Wipe and load without user state migration

The Task Sequence detailed below assumes the Windows Servicing Assistant will be used to capture data and settings from the current OS and migrate these, along with applications, to the new OS. If you only want to migrate applications using the Windows Servicing Assistant and want to skip user state migration, you can add a condition to the Capture Files and Settings group and Restore User Files and Settings group so they only execute if the TS variable 1ESkipUserStateCapture is not true. 1ESkipUserStateCapture is set by the WSA Actions - Initialize step if the option Do not capture user files and settings is enabled in the Data Capture tab of the Wipe and Load Non-destructive WSA Application settings. If you will never use user state migration, you can remove the Capture Files and Settings group and Restore User Files and Settings group altogether, but you must still enable the option Do not capture user files and settings in the Data Capture tab of the Wipe and Load Non-destructive WSA Application settings, otherwise WSA will fail as it will attempt to locate these steps in the Task Sequence when it determines how much space is required.

Creating the Wipe and Load Non-Destructive base task sequence

The process and procedure is described below.

To create the Wipe and Load Non-Destructive Task Sequence:

1. From the Configuration Manager console, select the Software Library workspace.

2. Expand the Operating Systems tree and choose Task Sequences.

   Right-click Task Sequences. From its context menu, choose Create Task Sequence.

3. On the Create New Task Sequence screen:

   Select the Install an existing image package option. Click Next.

4. On the Task Sequence Information screen:

   In Task sequence name, enter a logical name for it. For example, Computer Refresh. In Description, enter a description for it.

5. On the Install Windows screen:

   In Image package, select the image package you want. In Image index, select the image index you want. Uncheck the option Partition and format the target computer before installing the operating system. As this is a non-destructive Task Sequence, the disk partition/format cannot be changed. In Product key, enter your Windows operating system licence key. Select the administrator password option that suits your security policy - enter and confirm the local admin password if the administrator account is to be enabled.. Click Next.

6. On the Configure Network screen:

   Select the Join a domain option. Enter or browse for the Domain and Domain OU that the machine should be joined to. Note that you must specify a valid OU and cannot use the Computers container In Account, enter the name of the account you want to use to join the domain. Click Next.

7. On the Install Configuration Manager screen:

   If required, add any Installation Properties specific to your environment and click Next.

8. On the State Migration screen:

   Ensure the Capture user settings and files option is selected. Ensure the USMT Package refers to the correct USMT package (click Browse to locate the USMT package if necessary). Select the Save user settings and files locally option and check the option Capture locally by using links instead of by copying files Click Next.

9. On the Include Updates screen:

   Select the Required for installation – Mandatory software updates only option. Click Next.

10. On the Install Applications screen:

    Define the applications to be installed by the task sequence after the OS has been upgraded. Click Next.

11. On the Nomad Settings screen:

    Select the Enable Nomad – Modifies currently associated reference packages option. Click Next.

12. On the Summary screen:

    Review your settings. Click Next. When the Create Task Sequence wizard completes, click Close.

The process for customizing the base task sequence

The process and procedures follows:

1. On the Configuration Manager console, right-click the Wipe and Load Non-Destructive Task Sequence from the list of task task sequences.

2. From its context menu, choose Edit.

Customizing the base task sequence

To customize the newly created task sequence with sequential steps to specifically address the destructive wipe and load:

1.  Initializing the task sequence

   In the Task Sequence Editor, click Add and from the menu, choose 1E OSD > 1E WSA Actions. 

   This step connects to 1E Shopping to determine if the deployment was initiated through the Windows Servicing Assistant (i.e. if a WSA order exists for this PC). If so, and the installed Nomad version supports WSA, it will define a number of Task Sequence variables based on the WSA deployment settings and selections made by the user when they ran the assistant. If there is no WSA order for the PC, the step will simply exit and the Task Sequence will continue as a standard deployment. Refer to Nomad 6.3 - 1E WSA Actions  for further details on using this step.

   On the Properties tab	On the Options tab
   Select the Initialize option. In Shopping URL:, enter the location for the Shopping Web. For example, http://<ShoppingHostHeader>/Shopping	Choose Add Condition > Registry Setting. Enter the following details: Root Key HKEY_LOCAL_MACHINE Key SOFTWARE\1E\NomadBranch Condition greater than or equals Value name ProductVersion Value tupe REG_SZ Value 6.3.200 Click OK. Click Apply.

2.  Create the Main group

   With the 1E WSA Actions step highlighted, click Add and choose New Group.

   Each WSA enabled task sequence is configured with a Main group where the majority of the task sequence actions occur. The behavior of the Main group is Continue on error, meaning that should any step fail within the group or any of its child groups, the task sequence will continue with the groups and steps defined outside this group, i.e. the 1E WSA Actions ( Finalize) step. This ensures WSA is able to report on any task sequence failures.

   On the Properties tab	On the Options tab
   Name the group Main and ensure that it is positioned just below the 1E WSA Action step.	Select the Continue on error option and click Apply.

   1.  Setting Nomad as the download program

      With the Main group selected, click Add and from the menu, choose 1E > Nomad > Set Nomad as Download Program. Right-click the step and from the context menu, choose Move Up so it becomes a child of the Main group and click OK. No additional settings are required for this step.

      This step sets Nomad as the download program for all Task Sequence content so should be added at the top of the Main group before any content is required. Refer to Nomad 6.3 - Set Nomad as download program for further details on using this step.

   2.  Creating the Test Connection group

      With the Set Nomad as Download Program step selected, click Add and choose New Group.

      This group contains steps that will validate the WiFi and VPN credentials entered by the user in the Windows Servicing Assistant. If the Task Sequence was not initiated through WSA (i.e. 1EWSA is no true), this group will be skipped. If the Task Sequence was initiated through WSA, this group will validate the credentials by disconnecting WiFi and VPN (if applicable) and attempting to reconnect using the supplied credentials. If the validation fails, the Task Sequence will fail and the user will be notified through the final WSA page that there was a problem with either the WiFi or VPN credentials. This group is included in the Task Sequence to fail before doing anything destructive on the PC if there are any problems with the supplied credentials.

