Invoke CM_Build over the Web

Updated 10/15/2017 – Added -Override example


First off: WTF is CM_BUILD?

CM_BUILD is a PowerShell script that configures a “vanilla” Windows Server machine into having Configuration Manager Current Branch installed.  This includes ADK, MDT, Server Roles and Features (WSUS, BITS, etc.), SQL Server, ConfigMgr itself, and a few goodies like Right-Click Tools, ConfigMgr Toolkit.  The GitHub repo has a cute readme markdown page filled with overcaffeinated gibberish on how to use it.  CM_SiteConfig is the “part 2” to cm_build, which configures ConfigMgr into a semi-functional site.

Short answer:

Okay, why CM_BUILD?

I don’t know.  Why do we do anything?  For the thrills? I could have taken up robbing banks, raising a crocodile farm, or breaking world records of swilling down cans of Four Loco while working on electrical equipment.  But I chose the boring life.  And while I’m bored, I hate clicking buttons repeatedly, so …

I got inspired by Johan and Mikael’s ConfigMgr Hydration Kits and Deployment Fundamentals Vol. 6 book examples, and Niall’s noob scripts, (I know it’s not actually called that, but it sounds cool to say “Niall’s noob scripts“), and after 45 cups of terrible coffee I said “I can shove all that into an XML file and call my JSON friends up and laugh hysterically at them, saying things like ‘You and your snotty little JSON drivel!  Always mocking poor, starving little XML.  Well, I’ll have you know I can still write XML, and probably even a little COBOL! So what do you think of that?!  Hello?  Hello?  Did you just hang up on me?!! WTF!

Anyhow…. Hold on, I need to get my dog outside before she has an accident….

okay, I’m back.

Why Invoke it over the Web?

There are several potential reasons for wanting to do this:

  • I was really bored and it’s been raining all freakin day, and…
  • It’s 3am and I can’t sleep, and…
  • I saw this, and …
  • I wanted to pull this off within Azure, using a VM extension, without having to import any actual files, and it would be cool to tie all this together with a runbook so I can send a text message “new lab configmgr p01“, to fire off a lab build in Azure and have it text me back “your stupid lab is ready, now leave me alone!” then I can forget it’s still running and it runs all my MSDN credits down to $0 until the next monthly cycle, and…
  • I scrolled through Dan Bilzerian’s twitter feed just long enough to hate my boring life, and needed a distraction, and…
  • It seemed like something cool to try


Time to put on a poker face and act serious now.  The example below calls the cm_build.ps1 script from the GitHub master branch URL, converts it into a -ScriptBlock object, and passes in the -XmlFile parameter value using the Github Gist raw URL (you can make your own by copying the cm_build.xml into your own “secret” Gist, so you don’t openly share sensitive information to the whole world)

$ps1file = ''
$xmlfile = '<your-gist-raw-url>'

$script = Invoke-WebRequest $ps1file
$scriptBlock = [ScriptBlock]::Create($script.Content)
Invoke-Command -ScriptBlock $scriptBlock -ArgumentList @($xmlfile, $True, $True, $True)

But you can also invoke the interactive gridview menu using the -Override parameter, by simply appending one more $True into the -ArgumentList array.

Invoke-Command -ScriptBlock $scriptBlock -ArgumentList @($xmlfile, $True, $True, $True)

Then you get this budget-sized, corner-cutting, hack of a menu to choose from…override-gui

You may see a red warning about “Split-Path : Cannot bind argument to parameter ‘Path’ because it is null.”  I’ll fix that soon.  It only impacts the log output, but nobody reads log files anyway, right?

Anyhow, it’s 3:33 am, and I’m still typing, which is probably bad for my health, but if two people read this and it actually provide useful information one of you, mission accomplished.  Actually, I know for a fact this is bad for my health.  Regardless, I ran the above snippet (with a real URL in the $xmlfile assignment) in my Hyper-V duct-tape and chewing gum lab at home, and it worked like a charm.  Now I can log into the server, open the ConfigMgr console and proceed with CM_SiteConfig, or apply real world tactics and break the ConfigMgr site entirely and start over.



