jump to navigation

UserTile Automation June 23, 2010

Posted by Micah Rowland in USMT, VBscript, Windows 7.
4 comments

Recently a customer requested that two accounts be created during the MDT process and required each to have a preset user account picture (referred to by Windows as the User Tile). There are a number of ways to accomplish this, USMT/Easy Transfer wizard being the easiest. However, due to the processes they already had built into the base image, I decided the best tack was to investigate the actual process employed in storing the User Tile and build automation that could quickly accomodate changes to the specifications of which image to use. After a quick search of the web, it seems that this particular problem, programatically changing the User Tile has not yet found a solution. I present to you my findings along with a sample script to tackle this seemingly simple manual process.

The first step in automating any process is to do it manually first and watch what happens. I rely on the Sysinternals tool Process Monitor as well as Process Explorer for most of my research. Launching Process Explorer as an administrator led me down a few dead ends. It was only after running Process Explorer in the System context using PSExec with the -s and -i switches that I was able to locate the location that Windows 7 uses to store the user tile.

The User Tiles configuration information is stored in Windows registry at HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\########, where ######## is a unique 8 digit hexadecimal ID, in as a binary value named UserTile. But how can we cross reference a username to this 8-digit ID? Glad you asked!

Taking a further look at the registry key, you’ll notice that beneath the user ids, there is another key called Names. If you expand this key you’ll see a list of all local user accounts on the system. Upon opening any of the user keys you’ll notices that only a default value exists. However, take a look at the value type… It is not a standard type, but a hexidecimal number 0x### where the ### id crossreferences nicely with the list of user ids above. In our script we need only pad this value with leading 0′s until it reaches the desired 8-digits. Trying to retrieve this hexidecimal “type” throws exceptions in nearly every method I tried. Exporting the key to a .reg file gave me the output I needed to be able to search for a specific username and retrieve its id.

The SAM Hive of the registry is not generally accessible to any user accounts and is configured, by default, to only be accessed by the System account. To maintain security, both the read and the write operations necessary to modify the UserTiles programmatically are accomplished by executing the operations in the System context. Execution in the system context is accomplished by utilizing the PSExec tool.

When a user interactively changes the UserTile by means of the User Account control panel, Windows resizes the image specified by the user to 128×128 and saves new image as a 24-bit bitmap file in the C:\ProgramData\Microsoft\User Account Pictures\ folder as USERNAME.bmp. The bitmap is then stored in the registry in the SAM and the user’s contact card is updated.

The binary data is composed of a header followed by a payload containing the binary graphic used for the UserTile and closed with a footer that contains the path to the file used as the UserTile. The header is 16 bytes long.

  1. 12-bytes (seem to be constant at 01 00 00 00 03 00 00 00 01 00 00 00)
  2. 4-byte field representing the size of the payload

The payload data reveals that the image stored in the registry is 126×126 pixels, presumably to make up for the 1 pixel wide border around the image when displayed on the logon screen and on the start menu. Further, the image is stored in 16-bit color depth using BI_BITFIELDS compression.

The footer contains the type of image file used and the location of the file used using Unicode (2-bytes per character). The format is as follows:

  1. 4-byte field (purpose unknown, possibly the length of the following field)
  2. A null-terminated Unicode string representing the file type
    1. Eg. “bmp” = 62 00 6D 00 70 00 00 00
  3. 4-byte field (purpose unknown, always 02 00 00 00)
  4. 4-byte field representing the payload (bitmap) size in bytes
  5. A null-terminated Unicode string representing the file location padded to the nearest 4 bytes.

Phew! Needless to say, this level of detail is not necessary for part 1 of this post, however in crafting a truely dynamic programmatic approach to changing the uer tile, we will need this information.

Solution:

It should be possible to engineer an application that accepts a username and a bitmap file to use. However, for part 1, it is simpler to export the registry keys from a sample machine using either the reg.exe or the regedit.exe utility under the System context using PSExec.

