Create Local User Based on Serial Number

If you ever find yourself wanting to create a local user based on something super specific (like Serial Number) then this post is for you.

First you need your script:

#Created by Ami Casto Twitter:@MDTPro Blog:
#This script will create a local user account based on Serial Number, set the password to never expire, prevent user from changing the password, and add it to the Local Admin Group
#Make it all clean - this could be commented out if unwanted
$Error.clear() # Clear errors
#Queries Win32_Bios for Serial Number and pulls out the serial number to return it on a single line which gets captured as a variable
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
# $SN now equals the hardware's Serial Number and this variable is used to create a user account, set a password, and prevent that user from changing it
net user $SN P@ssw0rd /add /passwordchg:no
#This step sets the password to never expire
wmic useraccount where "name='$SN'" set passwordexpires=false
#This step adds the newly created account to the Local Admin group
net localgroup administrators $SN /add

Just copy/paste and save it as user.ps1 in the Scripts folder.

In MDT, open your preferred task sequence and create a new group where you would like the step to go.  Since this account is a local user and won’t be able to access anything specific to the deployment anyway, I’m adding the account near the end.

I've added the PowerShell script in a group I created for this step.

I’ve added the PowerShell script in a group I created for this step.

Notice that I call on it this way %SCRIPTROOT%\user.ps1 .  You could create a separate folder within the scripts folder, but you’ll have to remember to include that in the path as well, otherwise your deployment will fail.

And, Success!


It worked as expected – the user account matches what’s in the Serial Number property.

Disclaimer: It is very important that you pick a property that is short and doesn’t have special characters.  So I wouldn’t do this on a VM for example, I’d pick something from win32_bios such as model.

If you want to make this work on a Intel NUC, then you need to read my post about how to assign a Serial Number for your NUC.

Add a Serial Number to your NUC

As an Intel NUC owner, you might have noticed that your NUC doesn’t come with the serial number hard-coded into the BIOS:

NUC with no Serial Number

NUC with no Serial Number

You can actually do this yourself with the Intel Integrator Toolkit.  The site says support ended for it and it would be taken down in 2015, but here we are mid 2016 and it’s still available :).  You get a list of client OS’s that support it but I installed it on Server 2016 TP 5 with no issues.

When you launch the application, you get a dialog box giving you some options.  As you can see, you could run this from another PC entirely (but don’t – you need to be present to accept the config changes).  If you’re running it from your NUC however, you can walk the wizard below to customize the BIOS and get right to it. (NOTE: You must have an active internet connection!)

Menu showing configuration options when you launch the tool.

Since I’ve picked to customize locally, the toolkit gives me a lot of options as you can see below.

Intel Integrator Toolkit

Lots of customization options!

In the SMBIOS menu, I simply input a value.  I had the Serial Number from an old HP laptop I happened to have written down handy so I input that as the value . Just kidding, I picked Beaker.  The toolkit allows you to paste in values, so you could create your own custom Serial Numbers and import them.

When you’ve finished your customization, you simply select “Save BIOS” from the ribbon.  This will install the BIOS and add all your custom configurations.

Save BIOSTime to make it happen!

YOU CANNOT DO THIS REMOTE – YOU NEED TO HAVE A KEYBOARD ATTACHED TO ACCEPT THE CONFIGURATION CHANGE (and a monitor to read the message, or just remember to press 9 on the keyboard).  Don’t say I didn’t warn you 🙂

Be ready to press 9 to accept the change

Be ready to press 9 to accept the change

When the configuration is complete and you sign in again, you’re greeted with a dialog box from the toolkit letting you know your change was successful.

Woohoo, you did it!

Woohoo, you did it!

And of course, you can validate in PowerShell too!

PowerShell is King! And your Intel NUC has a Serial Number!

PowerShell is King! And your Intel NUC has a Serial Number!



Another important feature to customize is the display image.  I opted for a picture of Beaker because he’s my hero.

changing images






Office 365 Advice!

Today I was a guest on On The Air a live tech talk show put on by Spiceworks.  In the episode we talked about deploying Office 365 and played Servers and Sysadmins (a super fun IT version of the popular Dungeons and Dragons RPG).  If you haven’t already seen it, here’s the link to the episode.