My Favorite Ignite 2017 Sessions

Just a heads-up: Not all of the sessions I attended or enjoyed most are posted yet.  And some sessions might not have been recorded (expo area mostly).  Also, some of the videos have flaky audio.  Enjoy!


[ PLACEHOLDER FOR BRANCH CACHE SESSION (when it becomes available) ]


I Finally Got a Nap after MS Ignite 2017

Microsoft Ignite 2017.  Orlando Florida.  September 2017

It’s been a week indeed.  This post might be humorous, and it might not be.  My brain is still re-assembling after a busy week and finally getting some much-needed sleep.  This is a rambling post, so I won’t blame you for skipping it (TL/DR), but if you’re ready, here goes…







The Travel

I flew into Orlando on Sunday.  As I left, my cat gave me the finger and my dog took a dump on the floor near my suitcase, which is how she lets me know she’ll miss me.  All good.  My air travel frequency had died down since July, but I was happily surprised that it was one of the first flights in a while without a single screw-up.  In fact, we arrived ten minutes ahead of schedule.  I stayed at the Renaissance Hotel, which was very very nice, and the staff couldn’t have been more nice.  The flight back home was uneventful as well, and I arrived at midnight to a tiny little airport with my wife waiting in the car outside.

The Techy Stuff

There was a lot to absorb this year at Ignite.  There were plenty of announcements, rumors, corrected rumors, re-corrected rumors, rumors about corrected rumors, and some incredible events that played out, which I had no idea would happen.

There was plenty of discussion about Configuration Manager, the new Intune/EMS capabilities, and co-management of devices.  There were also quite a few sessions and discussions around Windows AutoPilotWindows AutoPilot, and Automatic Redeployment, as well as Tenant-Locking.  There was plenty going on about Azure Cloud Shell (PowerShell), SQL Server 2017 for Linux, updates to Azure Automation, updates to Intune and EMS, Office 365, SharePoint, a new infrastructure platform for Skype for Business, and the big news about Teams moving into a central role.

OVERALL: The sessions I attended were all very well done.  Even with the occasional glitches, everyone recovered quickly and kept moving without a hiccup.  The audiences seemed to be on board with the topics, content and demos as well.

Some interactions that stuck in my mind:

  • Leaving the first AutoPilot session to speak with the Lenovo folks at their expo booth, and the “device management guru” said “No. We’re not committed to AutoPilot, but we are evaluating the benefits and potential.” Then the next day, after session 2 I stopped back for a follow-up and he said “Oh, yeah, we’re in.”  Must have got a delayed memo.
  • One training services vendor rep at the expo kept repeating “we’re not the Toyota of training, we’re the gold-plated Lexus of training.” I immediately went into blank stare mode.
  • I had a great conversation with the SQL Server 2017 folks about the possibility of someday, somewhere, somehow, that we might see support for automating Maintenance Plans via PowerShell.  Not yet, it seems.  But there are ways around it with duct tape and chewing gum.
  • Nice discussion with the Fujitsu folks about their liquid-cooled (immersed) server rack.  The best part was the incredible language barrier.  Note to this vendor, smart as they may be, try to add some staff that speak the native language of the conference location, wherever that may be.  Example:
    • Me: “Have you calculated the return rate to break-even point between air-cooled and liquid cooled?
    • Them: “Yes, it is liquid.”
    • Me: “How much power does the coolant pump draw compared with fans?
    • Them: “Yes, it is liquid.
    • Takeaway:  Cleaner components due to no air-flow dust accumulation, and lower power consumption per time-unit compared with air-cooling fans.  The rack itself is smaller due to not having air-flow channels or fans.  The trade-offs include increased purchase cost and weight, as well as added space for the pump unit.
  • A rambling Twitter thread with David James about where the line between “big” and “small” customer device-management environments might exist, and the ramifications of how best to manage devices in each realm.  More on that another time/post.
  • The “deep dive” sessions on Windows Server 2016 network services changes, BranchCache/PeerCaching by Andreas Hammarskjold, and Windows Deployment and Servicing by Ami Casto, Johan ArwidmarkMikael Nystrom, and Michael Niehaus, were all indeed “deep”, and well-worth pushing the brain as hard as possible to keep up, let alone absorb the information fire hose.  If you watch nothing else from Ignite, at least check these sessions out.
  • I didn’t make it to any Mark Russinovich sessions, but I did catch a few by Don Jones and  Jeffrey Snover.
  • I missed a few sessions I really wanted to attend, due to conflicts with other sessions, nagging work-related phone calls, emails, and Teams chatting, etc.  Such as two PowerShell sessions by Stephen Owen.  But I was fortunate and honored to meet him in person as well as his wonderful wife, before the week was over.  So I can’t complain.
  • Other sessions I attended in Windows Servicing, Azure, Office 365 (Microsoft 365 now), SharePoint, Teams, PowerBI, Containers, and PowerShell were all very good.  I can’t wait for everything to get posted for viewing online.