      On the Properties tab	On the Options tab
      Name the group Test Connection	Choose Add Condtion > Task Sequence Variable. Enter the following details: Variable 1EWSA Condition equals Value True Click OK. Click Apply.

      When the task sequence runs, connectivity to the Configuration Manager site must be maintained after any system restart into the full OS. Throughout the task sequence, the 1E WSA Actions step attempts to automatically establish WiFi connections (using WSA gathered credentials) when either of the Refresh Content Locations or Switch Between online and offline content options are selected.

      For locations using VPN, the Connect to VPN step uses the ConnectVPN.PS1 PowerShell script to establish a VPN connections. Provided the VPN profile name has been defined in the task sequence, VPN connection credentials have been entered during running of the Assistant  and an external network exists, the script will attempt to establish the connection.

      Currently, WSA has been developed for use with the Microsoft VPN Client. The VPN connection process within WSA can be extended to accommodate other VPN client solutions. Future releases of WSA will also supports solutions implementing two factor authentication, where user input may be required at the time the connection is established.

      The steps defined within the Test Connections group are designed to exercise those connection credentials supplied by the user when they ran WSA wizard and establish their validity before proceeding any further in the task sequence.

      1.  Validating the WiFi and VPN credentials

         With the Test Connection group highlighted, click Add and from the menu, choose General > Run PowerShell Script.

         On the Properties tab	On the Options tab
         Enter the following details: Step Parameter Value Name Validate WiFi VPN Credentials Description Validate WiFi and VPN connections using WSA gather credentials. Package Browse to the WSA Scripts package Script name ValidateWiFiVPNCreds.ps1 Parameters -VPNProfile <VPNProfile> PowerShell Execution Policy Set this to Bypass Click Apply.	Set Continue on error   There is a known issue where a Run PowerShell Script step can erroneously return 1 to the Task Sequence, causing this step to fail even though the script completes successfully. This step is configured to continue on error, but the next step will report back any actual error to the Task Sequence if the return code from this step is neither 0 or 1.

         Both the ValidateWiFiVPNCreds.ps1 script and the  VPN connection script  ConnectVPN.PS1 require a VPN profile name in order to establish the connection. <VPNProfile> must be the same name defined in the rasphone.pbk included in the WSA Scripts Package. If the profile name includes spaces, surround it in single quotes (e.g. '1E (UK)'). If rasphone.pbk includes multiple profiles (e.g. US and UK), the parameter can be configured to use a Collection variable (e.g.  -VPNProfile '%VPNProfile%' ) - if you use this approach, ensure there is a Collection variable named VPNProfile defined for all clients that will run WSA otherwise this step in the Task Sequence will fail.

      2.  Filtering the return codes from the validation script

         • With the Validate WiFi VPN Credentials step selected, click Add and from the menu choose General > Run Command Line.

           This step is to work around an issue when running PowerShell script steps where a command in the script returns 1 but the script does not error and completes successfully. CM reports this as an error even though the ValidateWiFiVPNCreds.ps1 script finally exits with 0. The step will be skipped if the last action (Validate WiFi VPN Credentials) returns either 0 or 1 and the Task Sequence will continue to execute. Otherwise it will return the actual return code from the Validate WiFi VPN Credentials and the TS will fail.

           On the Properties tab	On the Options tab
           Enter the following details, leaving the remaining options unchecked. Step parameter Value Name Filter return codes from Validation script Description Allows TS to continue if the previous step returns 0 or 1, otherwise fails with the return code of the previous step Command line cmd /c exit %_SMSTSLastActionRetCode% Click Apply.	Click Add Condition and choose Task Sequence Variable, configure the condition as follows and click OK. Variable _SMSTSLastActionRetCode Condition not equals Value 1 Click Add Condition and choose Task Sequence Variable, configure the condition as follows and click OK. Variable _SMSTSLastActionRetCode Condition not equals Value 0

      3.  Adding the Connect to VPN step

         Click Add and from the menu, choose General > Run PowerShell Script. Browse to the VPN connection script package

         This step establishes a VPN connection if the Task Sequence was initiated by a remote user through WSA

         On the Properties tab	On the Options tab
         Enter the following details: Step Parameter Value Name Connect to VPN Description Connect VPN using WSA collected credentials Package Browse to the WSA Scripts package  Script Name ConnectVPN.ps1 Parameters -VPNProfile <VPNProfile> PowerShell Execution Policy Set this to Bypass <VPNProfile> must be the same name defined in the rasphone.pbk included in the WSA Scripts Package Click Apply.	Choose Add Condtion > Task Sequence Variable. Enter the following details: Variable 1EWSA_RemoteUser Condition equals Value True Click OK. Click Apply.

   3.  Setting the OSD BitLocker status

      Click Add and from the menu, choose General > Set Task Sequence Variable.

      This step sets the OSDBitLockerStatus variable to Protected if the C: drive is protected when the Task Sequence starts. It is used later in the Task Sequence to enable BitLocker if it was enabled and the drive was protected before the upgrade when the Task Sequence started.

      On the Properties tab	On the Options tab
      Enter the following details: Step parameter Value Name Set OSDBitLockerStatus Task Sequence Variable OSDBitLockerStatus Value Protected Click Apply.	Click Add Condition and choose WMI Query. Enter the following details: WMI Namespace: root\cimv2\security\MicrosoftVolumeEncryption SELECT * FROM win32_encryptablevolume WHERE driveletter = 'c:' AND protectionstatus = '1' Click OK. Click Apply.

   4.  Adding the SMS task sequence post action step

      Click Add and from the menu, choose General > Set Task Sequence Variable.

      This optional step causes the system to reboot after completion of the Task Sequence by setting the SMSTSPostAction variable.

      On the Properties tab	On the Options tab
      Enter the following details: Step parameter Value Name Set SMSTSPostAction Task Sequence Variable SMSTSPostAction Value shutdown.exe /r /t 30Select Click Apply.	No action required.

   5.  Relocating the Capture Files and Settings group

      Locate the Capture Files and Settings group (created in the original base task sequence) and move it up so it is a child of the Main group at the same indent level as the Test Connection group and starts after the Set SMSTSPostAction step.

      1.  Setting the deployment type to Refresh

         With the Capture Files and Settings group highlighted, click Add and from the menu, choose General > Set Task Sequence Variable.