I wanted to also make sure to give some professional advice aside from the silliness on the show (but for real, I had a good time) so I have come up with some basic advice for getting started on your own.

Also, be sure to check out the EMS book by Kent Agerlund and Peter Daalmans.  It’s due to hit Amazon in May and will walk you through a full setup using both cloud and hybrid options.  I will post the link as soon as the book is available for purchase.

Preparing for Office 365 Migration:




Microsoft Online Services Sign-In Assistant for IT Professionals Beta


Azure AD cmdlets


Enable Script Execution (Admin PoSH)

Set-ExecutionPolicy -ExecutionPolicy Unrestricted


Get to know service descriptions – pick what’s best for your organization and understand what you’re signing up for – it would be better to sign up for too much than not enough service.


Office 365 Deployment Guide – advice on deployment models –these are my requirements – here’s the model that works best for me.

Deployment Readiness Toolkit – environment prechecker

Office 365 admin resource center

Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit – troubleshoot config issues

Know your network or get to know your network admins – bring whiskey!

The slowest connection to Office 365 is going to be from your gateway to ISP and then ISP to Office 365 data center (if your ISP isn’t part of the Internet Backbone)

Think about how users will be accessing services like OWA/ActiveSync and also how much data do you have to migrate to the cloud (think Exchange S4B and SharePoint)

Get to know your organization’s QoS settings (this is where the whiskey comes in handy!)

Office 365 Community site

Learning PowerShell for Office 365:

Simply put, you’re going to use PowerShell for automation and management.

Many of the administrative tasks can be performed through the admin center UI, some tasks are difficult to do without PowerShell and some tasks can be performed only with PowerShell.

Get to know/use PowerShell ISE because the complexity of PowerShell is reduced in ISE basically, you don’t have to memorize every single command ISE is pretty smart.

Pro tip: ALWAYS run as admin

It is a good idea to have a test tenant with a few users so you can test your PowerShell scripts. Alternatively, you can use your production tenant with test users. In both scenarios, the test users most likely will have to be assigned Office 365 licenses, at least during script testing. Microsoft does not provide free test tenants or free test user licenses.


Real-World Challenges (that I have seen):

Not understanding licensing or really not being ready to push users to the cloud because your legacy AD needs some love.  Take some time to review for stale accounts and clean them up before you migrate – it will save some pain on the other side.

Qos for Skype for Business – packet loss can really impact voice meetings so make sure you’re aware of/reviewing your organization’s QoS.  Really this isn’t just a step for review for S4B, but this is one area that’s really not going to play nice if you aren’t prepared properly.

UPN – vs.

Perficient has a really good blog post about the topic.

Not understanding the design/implementation of your legacy environment– if you want a seamless user experience, you need to understand how and why things are setup the way they are in your legacy environment.  From SharePoint layout and permissions to user vs equipment mailboxes in Exchange.  Some things you did in your legacy environment are now charged as per user license in your new environment.

Not testing – either with a test tenant or test users in production – you need to understand the impact of your changes!

Understand that in Exchange, some legacy features/resources won’t be available in the cloud.  So if a user connects to another mailbox or resource, it also needs to be available in the cloud.  We saw this with Public Folders and equipment mailboxes that were setup as user mailboxes.

Upgrade your 2012 R2 SP1 ConfigMgr environment to 1602 #LikeABoss

Yesterday I went from CM 2012 R2 SP1 CU whatever to CM 1602.



It’s a really simple process, but if you haven’t done any kind of CM site upgrades before, maybe you feel a bit overwhelmed.  To get started to need to do two things.  The first being verify you have a backup.  If you don’t know how to do this, check out Steve Thompsons blog.

Next, go to your VLSC and download the required media.  (Note: I was already running a fully patched version of SQL Server 2014, so I didn’t need to download that media, and I wont be covering it in this post.)

After the download completes and you’re certain you have a backup of your site, I’d make sure the server that hosts your site is fully patched so that pending reboots don’t break the upgrade.