The Semi-Techy Stuff

My daytime brain power was really really off this year.  After weeks of finally getting settled into a consistent exercise and sleep routine, even with work travel, I suffered a setback that week.  I was not an interesting person to converse with during the day.  At night I felt fairly normal, or abnormally normal.  Or normally abnormal.  Eh.

Until the closing Friday, I averaged maybe 3 hours of sleep each night.  The conference center was kept at a nice and cozy 48 degrees F.  And the combination of insufficient sleep, forgetting to pack long pants and long-sleeve shirts, an unbalanced diet, inconsistent caffeine and hydration intake, and random work-related emails, along with frequent offensive messages from insane coworkers and former coworkers, left me in a zombie state.  At least I didn’t do this.

Quite a few people approached me, all very friendly, and I tried my best to be friendly and talkative, but my brain kept saying inside, “Hey dumb-ass, you know how you didn’t go to bed until 3am and then got up at 6am?  Yeah, I’m not doing that shit anymore.  Let’s find a nice hard surface to make you do a face-plant.”


I watched the new Jerry Seinfeld show on Netflix.  At one point he commented on being able to speak to a group, but not an individual.  That’s exactly how I felt that week.  It was very surreal.

Some years ago, I used to do a fair amount of public-ish speaking. I say public-ish because it was mostly to captive audiences (corporatey stuff). I did speak at one CAD vendor mini-conference back in 1998, to a room of about 500, and it was a blast. If I have an agenda, I can ramble to a crowd, but ad lib not so much.  Anyhow, I got a case of decent wine, and a Chinese-made Swiss army knife as a token of appreciation.  Not sure what happened to the knife.

I have found, through quasi semi pseudo scientific research, that it’s not so much how MUCH sleep I get, but WHEN I get that sleep.  Even a shifting of sleep-wake periods by a half-hour can throw my entire pea-sized brain into a woodchipper.  My normal sleep cycle is 2 A.M. to 9 A.M. (my company and most of my customers are in the Pacific time zone, but I live in Eastern time zone, so it makes my neighbors really curious).  During the conference my sleep cycle shifted to 3 A.M. to 7:30 A.M., and yes, my math also suffered.


After each day I would try to get a power nap in.  Usually, I’m great at power naps. My dad taught me the trick and it’s always worked.  However, it only works when people don’t call your phone just when you get your heart rate down.

The Personal Stuff

Some of the other interesting moments…

  • Getting to meet amazing people like Stephen Owen, Ami Casto, Johan Arwidmark, Mikael Nystrom, Andreas Hammarskjold, Maurice Daly, and Jordan Benzing
  • A conversation with a valet at the hotel.  Just a cool exchange of funny stuff and both of us went our separate ways in a great mood.
  • A two hour late-night conversation with George, a colleague who shares many of the same life experiences as I:  marriage, dysfunctional families, cancer, brain tumors, the effects of sleep and diet, religion, politics, work stuff, and so on.  I live in an exceptionally red area of a red state, so the opportunities to have a rather unbiased discussion are few.  Anyhow, it was fantastic.