When scripting this automation, we must be aware that the first time PSExec is run, a EULA must be accepted. To avoid this, the following registry file is imported (AcceptPSExecEULA.reg):

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Sysinternals\PsExec]
"EulaAccepted"=dword:00000001

The following script was created to accomplish the goal of changing the UserTiles:

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   Title:   User Tile Change Script
'   Author:  Micah Rowland (Xtreme Consulting)
'   Date:    07/14/2010
'   Desc:    This script is designed to programatically replace
'            a single local user's User Tile on Windows Vista
'            and above.
'   Prereq:  This script requires the use of PSExec available
'            from http://live.sysinternals.com/psexec.exe
'   Usage:   UserTile.vbs USERNAME USERTILEFILE
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
CONST FORREADING = 1
CONST FORWRITING = 2

set objShell = CreateObject("Wscript.Shell")
set objFSO = CreateObject("Scripting.FileSystemObject")
set objArgs = Wscript.Arguments
set objShell = CreateObject("Wscript.shell")
if CheckArgs() <> "" then
     Wscript.echo Checkargs() & vbcrlf
     wscript.echo "Arguments Invalid. Usage: ChangeUserPicture.vbs USERNAME UserTileFile"
     wscript.quit()
end if

strUsername = objArgs(0)
strUserTileFile = objArgs(1)
strUserIndex = GetUserIndex()
set objFile = objFSO.GetFile(strUserTileFile)
set objTS = objFile.OpenAsTextStream(1)
strUserTile = objTS.ReadAll
wscript.echo strUserTile
strRegFile = objShell.ExpandEnvironmentStrings("%temp%") & "\UserIndexes2.reg"
set objRegFile = objFSO.OpenTextFile(strRegFile, ForWriting, true)
contents = "Windows Registry Editor Version 5.00" & vbcrlf & vbcrlf & "[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\" & strUserIndex & "]" & vbcrlf & strUserTile
objRegFile.Write contents
objRegFile.Close

strImport = "PSEXEC -S -I reg import " & strRegFile
objShell.Run strImport

Function GetUserIndex

     ' This function exports the Names key of the SAM from the registry to determine a match between the user account provided
     ' and its hex ID for use in creating the new registry file for import. Because the .reg file is exported in Unicode format
     ' we use the type command to pipe it from stdout to a new text file.

     strUsername = objArgs(0)
     strUserTileFile = objArgs(1)
     objShell.run "cmd /c reg export HKLM\SAM\SAM\Domains\Account\Users\Names %temp%\UserIndexes.reg /y"
     wscript.sleep(500)
     objShell.run "CMD /C type %temp%\userindexes.reg > %temp%\userindexes.txt"
     wscript.sleep(500)
     set objFile = objFSO.GetFile(objShell.ExpandEnvironmentStrings("%temp%") & "\userindexes.txt")
     set objRegExport = objFile.OpenAsTextStream(FORREADING)
     curLine = objRegExport.ReadLine()
     do until instr(lcase(curLine), lcase(strUserName)) or objRegExport.atendofStream
          curLine = objRegExport.ReadLine
     loop
     if objRegExport.AtEndOfStream then
          wscript.echo "Username not found."
          wscript.quit()
     else
          curLine = ObjRegExport.ReadLine
          tmpGetUserIndex = mid(curLine, instr(curLine, "(") + 1, len(curline) - instr(curline, "(") - (len(curLine) - instr(curline, ")")+1))
          do until len(tmpGetUserIndex) = 8
               tmpGetUserIndex = "0" & tmpGetUserIndex
          loop
          GetUserIndex = tmpGetUserIndex
     end if
End Function

Function CheckArgs()
     ' This function makes sure that 2 arguments were provided and that the filename provided exists
     if objArgs.Count <> 2 then
          CheckArgs = "Exactly 2 arguments must be specified."
     elseif not objFSO.FileExists(objArgs(1)) then
          CheckArgs = "File not found."
     else
          CheckArgs = ""
     end if
 End Function

The script syntax is: SetUserTile.vbs USERNAME FILE

The file used by this script consists of only the UserTile value from a registry export of a preconfigured UserTile. This can be accomplished by setting a local user account’s picture, opening regedit using the psexec -s -i regedit.exe command, navigating to the SAM key mentioned above, determining the correct user account as detailed above, and exporting the key. Then remove all data in the .reg file except the “UserTile=hex:…” entry.

To leverage this script, a command-script file was created and added to the Software Installation task sequence.

reg import AcceptPSExecEULA.reg
cscript SetUserTile.vbs "USERNAME" DATAFILE.txt

I hope to have a commandline based program developed in the future to tackle this which will accept any sized bitmap image as it’s input as opposed to using a captured registry value. I hope you have enjoyed this post. If you have any questions feel free to ask!