When you’re back up and running, mount the ISO and launch splash.hta which will start the application to perform the upgrade.

You’ll be greeted with this page that defaults to the upgrade so you can leave it as-is.

And you’ll need to accept three sets of EULAs before you can continue.

Now, just like in your production version of 2012, you have prereqs to download.  If you’ve already done so, here’s where you would tell the wizard to grab them for the install.  I prefer to keep anything that’s not the OS on my E:\ drive.

And if you did specify a path to download (aka you didn’t download the prereqs beforehand), the app will then initiate the download as soon as you click next (and it’s really quick too!).

When the download completes you can add language support.  While you  can add languages after the fact, if you plan to add support for anything other than the default, do it now please :).


You’ll then configure service connection point and select (the only option) setup type.  If you choose not to connect the service now, you’ll have to do it after the fact.  So unless you have a really good reason not to, just connect now.

Next comes the prerequisite check for the upgrade.  You can ignore the warnings if you want, but you have to remediate all failures to be able to continue.  As you can see here, I needed to install USMT as well as remove Distribution Point role (the only role installed on that server – which is how I knew what to do 🙂 ) from the server that sat on the same cluster as my primary site.

You’ll click through a few more steps and then the upgrade starts.  You can watch what’s going on in the ConfigMgrSetup log on C:\ by opening it in CMTrace.

Go ahead and take a coffee break (I recommend this) because it will take a bit to complete.  When it’s done you can close the app.

Now comes the fun part – getting to 1602.  I, like an idiot had left the console open during the upgrade and saw in the setup log that the new console failed to install.  Even if I hadn’t seen it, I was blocked with an error message that told me I couldn’t connect to my site.  Before worrying about permissions, I decided to reinstall the console – if this happens to you, you can easily reinstall the console by navigating to your ISO and go to SMSSETUP\BIN\I386 and launch consolesetup.exe .

With the console open, go to Administration – Overview – Cloud Services – Updates and Servicing.  (As of today) You’ll see the upgrade for 1602.  Right click it and first run the prerequisite check and then finally right click again to install it.

Note:  You can choose to run against a non-production collection if you have such a thing 🙂 or you can go ahead straight to production.  Since I’m my own boss, I don’t have much of a reason to pick a collection to test against.

And when it’s finished you’ll need a new version of the console again.  This time, clicking Ok caused the console to upgrade without any manual work for me.

If you didn’t already have automatic client upgrades turned on, I really think you should.  I say this because I had it turned on and configured to what works for my environment as far as days to install the client.  It’s great because the new client package was already distributed for me and I can see that some of my endpoints already have the new client.  To turn it on, go to  Administration – Overview – Site Configuration – Sites and go to Heirarchy Settings (on the ribbon) and tick the box to allow the auto upgrade.

And finally you’ll want to check to make sure the client package has been distributed (and if it hasn’t you’ll need to do so) by going to  Software Library – Application Management – Packages.  While you’re in there, check on your boot images too by going to the Operating Systems node in Software Library – they get updated during the upgrade and therefore should be replaced on all your distribution points too.

Depending on the complexity of your environment or if you want to add or remove roles/features you’ll have more work to do.  Of course if you need help, you can always ping me on Twitter.


Finding ConfigMgr Current Branch in VLSC

Problem:  I need/want to upgrade my ConfigMgr environment from 2012 R2 SP1 – 1602 but I can’t find it in my VLSC.  Does this mean I’m not licensed for it?

Answer: No.  It’s just poorly named.

If you’re looking for ConfigMgr in your VLSC, it’s actually titled System Center Config Mgr Client Mgmt License (current branch).  Good lord that’s worse than spouting off which specific CU I have applied to my 2012 environment.


Click on the downloads tab to get to the software.

BTW, if you haven’t noticed it’s for 1511 release.  Currently the only way to get to 1602 is through servicing through current branch ConfigMgr implementation.  So whether you’re starting from scratch or from an older implementation, you have to use 1511 as your starting point.

Delete User Profile without rebuilding the PC

If you need to re-provision a PC and for some reason cant/wont rebuild the machine you can always do this:

Login to PC under an admin account…

  1. Open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
  2. Pick the profile you don’t want anymore and delete it.
  3. Then go to C:\Users and shift+delete their folder.