The Random Stuff

  • Compared with Ignite 2016, I had nothing as unusual or random during the after-hours time this year.
  • I was also reminded of something a homeless guy said to me at a conference in Vegas, back in my Autodesk days:  He patted my arm when I was standing on a corner during a lunch break, and when I turned he said “you might be a nobody going nowhere, but it’s getting there that matters.  Don’t forget to pay attention to getting there.”  Then he tried to sell me a plastic water bottle for a dollar.  But it was the thought that counts.

Final Thoughts

  • I was very much caught off-guard by people wanting to meet me at the conference this year.  I wasn’t expecting that at all, which some found to be surprising.  While I appreciate the attention, I wasn’t ready for it either.  So, I hope that if you did run into me that you allow me to do better next time.  If there is a next time.
  • I heard quite often that people think I’m some sort of “weirdness-magnet”; that I somehow attract unusual events, but I don’t think that’s true.  I suspect that I just notice small things more often than most others do.  Human and social idiosyncrasies.  For example, standing in a grocery store checkout line, waiting in a doctor’s office, or riding a bus.  I typically stop to talk with people who are normally ignored in our society: The people who give directions at the conferences, store clerks, bus drivers, hotel staff, airline staff, TSA agents (well, sometimes), police officers, homeless people, random people, Uber and Lyft drivers; anyone who can’t run fast enough to escape my death ray of chatty-ness.  The stuff that most people don’t see while staring at their phones.  Basically: I’m really not that special.

And now I have to re-bond with my dog.  She’s mad at me again.

cm_siteconfig 1.2

I’ve been busy this Labor Day weekend. Besides vacuuming up water from a broken water heater at 4am, mowing a ridiculously big lawn with a ridiculously small lawnmower, and avoiding the oceanfront tourist freakshow (or almost), I spent a fair amount of time on cm_build and cm_siteconfig.  Needless to say, I’m not feeling very funny right now, but I assure you that I will return to my usual tasteless, dry, ill-timed humor after a word from these sponsors.  Even though I don’t have any yet.  Actually, if you blink, you might miss some hidden jestering below.

I’ve already discussed these two PowerShell scripts in a previous blog post, but to update things: cm_build is still at 1.2.02 from 9/2/2017, and cm_siteconfig is now at 1.2.22 from 9/2/2017.  That’s a lot of 2’s.  Anyhow, here’s what each does as of the latest versions:

Note: The version numbers are in parenthesis to indicate lab configuration.  The XML allows *YOU* to configure the installation ANY WAY YOU DESIRE, and to reference ANY VERSION you desire.  The versions below are just what I used to test this thing (so far) about 84 times.

LAB TEST NOTE: Prior to running this script, build the server, assign a name, static IP address, and join to an Active Directory domain.  Then take a snapshot (VMware) or checkpoint (Hyper-V) to roll back if anything spews chunks along the way.

Prep Work

cm_build.ps1 / cm_build.xml

  • Install Windows Server roles and features (except for WSUS)
  • Install Windows 10 ADK (1703)
  • Install Microsoft Deployment Toolkit (MDT) (8443)
  • Install SQL Server (2016)
  • Install SQL Server Management Studio (2017)
  • Configure SQL Server maximum memory allocation
  • Configure SQL Server ReportServer DB recovery model
  • Install WSUS server role
  • Run the WSUS post-install configuration
  • Install System Center Configuration Manager 1702
  • Install ConfigMgr Toolkit 2012 R2
  • Install Recast Right-Click Tools

GENERAL NOTES:  The cm_build.xml structure starts with the “packages” section, which dictates what gets executed and in what order.  The “name” element establishes the package code link used by all of the other sections, such as payloads, detections, files, and features. Note that the files section only requires the pkg key value for SQLSERVER and CONFIGMGR.  Other files can be created without using a matching pkg key if desired.

