Action step highlighted, click Add and from the menu, choose New Group.

      This group will be executed if the Task Sequence started in Windows PE (i.e. it is a New Computer / Bare metal scenario).

      On the Properties tabOn the Options tab
      Creating the New Computer group
      • Name the group New Computer
      • Click Add Condition and select Task Sequence Variable. Configure the condition as follows and click OK.
      Variable_SMSTSInWinPE
      Conditionequals
      Valuetrue
      1. With the New Computer group highlighted, click Add and from the menu, choose General > Set Task Sequence Variable.

        This step sets the StartedInWinPE TS variable to True, indicating that this is a bare-metal type deployment. We'll use it later in the Task Sequence when we need to determine which deployment scenario is being executed. This Task Sequence is designed to support bare-metal deployment scenarios for non-WSA deployments. Currently bare-metal deployments are not supported by WSA.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameSet StartedInWinPE=True
          VariableStartedInWinPE
          ValueTrue
        2. Click Apply.
        • No action required
      2. Locate the Partition Disk 0 - BIOS step in the Install Operating System group (created in the base Task Sequence) and move it up to the New Computer group directly after the Set StartedInWinPE=true step as indicated in the screenshot at the top of this page.

        This step partitions and formats the disk using MBR format in a bare-metal scenario if the Task Sequence booted in legacy BIOS mode (i.e. if _SMSTSBootUEFI is not equal to true).
      3. Locate the Partition Disk 0 - UEFI step in the Install Operating System group (created in the base Task Sequence) and move it up to the New Computer group directly after the Partition Disk 0 - BIOS step as indicated in the screenshot at the top of this page.

        This step partitions and formats the disk using GPT format in a bare-metal scenario if the Task Sequence booted in UEFI mode (i.e. if _SMSTSBootUEFI equals true).
      4. Click Add and from the menu, choose 1E Nomad > Install and Configure Nomad in WinPE.

        This step installs the Nomad agent in Windows PE. Refer to Nomad 6.3 - Install and configure Nomad in WinPE for further details on using this step.
        On the Properties tabOn the Options tab
        1. In License key, enter your License key.
        2. Enter the location of ActiveEfficiency in the ActiveEfficiency URL fields.
        3. Configure the remaining parameters to suit your environment.
        4. Click Apply.
        • No action required
    6.  Setting the deployment type to Refresh

      Locate the Capture Files and Settings group (created in the original base Task Sequence) and move it up so it is a child of the Main group that executes after the New Computer group.

      1. With the Capture Files and Settings group selected, click Add and select General > Set Task Sequence Variable.

        This step sets the variable DEPLOYMENTTYPE to Refresh to indicate that this is a refresh type deployment. The Capture Files and Settings group that contains this step is only executed if the Task Sequence starts in the full OS, which implies this is a Refresh (Wipe and load) scenario. The DEPLOYMENTTYPE variable is used by the 1E Get Migration Settings step later in the TS. For more information refer to Nomad 6.3 - Get migration settings


        Adding the Set Deployment Type step

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameSet DEPLOYMENTTYPE=Refresh
          Task Sequence VariableDEPLOYMENTTYPE
          ValueRefresh
        2. Click Apply.
        • No action required
    7.  Defining the behavior for the Capture User Files and Settings

      Select the Capture User Files and Settings group and remove the Request User State Storage and Release User State Storage steps

      The Request User State Storage step requests storage on a Configuration Manager State Migration Point (SMP), and the Release User State Storage step finalizes that storage on the SMP after capture. As the Windows Servicing Suite uses Peer Backup Assistant (PBA) in place of a State Migration Point, these steps are not required (they are replaced with the PBA equivalent 'Provision Nomad PBA Data Store' and 'Finalize Nomad PBA Data Store' steps, respectively, later in the Task Sequence).


      Modifying the Capture User Files and Settings group

      1. Click Add and from the menu, choose 1E Nomad > Get Migration Settings.

        The Get Migration Settings step is responsible for setting the USMT encryption key and also the source computer name (stored in both PBAComputer and SourceComputerName variables) that will be used later in the Task Sequence. For further information on using this step, refer to Get migration settings.

        On the Properties tabOn the Options tab
        1. Select the Capture user state option.
        2. Click Apply.
        • No action required.
      2. Click Add and from the menu, choose General > Set Task Sequence Variable.

        This optional step defines additional configuration options for USMT data capture. The native OSD task sequence variable OSDMigrateAdditionalCaptureOptions is used to modify the behavior of the user state capture process. By default, USMT will capture domain and local user account data and settings defined by the built-in capture files, migapp.xml and migdocs.xml. The example below shows how to exclude local user accounts (migrating local user profiles can be problematic if the local user account does not exist in the new OS). There may be other changes you want to make to the capture options. The Update OSDMigrateAdditionalCaptureOptions step executes if the variable has already been set (for example by the 1E WSA Actions step during initialization to configure user folder capture and encryption) and appends the new option to the existing variable value. 

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameUpdate OSDMigrateAdditionalCaptureOptions
          Task Sequence Variable OSDMigrateAdditionalCaptureOptions
          Value %OSDMigrateAdditionalCaptureOptions% /ue:%computername%\*
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter this detail:

          VariableOSDMigrateAdditionalCaptureOptions
          Conditionexists
        3. Click OK.
        4. Click Apply.
      3. Click Add and from the menu, choose General > Set Task Sequence Variable.