         This step sets the variable DEPLOYMENTTYPE to Refresh to indicate that this is a refresh type deployment. The Capture Files and Settings group that contains this step is only executed if the Task Sequence starts in the full OS, which implies this is a Refresh (Wipe and load) scenario. The DEPLOYMENTTYPE variable is used by the 1E Get Migration Settings step later in the TS. For more information refer to Nomad 6.3 - Get migration settings.

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Set DEPLOYMENTTYPE=Refresh Task Sequence Variable DEPLOYMENTTYPE Value Refresh Click Apply.	No action required

      2. In the Capture User Files and Settings group, remove the Set Local State Location step

         1.  Setting the Get Migration step

            Click Add and from the menu, choose 1E Nomad > Get Migration Settings.

            The Get Migration Settings step is responsible for setting the USMT encryption key and also the source computer name (stored in both PBAComputer and SourceComputerName variables) that will be used later in the Task Sequence. For further information on using this step, refer to Nomad 6.3 - Get migration settings.

            On the Properties tab	On the Options tab
            Select the Capture user state option. Click Apply.	No action required

         2.  Updating the OSD Migrate Additional Capture Option step

            Click Add and from the menu, choose General > Set Task Sequence Variable.

            This optional step defines additional configuration options for USMT data capture. The native OSD task sequence variable OSDMigrateAdditionalCaptureOptions is used to modify the behavior of the user state capture process. By default, USMT will capture domain and local user account data and settings defined by the built-in capture files, migapp.xml and migdocs.xml. The example below shows how to exclude local user accounts (migrating local user profiles can be problematic if the local user account does not exist in the new OS). There may be other changes you want to make to the capture options. The Update OSDMigrateAdditionalCaptureOptions step executes if the variable has already been set (for example by the 1E WSA Actions step during initialization to configure user folder capture and encryption) and appends the new options to the existing variable value.

            On the Properties tab	On the Options tab
            Enter the following details: Step parameter Value Name Update OSDMigrateAdditionalCaptureOptions Task Sequence Variable  OSDMigrateAdditionalCaptureOptions Value  %OSDMigrateAdditionalCaptureOptions% /ue:%computername%\* Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter this detail: Variable OSDMigrateAdditionalCaptureOptions Condition exists Click OK. Click Apply.

         3.  Setting the OSD Migrate Additional Capture Options step.

            Click Add and from the menu, choose General > Set Task Sequence Variable.

            This step is similar to the previous step, but it only executes if the OSDMigrateAdditionalCaptureOptions does not already exist. It sets the variable to whatever additional options you want to include - the example shown will exclude local user accounts.

            On the Properties tab	On the Options tab
            Enter the following details: Step parameter Value Name Set OSDMigrateAdditionalCaptureOptions Task Sequence Variable OSDMigrateAdditionalCaptureOptions Value /ue:%computername%\* Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter this detail: Variable OSDMigrateAdditionalCaptureOptions Condition not exists Click OK. Click Apply.

         4.  Configuring the Capture User Files and Settings step

            Select the Capture User Files and Settings step

            If the Task Sequence is initiated through a WSA application that enabled the user to select files and folders to back up, the files and folders that the user selected will be captured in addition to whatever options are defined in this step. For example, if this step has the option Capture all user profiles by using the standard options selected then the Task Sequence will execute the capture using MigApp.xml and MigDocs.xml (note that MigDocs.xml will capture most files wherever they are on the PC, which in most makes the user selection in WSA redundant). If the option Customize how user profiles are captured is selected, the Task Sequence will execute the capture using whatever configuration files are defined in the step, in addition to the custom configuration file created based on the user selections in the Windows Servicing Assistant. If you are using WSA, a good starting point would be to select Customize how user profiles are captured and add MigApp.xml and MigUser.xml to the list of files. If you are using WSA and only want the user-selected files and folders to be captured, select Customize how user profiles are captured  but do not define any files.

            On the Properties tab

            On the Options tab

            Ensure the correct USMT package is selected. If necessary click Browse to locate the USMT package Ensure Capture locally by using links instead of by copying files is checked. As this Task Sequence will not format or repartition the disk, USMT data can be linked into the temporary Task Sequence data store and preserved until it needs to be restored. Configure the step to suit your user data and settings capture requirements (see info panel above).

            Select the Continue on error option. Click Apply.

   6.  Creating the Restart group

      Click Add and from the menu choose New Group. Move the new group down so it is a child of the Main group. i.e. appears at the same indent level as Capture Files and Settings.

      On the Properties tab	On the Options tab
      Name the group Restart.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable StartedInWinPE Condition not equals Value True Click OK. Click Apply.

      1.  Adding the Disable BitLocker step

         Locate and delete the Disable BitLocker step created in the base Task Sequence (Capture Files and Settings group). Select the Restart group, click Add and from the menu, choose General > Run Command Line. Ensure the new step appears as the first step in the Restart group.

         This step replaces the native Disable BitLocker step with a command-line step that uses the manage-bde command-line interface to disable BitLocker protection for all reboots until configured otherwise. The default CM step will only disable BitLocker for the next reboot.

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Disable BitLocker Command line manage-bde -protectors -disable C: -RC 0 Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable OSDBitLockerStatus Condition equals Value Protected Click OK. Click Apply.

      2.  Adding the Setup WinPE Boot step

         Click Add and from the menu, choose General > Run PowerShell script.

         This step is a workaround for an issue where Configuration Manager may stage the Windows PE boot image on a connected USB disk if it is larger than the local disk and then not be able to boot from it. The step creates a temporary file on the USB drive that fills it so CM cannot stage the boot image on the disk. The temporary file is later removed with the Teardown.ps1 script.

          

         On the Properties tab	On the Options tab
         Browse to the script package and enter these details: Step parameter Value Name Setup WinPE Boot Description Prevents TS staging the boot image onto a large USB disk by temporarily filling it. Package Browse to the Setup WinPE Boot  package Script name SetupWinPEBoot.ps1 Parameters PowerShell Execution Policy Set the PowerShell execution policy to Bypass. Click Apply.	No Action Required.