Missing XML files when using USMT and ConfigMgr SP2 November 25, 2009

Posted by tmintner in System Center Configuration Manager, USMT, Windows 7.
Tags: , , ,
add a comment

So you just upgraded all of your ConfigMgr 2007 Site Servers to Sp2 and you think you are all ready to deploy Windows 7.  You integrate the latest MDT 2010 integration pieces and walk through the wizard to create your task sequence and create your new USMT 4.0 package.  You then decide to deploy Windows 7 to one of your existing Windows XP clients and it should migrate all of the user data and install the new OS…right?  Well after the installation starts it quickly finishes and doesn’t install Windows 7.  After looking through the smsts.log file, you will notice that the task sequence failed on the Capture User State Step with an error message that it cannot find miguser.xml.  Closer examination shows that it is looking for the XML file at the root of the package.  Looking at the contents of the USMT package, you will notice that the XML files are in the X86 folder or X64 folder.  Easy enough to fix, those MDT guys must have pointed the package to the wrong directory.  So you modify the package to point to the X86 folder and try it again.  Does it work?  NO!!  This time it fails because it cannot find scanstate.exe.  So what in the world is wrong?

Configuration Manager SP2 updates all of the executables that ConfigMgr uses for an OS Deployment.  One of the files that is used during a USMT migration is called OSDMigrateUserState.exe.  During an OS Deployment this file will be in one of two places.  For a New Computer deployment the file will be on Windows PE.  If you are doing a Refresh from an existing operating system the file will reside in the client’s local CCM directory.  If you just upgraded your site servers to SP2 the client machines won’t have the upgrade OSDMigrateUserState executable.  Prior to SP2, that executable had no knowledge of USMT 4 and the directory structure change of USMT.  So if you want to use USMT 4 in your ConfigMgr deployments you are going to need to upgrade all of your clients to ConfigMgr Sp2 as well!

This is just one example where mismatched SP1 and SP2 versions on your client machines will cause issues with Windows 7 deployments.  As a best practice always make sure you have SP2 fully deployed to all of your site systems AND all of your client computers before starting a Windows 7 deployment.

 

-Tim Mintner

Understanding USMT with MDT 2010 November 20, 2009

Posted by tmintner in MDT 2010, USMT, Windows 7.
Tags: , , , ,
16 comments

The User State Migration Tool (USMT) is an extremely powerful and essential piece of an Operating System Deployment.  With the release of the Windows AIK for Windows 7, USMT 4.0 was made available and includes many great new features such as hard-link migration (for more information on what’s new in USMT 4.0 see this article).  MDT 2010 integrates USMT directly into the task sequence for both Lite Touch Installations and Zero Touch Installations.  There have been several questions since MDT 2010 was released on how USMT works with MDT and how all of the pieces fit together. 

 

Lite Touch Installation

USMT 4.0

In order to user MDT 2010, you must install the Windows AIK for Windows 7.  The Windows AIK now includes USMT 4.0 as a feature of the AIK so there is no longer a separate download required for USMT.  When you create your Deployment Share inside of the Deployment Workbench, MDT will create a folder at the root of the deployment share called USMT and copy the USMT files into that folder. 

 

Refresh Scenario

A refresh scenario means that you are deploying an Operating System to a computer that already has an existing Operating System using a task sequence created with the Standard Client Task Sequence.  The process is started from within the current Operating System.  In a Refresh scenario, the disk is not formatted or partitioned so in most cases, the user data can be saved locally on disk saving time and network bandwidth.  During a Lite Touch Installation there are only two steps in the task sequence step that uses USMT.  The first step is called Capture User State and the second step is called Restore User State.  This step will run a script called ztiuserstate.wsf.  The actions that ztiuserstate will be performed are determined by the following factors:

  • The Operating System being deployed
  • The values provided in CustomSettings.ini for UserDataLocation and UDDIR and UDShare
  • The values provided in the Client Deployment Wizard used to start the Task Sequence

If ZTIUserState determines that you are deploying Windows XP it will not be able to use USMT 4.0 and will try to use USMT 3 for the user state migration (more on that later).  If you have specified that UserDataLocation = Network and you have also specified a UDDIR and UDShare in the customsettings.ini then USMT will migrate all of the files to a compressed file at the network location you specify.  Also if you provide a network location in the Client Deployment Wizard, USMT will migrate the user data to a compressed file at the network location you specify.  If UserDataLocation = AUTO and you are not deploying Windows XP, the ztiuserstate script will keep the data local in the MININT folder using hard-link migration.  There is no need to do an estimate because the hard-link migration process only requires 250 MB of space on the disk and if you didn’t have that much the process would fail in the validate step.