        This step is similar to the previous step, but it only executes if the OSDMigrateAdditionalCaptureOptions does not already exist. It sets the variable to whatever additional options you want to include - the example shown will exclude local user accounts.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameSet OSDMigrateAdditionalCaptureOptions
          Task Sequence VariableOSDMigrateAdditionalCaptureOptions
          Value/ue:%computername%\*
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter this detail:

          VariableOSDMigrateAdditionalCaptureOptions
          Conditionnot exists
        3. Click OK.
        4. Click Apply.
      4. Click Add and from the menu, choose 1E Nomad PBA > Peer Backup Assistant: Provision Nomad PBA Data Store.

        1E Nomad Peer BackUp Assistant (PBA) is a feature that facilitates the use of Nomad peers for the storage and retrieval of captured user data. The Peer Backup Assistant: Provision Nomad PBA Data Store step is used to locate suitable storage for hosting of the data. For WSA type deployments, when USB media is used for the storing of user data, all Nomad PBA steps are skipped. For more information refer to Peer backup assistant Provision Nomad PBA data store.

        On the Properties tabOn the Options tab
        1. Select the Use Nomad's size estimation option.
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_USBforUSMT
          Conditionnot equals
          Valuetrue
        3. Click OK.
        4. Click Apply.
      5. Select the Capture User Files and Settings step.

        If the Task Sequence is initiated through a WSA application that enabled the user to select files and folders to back up, the files and folders that the user selected will be captured in addition to whatever options are defined in this step. For example, if this step has the option Capture all user profiles by using the standard options selected then the Task Sequence will execute the capture using MigApp.xml and MigDocs.xml (note that MigDocs.xml will capture most files wherever they are on the PC, which in most makes the user selection in WSA redundant). If the option Customize how user profiles are captured is selected, the Task Sequence will execute the capture using whatever configuration files are defined in the step, in addition to the custom configuration file created based on the user selections in the Windows Servicing Assistant. If you are using WSA, a good starting point would be to select Customize how user profiles are captured and add MigApp.xml and MigUser.xml to the list of files. If you are using WSA and only want the user-selected files and folders to be captured, select Customize how user profiles are captured  but do not define any files.


        On the Properties tabOn the Options tab
        1. Click Browse to locate the USMT package.
        2. Configure the step to suit your user data and settings capture requirements (see info panel above). Note that for a Destructive Wipe and load you cannot use the option Capture locally by using links instead of by copying files

        No changes required

         


      6. Click Add and from the menu, choose 1E Nomad PBA > Peer Backup Assistant: Finalize Nomad PBA Data Store.

        The Peer Backup Assistant: Finalize Nomad PBA Data Store step is used to indicate that capture and transfer of the user data onto the PBA host has completed. For more information refer to Peer backup assistant Provision Nomad PBA data store

        On the Properties tabOn the Options tab
        • No action required
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_USBforUSMT
          Conditionnot equals
          ValueTrue
        3. Click OK.
        4. Click Apply.
    8.  Creating the Restart group and adding its child steps

      Click Add and from the menu choose New Group. Using the down arrow ensure the group is a child of the Main group. (i.e. appears at the same level as Capture Files and Settings group.

      On the Properties tabOn the Options tab
      • Name the group Restart.
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        VariableStartedInWinPE
        Conditionnot equals
        ValueTrue
      3. Click OK.
      4. Click Apply.
      1. Locate and delete the Disable BitLocker step created in the base Task Sequence (Capture Files and Settings group). Select the Restart group, click Add and from the menu, choose General > Run Command Line. Ensure the new step appears as the first step in the Restart group.

        This step disables BitLocker if it was enabled when the Task Sequence started (i.e. if OSDBitLockerStatus=Protected). The command line disables it indefinitely (so for any subsequent reboots), until it is enabled later in the Task Sequence.
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameDisable BitLocker
          Command linemanage-bde -protectors -disable C: -RC 0
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          VariableOSDBitLockerStatus
          Conditionequals
          ValueProtected
        3. Click OK.
        4. Click Apply.
      2. Click Add and from the menu, choose General > Run PowerShell script.

        This step is a workaround for an issue where Configuration Manager may stage the Windows PE boot image on a connected USB disk if it is larger than the local disk and then not be able to boot from it. The step creates a temporary file on the USB drive that fills it so CM cannot stage the boot image on the disk. The temporary file is later removed with the Teardown.ps1 script.


        On the Properties tabOn the Options tab
        1. Browse to the script package and enter these details:

          Step parameterValue
          NameSetup WinPE Boot
          DescriptionPrevents TS staging the boot image onto a large USB disk by temporarily filling it.
          PackageBrowse to the Setup WinPE Boot package
          Script nameSetupWinPEBoot.ps1
          Parameters
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass
        2. Click Apply.

        No Action Required.

      3. Click Add and from the menu, choose General > Run Command Line.

        This is an optional step to work around an issue identified on some Dell PCs where restarting the PC when connected to VPN on a wireless connection would cause the PC to blue-screen. It installs a service that disconnects the VPN connection when a shutdown is requested by the OS, which has been observed to prevent the blue-screen.

