How to use MDT Applications for PDQ push requests
Recently, I was asked to limit the number of Task Sequences in MDT. We had a TS for every Office version, combined with some OS verions, so we had a lot of work when we changed something (copy every change to all task sequences).
Until now, we used the "Run Command Line" step to start single PDQ push requests, using the "Run this step as the following account" option. There we set the proper domain account and the installation was successful. We could add a number of these command line push requests and everything worked just fine. The command line we use:
cmd /c \\PDQServer\Deploymentshare$\Scripts\psexec.exe \\PDQServer -u domain\user -p Password -h -accepteula "c:\program files\Admin Arsenal\PDQ Deploy\pdqdeploy.exe" Deploy -Package "PDQ Package name" -Targets %Computername%
To limit the number of TS’s, I had the idea of using MDT applications. There you can select the applications you want to install during the Deployment Wizard. So I went ahead and created some applications using the same command line as above. I didn’t set a working directory. In customsettings.ini I added the line: SkipApplications=NO
But I ran into a problem: The MDT Task sequence runs with the local administrator, and that account is not allowed to connect to our domain joined PDQ server. The "Install Application (Install multiple installations)" step has no option to run as a different user. Although the domain user was included in the command line, it simply didn’t work. Result: no software was installed. My first approach was changing the logged on user so the task sequence could continue with the needed permissions. That didn't work as expected either, the task sequence did not continue after login.
Now the solution:
The "Install Application" step launches ZTIApplications.wsf script. So at first, I replaced the standard "Install Application (Install multiple installations)" step by a "Run Command Line" step that launches the same script:
Command line: cscript \\PDQserver\deploymentshare$\scripts\ZTIApplications.wsf
Start in: \\PDQserver\deploymentshare$\scripts
Run this step as the following account: domain\user
I also checked the "Load the user's profile" box.
That also didn’t do the whole trick. Now I was missing the Application page in the deployment wizard…
So, after the command line created in the step above, I added the normal "Install Application (Install multiple installations)" step again.
Eureka! Now I have the select application page back, ZTIApplications.wsf will be launched a first time as the domain user, and install everything I selected. After that ZTIApplications.wsf will be launched for a second time as the local administrator, but it won’t try to install any software again, as everything was already installed. The BDD.log file shows this:
“Application {1fa07a58-6aaf-4a1c-82c7-06a8a100e09c} has already been installed, will not install again.”
That’s all, enjoy!
Comments
Maybe a last tip. You can already check some applications in the list, if you add the Application GUID in customsettings.ini. For example:
Applications001={1fa07a58-6aaf-4a1c-82c7-06a8a100e09c}
Applications002={4f7f5190-3f9c-44d5-9f37-0b600a399b0d}
If you want some applications to be mandatory (so the can't be unchecked):
MandatoryApplications001={1fa07a58-6aaf-4a1c-82c7-06a8a100e09c}
MandatoryApplications002={4f7f5190-3f9c-44d5-9f37-0b600a399b0d}
Hi Patrick,
I'm in a similar situation, I've been trying to get my MDT Task Sequence Applications to trigger a powershell script as a domain user.
I followed your guide but I'm still running into issues. The error code I'm getting is:
"WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated. "
The user I'm running as is a PDQ Console user.
Any help would be much appreciated, thanks!
In order to invoke a command from a non domain computer to a domain computer you will have to negotiate your authentication. Example:
$PDQServer = PDQServerName #OR IP / FDQN
$PackageName = "Master Image Deployment" #Name of your package
$scriptblock = {
pdqdeploy.exe Deploy -Package $PackageName -Targets $env:Computername #local computer
}
Invoke-Command -ComputerName $PDQServer -Credential domain\user -Authentication Negotiate -ScriptBlock $scriptblock
Hi jrider, my goal was to have the "Application select page" from the MDT Wizard (ZTIApplications.wsf), and have that executed as a domain user. In the background, all my applications are made from a similar script as yours.
Partrick:
My mistake. Sorry, I do not work with MDT.
Please sign in to leave a comment.