         
         

      3.  Installing the RasDialDisconnect service

         Click Add and from the menu, choose General > Run Command Line.

          

         This is an optional step to work around an issue identified on some Dell PCs where restarting the PC when connected to VPN on a wireless connection would cause the PC to blue-screen. It installs a service that disconnects the VPN connection when a shutdown is requested by the OS, which has been observed to prevent the blue-screen. The RasdialDisconnect service is installed using InstallRasdialDisconnectService.bat. A step is included towards the end of the TS to uninstall the service

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Install RasdialDisconnect service Command line InstallRasdialDisconnectService.bat Check the Package option and browse to the WSA Scripts package. Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable 1EWSA_RemoteUser Condition equals Value True Click OK. Click Apply.

      4.  Restart in Windows PE

         Click Add and from the menu, choose General > Restart Computer.

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Restart in WinPE The boot image assigned to this task sequence Selected Notifiy the user before restarting Checked Notification Message A new Microsoft Windows operating system is being installed. The computer must restart to continue. Click Apply.	No action required

      5.  Adding the 1E WSA Actions step

         Click Add and from the menu choose 1E OSD > 1E WSA Actions.

         The WSA Actions step must be executed after each reboot where drive letters may change or when switching between the full OS and Windows PE

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name 1E WSA Action Refresh Content Location Checked Switch Between online and offline content Checked Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable 1EWSA Condition equals Value True Click OK. Click Apply.

      6.  Installing and configuring Nomad in WinPE

         Click Add and from the menu, choose 1E Nomad > Install and Configure Nomad in WinPE.

         This step installs the Nomad agent in Windows PE. Refer to Nomad 6.3 - Install and configure Nomad in WinPE for further details on using this step.

         On the Properties tab	On the Options tab
         In License key, enter your license key. Enter the location for ActiveEfficiency in the ActiveEfficiency URL field. Configure the remaining parameters to suit your environment. It is important that the settings defined in this step correspond with the settings for existing Nomad peers on the network, otherwise the Task Sequence may not be able to obtain content from local Nomad peers. Click Apply.	No action required

      7.  Saving the Nomad cache

         Click Add and from the menu, choose 1E Nomad > Save Nomad Cache.

         This step saves the Nomad cache to the temporary Task Sequence storage. Refer to Nomad 6.3 - Save Nomad cache for further details on using this step

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Operation Move Wipe CCM Cache Checked Click Apply.	No action required

      8.  Deleting temporary files created to fill large USB drive to prevent boot image being staged on USB

         Click Add and from the menu, choose General > Run PowerShell Script.

         If the Setup WinPE Boot step created a temporary file to fill an attached USB disk (to prevent CM from staging the boot image on the USB disk), this step deletes that file.

         On the Properties tab	On the Options tab
         Enter the following details: Step Parameter Value Name Delete temporary USB disk fill Description Deletes the temporary file created to fill large USB drive to prevent boot image being staged on USB Package Browse to the WSA Scripts package Script Name Teardown.ps1 Parameters   PowerShell Execution Policy Set this to Bypass Click Apply.	No action required

   7.  Setting up the Installing and Setup Operating System group

      Select the Install Operating System group from our base task sequence and rename it Install and Setup Operating System – for simplicity we are combining the OS installation and Setup steps into a single group. Move it up so it appears as a direct child of the Main group and starts after the Restart group. Remove the Reboot in Windows PE step (this is no longer required as the Restart group takes care of it).

      

      1.  Configure Pre-provision BitLocker step

         Select the Pre-provision BitLocker step and configure the following conditions.

         On the Properties tab	On the Options tab
         No changes required	Click Add Condition and choose Task Sequence Variable Enter the following details Variable OSDBitLockerStatus Condition equals Value true

      2.  Cleaning up folders to remove files paths with trailing spaces

         Click Add and from the menu, choose General > Run Command Line.

         The Windowsapps folder may contain files paths with trailing spaces. This can cause the disk wipe and Apply OS installation task sequence step to fail. This is a known issue when performing a non-destructive installation of the new operating system and removal of the file before attempting to do so is advised.This step removes the WindowsApps folder found on any driver letter.

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Cleanup Folders Command line cmd.exe /c for %a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do @if exist %a:\"program files"\Windowsapps rmdir %a:\"program files"\Windowsapps /Q /S Click Apply.	No action required

      3.  Configure the Apply Operating System step

         Ensure the Apply Operating System task reflects the correct image package and Windows edition.

      4.  Applying Windows settings that best reflects your environment

         Highlight the Apply Windows Settings step.

         On the Properties tab	On the Options tab
         Populate the fields to suit your environment. Click Apply.	No action required

      5.  Setting up the Apply Networks Settings (Wired in Office) with settings that best reflects your environment

         Rename the Apply Network Settings step to Apply Network Settings (Wired in Office). 

         The domain join is a critical part of the deployment process and is required to be configured differently within the TS depending on location and connection type. The domain join is usually attempted directly after the new OS image has been applied using the native Apply Network Settings step. This step not only performs a domain join, but is also responsible for making other configuration changes to the host and must be allowed to complete successfully. At the point when Apply Network Settings typically runs, when operating over wireless or VPN, connectivity to the required domain will not exist.

         In order to allow the Apply Network Settings step to complete successfully at all locations and when using all types of connection, the Apply Network Settings step is used multiple times within the TS. The step is configured with the Join a domain setting and is conditioned to only execute when the deployment is running in an Office location with a wired connection. For a deployment at a Remote location or on wireless, an additional Apply Network Settings step is set to Join a workgroup. In this case network connectivity is not required and the step will complete successfully. For Remote or wireless locations, the domain join is performed later in the TS once connectivity to the domain has been established, using a native Join domain or Workgroup step.

         On the Properties tab	On the Options tab
         Populate the domain fields to suite you environment. Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable 1EWSA_RemoteUser Condition not equals Value True Variable 1EWSA_WiFiSSID Condition not exists Click OK. Click Apply.

      6.  Creating the Apply Network Settings (Remote or on WiFi)

         Copy and paste the Apply Network Settings (Wired in Office) step so that it is positioned directly beneath the original. Rename it to Apply Network Settings (Remote or on WiFi). 