        The RasdialDisconnect service is installed using InstallRasdialDisconnectService.bat. A step is included towards the end of the TS to uninstall the service

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameInstall RasdialDisconnect service
          Command lineInstallRasdialDisconnectService.bat
        2. Check the Package option and browse to the WSA Scripts package.
        3. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_RemoteUser
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      4. Click Add and from the menu, choose General > Restart Computer.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameRestart in WinPE
          The boot image assigned to this task sequenceSelected
          Notifiy the user before restartingChecked
          Notification MessageThe computer must restart to continue
        2. Click Apply.
        • No action required
      5. Click Add and from the menu choose 1E OSD > 1E WSA Actions.

        The WSA Actions step must be executed after each reboot where drive letters may change or when switching between the full OS and Windows PE
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      6. Locate the Install and Configure Nomad in WinPE.step in the New Computer group. Copy this step and paste it directly after the 1E WSA Actions step.

        This step installs the Nomad agent in Windows PE. Refer to  Nomad 6.3 - Install and configure Nomad in WinPE  for further details on using this step.

      7. Click Add and from the menu, choose 1E Nomad > Save Nomad Cache.

        This step saves the Nomad cache to the temporary Task Sequence storage. Refer to Save Nomad cache for further details on using this step

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          OperationMove
          Wipe CCM CacheChecked
        2. Click Apply.
        • No action required
      8. Click Add and from the menu, choose General > Run PowerShell script.

        If the Setup WinPE Boot step created a temporary file to fill an attached USB disk (to prevent CM from staging the boot image on the USB disk), this step deletes that file.
        On the Properties tabOn the Options tab
        1. Browse to the script package and enter these details:

          Step parameterValue
          NameDelete temporary USB disk fill
          DescriptionDeletes temporary file created to fill large USB disk
          PackageBrowse to the WSA Scripts package  
          Script nameTeardown.ps1
          Parameters
          PowerShell Execution PolicySet the PowerShell execution policy to Bypass
        2. Click Apply.

        No Action Required.

    9.  Creating the BIOS to UEFI group and its child steps

      With the Delete temporary USB disk fill step highlighted, click Add and from the menu, choose New Group. Move the group down so it becomes a child the Main group. i.e. it appears at the same level as the Restart group.

      On the Properties tabOn the Options tab
      • Name the group 1E BIOS to UEFI
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        Variable_SMSTSBootUEFI
        Conditionequals
        ValueFalse
      3. Click OK.
      4. Select the condition just created.
      5. Click Add Condition and choose If Statement > Any Condition
      6. Click Add Condition and select Query WMI
      7. Add each of the following so as separate WMI conditions

        WMI Namespace: root\cimv2
        SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE "%Dell%"
        SELECT * FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%HP%"
        SELECT *
        FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%Lenovo%"
        Select *
        FROM Win32_ComputerSystem
        WHERE Manufacturer LIKE "%Hewlett-Packard%"

        The conditions should appear as follows:

      The 1E BIOS to UEFI group is responsible for converting the host system disk from legacy BIOS to UEFI and configuring those firmware settings required to implement the associated security features and settings.

      UEFI is a firmware standard required to support modern security features such as Secure Boot, Device Guard and Credential Guard. In a destructive wipe-and-load task sequence, the disk is repartitioned using the GUID Partition Table (GPT) system using the process first introduced in Configuration Manager 1610 (refer to https://docs.microsoft.com/en-us/sccm/osd/deploy-use/task-sequence-steps-to-manage-bios-to-uefi-conversion for further information). The 1E BIOS to UEFI group is conditioned to execute only if the host is running legacy BIOS. Once the disk is partitioned as GPT, the 1E BIOS to UEFI steps automate the necessary firmware reconfiguration on Dell, Lenovo and HP systems in order to allow Secure Boot, Device Guard, Credential Guard and other settings. Full details on how to use 1E BIOS to UEFI and the supported hardware models, can be found here 1E BIOS to UEFI.

      Configuring Firmware Settings

      The following steps included in this group are provided as an example of the 1E BIOS to UEFI feature, which can:

      • Unlock the BIOS using a whitelist of password values defined in the step – this step can be added multiple times with appropriate conditions to enable different passwords to be used on different device classes.
      • Enable Secure Boot
      • Enable the TPM
      • Set the BIOS password – if BIOS passwords are used and need to be standardized

      Each of the steps require the 1E OEM Toolkit Package. Refer to Launching the Create 1E OEM Toolkit Package wizard for details on how to create the 1E OEM Toolkit Package.

      1. Click Add and from the menu choose 1E OSD > 1E BIOS to UEFI Password Setup.

        This step defines the BIOS admin password(s) that will be attempted when the subsequent 1E BIOS to UEFI steps attempt to make changes to the firmware settings. Refer to Automating password authentication for changing BIOS settings for further details on using this step.
        On the Properties tabOn the Options tab
        1. Browse for the OEM Toolkit Package
        2. Name the step 1E BIOS to UEFI Define Password
        3. In the Password List, add any BIOS passwords that are used in the environment.
        4. Ensure the option No change is selected.
        5. Click Apply.
        • No action required
      2. Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI OEM.

        This step configures the firmware settings to enable UEFI, Secure Boot and other options. Refer to Working with BIOS to UEFI for further details on using this step. In order to ensure builds are successful when you enable Secure Boot, we recommended that client firmware is updated to the latest version and that you test Secure Boot on those hardware models targeted by the task sequence before deploying into a production environment.

        On the Properties tabOn the Options tab
        1. Browse for the OEM Toolkit Package.

        2. Select the UEFI Configuration option.
        3. Select the UEFI Native with Secure Boot option.
        4. Click Apply.

