Required Reading: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 – Microsoft Support Related: KB5025885 – Updating your USB Boot Media – Leveraging OSD Module ConfigMgr Task Sequence – KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 Words of Warning Once you’ve applied the mitigations outlined in the KB, the device is difficult to work with when it comes to boot media / reimaging. Personally, I’d only do this on some lab test machines, and not rollou ..read more

Required Reading: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 – Microsoft Support This is what I came up with in my lab for applying the remediations. I’ve had 2 successful tests so far, 1 VM and 1 Physical HP device. So please TEST TEST TEST!!!! I’m uploading it now so people can mess with it and hopefully it might save them a little time. Download: KB5025885 Remediation TS (11 downloads ) I’m not going to go over it now, maybe in the future I’ll come back and explain it. Please look at each step and each condition. If y ..read more

From Series: OSD HP Image Assistant Revisited – an Overview – Page has link to GitHub & TS Exports This is the last topic I’m covering, because it’s the most complicated one. This can look a lot of different ways depending on the way you want to implement. I’m going to demo two potential ways you can do it yourself, one using a one step to one platform method, and the other doing everything dynamically. If you have any questions as you work through the post, please let me know, it’s a lot of content to create, and sometimes in my head I might have covered everything, when in fact, I missed ..read more

From Series: OSD HP Image Assistant Revisited – an Overview – Page has link to GitHub & TS Exports So in this blog series, now we’re moving to hosting the HP Softpaqs (Driver / Firmware etc Updates) ourselves, on our network, so we don’t need to download from HP, saving bandwidth, hopefully time, and having full control over the process. Required Reading: HP Developers Portal | HP Image Assistant new /Force switch HP Developers Portal | SoftPaq Repository GitHub: ofelman/HPIA-Repository-Downloader Building the Offline Repo To create the Offline Repo, you need HPCMSL on the computer you p ..read more

From Series: OSD HP Image Assistant Revisited – an Overview – Page has link to GitHub & TS Exports So this is pretty close to the last post, but here we’re going to take control over the content getting installed. We’re going to be creating reference files to feed into HPIA. What I’ve done, I create reference files quarterly. I take the new reference files and place in the “Dev” Package, and do my testing, once I’m happy with it, I copy them (overwrite) the ones in the Prod packaged, effectively prompting them into Production. I use this same idea for deployment rings, to ensure that HPIA ..read more

From Series: OSD HP Image Assistant Revisited – an Overview – Page has link to GitHub & TS Exports In this post, I’m going to cover the most basic use of using HPIA in a task sequence, and running the defaults, pulling the latest content from HP’s cloud servers. Pros: Latest and most updated / secure content Nothing to manage Simple Cons: Content changes regularly, removing your ability to have consistency in your fleet Giving up control This is similar to Microsoft’s autopatch. Do you want to set it and forget it? If you have a simple environment, mostly web applications, are doin ..read more

I’m revisiting using HP Image Assistant or HPIA as we call it, during OSD in a Task Sequence. I’ve previous posted a method here: Deploying HP Driver Updates with Image Assistant and ConfigMgr Task Sequences – GARYTOWN ConfigMgr Blog Recommended Reading: HPIA’s User Guide, get to know your command line options Just a quick a note, during OSD, I recommend following this process: Apply the latest driver pack for the platform during WinPE (DISM Apply Drivers) Driver Packs (64-bit) | HP Client Management Solutions HPCMSL: Get-SoftpaqList -Platform ABCD -OS Win11 -OSVer 21H2 -Category driverPack ..read more

TLDR: Script on GitHub: garytown/OSD/ARM64/Create-WinPEARM64.ps1 NOTE, this will be the first of a few posts dealing with my ARM devices experience. I now have a single ARM test device (consumer grade Samsung Galaxy Book Go – NP340XLA-KA1US) and hopefully a MS Surface device soon, and eventually some yet to be released HP devices. Future posts will go into imaging those devices, and the experienced gained… back to the regular post… So recently ConfigMgr TP added support for OSD on ARM64. I have yet to try that, as I haven’t felt like setting up a TP just to test this feature. I also didn’t hav ..read more

First, let me start by saying, yes, a frontend like UI++ is amazing, and if you’re looking for a really powerful way to do user driven task sequences, a quality community front end is a great way to go. This post, and the last couple posts are a simplified method to collect one piece of information, and act on it. The scripts are simple, 90% taken directly from Microsoft Learn pages, and modified to work in a task sequence with variables. I enjoy projects like this, it’s a couple hours of time to come up with this, build it, and test it. They help me to keep sharp with task sequence skills. Co ..read more

Ok, why would you need this? I don’t know. But today I saw a request from someone on Reddit who wanted a way to prompt for a computer name, but wanted it really simple, no Front ends, and didn’t want to set the variable on the collection to be gathered. NOTE, this works in WinPE. If you want this to work in the Full OS, you have to modify the command line to leverage ServiceUI, which I’m not going to cover here. My Solution: Run Command Line Step: cmd.exe /c start /wait cmd.exe /c PowerShell $Input = Read-Host -Prompt 'Favorite TV Show' ; $tsenv = new-object -comobject Microsoft.SMS.TSEnviron ..read more