         This step executes if the user is remote or if the PC is connected only to WiFi (in either of these scenarios the Task Sequence will not have access to a domain controller at this point). It joins the PC to a workgroup (the PC needs to be joined to a workgroup or domain for the CM client setup to succeed). Later, when connectivity is established, an additional step will be executed that will join the PC to the domain.

         On the Properties tab	On the Options tab
         Select the Join a workgroup option. In Workgroup, enter the name WORKGROUP.	Modify the If statement from All to Any. Modify the Task Sequence Variable conditions as follows: Variable 1EWSA_RemoteUser Condition equals Value True Variable 1EWSA_WiFiSSID Condition exists The conditions should appear as follows Click OK.

      7.  Creating the Drivers group

         With the Apply Network Settings (Remote or on WiFi) step highlighted, click Add and from the menu, choose New Group.

         On the Properties tab	On the Options tab
         Name the group Drivers – driver installation steps such as those using the Apply Driver Package step should be positioned within this group.	No action required

         Where device drivers are concerned, each hardware model targeted by the task sequence will require its own set of device drivers to be installed. The most common means of doing this is to use one or more native Apply Driver Package steps. Typically, organisations will be using many different models of computers. Within the task sequence, each model will requires it's own Apply Driver Package step, with the step conditioned using a WMI query referencing the correct make and model. For example, an Apply Driver Package step supporting a DELL Latitude 7480 is conditioned as follows:

         WMI Namespace	WQL Query
         root\cimv2	Select * from Win32_ComputerSystem WHERE Model Like '%Latitude 7480%'

         Task sequence driver installation implemented in this way is supported in WSA insofar as only that driver package whose WMI query matches the host make and model will be downloaded as part of WSA readiness. WSA also provides the option of failing the readiness, should it not be able to identify a matching driver package in the Task Sequence.

         Other means do exist of installing the correct set of device drivers during the running of the task sequence. The native Auto Apply Drivers step will download individual drivers based on the plug and play requirements of the host. However, this method of driver identification does have it's disadvantages. Drivers that may be required later to access external devices will not be installed. Also, although in the main reliable, plug and play detection has been known to give unpredictable results, on occasion. 

         Third parties have created custom solutions to allow the identification of the make and model and download of the relevant driver package, during the running of the task sequence. Such solutions are designed to streamline the Task Sequence reducing the overall number of steps required. However, they do require backend setup and configuration to configure the necessary web services and allow the correct driver package to be identified.

      8.  Adding the Copy CMTrace step

         With the Drivers group selected, click Add and from the menu, choose General > Run Command Line. Move the step down so it appears outside of the Drivers group but inside the Install and Setup Operating System group.
         

         This optional step copies CMTrace from the boot image to the Windows\System32 folder in the new OS. CMTrace is useful for diagnosing log files. This step should only be included if CMTrace.exe has been included in the boot image (in the sms\bin\x64 folder).

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Copy CMTrace Command line xcopy x:\sms\bin\x64\CMTrace.exe %OSDTargetSystemDrive%\Windows\System32\ /Y /F Click Apply.	No action required

      9.  Staging the Nomad package

         Click Add and from the menu, choose 1E Nomad > Stage Nomad Package.

         The Stage Nomad Package step is used in conjunction with the Install Nomad step. The steps alleviates the requirement of embedding the Nomad agent into the OS image in order to ensure the Nomad agent can be used as soon as the new OS has been installed.

         Refer to Nomad 6.3 - Stage Nomad package and Nomad 6.3 - Install Nomad for further details on using this step.

         On the Properties tab	On the Options tab
         In Nomad Package, browse to the Nomad installation package. Click Apply.	No action required

      10.  Setting up Windows and Configuration Manager

          Cut the Setup Windows and Configuration Manager step from the Setup Operating System group in the base task sequence. Select the Stage Nomad Package step, right-click and from its context menu, choose Paste.

      11.  Installing Nomad

          With the Setup Windows and Configuration Manager step highlighted, click Add and from the menu, choose 1E Nomad > Install Nomad.

          This step installs the Nomad agent in the new OS, using the package files staged in the earlier Stage Nomad Package step. Refer to  Nomad 6.3 - Install Nomad  for further details on using this step.

          On the Properties tab

          On the Options tab

          Enter Additional Installation Commands if required and click Apply. Any transform contained within the Nomad package referenced in the  Stage Nomad Package  step, will be automatically applied. If no other properties need be applied then the Additional Installation Commands field can be left blank If a transform is not used, or if additional Nomad installation properties must be specified, then these will be appended to the installation command-line if a transform is used. Note that additional MSI installation switches must not be specified in the Additional Installation Commands field.

          No action required

      12.  Restarting the computer

          Click Add and from the menu, choose General > Restart Computer.

          On the Properties tab	On the Options tab
          Enter the following details: Step parameter Value Name Restart Computer The currently installed default operating system Selected Notifiy the user before restarting Checked Notification Message  A new Microsoft Windows operating system is being installed. The computer must restart to continue. Click Apply.	No action required

      13.  Adding the 1E WSA Action step

          With the Restart Computer step highlighted, click Add and from the menu, choose 1E OSD > 1E WSA Actions. 

          The 1E WSA Actions step must be included whenever drive letters may have changed and when switching between Windows PE and the full OS.

          On the Properties tab	On the Options tab
          Enter the following details: Step parameter Value Name 1E WSA Actions Refresh Content Location Checked Switch Between online and offline content Checked Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable 1EWSA_RemoteUser Condition equals Value True Click OK. Click Apply.

      14.  Restoring the Nomad cache

          With the 1E WSA Actions step highlighted, click Add and from the menu, choose 1E Nomad > Restore Nomad Cache.

          This step restores the Nomad cache that was saved before the new OS image was installed. This ensures any content required by the Task Sequence is available to other peers when the Task Sequence completes. Refer to Nomad 6.3 - Restore Nomad cache  for further information on using this step.

          On the Properties tab	On the Options tab
          Enter the following details: Step parameter Value Operation Link Activate All Content Unchecked Click Apply.	No action required

      15.  Creating the create the Remote/Wfi Domain Join group

          With the Restore Nomad Cache step highlighted, click Add and from the menu, choose New Group.