        • No action required
      3. Click Add and from the menu choose 1E OSD > 1E BIOS to UEFI Advanced Settings.

        This step enables and activates the TPM. Many of the new security features in Windows require the onboard TPM chip to be enabled and activated. Refer to TPM and Hardware Virtualization for further details on using this step.

        On the Properties tabOn the Options tab
        1. Select the Enable TPM option.
        2. Select the Activate TPM option.
        3. Click Apply.
        • No action required.
      4. Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI Password Setup.

        This optional step sets the BIOS password to a predefined password and can be used to standardize on a single BIOS password. Refer to Automating password authentication for changing BIOS settings for further details on using this step.
        On the Properties tabOn the Options tab
        1. Browse for the OEM Toolkit Package.
        2. Name the step 1E BIOS to UEFI Password Set
        3. Add the BIOS passwords that are to be used in the environment. 
        4. In Set New Password, select the appropriate Password from those entered in 3.
        5. Click Apply.

        No action

      5. Click Add and from the menu, choose Disks > Format and Partition Disk.

        This step prepares the disk for BIOS to UEFI conversion. It creates a FAT32 partition on which the boot image will be staged (ensure this partition is big enough to accommodate your boot image). The partition must also be assigned the variable TSUEFIDrive. Once the Task Sequence has rebooted into Windows PE from this partition and the firmware changes have been made, the disk will be repartitioned in preparation for applying the Windows 10 operating system.
        On the Properties tabOn the Options tab
        1. Enter the following details, creating two Primary partitions:

          Step parameterValue
          NamePartition Disk 0 - UEFI
          Disk Number0
          Disk TypeGPT
          Volume #1
          ParameterValue
          Partition TypePrimary
          Use specific size1024MB
          File systemFAT32
          Quick formatChecked
          VariableTSUEFIDrive

          It is important that the temporary FAT32 Primary partition used when converting the disk to UEFI is large enough to accommodate the boot image assigned to the task sequence.

          Volume #2
          ParameterValue
          Partition TypePrimary
          Use a percentage of remaining free space100
          File systemNTFS
          Quick formatChecked
          VariableSMSTSLocalDataDrive
        2. Click Apply.
        • No action required
      6. Click Add and from the menu, choose General > Run Command Line.

        The Reset Nomad Cache step is necessary after repartitioning the disk to ensure that the Nomad cache is located on the correct partition

        On the Properties tabOn the Options tab
        1. Enter the following details:

          ParameterValue
          NameReset Nomad Cache
          Command linecmd /c md %SMSTSLocalDataDrive%\ProgramData\1E\NomadBranch && cmd /c reg add HKLM\Software\1E\NomadBranch /v LocalCachePath /d %SMSTSLocalDataDrive%\ProgramData\1E\NomadBranch\ /t REG_SZ /f
        2. Click Apply.
        • No action required
      7. Click Add and from the menu, choose General > Restart Computer.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameRestart in WinPE
          The boot image assigned to this task sequenceSelected
          Notifiy the user before restartingChecked
          Notification MessageThe computer must restart to continue
        2. Click Apply.
        • No action required
      8. Click Add and from the menu, choose 1E OSD > 1E WSA Actions.

        The WSA Actions step must be included whenever drive letters may have changed or when switching between full OS and Windows PE.
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition > Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
    10.  Creating the Repartition Disk group

      With the 1E WSA Actions step highlighted, click Add and choose New Group. Move the group down so it becomes a child of the Main group at the same level as the 1E BIOS to UEFI group

      On the Properties tabOn the Options tab
      1. Name the group Repartition Disk.
      • No action required
      1. From the New Computer group, right-click the Partition Disk 0 - BIOS step and select Copy. Paste the step into the Repartition Disk group as the first step.

      2. From the  New Computer  group, right-click the  Partition Disk 0 - UEFI  step and select  Copy . Paste the step into the Repartition Disk group directly after the Partition Disk 0 - BIOS step..

      3. Click Add and from the menu, choose 1E OSD > 1E WSA Actions.

        The WSA Actions step must be included whenever drive letters may have changed or when switching between full OS and Windows PE.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Action
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition > Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      4. From the New Computer group, right-click the Install and Configure Nomad in WinPE step and select Copy. Paste the step into the Repartition Disk group directly after the 1E WSA Actions step. 

    11.  Customising the Install and Setup Operating System group

      Select the Install Operating System group from our base task sequence and rename it Install and Setup Operating System – for simplicity we are combining the OS installation and Setup steps into a single group. Remove the Restart in Windows PE step at the start of the group. 

      1. Highlight the  Apply Windows Settings step.

        On the Properties tabOn the Options tab
        1. Populate the fields to suit your environment.
        2. Click Apply.
        • No action required
      2. Rename the Apply Network Settings step to Apply Network Settings (Wired in Office)

        The domain join is a critical part of the deployment process and is required to be configured differently within the TS depending on location and connection type. The domain join is usually attempted directly after the new OS image has been applied using the native Apply Network Settings step. This step not only performs a domain join, but is also responsible for making other configuration changes to the host and must be allowed to complete successfully. At the point when Apply Network Settings typically runs, when operating over wireless or VPN, connectivity to the required domain will not exist.