LAB TEST NOTE: I strongly recommend taking another snapshot (VMware) or checkpoint (Hyper-V) at this point, prior to running cm_siteconfig.ps1.  This will help avoid angst and loss of temper while making iterative changes to cm_siteconfig.xml and retesting.

cm_siteconfig.ps1 / cm_siteconfig.xml

  • Create SCCM accounts
  • Configure the AD Forest connection
  • Configure Server Settings
    • Software Deployment Network Access Account
  • Configure Discovery Methods
    • The template AD User Discovery Method adds AD attributes: department, division, title.
    • The template AD User and System Discovery Methods add filtering for password set and login periods of 90 days each
  • Configure Boundary Groups
    • The template creates 4 sample boundary groups
    • You can enable creating Site Boundaries as well, but the default is to allow the AD Discovery to create subnet/IP range boundaries
  • Configure Site Roles
    • Management Point
    • Service Connection Point
    • Distribution Point (with PXE)
    • Cloud Management Gateway (still in development)
    • Software Update Point
    • Reporting Services Point
    • Application Catalog Web Service Point
    • Application Catalog Website Point
    • Asset Intelligence Synchronization Point
    • (more to come)
  • Client Settings
    • Still in development, but…
    • The template creates two (2) sample device policies: Servers and Workstations
  • Client Push Installation Settings
    • Still in development
  • Create DP groups
    • The template creates 4 sample DP groups
  • Create console Folders
    • The template creates sample folders beneath: Applications, Device Collections, User Collections, Boot Images, Task Sequences, and Driver Packages
  • Create Custom Queries
    • The template creates two (2) sample device queries
  • Create Custom Device Collections
    • The template creates three (3) sample user query-rule collections, and 15 sample device query-rule collections
  • Create Custom User Collections
  • Import OS Images
    • The template imports two (2) OS images: Windows 10 1703 and Windows Server 2016
    • Source media is not included.  Batteries not included.  Just add hot water and stir.
  • Import OS Upgrade Installers
    • The template imports two (2) OS upgrade packages
  • Configure Site Maintenance Tasks
    • Excludes Site Backup, and Database Reindex tasks for now.  I plan to have these enabled soon.
  • Create Application Categories
    • The template includes (5) sample categories: IT, Developer, Engineering, Finance, General and Sales
    • For now, the detection rules are implemented using a chunk of freshly-cut, carefully seasoned, and slow-roasted PowerShell code, because it’s easier to shoe-horn into this process and provide flexibility and adaptability.  And besides, all those syllables sound kind of impressive after a few mixed drinks.
  • Create Applications
    • The template includes examples for 7-Zip, Notepad++, VLC Player, and Microsoft RDC Manager

What’s Next?

  • I’m still working on this, so more changes/improvements will be coming.