          This group is executed if the Task Sequence was initiated through WSA and either the user is remote or the PC is on a WiFi connection. As the PC is now running in the full OS we can establish the VPN and WiFi connection to complete the domain join in this group.

          On the Properties tab	On the Options tab
          Name the group Remote/Wifi Domain Join	Click Add Condition > If statement Select Any condition, then add the following Task Sequence Variable conditions to the If statement Variable 1EWSA_RemoteUser Condition equals Value True Variable 1EWSA_WiFiSSID Condition exists Click OK

          1.  Connecting to VPN

             Copy the Connect VPN step from the Test Connection group and paste it as the first step in the Remote/WiFi Domain Join group. 

              

             This step establishes a VPN connection using credentials supplied by the user if the Task Sequence was initiated through WSA by a remote user.

          2.  Install the RasdialDisconnect service

             Click Add and from the menu, choose General > Run Command Line.

             This is an optional step to work around an issue identified on some Dell PCs where restarting the PC when connected to VPN on a wireless connection would cause the PC to blue-screen. It installs a service that disconnects the VPN connection when a shutdown is requested by the OS, which has been observed to prevent the blue-screen.

              

             On the Properties tab	On the Options tab
             Enter the following details: Step parameter   Name Install RasdialDisconnect service Command line InstallRasdialDisconnectService.bat Check the Package option and browse to the WSA Scripts package. Click Apply.	Check Continue on error

          3.  Adding settings to a join a domain or workgroup in your environment

             Click Add and from the menu, choose General > Join Domain or Workgroup. 

             At this point in the Task Sequence, the remote user will be connected to the corporate network via VPN and the machine can be joined to the domain using this step.

             On the Properties tab	On the Options tab
             Populate the fields to suit your environment. Click Apply.	No action required

   8.  Creating the BIOS to UEFI group

      With the Join Domain or Workgroup  step highlighted, click Add and from the menu, choose New Group. Move the group down so it appears as a child the Main group. i.e. it appears at the same level as Install and Setup Operating System.

      On the Properties tab

      On the Options tab

      Name the group 1E BIOS to UEFI

      Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable _SMSTSBootUEFI Condition equals Value False Click OK. Select the condition just created. Click Add Condition and choose If Statement > Any Condition Click Add Condition and select Query WMI Add each of the following so as separate WMI conditions WMI Namespace: root\cimv2 SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE "%Dell%" SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE "%HP%" SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE "%Lenovo%" Select * FROM Win32_ComputerSystem WHERE Manufacturer LIKE "%Hewlett-Packard%" The conditions should appear as follows:

      The 1E BIOS to UEFI group is responsible for converting the host system disk from legacy BIOS to UEFI and configuring the firmware settings required to implement the associated security features and settings.

      UEFI is a firmware standard required to support modern security features such as Secure Boot, Device Guard and Credential Guard. In configuring this task sequence, the BIOS to UEFI conversion is performed using the native Windows utilityMBR2GPT.exelocated inC:\Windows\System32on Windows 10 1703 editions and later.

      In the task sequence, conversion is conditioned to take place only if the host is running legacy BIOS. The 1E BIOS to UEFI application is a packages and ready set of task sequence steps that automate the necessary firmware reconfigurations on Dell, Lenovo and HP systems in order to allow Secure Boot, Device Guard, Credential Guard. and other settings to be turned on once the disk has been converted.  Full details on how to use 1E BIOS to UEFI and the supported hardware models, can be found here.

      1.  Disabling BitLocker

         Copy the Disable BitLocker step from the Restart group and paste it as the first step in the 1E BIOS to UEFI group.

         This step replaces the native Disable BitLocker step with a command-line step that uses the manage-bde command-line interface to disable BitLocker protection for all reboots until configured otherwise. The default CM step will only disable BitLocker for the next reboot.

      2.  Restarting in WinPE

         Click Add and from the menu, choose General > Restart Computer.

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name Restart in WinPE The boot image assigned to this task sequence Selected Notifiy the user before restarting Checked Notification Message Beginning the UEFI and MBR2GPT conversion. The computer must restart to continue Click Apply.	No action required

      3.  Adding a 1E WSA Action step

         Click Add and from the menu, choose1E OSD > 1E WSA Actions.

         The 1E WSA Actions step must be included whenever drive letters may have changed and when switching between Windows PE and the full OS.

         On the Properties tab	On the Options tab
         Enter the following details: Step parameter Value Name 1E WSA Action Refresh Content Location Checked Switch Between online and offline content Checked Click Apply.	Click Add Condition > Task Sequence Variable. Enter the following details: Variable 1EWSA Condition equals Value True Click OK. Click Apply.

      4.  Installing and configuring Nomad in Windows PE

         Copy the Install and Configure Nomad in Windows PE step from the Restart group and paste it directly after the 1E WSA Actions step.

         This step installs the Nomad agent in Windows PE. Refer to Nomad 6.3 - Install and configure Nomad in WinPE for further details on using this step.

      5.  Adding MBR2GPT to Windows PE

         Click Add and from the menu, choose General > Run Command Line.

         This step converts the disk format from MBR to GPT to support UEFI. Refer to https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt for further information on the MBR2GPT tool.

         On the Properties tab	On the Options tab
         Enter the following details: Parameter Value Name MBR2GPT in WinPE Command line MBR2GPT.EXE /disk:0 /convert /AllowFullOS /logs:%_SMSTSLogPath% Click Apply.	Click Add Condition > Task Sequence Variable. Enter the following details: Variable _SMSTSInWinPE Condition equals Value True Click OK. Click Add Condition > Query WMI. Create the WQL query condition shown: WMI Namespace: root\cimv2 select * from win32_diskpartition where deviceid like '%partition #0%' AND type like '%Installable%' Click Ok Apply.

      6.  Creating the Firmware Settings group

         Click Add and from the menu, choose New Group.

         This group configures the firmware if the MBR2GPT conversion completed successfully.

         On the Properties tab	On the Options tab
         Name the group Firmware Settings	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable _SMSTSLastActionSucceeded Condition equals Value True Click OK.