        In order to allow the Apply Network Settings step to complete successfully at all locations and when using all types of connection, the Apply Network Settings step is used multiple times within the TS. The step is configured with the Join a domain setting and is conditioned to only execute when the deployment is running in an Office location with a wired connection. For a deployment at a Remote location or on wireless, an additional Apply Network Settings step is set to Join a workgroup. In this case network connectivity is not required and the step will complete successfully. For Remote or wireless locations, the domain join is performed later in the TS once connectivity to the domain has been established, using a native Join domain or Workgroup step.

        On the Properties tabOn the Options tab
        1. Populate the domain fields to suite you environment.
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA_RemoteUser
          Conditionnot equals
          ValueTrue
          Variable1EWSA_WiFiSSID
          Conditionnot exists
        3. Click OK.
        4. Click Apply.
      3. Copy and paste the Apply Network Settings (Wired in Office) step so that it is positioned directly beneath the original. Rename it to Apply Network Settings (Remote or on WiFi) and configure it as detailed below.

        This step executes if the user is remote or if the PC is connected only to WiFi (in either of these scenarios the Task Sequence will not have access to a domain controller at this point). It joins the PC to a workgroup (the PC needs to be joined to a workgroup or domain for the CM client setup to succeed. Later, when connectivity is established, an additional step will be executed that will join the PC to the domain.
        On the Properties tabOn the Options tab
        1. Select the Join a workgroup option.
        2. In Workgroup, enter the name WORKGROUP.
        1. Modify the If statement from All to Any
        2. Modify the Task Sequence Variable settings as follows:

          Variable1EWSA_RemoteUser
          Conditionequals
          ValueTrue
          Variable1EWSA_WiFiSSID
          Conditionexists

          The conditions should appear as follows:

        3. Click Apply.
      4. With the Apply Network Settings (Remote or on WiFi) step highlighted, click Add and from the menu, choose New Group.

        On the Properties tabOn the Options tab
        • Name the group Drivers – driver installation steps such as those using the Apply Driver Package step should be positioned within this group.
        • No action required

        Each hardware model targeted by the TS will require its own set of device drivers to be installed. The common way of doing this is to use a native Apply Driver Package step for each hardware model with the step conditioned using a WMI query referencing the hardware make and model. For example, an Apply Driver Package step supporting a DELL Latitude 7480 is conditioned as follows:

        WMI Namespace
        WQL Query
        root\cimv2Select * from Win32_ComputerSystem WHERE Model Like '%Latitude 7480%'

        TS driver installation implemented in this way is supported in WSA insofar as only that driver package whose WMI query contains the host make and model will be downloaded as part of WSA readiness. WSA also provides the option of failing the readiness, should it not be able to identify a matching driver package in the Task Sequence.

        Other means do exist of installing the correct set of device drivers during the running of the task sequence. The native Auto Apply Drivers step will download individual drivers based on the plug and play requirements of the host. However, this method of driver identification does have it's disadvantages. Drivers that may be required later to access external devices will not be installed. Also, although in the main reliable, plug and play detection has been known to give unpredictable results, on occasion. 

        Third parties have created custom solutions to allow the identification of the make and model and download of the relevant driver package, during the running of the task sequence. Such solutions are designed to streamline the Task Sequence reducing the overall number of steps required. However, they do require backend setup and configuration to configure the necessary web services and allow the correct driver package to be identified. Note that WSA

      5. With the Drivers group selected, click Add and from the menu, choose General > Run Command Line. Move the step down so it appears outside of the Drivers group but inside the Install and Setup Operating System group.
        Adding steps to the Install and Setup Operating System group

        This optional step copies CMTrace from the boot image to the Windows\System32 folder in the new OS. CMTrace is useful for diagnosing log files. This step should only be included if CMTrace.exe has been included in the boot image (in the sms\bin\x64 folder).

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameCopy CMTrace
          Command linexcopy x:\sms\bin\x64\CMTrace.exe %OSDTargetSystemDrive%\Windows\System32\ /Y /F
        2. Click Apply.
        • No action required
      6. Click Add and from the menu, choose 1E Nomad > Stage Nomad Package.

        The Stage Nomad Package step is used in conjunction with the Install Nomad step. The steps alleviate the requirement of embedding the Nomad agent into the OS image in order to ensure the Nomad agent can be used as soon as the new OS has been installed.

        Refer to Stage Nomad package and Install Nomad for further details on using this step.

        On the Properties tabOn the Options tab
        1. In Nomad Package, browse to the Nomad installation package.
        2. Click Apply.
        • No action required

      7. Cut the Setup Windows and Configuration Manager step from the Setup Operating System group in the base task sequence and paste it into the Install and Setup Operating System group immediately after the Stage Nomad Package step.

      8. With the Setup Windows and Configuration Manager step selected, click Add and from the menu, choose 1E Nomad > Install Nomad.

        This step installs the Nomad agent in the new OS, using the package files staged in the earlier Stage Nomad Package step. Refer to Install Nomad for further details on using this step.
        On the Properties tabOn the Options tab
        1. Enter Additional Installation Commands if required.

          Any transform contained within the Nomad package referenced in the  Stage Nomad Package  step, will be automatically applied. If no other properties need be applied then the Additional Installation Commands field can be left blank

          If a transform is not used, or if additional Nomad installation properties must be specified, then these will be appended to the installation command-line if a transform is used. Note that additional MSI installation switches must not be specified in the Additional Installation Commands field.