Replace Scenario

A Replace scenario is made up of two task sequences.  The first task sequence is based upon the Standard Client Replace template and the second task sequence is based on the Standard Client task sequence template.  The first task sequence is initiated from within the existing Operating System like in a Refresh scenario.  The USMT capture process in a Replace scenario works just like a Refresh scenario with one exception, in a Replace scenario the user data can not be stored locally so you must provide a network location to store the User Data.

The second task sequence is started by booting into the Lite Touch boot image and doing a New Computer deployment.  The Client Deployment Wizard will ask if you want to restore user state and where the user state is stored.  The Restore User State step in the task sequence would then use USMT to restore the user state to the computer being deployed.

 

USMT 3.01

So if USMT 4 has all these new cool features, why would you ever still want to use USMT 3?  Well USMT 4.0 cannot restore user data onto Windows XP.  Loadstate.exe from USMT 4.0 will not run on Windows XP.  So if you plan on migrating user data to Windows XP you will still need to use USMT 3.01.  To use USMT 3.01 you will need to download it from Microsoft.  The Deployment Workbench has direct links to both the 32 bit and 64 bit versions of USMT 3.01 in the Components section.  After downloading the installation files you will need to place those installations files in the Tools\X86 folder in your Deployment Share for 32 bit installs and Tools\X64 for 64 bit installs.

Refresh Scenario

In a Refresh scenario,the Lite Touch Installation process will be able to determine if the Operating System being deployed is Windows XP.  The same factors mentioned above are applicable for USMT 3.01.  If the Operating System is Windows XP, the ztiuserstate script will install USMT 3.01 on the computer and then do an estimate to determine how much user data is on the computer.  If the amount of user data is less than the amount of disk space needed then ztiuserstate will store the user data on the local disk in the MININT folder.  If there is not enough space then the user data will be stored in the UDSHARE and UDDIR locations.

Replace Scenario

A Replace scenario is a little trickier.  The Lite Touch Installation process won’t be able to automatically determine what Operating System you are going to be deploying because the Operating System is going to be deployed with a separate task sequence potentially even on a different computer.  In a Replace scenario ztiuserstate will use USMT 4.0 by default, however there is one problem with that.  User Data backed up with USMT 4 cannot be restored with USMT 3 and USMT 4 cannot be run on Windows XP!  So if you are replacing a Windows XP computer with another Windows XP computer, how can you make sure that USMT 3.01 is used?  To handle that scenario, MDT has a variable called USMT3.  To force the Replace scenario to use USMT 3 you would enter the following into your customsettings.ini:

USMT3 = YES

 

Zero Touch Installation (ConfigMgr/SCCM)

The USMT process with ZTI is slightly different than the process with Lite Touch.  The steps in a ZTI task sequence look like the following for capturing User State:

image

The MDT integrated task sequence uses the built in actions for Request State Store, Capture User State, Release State Store, and Restore User State.  The Ztiuserstate.wsf script is only used in one step: Determine Local or Remote User State. 

With ZTI, the version of USMT that is used is solely dependent on the USMT package that is associated with the Determine Local or Remote User State, Capture User State, and Restore User State steps in the task sequence.  You will need to create a package that contains the files for either USMT 3.01 or USMT 4.0.  Thankfully when you walk through the wizard to create the MDT task sequence in Configuration Manager, the MDT provided wizard will create the USMT 4.0 package for you automatically.  If you want to create a USMT 3.01 package you will need to download and install USMT 3.01 on a client computer and use the installation folder in the Program Files folder as the source directory for your package.

USMT 4.0

The version of USMT that you are using for your USMT package will determine what actions the Determine Local or Remote User State will perform.  If you are using USMT 4.0 then the Determine Local or Remote User State will set the variable needed to do a hard-link migration and also set a variable called USMTLOCAL =TRUE.  The Request State Store and Release State Store steps in the task sequence have a condition on them so that they will only run if USMTLOCAL is not true.  That means if you are using USMT 4, the user state will always be local and the State Migration Point will never be used.  If you would like to use the State Migration Point instead of using hard-link migration then just disable the Determine Local or Remote UserState step in the task sequence

USMT 3.01

If you are using USMT 3.01 then the Determine Local or Remote User State step will perform a USMT Estimate to determine if there is enough space locally on the disk to store the user data.  If there is enough space locally the variable USMTLOCAL is set to TRUE.  Again the Request and Release State Store steps are conditional on this variable so if there is not enough room locally the State Migration Point will be used

 

Summary

Whew..that is a lot of information.  As you can see, MDT tries to cover all of the scenarios with USMT whether you are using USMT 4.0 or still deploying Windows XP and need USMT 3.01.  Enjoy and happy deploying!

 

-Tim Mintner