Q & A

  • Is it really “open source”?
    • Yes! Go ahead and pinch yourself.
  • Did you write all this code yourself?
    • Yes, sort of.  Some of the pieces were adapted from, or inspired by, the outstanding work done by other amazing people like Niall Brady, Nickolaj Andersen, Johan Arwidmark, Mikael Nystrom, Maurice Daly, Stephen Owen, Anders Rodland, Raphael Perez, Chrissie LeMaire, Jason Sandys, Sherry Kissinger, and many others I can’t think of right now.  Thanks to Kevin B. and Chris D. for helping me find better ways to solve key areas of the overall project.  The XML constructs and process model are my own hallucinatory work.
  • Can I Make Suggestions / Request Changes?
    • Please use the “Issues” feature in Github to submit bugs, feature changes and enhancements, etc.  I will make every effort to review, assess, feebly attempt, fail to satisfy, cry over insecurities of self-doubt, angrily assign blame, throw objects across room while swearing like a drunk sailor, solemnly accept defeat, and ultimately: try to make it work as requested.
    • Note that creating a Github account is required for submitting Issues.  Github accounts are free and they make you feel warm and fuzzy inside.
  • Does cm_build also download required installation media?
    • No.  I’m too lazy.
    • 99.999999% of my customer engagements involve a ‘kick-off’ call in which we discuss prerequisite action-items prior to beginning work. This typically includes requesting the customer to have all installation media and licensing information ready to go.  Which they typically do, so I didn’t feel the need to bother with that aspect (not to mention, try to keep up with version changes and new URL’s over time)
  • Can cm_build be used to install a Central Administration Site?
    • Yes.
  • Can cm_build be used to install a Secondary Site?
    • Yes.
  • Can cm_build be used to destroy alien civilizations?
    • Probably not.
  • How was this thing Tested?
    • In a small dungeon beneath a floating castle in a lake atop a tall mountain.  Okay, in my home lab, next to the dog’s sofa.
    • It’s been tested about 84 times as of 9/4/2017.  That’s about 55 times for cm_build and 29 times for cm_siteconfig.  But by the time you’ve read this, it’ll have increased again.
  • What was/is your Test Environment like?
    • Windows Server 2016 (Dell R710) server with Hyper-V
    • 3 virtual machines: DC1 (domain controller), FS1 (file server) and CM01 (configuration manager server)
    • CM01:
      • 16 GB memory, 4 disks (C: for OS, E: for apps, F: for content, G: for logs, etc.), 2 vCPUs
      • Windows Server 2016 Standard
    • Me:
      • Coffee cups falling off the desk, on ever flat surface, in the trash can, on top of one of my dogs, and a few more in the kitchen sink
      • Empty snack bar wrappers strewn across the room
      • A tattered doggie toy-squirrel hanging on a door knob for some strange reason.
  • What’s the point?
    • It’s been challenging, and fun, to work on.  It saves me time and headache at work and in my home lab.
    • It opens up potential secondary capabilities, like automating installation documentation and building an extract/build process to close the circle of life, open a wormhole, fill it with black holes and jump in for a ride.  I really need to stop listening to so many podcasts.
  • Why should I care?
    • You shouldn’t.  You can go do something fun now instead.
  • Why XML?
    • Because I &^%$ing hate JSON, and INI is too limited.  I thought about YAML, which looks a little bit like JSON, but not like it was punched in the face with a meat tenderizer mallet, but then I had to mow the lawn, and completely forgot why.
  • What have been (or continued to be) the biggest Challenges?
    • Time
    • Sleep
    • Deciding where to draw logical boundaries between automating and leaving out for manual work later
    • Refactoring, refactoring, re-refactoring, and re-re-refactoring before refactoring some more
    • More refactoring
    • Incomplete Microsoft ConfigMgr PowerShell cmdlet reference documentation*
    • Incomplete/inconsistent Microsoft ConfigMgr PowerShell cmdlet features*
    • Incomplete/inconsistent mental capacity (mine)
    • Occasional power and Internet service outages and lack of a power backup system (budget, weather, drunk drivers)
  • Does humor belong in IT?
    • Yeah.  It has to. Over 35 years in this field of work, I’ve seen what happens to people who forget that. It doesn’t end well.

*  I’m not going to beat them up on this, since they are already making Herculean efforts towards modernizing and cleaning up ConfigMgr, so the gravy should have a few lumps.

cm_siteconfig updates and my humor tank is running empty

I finally got some sleep. And immediately thereafter, I discovered a bug in the script. It’s in the detection method part of the Add-CMDeploymentType mess. The nested PowerShell code inside the @”…”@ stuff was expanded and caused it to wipe out the $reg and $val variables, so the result was like our Federal government today: useless.

Anyhow, upon discovering that, I went to work fixing it, and decided to go ahead and add detection methods for “file:” and “folder:” to add to the existing “registry:” option. This required an additional sample application in the XML file, which I chose VLC player, because, well, why not? VLC is like a lobbyist in DC, it’s everywhere. And yes, you can tell I’m a little perturbed at our ongoing temperamental governmental dysfunctionality reality.

Other changes: added a new -Detailed switch, to display “verbose” output, without using -Verbose, and makes the verbose output much MUCH prettier to read than using -Verbose, which is pretty ugly.

So, after testing is completed, I will upload to the branch “1.2.02” in the Github repo.  Hopefully in the next few hours.  First, I have to take my dog Dory (aka “butt brain” aka “turd beast” aka “no! you can’t eat the cat!”) for a walk.