        2. Click Apply.
        • No action required

           

      9. Click Add and from the menu, choose General > Restart Computer.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameRestart Computer
          The currently installed default operating systemSelected
          Notifiy the user before restartingChecked
          Notification Message A new Microsoft Windows operating system is being installed. The computer must restart to continue.
        2. Click Apply.
        • No action required
      10. With the Restart Computer step highlighted, click Add and from the menu, choose 1E OSD > 1E WSA Actions. 

        The 1E WSA Actions step must be included whenever drive letters may have changed and when switching between Windows PE and the full OS.
        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Name1E WSA Actions
          Refresh Content LocationChecked
          Switch Between online and offline contentChecked
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details:

          Variable1EWSA
          Conditionequals
          ValueTrue
        3. Click OK.
        4. Click Apply.
      11. With the 1E WSA Actions step highlighted, click Add and from the menu, choose New Group.

        This group is executed if the Task Sequence was initiated through WSA and either the user is remote or the PC is on a WiFi connection. As the PC is now running in the full OS we can establish the VPN and WiFi connection to complete the domain join in this group.
        On the Properties tabOn the Options tab
        • Name the group Remote/Wifi Domain Join
          1. Click Add Condition > If statement.
          2. Select Any condition, then add the following Task Sequence Variable conditions

            Variable1EWSA_RemoteUser
            Conditionequals
            ValueTrue
            Variable1EWSA_WiFiSSID
            Conditionexists
          3. Click Apply.
        1. Copy the Connect VPN step from the Test Connection group and paste it as the first step in the Remote/WiFi Domain Join group. 

          This step establishes a VPN connection using credentials supplied by the user if the Task Sequence was initiated through WSA by a remote user.
        2. Click Add and from the menu, choose General > Run Command Line.

          This is an optional step to work around an issue identified on some Dell PCs where restarting the PC when connected to VPN on a wireless connection would cause the PC to blue-screen. It installs a service that disconnects the VPN connection when a shutdown is requested by the OS, which has been observed to prevent the blue-screen.
          On the Properties tabOn the Options tab
            1. Enter the following details:

               

              Step parameterValue
              NameInstall RasdialDisconnect service
              Command lineInstallRasdialDisconnectService.bat
            2. Check the Package option and browse to the WSA Scripts package.
            3. Click Apply.
          1. Check Continue on error
        3. Click Add and from the menu, choose General > Join Domain or Workgroup

          At this point in the Task Sequence, the remote user will be connected to the corporate network via VPN and the machine can be joined to the domain using this step.

          On the Properties tabOn the Options tab
          1. Populate the fields to suit your environment.
          2. Click Apply.
          • No action required
        4. Click Add and from the menu, choose 1E OSD > 1E WSA Actions.

          This step will re-establish the WiFi connection (if applicable) after the previous Join Domain step reboots.

          On the Properties tabOn the Options tab
          1. Enter the following details:

            Step parameterValue
            Name1E WSA Action
            Refresh Content LocationChecked
            Switch Between online and offline contentChecked
          2. Click Apply.
          1. Click Add Condition and choose Task Sequence Variable.
          2. Enter the following details:

            Variable1EWSA
            Conditionequals
            ValueTrue
          3. Click OK.
          4. Click Apply.
        5. Copy the Connect VPN step from the beginning of the Remote/WiFi Domain Join group and paste it directly after the 1E WSA Actions step. 

          This step establishes a VPN connection using credentials supplied by the user if the Task Sequence was initiated through WSA by a remote user.
      12. With the Connect to VPN step highlighted, click Add and from the menu, choose 1E Nomad > Restore Nomad Cache. Move the step down so it appears outside of the Remote/WiFi Domain Join group but inside the Install and Setup Operating System group (at the same level as the Remote / WiFi Domain Join group).

        This step restores the Nomad cache that was saved before the new OS image was installed. This ensures any content required by the Task Sequence is available to other peers when the Task Sequence completes. Refer to Restore Nomad cache for further information on using this step.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          OperationLink
          Activate All ContentUnchecked
        2. Click Apply.
        • No action required
    12.  Create Nomad Application Policy

      Click Add and from the menu, choose 1E Nomad Pre 6.0 > Create Nomad Application Policy. Move the step down so it appears outside the Install and Setup Operating System group but inside the Main group (at the same level as the Install and Setup Operating System group). There are no options to configure on this step.

      At this point in the Task Sequence the CM client does not properly use Nomad for Application deployments. This step creates a local client policy to enable Nomad for Applications, so subsequent Install Application steps in the Task Sequence use Nomad to obtain the content. Refer to Create Nomad application policy for further information about using this step.

    13.  Restarting the CM service

      Select the Create Nomad Application Policy step, click Add and from the menu, choose General > Run Command Line.

      Restarting the CM agent service at this point, once network connectivity has been established, is necessary to enable subsequent software update and software installation steps to complete successfully.

      On the Properties tabOn the Options tab
      1. Add these details:

        Step parameterValue
        NameRestart CM service
        Description 
        Command linecmd /c "net stop ccmexec && net start ccmexec"
      2. Click Apply.
      • No action required
    14.  Relocating the Enable BitLocker step
      Cut the Enable Bitlocker step from the Setup Operating System group created in the base task sequence and paste it into the Main group immediately below the Restart CM service step.
    15.  Relocating the Install Updates step
      Cut the Install Updates step from the Setup Operating System group in created in the base task sequence and paste it into the Main group immediately below the Enable Bitlocker step.
    16.  Adding the 1E WSA Actions step

      With the Install Updates step highlighted, click Add and choose 1E OSD > 1E WSA Actions.

