6

I'm setting up Windows Deployment Services (WDS) for Windows Server 2012 unattended deployments using the default boot.wim file found on the install media. I have a PowerShell script that performs automated customisations for our site. I want this script to be run during the specialize pass, so I don't have to mess about with auto logins and to be able to save myself a reboot during provisioning. The script doesn't appear to run and the logs only give an unhelpful error code.

Here is the relevant part of my unattend file:

    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Credentials>
                        <Domain>WDSSERVER</Domain>
                        <Password>APASSWORD</Password>
                        <Username>AUSERNAME</Username>
                    </Credentials>
                    <Path>"c:\windows\system32\windowspowershell\v1.0\powershell.exe" -executionpolicy unrestricted -command "\\<REMOTESERVER>\reminst\customize\specialize.ps1"</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>

In response to request from kce. Here's the script itself:

write-host "Executing customisation script."
write-host "enabling powershell script execution"
Set-ExecutionPolicy Unrestricted

write-host "Bringing non-system disks online..."
Get-Disk | Where-Object IsOffline –Eq $True | Set-Disk –IsOffline $False
Set-Disk -Number 1 -IsReadOnly $False
Set-Disk -Number 2 -IsReadOnly $False

write-host "Setting up NTP..."
W32tm /register
start-service w32time
w32tm /config /manualpeerlist:uk.pool.ntp.org
restart-service w32time
Set-Service W32Time -StartupType Automatic
sc triggerinfo w32time start/networkon stop/networkoff
sc config W32Time start=auto

write-host "Determining system RAM and setting pagefile..."
$RAM = Get-WmiObject -Class Win32_OperatingSystem | Select TotalVisibleMemorySize
$RAM = ($RAM.TotalVisibleMemorySize / 1kb).tostring("F00")
write-host "disable automanage"
wmic computersystem set AutomaticManagedPagefile=False
Write-Host "removing old pagefile"
wmic pagefileset delete
write-host "creating new pagefile on E:\"
wmic pagefileset create name=“e:\pagefile.sys”
write-host "set size"
$PageFile = Get-WmiObject -Class Win32_PageFileSetting
$PageFile.InitialSize = $RAM
$PageFile.MaximumSize = $RAM
[void]$PageFile.Put()

write-host "Disabling Windows Firewall..."
netsh advfirewall set allprofiles state off

write-host "Enabling powershell remoting..."
Enable-PSRemoting -Force

write-host "Sorting out remote management trusted hosts..."
winrm s winrm/config/client '@{TrustedHosts="*"}'

write-host "Disabling Windows error reporting..."
Disable-WindowsErrorReporting

write-host "Installing VMware Tools..."
c:\vmware-tools.exe /S /v"/qn"
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
snoweagle
  • 121
  • 1
  • 2
  • 8
  • Edited for the proper powershell command to get around the executionpolicy thing – snoweagle Feb 14 '13 at 16:12
  • What is the unhelpful error code in your logs? Also, what's the script itself doing? – MDMarra Feb 14 '13 at 16:17
  • the "error I'm getting" is: executing synchronous user provided commands STATUS: SUCCESS (0x00000001) – snoweagle Feb 14 '13 at 16:35
  • It sounds like you should do some logging in your script, then. Have it write all output to a text file and look at that to see what you get. Also write $ERRORS to it as well. It seems like your script is executing and completing, but something is going wrong with the actual contents of the script itself. – MDMarra Feb 14 '13 at 16:39
  • The Job of the script is to: configure ntp, bring non systems disks online, setup the page file, disable windows firewall, enable powershell remoting, import & apply a local security policy file, and install vmwaretools. Though at the moment I've commented out everything except the disk online command for testing. The script itself works fine when run manually post install, I just need these changes done unattended and the specialize pass seems to be the sensible place to put them so they're applied by the time 1st boot happens. If there's a better way I'm all ears :) – snoweagle Feb 14 '13 at 16:40
  • 1
    I'd echo the output of `whoami` while that script is being run. Even though you provide credentials, I get the sneaking suspicion it's running as `SYSTEM`. Have you tested to see if your script works as `SYSTEM` using something like `psexec -s c:\windows\system32\windowspowershell\v1.0\powershell.exe" -executionpolicy unrestricted -command "\\\reminst\customize\specialize.ps1"` – MDMarra Feb 14 '13 at 16:44
  • Thanks - I'll get on that. Sanity check though do you know if powershell supported by this boot image? Seeing non zero return makes me think something's wrong and that success refers to the completion of the attempt to run the script. – snoweagle Feb 14 '13 at 16:50
  • 1
    I've run it in OOBE with autologon and the last command being `shutdown /r /t 10`. I've never tried it in Specialize, since some things in Windows 7 would balk at being installed during that phase, like SQL Server. – MDMarra Feb 14 '13 at 16:59
  • Your script sounds very handy. Is there any chance you'd be willing to share it? –  Apr 12 '13 at 20:42
  • I've added the script, and have in the end just gone for running it in OOBE instead, like mentioned above, which is working fine, though it adds an extra reboot its sufficient for our purposes. – snoweagle Apr 15 '13 at 15:30

1 Answers1

2

From what I'm reading, an uncaught throw results in the exit code being one. Also, you're passing in the script path through the -command switch, when it should be passed through the -file switch; see the reference. -command will treat your string as a command and since it's a file path, it will throw one of those same red-letter exceptions we love in the PowerShell window, and voila! Exit code 1 since the exception is uncaught. All that is speculation of course, unless

"powershell.exe" -executionpolicy bypass -noprofile -file "\\<REMOTESERVER>\reminst\customize\specialize.ps1"

actually works, assuming the account it's running under has permissions to the fileshare. To avoid those permission issues you could just paste the code in the answer file between {} and then you would use the -command option,

"powershell.exe" -executionpolicy bypass -noprofile -command {...}
Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
MDMoore313
  • 5,531
  • 6
  • 34
  • 73