It’s a good idea to create a separate ConfigMgr client package to use in OS deployment. By doing this, you will get more control over it than the default read-only package.
This is how I usually set it up to work together with Jason Sandys startup script as well.
Download the startup script from Jason Sandys Blog and get the SCCMClientHotfixPath script from The Deployment Guys
Create a folder called “ConfigMgr_Client_with_Hotfix”, then create another folder called Client inside that one. Copy the content from “\\cm01\SMS_PS1\Client” to the newly created Client folder. In the Client folder create a Hotfix folder and copy the content from “\\cm01\SMS_PS1\hotfix\KB3074857\Client” to that folder. When this is done copy the SCCMClientHotfixPath.wsf script to the client folder, you also need to copy ZTIUtility.vbs into the client folder, This file you’ll find in your MDT Files Package. Your folder structure should look something like this.
Copy the startup script from Jason Sandys to the root of the “ConfigMgr_Client_with_Hotfix” folder. Also create a “Logs” folder at this location and give Authenticated Users modify permission to it so the startup script can write error logs to the folder. (This folder should remain empty if everything works fine)
Make your personal changes to ConfigMgrStartup.xml For reference, review the ConfigMgr Startup Script.pdf that follows with the script download. This is how my sample file looks like:
<Option Name="SiteCode" >PS1</Option>
<Option Name="Delay" >5</Option>
<CCMSetupParameter Name="noservice" />
<ServiceCheck Name="BITS" State="Running" StartMode="Auto" Enforce="True" />
<ServiceCheck Name="winmgmt" State="Running" StartMode="Auto" Enforce="True" />
<ServiceCheck Name="wuauserv" State="Running" StartMode="Auto" Enforce="True" />
<ServiceCheck Name="lanmanserver" State="Running" StartMode="Auto" Enforce="True" />
<ServiceCheck Name="RpcSs" State="Running" StartMode="Auto" Enforce="True" />
<RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="EnableDCOM" Expected="Y" Enforce="True" Type="REG_SZ"/>
<RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="EnableRemoteConnect" Expected="Y" Enforce="False" Type="REG_SZ"/>
<RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="LegacyAuthenticationLevel" Expected="2" Enforce="False" Type="REG_DWORD"/>
<RegistryValueCheck Key="HKLM\SOFTWARE\Microsoft\Ole" Value="LegacyImpersonationLevel" Expected="2" Enforce="False" Type="REG_DWORD"/>
Now its time for the GPO. Create a GPO and edit so it looks something like this.
Next time a computer reboots it will check if it has the latest client version and patches- if not, the script will update it for you :)
On to the OSD part.
Create a Package in the ConfigMgr console and name it “ConfigMgr Client with Hotfix” with source files pointing to “\\cm01\sources$\OSD\ConfigMgr_Client_with_Hotfix\Client”. Don’t create a program for the package.
In the Task Sequence. Create a Task Sequence Variable called “SMSClientInstallProperties” before the “Setup Windows and ConfigMgr” step. Under “Value” type in the special properties you might have.
Next up is the SCCMClientHotfixPath.wsf script, Add a Run Command line step, name it “Set ConfigMgr Client PATCH Paths” and select the “ConfigMgr Client with Hotfix” package.
For the command line, type “cscript.exe SCCMClientHotfixPath.wsf”
Now, in the “Setup Windows and ConfigMgr” step change the client package to “ConfigMgr Client with Hotfix” that we created earlier and remove any properties you might have.
(They should now be in the SMSClientInstallProperties step instead)
Why the SCCMClientHotfixPath script ?
Instead of using something like this PATCH=”C:\_SMSTaskSequence\OSD\PS10006E\Hotfix\X64\kb977384\configmgr2012ac-r2-kb3026739-x64.msp” the SCCMClientHotfixPath script searches the “\hotfix\i386” and “\hotfix\x64″ folders after any patches and then copies them to C:\Windows\Temp\Hotfix folder and uses this path C:\Windows\Temp\hotfix\configmgr2012ac-r2-kb3026739-x64.msp for install. This way the patch is still there if the client needs to do a repair.
The default behavior in the SCCMClientHotfixPath script is to search in both folders “\i386\hotfix” and “\x64\hotfix” for hotfixes.
Instead of having two hotfix folders I change four lines in the script so it uses the hotfix folder in the package we created instead (\hotfix\x64 and \hotfix\i386).
Hope this will save you some time with next CU or upgrade. When it’s time to upgrade just copy the new files to your new client package and update the Distribution point(s). And then change the ConfigMgrStartup.xml to the right client version and you are good to go for deployment of the new client. OSD will find the patches if there are any and the startup script will check if the version is correct on the already deployed computer.