I’ve had a few cases where I’ve needed to reboot the machine in between those two steps.  Otherwise, when you’re finished deleting the keys and folders you can logoff the admin account.


Uninstall String for Autodesk Content Service 2016

Autodesk Content service (Especially 2016) isn’t playing nice in my environment.  If you’re in a BIM environment and you’re seeing a lot of strange things happen in Office (think ghost actions 🙂 ) I recommend uninstalling it.  You’ll see the same trends in Event Viewer as pictured below.

Event 7031 Service Control Manager

These 3 errors will appear together in the Applications node of Event Viewer

Event ID: 0 Autodesk Content Service

Event ID 1026 .NET Runtime

Event ID: 1000 Application Error


From admin prompt:

msiexec /x {A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F} /quiet


Back to basics – installing drivers HP Zbook 14

This isn’t a very technically deep post but the method is something that has been helpful for me dealing specifically with HP Zbook 14 laptops.  I have never had more trouble installing graphics drivers in my entire life than the two years I’ve worked with this model laptop.

Anyway, this post isn’t about much other than to say when you’re updating drivers and nothing seems to be working you can always force the install through device manager.

Just open Device Manager and navigate to Display node.  Right click the corresponding display adapter you want to update.  Pick Update Driver Software.

I have the AMD card disabled (too buggy in Windows 10) which is why it isn’t present – but this will work for both AMD and Intel.

Next pick Browse my computer for driver software

And finally, navigate to the extracted driver in the SWSETUP folder (or if you’ve manually downloaded and extracted it, navigate to there). And then complete the Wizard.


That’s it!  Super simple and saves a lot of headaches.

Enabling Wireless on the 6th gen NUC using Server 2016 TP4

This one is pretty straight forward.  Download the wireless driver for NUC from here.

In an admin PowerShell prompt type:

Import-Module ServerManager
Add-WindowsFeature -Name Wireless-Networking

You’ll be prompted that a restart is required which you can do from the same window by typing:

Then, when you’re back up and running you can install the driver.

Hacking the network driver for 6th gen NUC

Let’s say you buy a machine or have a machine that’s only supported for every OS on the planet except for the one you intend to use.  You can accept your fate – that you really don’t live with as much freedom as you want, or you can change your fate and hack drivers to get exactly what you want.  This post will show you how to do option 2 (which by the way is the correct option to pick).

Since everybody loves the NUC, we are going to hack the crap out of the 6th gen net driver to install the very unsupported Server OS.

What you need:

  • NUC net driver (I grabbed the Win10x64 one)
  • Windows 10 Driver Kit (scroll down, the actual download is about halfway down the page – and for what it’s worth, I installed it using all the default settings)
  • 7-zip (7-zip is king!)
It’s going to be really helpful to find the Device ID because you will need it for the specific driver you’re trying to hack.  The DeviceID for the network adapter on the 6th gen NUC is PCI\VEN_8086&DEV_1570&SUBSYS_20648086&REV_21 *but* you only need to match the first part – so in this case  PCI\VEN_8086&DEV_1570.  Using this info, I found the driver I wanted to hack was in the NDIS64 folder (specifically e1d64x64.inf) once I extracted the exe with 7-zip.  This is the only .inf with the matching hardware ID so I know for sure this is the file I need to edit and eventually import into my deployment workbench.Capture
To do the actual hacking, I copied the ID from this section: Capture1
and then pasted it into this one – it’s directly below where I got it from and literally the only other spot where something like this would belong – so if you’re new to this don’t be afraid!

I kept it in the correct order as it was listed above


Once I did my copy paste magic, all I needed to do was save the file and then  move the NDIS64 folder away from where I extracted the LAN exe (my downloads folder) because it’s all that’s needed for the import when the time comes.
Now the driver is ready to be imported into your deployment workbench.  Since MDT doesn’t require driver signing, you’re good to go.
/NOTE: This same driver will work for Server 2016 – some of you will want to grab and edit in the NDIS65 folder but it’s just not necessary.