      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        Name1E WSA Action
        Refresh Content LocationChecked
        Switch Between online and offline contentChecked
      2. Click Apply.
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the following details:

        Variable1EWSA
        Conditionequals
        ValueTrue
      3. Click OK.
      4. Click Apply.

      A software update may require one or more restarts of the host to complete its installation. For a WSA deployment, it is important to note that in order for the Install Updates step to complete successfully, only a single restart of the host is permissible at completion of the step. If multiple restarts are anticipated, then multiple Install Update steps must be configured with subsequent 1E WSA Actions and Connect to VPN steps (as detailed in the following two steps). This allows a site connection to be established, before the next update is installed. In this task sequence it is anticipated that no update will require more than one restart of the host.

    17.  Connecting to VPN

      Copy any previous instance of the Connect VPN step (e.g. from the Remote/WiFi Domain Join group) and paste it directly after the 1E WSA Actions step.

    18.  Restarting the CM service

      Click Add and from the menu, choose General > Run Command Line.

      It is necessary to restart the CM service after establishing the VPN connection to ensure the CM client is able to process subsequent software installation steps.
      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameRestart CM service
        Description 
        Command linecmd /c "net stop ccmexec && net start ccmexec"
      2. Click Apply.
      No action required
    19.  Pausing the task sequence to allow the CM agent to fully start

      Click Add and from the menu, choose General > Run Comand Line.

      Once the ConfigMgr agent service has been restarted, pausing the TS allows application policy processing to be completed by the ConfigMgr agent, before execution of the TS Install Application step takes place.

      On the Properties tabOn the Options tab
      1. Enter the following details.

        Step parameterValue
        NameSleep time for CM Client Agent Initialization
        Command linecmd /c ping localhost -n 180 > NUL
      2. Click Apply.
      • No action required
    20.  Installing the Tachyon Agent

      Click Add and from the menu, choose Software > Install Application .

      This step installs the Tachyon Agent. The Tachyon Agent monitors the execution of the Task Sequence and reports back success or failure to Shopping.

      On the Properties tabOn the Options tab
      1. Enter the following details:

        Step parameterValue
        NameInstall Tachyon Agent
        Install the following applicationsBrowse to the Tachyon Agent application
      2. Click Apply.
      • No action necessary

      If there are other applications that need to be installed on all machines, add them after the Install Tachyon Agent step. If applications were added when the Create Task Sequence wizard was run, move those steps up so they appear after the Install Tachyon Agent step.

    21.  Setting the behavior for the Install Migrated Applications

      Select the Setup Operating System group in the base task sequence and configure it as follows

      On the Properties tabOn the Options tab
      • Rename the group Install Migrated Applications
        1. Click Add Condition > If statement.
        2. Select Any condition, then add the following Task Sequence Variable conditions

          Variable1EWSA
          Conditionnot equals
          ValueTrue
          Variable1EWSA_AppMigrationEnabled
          Conditionexists
        3. Click Apply.
      1. With the Install Migrated Applications group highlighted, click Add and from the menu, choose 1E Nomad > Get Migration Settings.

        The Get Migration Settings step in a wipe and load scenario will obtain the encryption key for USMT and will also set the SourceComputerName variable. Refer to Get migration settings for more information about using this step.

        On the Properties tabOn the Options tab
        1. Select the Restore user state option.
        2. Click Apply.
          1. Click Add Condition > Task Sequence Variable.

            VariableStartedInWinPE
            Conditionequals
            ValueTrue
          2. Click Apply.
      2. With the Get Migration Settings step highlighted, click Add and from the menu, choose 1E OSD > AppMigration.

        The AppMigration step calls the 1E Application Migration API to obtain a list of applications and packages that need to be installed based on the original inventory of the device and the Application Migration rules defined by the administrator. The step results in a series of variables (APPMIGxx and PKGMIGxxx) that identify the applications and packages to be installed. These variables are processed by teh Install Migrated Applications and Install Migrated Packages steps later in the Task Sequence. Refer to Using Application Migration in a task sequence for further information.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          Web Servicehttp://<SLA Platform Server>:<Port>/Platform/api/applicationmigration/getApplicationsToBeInstalled
          Domain\User NameThe credentials of a user defined in the SLA platform
          DomainThe FQDN of the domain that the current machine is in
          Source Computer Name VariableSourceComputerName
          Application VariableAPPMIG
          Package VariablePKGMIG
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable .
        2. Enter the following details:

          VariableSourceComputerName
          Conditionexists
        3. Click OK.
        4. Click Apply.
      3. With the 1E Application Migration step selected, click Add and from the menu, choose New Group.

        On the Properties tabOn the Options tab
        Creating the Install Migrated Apps group
        • Name the group Install Migrated Apps
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details below:

          VariableAPPMIG01
          Conditionexists
        3. Click OK.
        4. Click Apply.
      4. Click Add and from the menu, choose General > Run Command Line.

        This step waits for 3 minutes to allow the CM client to properly initialize before attempting to install applications.
        On the Properties tabOn the Options tab
        1. Enter the following details.