         1.  Defining 1E BIOS to UEFI password

            Click  Add  and from the menu choose  1E OSD > 1E BIOS to UEFI Password Setup

            This step defines the BIOS admin password(s) that will be attempted when the subsequent 1E BIOS to UEFI steps attempt to make changes to the firmware settings. Refer to Automating password authentication for changing BIOS settings for further details on using this step.

            On the Properties tab	On the Options tab
            Browse for the OEM Toolkit Package Name the step 1E BIOS to UEFI Define Password In the Password List, add any BIOS passwords that are used in the environment. Ensure the option No change is selected. Click Apply.	No action required

         2.  Setting the boot order

            Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI Boot Order.

            This step sets the boot order in the firmware. For further information on using this step, refer to Changing the BIOS boot order.

            On the Properties tab	On the Options tab
            Browse for the OEM Toolkit Package. Select Windows Boot Manager from the drop list. Click Apply.	No action required

         3.  Setting the secure boot order step

            Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI OEM.

            This step configures the firmware settings to enable UEFI, Secure Boot and other options. Refer to Working with BIOS to UEFI for further details on using this step. In order to ensure builds are successful when you enable Secure Boot, we recommended that client firmware is updated to the latest version and that you test Secure Boot on those hardware models targeted by the task sequence before deploying into a production environment.

            On the Properties tab	On the Options tab
            Browse for the OEM Toolkit Package. Select the UEFI Configuration option. Select the UEFI Native with Secure Boot option. Click Apply. When enabling Secure Boot, in order to ensure that builds are successful, we recommend: Client firmware is updated to the latest version Before deploying into production, Secure Boot is tested on those hardware models targeted by the task sequence.	No action required

         4.  Setting BIOS to UEFI passwords

            Click Add and from the menu, choose 1E OSD > 1E BIOS to UEFI Password Setup.

            This optional step sets the BIOS password to a predefined password and can be used to standardize on a single BIOS password. Refer to Automating password authentication for changing BIOS settings for further details on using this step.

            On the Properties tab	On the Options tab
            Browse for the OEM Toolkit Package. Add the BIOS passwords that is to be used in the environment.  Select the Set New Password option and choose the password from the list. Click Apply.	No action required

      7.  Restarting the computer

         Click Add and from the menu, choose General > Restart Computer. Move the step down so it appears outside of the Firmware Settings group but inside the 1E BIOS to UEFI group.

   9.  Adding a 1E WSA Action step

      Click Add and choose 1E OSD > 1E WSA Actions. Move the step down to position the step in the Main group.
      

      On the Properties tab	On the Options tab
      Enter the following details: Step parameter Value Name 1E WSA Action Refresh Content Location Checked Switch Between online and offline content Checked Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable 1EWSA Condition equals Value True Click OK. Click Apply.

   10.  Adding Connect VPN step

       Copy any instance of the Connect to VPN step (e.g. in the Remote / WiFi Domain Join group and paste it directly after the 1E WSA Actions step.

       This step establishes a VPN connection using credentials supplied by the user if the Task Sequence was initiated through WSA by a remote user.

   11.  Add the Create Nomad Application Policy step

       Select the Connect VPN step, click Add and from the menu, choose 1E Nomad Pre 6.0 > Create Nomad Application Policy. Move the step down so it appears outside the Install and Setup Operating System group but inside the Main group (at the same level as the Install and Setup Operating System group). There are no options to configure on this step.

       At this point in the Task Sequence the CM client does not properly use Nomad for Application deployments. This step creates a local client policy to enable Nomad for Applications, so subsequent Install Application steps in the Task Sequence use Nomad to obtain the content. Refer to Nomad 6.3 - Create Nomad application policy for further information about using this step.

   12.  Restart the CM service

       Select the Create Nomad Application Policy step, click Add and from the menu, choose General > Run Command Line.

       Restarting the CM agent service at this point, once network connectivity has been established, is necessary to enable subsequent software update and software installation steps to complete successfully.

       On the Properties tab	On the Options tab
       Add these details: Step parameter Value Command line cmd /c "net stop ccmexec && net start ccmexec" Name Restart CM service Description   Click Apply.	No action required

   13.  Relocate the Enable BitLocker step

       Cut the Enable Bitlocker step from the Setup Operating System group in the base task sequence and paste it directly after the Create Nomad Application Policy step. 

   14.  Relocate the Install updates step

       Cut the Install Updates step from the Setup Operating System group in the base task sequence and paste it directly after the Enable Bitlocker step.

   15.  Adding the 1E WSA Action step

       With the Install Updates step highlighted, click Add and choose 1E OSD > 1E WSA Actions.

       On the Properties tab	On the Options tab
       Enter the following details: Step parameter Value Name 1E WSA Action Refresh Content Location Checked Switch Between online and offline content Checked Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable 1EWSA Condition equals Value True Click OK. Click Apply.

       A software update may require one or more restarts of the host to complete it's installation. For a WSA deployment, it is important to note that in order for the Install Updates step to complete successfully, only a single restart of the host is permissible at completion of the step. If multiple restarts are anticipated, then multiple Install Update steps must be configured with intervening 1E WSA Actions and Connect to VPN steps. This allows a site connection to be established, before the next update is installed. In this task sequence it is anticipated that no update will require more than one restart of the host.

   16.  Connecting to VPN

       Copy any instance of the  Connect to VPN  step (e.g. in the Remote / WiFi Domain Join group and paste it directly after the 1E WSA Actions step.

       This step establishes a VPN connection using credentials supplied by the user if the Task Sequence was initiated through WSA by a remote user.

   17.  Copy the Restart the CM service step

       Copy the Restart CM Service step from above and paste it directly after the Connect to VPN step

       Restarting the CM agent service at this point, once network connectivity has been established, is necessary to enable subsequent software installation steps to complete successfully.

   18.  Add sleep time for CM agent

       With the Restart CM Service step selected, click Add and from the menu, choose General > Run Command Line.

       Once the ConfigMgr agent service has been restarted, pausing the TS allows application policy processing to be completed by the ConfigMgr agent, before execution of the TS Install Application step takes place.

       On the Properties tab	On the Options tab
       Enter the following details. Step parameter Value Name Sleep time for CM Client Agent Initialization Command line cmd /c ping localhost -n 180 > NUL Click Apply.	No action required

   19.  Installing the Tachyon Agent

       Click Add and from the menu, choose Software > Install Application.