What is this, cm_build and cm_siteconfig stuff?

UPDATE 8/29/17 – Corrected a mistaken attribution for Driver Automation Tool to Maurice Daly.

I’ve been kind of quiet lately.  Quiet, as compared to how normally chatty I tend to be online, that is.  It’s been a mix of personal life, work life and hobby life.  Personal aside, work life has been a little quiet this week, which is fantastic for catching up on things, and spending a little time with my hobby life: wordworking and coding.  I don’t have a Yankee Home Workshop space or anything, but I get by okay.  If I ever win a massive PowerBall lottery payout, my neighbors will have to relocate, as I will need their spaces for expanded hobby capabilities.

Anyhow, on to the meat and potatoes:  I’ve been toying with this for quite a few years, but could never align the right perception, time allocation and initiative, to make it gel.  This past week and weekend they just happened to align at the right place and the right time.


I wanted to devise a different approach to specifying the configuration rules in advance and then executing them with limited (or zero) human interaction.  The rules should be the design document.  Or at least the basis of such.  It shouldn’t be difficult to derive the XML data into a readable document, such as Microsoft Word or HTML.  And the code should be reusable and resilient.  Run it as many times as desired (or needed) on a given server and it should ignore what is already done, and only work on what hasn’t been done yet.

The Bundle

cm_build and cm_siteconfig are two (2) pieces of a bundle of scripts aimed at simplifying and streamlining the building and configuration (respectively) of a System Center Configuration Manager site server.  Actually, either a Central Administration or a Standalone Primary, site server.  It’s flexible enough, in theory, to contend with other roles and purposes.


cm_build.ps1 is a PowerShell script that reads from cm_build.xml, which contains the logic (configuration data) to take a “vanilla” Windows Server host (virtual or physical) up to having ADK, MDT, WSUS, SQL Server, SQL Server Management Studio, Configuration Manager, ConfigMgr Toolkit and Right-Click Tools (optionally) all ready to go.  The baseline server only needs to be prepared for general purpose server capability (assigned name, static IP address, domain-joined, etc.) and have the proper resources allocated (memory, processors, disks, etc.).  The only other requirement is having the installation media accessible.

The default configuration of the cm_build.xml file refers to a set of UNC shares on a common network, but you could reference a local disk, removable media, or any other source which can be read from using PowerShell.

cm_build is farther along in development and testing than cm_siteconfig.


cm_siteconfig.ps1 works very much like cm_build, in that it reads from cm_siteconfig.xml in order to configure a “vanilla” Configuration Manager Primary or Central Admin site server to whatever you prefer.  This will include:

  • AD Forest
  • Discovery Methods
  • Boundary Groups
  • Client Settings
  • Client Push Installation
  • Queries
  • Collections
  • Applications and Deployment Methods
  • Site Roles: Asset Intelligence, Software Updates, etc.
  • Distribution Point Groups
  • Operating System Images
  • Operating System Installers (upgrades)
  • Console Folders
  • Maintenance Tasks

Of these, the items in blue are ready to test.  The others are in development and moving as quickly as my coffee intake can allow.

What about Other Features?

Software Updates, Endpoint Protection, Windows 10 Servicing, Task Sequences, and so on, are all up for consideration.  However, each of these has some unique aspects that may change whether I try to incorporate them sooner, later or never.  For example, Task Sequences can be exported and imported, and with each new ConfigMgr build, the PowerShell interfaces get more robust, which delves into version impacts and compatibility aspects.  I need to start small and work upward, and start with the more mature stack of tools, which helps insure the broadest platform support.

I’m getting ahead of myself here.  Much of this is obviously predicated on time, initiative, and my own, limited abilities.  Some might call this “pie in the sky” thinking, and it may very well be just that.  Whatever, it’s a nice hobby for me that doesn’t cost a lot of money and I can do it indoors.

What about Drivers?