          Step parameterValue
          NameSleep time for CM Client Agent Initialization
          Command linecmd /c ping localhost -n 180 > NUL
        2. Click Apply.
        • No action required
      5. Click Add and from the menu, choose Software > Install Application.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameInstall Migrated Applications
          Install applications according to the dynamic variable listSelected
          Base variable nameAPPMIG
          If an application installation fails, continue installing other applications in the listCheck if required
        2. Click Apply.
        1. Select the Retry this step if computer unexpectedly restarts option.
        2. Click Apply.

        This step should only be executed if the variable APPMIG01 exists. In this Task Sequence it is included in the Install Migrated Apps group, which has the condition applied. If the step is included in a Task Sequence outside of a group that has the condition, then the condition should be applied to this step.

      6. With the Install Migrated Applications step highlighted, click Add and from the menu, choose Software > Install Package. Move the step down so that is appears as a child of Install Migrated Applications i.e. at the same level as the Install Migrated Apps group.
        Creating the Install Migrated Apps group

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameInstall Migrated Packages
          Install software packages according to the dynamic variable listSelected
          Base variable namePKGMIG
          If installation of a software package fails, continue installing other packages in the listCheck if required
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the following details below:

          VariablePKGMIG001
          Conditionexists
        3. Click OK.
        4. Click Apply.
    22.  Relocating the Restore User Files and Settings group

      Select the Restore User Files and Settings group. Move the group down so that it appears as a direct child group of Main i.e. at the same level as Install Migrated Applications
      Moving the Restore User Files and Settings group

      1. Select and remove the Request User State Storage step. Click Add and from the menu choose, 1E Nomad PBA > Peer Backup Assistant: Locate Existing Nomad PBA Data Store.

        This step replaces the native Request User State Storage step (which requires a State Migration Point) and locates a local peer that has the user data backup to be restored to this machine. Note that it is conditioned so it will not execute if the Task Sequence was initiated through WSA and the USMT data was stored on USB media. Refer to Peer backup assistant Locate existing Nomad PBA data store for further information on using this step.

        On the Properties tabOn the Options tab
        • No action required
        1. Click Add Condition and choose Task Sequence Variable .
        2. Enter the details below.

          Variable1EWSA_USBforUSMT
          Conditionnot equals
          Valuetrue
        3. Click OK.
        4. Click Apply.
      2. Select the Restore User Files and Settings step highlighted, click Add and from the menu choose General > Set Task Sequence Variable.

        This step sets the 1EWSA_RestoreSucceeded variable to true if the previous step (Restore User Files and Settings) completed successfully. The next step (Release Nomad PBA Data Store) will execute and delete the user data backup from the peer if the restore was successful.

        On the Properties tabOn the Options tab
        1. Enter the following details:

          Step parameterValue
          NameSet Restore Status
          Task Sequence Variable1EWSA_RestoreSucceeded
          ValueTrue
        2. Click Apply.
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the details below:

          Variable_SMSTSLastActionSucceeded
          Conditionequals
          Valuetrue
        3. Click OK.
        4. Click Apply.
      3. Select and remove the Release User State Storage step. Click Add and from the menu, choose 1E Nomad PBA > Peer Backup Assistant: Release Nomad PBA Data Store.

        This step replaces the native Release User State Storage step (which requires a State Migration Point) and releases the data store on peers, resulting in the user data backup being deleted from peers. It is conditioned to execute only if the restore was successful. It is also conditioned to not execute if the Task Sequence was initiated through WSA and USB media was used to store the user data.

        On the Properties tabOn the Options tab
        • No action required
        1. Click Add Condition and choose Task Sequence Variable.
        2. Enter the details below.

          Variable1EWSA_USBforUSMT
          Conditionnot equals
          Valuetrue
          Variable1EWSA_RestoreSucceeded
          Conditionequals
          Valuetrue
        3. Click OK.
        4. Click Apply.
    23.  Uninstalling the RAS dial service

      Click Add and from the menu, choose General > Run Command Line.

      This step uninstalls the RasdialDisconnect service and is only required if you have included the Install RasdialDisconnect Service step earlier in the Task Sequence.

      On the Properties tabOn the Options tab
        1. Enter the following details:

           

          Step parameterValue
          NameUninstall RasdialDisconnect service
          Command lineUnInstallRasdialDisconnectService.bat
        2. Check the Package option and browse to the WSA Scripts package.
        3. Click Apply.
      1. Click Add Condition and choose Task Sequence Variable.
      2. Enter the details below.

        Variable1EWSA_RemoteUser
        Conditionequals
        Valuetrue
      3. Click OK.
      4. Click Apply.

       

  3.  Finalize the task sequence

    Click Add and from the menu, choose 1E > OSD > 1E WSA Actions. Move the step down to the root of the task sequence – at the same level as Main.

    The 1E WSA Actions step is the last step to execute in the Task Sequence. At this point it executes the Finalize actions, which for a wipe and load task sequence cleans up the USB (if used and the administrator enabled the option to clean up USB). If no steps in the Main group failed, this step will return 0 (success). If any step in the Main group failed and was not configured to continue on error, this WSA Actions step will return the exit code that the failed step returned.

    On the Properties tabOn the Options tab
    Creating the 1E WSA Actions step
    • Select the Finalize option
    1. Click Add Condition > Task Sequence Variable.
    2. Enter the following details:

      Variable1EWSA
      Conditionequals
      ValueTrue
    3. Click OK.
    4. Click Apply.
  4. Click OK to save the task sequence.
This step installs the Nomad agent in Windows PE. Refer to