Remove (Provisioned)Appx Packages

 

phase1-after.vbs:

Utils.Run "powershell.exe -ExecutionPolicy Bypass -Command ""Get-AppxPackage -AllUsers * | Remove-AppxPackage""", 0, False
Utils.Run "powershell.exe -ExecutionPolicy Bypass -Command ""Get-AppxProvisionedPackage -online  | Remove-AppxProvisionedPackage -online""", 0, False

 

phase1-after.ps1:

Get-AppxPackage -AllUsers * | Remove-AppxPackage
Get-AppxProvisionedPackage -online  | Remove-AppxProvisionedPackage -online

 

 

Appending netsetup.log to ztoolkit.log

In phase2 of an ENGL Imaging Toolkit's build process a device is joined to a Windows domain. %systemroot%\debug\netsetup.log is the log file where the join process is logged.

If you can't join a computer to an Active Directory domain, or if a computer can't communicate with any other computer in the network, the situation might be the result of join and authentication problems. TechNet article "Join and Authentication Issues" has more information about issues and how to troubleshoot these.

'netsetup.log' is the logfile which gives you more information. For troubleshooting purposes it might be convenient to have this information in ztoolkit.log as well. This little vbscript, to be run in phase2-after.vbs, appends the slmgr.log to ztoolkit.log:

AppendNetsetupLogfile()

Function AppendNetsetupLogfile

  on error resume next

  Set FSO = CreateObject("Scripting.FileSystemObject").OpenTextFile("c:\windows\debug\netsetup.log",1)
  strNetSetupLogging  = FSO.ReadAll()
  FSO.Close

  Status = Utils.AppendLog("phase2-after.vbs: " & strNetSetupLogging  )

  If Err.Number <> 0 then  
    'MsgBox "An error occured in routine AppendNetsetupLogfile()"
    Status = Utils.AppendLog("phase2-after.vbs: " & "AppendNetsetupLogfile()" & " an error occurred " & Err.Number)
  Else
    Status = Utils.AppendLog("phase2-after.vbs: " & "AppendNetsetupLogfile()" & " successfully")
  End If
 
End Function

Importing certificates during ENGL build process

If you need to import certificates during the ENGL Imaging Toolkit build process, you can use "certutil.exe" which is a Microsoft utility included by default with Windows 7, Windows 8, Windows Server 2008 and Windows Server 2012.

E.g. if you want to import the Oracle certificate which is needed to install the drivers for VirtualBox, you could use this vbscript code to include it in one of the phase scripts (.vbs):

'Import the Oracle Corporation Certificate in order to install VirtualBox 4.x
Utils.Run "certutil -addstore TrustedPublisher ""c:\ztoolkit\oracle corporation.cer""", 0, False

Just make sure to add the certificate itself as a custom file to your ENGL project. You can also import P12 certificates using certutil.exe:

'Import P12 certificates
Utils.Run("certutil -f -importPfx -p ""rovabu"" ""c:\ztoolkit\http_proxy_signing_ca.p12"""),1,True

When "to-be" installed applications in phase3 are depending on these certificates, it's recommended to use a phase1 of phase2 script.

 

Using different OU's for an AD domain join

In phase2 of an ENGL Imaging Toolkit's build process a machine is joined to AD, if you have configured the 'Active Directory / Workgroup' options in your ENGL project.

Sometimes you need to register a device in more than one OU. This little vbscript, to be run in phase2-before, set two variables AD_REGISTRATION_OU and AD_REGISTRATION_DOMAIN. These variables then can be used as %AD_REGISTRATION_OU% and %AD_REGISTRATION_DOMAIN% in your ENGL project.

In this vbscript the default gateway of the IP adapter is being read, using WMI. Based on the default gateway the two variables are set accordingly. You can also use other adapter properties, which are described in this MSDN article about the Win32_NetworkAdapterConfiguration class.

 

SetADRegistrationOU()


Function SetADRegistrationOU

  on error resume next

  Status = Utils.AppendLog("phase2-before.vbs: " & "SetADRegistrationOU()")

  Dim strDefaultGateway
  Dim oDG, oDGs, WMI    

  strDefaultGateway = Empty      
  Set WMI = GetObject("winmgmts:\\.\root\cimv2")  
  Set oDGs = WMI.ExecQuery _  
  ("Select * from Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")  
 
  For Each oDG in oDGs  
    If Not IsNull(oDG.DefaultIPGateway) And Not oDG.defaultIPGateway(0) = "0.0.0.0" Then  
       strDefaultGateway = oDG.DefaultIPGateway(0)  
       Exit For  
    End If
  Next

  Status = Utils.AppendLog("phase2-before.vbs: " & " default gateway is: " & strDefaultGateway)

  select case strDefaultGateway
   case "10.114.0.1"
     status = Utils.SetSystemEnvironmentVariable("AD_REGISTRATION_OU", "ou=workstations,ou=rovabu hq,dc=rovabu,dc=nl")
     status = Utils.SetSystemEnvironmentVariable("AD_REGISTRATION_DOMAIN", "rovabunetworks.nl")
   case "10.101.0.1"
     status = Utils.SetSystemEnvironmentVariable("AD_REGISTRATION_OU", "ou=laptops,ou=rovabu hq,dc=rovabu,dc=nl")
     status = Utils.SetSystemEnvironmentVariable("AD_REGISTRATION_DOMAIN", "rovabunetworks.nl")
   case Else
     status = Utils.SetSystemEnvironmentVariable("AD_REGISTRATION_OU", "ou=workstations,ou=rovabu hq,dc=rovabu,dc=nl")
     status = Utils.SetSystemEnvironmentVariable("AD_REGISTRATION_DOMAIN", "rovabunetworks.nl")
  end select

  If Err.Number <> 0 then  
    MsgBox "An error occured in routine SetADRegistrationOU()"
    Status = Utils.AppendLog("phase2-before.vbs: " & "SetADRegistrationOU()" & " an error occurred " & Err.Number)
  Else
    Status = Utils.AppendLog("phase2-before.vbs: " & "SetADRegistrationOU()" & " successfully")
  End If
 
End Function  

Allow remote connections to this computer

When you deploy Windows Server 2012 using an ENGL Imaging Toolkit project for Windows Server 2012, you can include in a phase1-after.ps1 powershell script to enable 'Remote Connections':

 

Use these three commands in phase1-after.ps1:

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1
Set-NetFirewallRule -DisplayGroup 'Remote Desktop' -Enabled True

The first two commands take care of setting the correct registry keys.
'Set-NetFirewallRule' changes your firewall settings in order to allow using 'Remote Desktop' through your firewall.

 

 

 

More Articles ...