I’m leaving drivers out of this for now, because Maurice Daly basically blew the doors off of that with this, and I don’t even want to think about reinventing that wheel.  Kudos for that one.  One of many amazing tools he has produced.

Is it done?

No.  But cm_build is fairly stable and tested as of now.  cm_siteconfig is still in development, but there’s enough to kick the tires and see if it leaks transmission fluid on your rug.  It’s free, and it’s open, so that makes it sort of freeopen.  But that could likely be an offensive word in another language.

Where is it?


What’s Next?

Who knows.  That’s what makes it fun to mess with.  Kind of like a blind, drunk guy poking at a rattle snake with a pencil.

Master Plan – Automating an SCCM Site Installation

I was thinking, “Man, (or woman), it would sure be coolio if I could push one button and *presto!* I have a fully-built SCCM site server, without having to install anything but Windows itself“.  There’s some really shiny stuff out there already, like hydration kits and prerequisite installers.  But then, I thought “That’s not enough!  I need it to be ‘real’.  I need more!!” I want to build the site itself, and configure EVERYTHING to be JUST LIKE A REAL site out in the real world.  So, here’s how I sketched it out…

  1. Install Windows Server
    1. Do NOT patch it
  2. Create all the folders in all the right places
  3. Install Windows Server roles and features
  4. Install ADK for Windows 10
  5. Install MDT
  6. Install SQL Server with file auto-growth settings, Domain Service accounts, and register the SPNs
  7. Configure SQL Server memory limits
  8. Install the WSUS role
  9. Run the WSUS post-install configuration step
  10. Create file NO_SMS_ON_DRIVE.SMS on C:\
  11. Install Configuration Manager 1511 (not the latest baseline) with a Site Code, Site Name, Roles
  12. Configure Discovery Methods, including Network Discovery, where each one runs every day
  13. Initiate Discovery Methods
  14. Create Site Boundaries and Boundary Groups
  15. Configure Client Settings
  16. Configure Client Push Installation
    1. Configure automatic client installation and client upgrades
  17. Create and Configure Query-based Collections
  18. Configure all Query Collections to update every hour
  19. Create and Configure a set of Applications
  20. Deploy Applications to Collections
  21. Add everyone in IT to the “Full Administrator” RBAC role in SCCM
  22. Add everyone in IT to the SQL Server server admins role
  23. Install Symantec Antivirus, McAfee Antivirus, Cylance Agent and anything else on the same host
  24. Turn on the Domain Firewall
  25. Create an OSD configuration
    1. Windows 10 Image captured from a 5-year old machine with EVERY conceivable application installed.  If it’s not at least 10 GB, we have to repeat until it does.
    2. Boot Images – add every component and every driver for every model we have
    3. Drivers – everything.  all of it.
    4. Applications – only those product names which begin with 0 – 9 or A – Z.
    5. Task Sequences – create a dozen with names that mean nothing to anyone unless they’re on drugs
    6. Deploy each TS  to “All Systems” via PXE without a password
  26. Set a scheduled task to reboot the site server every night at the same time the backups and SQL jobs are supposed to run
  27. Add “Domain Users” to the local Administrators group
  28. Turn off Site Maintenance tasks: backups, reindex.
  29. Do not install Ola’s tools – or Steve’s guidelines for SQL – they just make it run too well.
  30. Install Google Chrome, MS Office, Adobe Reader and any freeware applications I can find on the primary site server
  31. Change the NIC to use DHCP
  32. Install additional Web Site applications within IIS
  33. Verify no PKI exists and then configure all clients to use PKI only.
  34. Take a snapshot/checkpoint every day and once a month revert to a previous snapshot from a week earlier.
  35. Post job openings to all the job search sites insisting the candidate ONLY know Ghost or Acronis and has never touched or even heard of SCCM or MDT, ever.
  36. Configure Azure with O365 and and EMS tenant
  37. Integrate SCCM and EMS
  38. Enroll devices in EMS/Intune
  39. Deploy SCCM clients to the Intune devices
  40. Automatically open support tickets with Microsoft on why the clients stop working in EMS/Intune

That should just about cover it.