       This step installs the Tachyon Agent. The Tachyon Agent monitors the execution of the Task Sequence and reports back success or failure to Shopping.

       On the Properties tab	On the Options tab
       Enter the following details: Step parameter Value Name Install Tachyon Agent Install the following applications Browse to the Tachyon Agent application Click Apply.	No action necessary

       If there are other applications that need to be installed on all machines, add them after the Install Tachyon Agent step. If applications were added when the Create Task Sequence wizard was run, move those steps up so they appear after the Install Tachyon Agent step.

   20.  Renaming the Setup Operating System group to Install Migrated Applications

       Select the Setup Operating System group in the base task sequence and configure it as follows

       This group contains the steps necessary to implement the 1E Application Migration feature.

       On the Properties tab	On the Options tab
       Rename the group Install Migrated Applications	Click Add Condition > If statement. Select Any condition, then add the following Task Sequence Variable conditions Variable 1EWSA Condition not equals Value True Variable 1EWSA_AppMigrationEnabled Condition exists Click Apply.

       1.  Getting the migration settings

          With the Install Migrated Applications group highlighted, click Add and from the menu, choose 1E Nomad > Get Migration Settings.

          The Get Migration Settings step in a wipe and load scenario will obtain the encryption key for USMT and will also set the SourceComputerName variable used by Application Migration. Refer to Nomad 6.3 - Get migration settings for more information about using this step.

          On the Properties tab	On the Options tab
          Select the Restore user state option. Click Apply.	No action required

       2.  Adding the 1E Application Migration step

          With the Get Migration Settings step selected, click Add and from the menu, choose 1E OSD > AppMigration.

          The AppMigration step calls the 1E Application Migration API to obtain a list of applications and packages that need to be installed based on the original inventory of the device and the Application Migration rules defined by the administrator. The step results in a series of variables (APPMIGxx and PKGMIGxxx) that identify the applications and packages to be installed. These variables are processed by teh Install Migrated Applications and Install Migrated Packages steps later in the Task Sequence. Refer to Using Application Migration in a task sequence for further information.

          On the Properties tab

          On the Options tab

          Enter the following details: Step parameter Value Web Service http://<SLA Platform Server>:<Port>/Platform/api/applicationmigration/getApplicationsToBeInstalled Domain\User Name The credentials of a user defined in the SLA platform Domain The FQDN of the domain that the current machine is in Source Computer Name Variable SourceComputerName Application Variable APPMIG Package Variable PKGMIG Click Apply.

          Click Add Condition and choose Task Sequence Variable. Enter the following details: Variable SourceComputerName Condition exists Click OK. Click Apply.

       3.  Creating the Install Migrated Apps group

          With the 1E Application Migration step highlighted, click Add and from the menu, choose New Group.

          On the Properties tab	On the Options tab
          Name the group Install Migrated Apps	Click Add Condition and choose Task Sequence Variable. Enter the following details below: Variable APPMIG01 Condition exists Click OK. Click Apply.

          1.  Setting the sleep time for CM client initialize step

             Click Add and from the menu, choose General > Run Command Line.

             This step waits for 3 minutes to allow the CM client to properly initialize before attempting to install applications.

             On the Properties tab	On the Options tab
             Enter the following details. Step parameter Value Name Sleep Time for CM Client Agent Initialization Command line cmd /c ping localhost -n 180 > NUL Click Apply.	No action required

          2.  Installing applications according to the dynamic variable list

             Click Add and from the menu, choose Software > Install Application.

             On the Properties tab	On the Options tab
             Enter the following details: Step parameter Value Name Install Migrated Applications Install applications according to the dynamic variable list Selected Base variable name APPMIG If an application installation fails, continue installing other applications in the list Check Click Apply.	Select the Retry this step if computer unexpectedly restarts option. Click Apply. This step should only be executed if the variable APPMIG01 exists. In this Task Sequence it is included in the Install Migrated Apps group, which has the condition applied. If the step is included in a Task Sequence outside of a group that has the condition, then the condition should be applied to this step.

       4.  Installing software packages in accordance with the dynamic variable list

          With the Install Migrated Applications step highlighted, click Add and from the menu, choose Software > Install Package. Move the step down so that is appears as a child of Install Migrated Applications i.e. at the same level as the Install Migrated Apps group.

          On the Properties tab	On the Options tab
          Enter the following details: Step parameter Value Name Install Migrated Packages Install software packages according to the dynamic variable list Selected Base variable name PKGMIG If installation of a software package fails, continue installing other packages in the list Check Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the following details below: Variable PKGMIG001 Condition exists Click OK. Click Apply.

   21. Move the Restore User Files and Settings group down so that it becomes a direct child of the Main group.

   22.  uninstalling the RasDialDisconnect service

       Click Add and from the menu, choose General > Run Command Line.

        

       This step uninstalls the RasdialDisconnect service and is only required if you have included the Install RasdialDisconnect Service step earlier in the Task Sequence.

       On the Properties tab	On the Options tab
       Enter the following details: Step parameter Value Name Uninstall RasdialDisconnect service Command line UnInstallRasdialDisconnectService.bat Check the Package option and browse to the WSA Scripts package. Click Apply.	Click Add Condition and choose Task Sequence Variable. Enter the details below. Variable 1EWSA_RemoteUser Condition equals Value true Click OK. Click Apply.

3.  Finalizing the task sequence

   Click Add and from the menu, choose 1E > OSD > 1E WSA Actions. Move the step down to the root of the task sequence – at the same level as Main.

   The 1E WSA Actions step is the last step to execute in the Task Sequence. At this point it executes the Finalize actions, which for a wipe and load task sequence cleans up the USB (if used and the administrator enabled the option to clean up USB). If o steps in the Main group failed, this step will return 0 (success). If any step in the Main group failed and was not configured to continue on error, this WSA Actions step will return the exit code that the failed step returned.

   On the Properties tab	On the Options tab
   Select the Finalize option	Click Add Condition > Task Sequence Variable. Enter the following details: Variable 1EWSA Condition equals Value True Click OK. Click Apply.

4. Click OK to save the task sequence.