Deploy RSAT for Windows 10 1809 using SCCM

Starting Windows 10 1809 Remote Server Administration Tools (RSAT) is now included as a set of “Features on Demand”. In the following post we will show you how to deploy individual features with SCCM.

The RSAT tools are added using the “Add-WindowsCapability” cmdlet https://docs.microsoft.com/en-us/powershell/module/dism/add-windowscapability?view=win10-ps
Because we are deploying each feature with an appliction, we are going to use two parameters with the above cmdlet:-

1 . Online (Specifies we are adding the feature to the current Windows image
2 . Source (We need to specify the CCMCache as a source)

The challenge

The Features On Demand Pack is massive, 4.7GB. You can download it from the VLSC. You only need “Disk 1” for the RSAT features. Choose the correct version for the OS you are deploying the tools to.

After you have downloaded the ISO, extract the contents to a folder. If we used this as the source for our deployment, 4.7GB of content would make its way to the client. This will present lots of interesting challenges.

In the following steps, we will extract only the required files from the FOD pack for each RSAT feature. We will use the “DHCP” feature (language en-gb) for our example.

You will need the following:-

1. The whole “metadata” folder
2. FoDMetadata_Client.Cab
3. Microsoft-Windows-DHCP-Tools-FoD-Package31bf3856ad364e35amd64~~.Cab
4. Microsoft-Windows-DHCP-Tools-FoD-Package31bf3856ad364e35amd64en-GB.Cab
5. Microsoft-Windows-DHCP-Tools-FoD-Package31bf3856ad364e35amd64en-US.Cab

You will need items 1 and 2 for every FOD application you build. Item 3 and 4 will be specific to the tool and the language of the OS.

Item 5 seemed to be a pre-requisite too, my assumption is the FOD media language cab has to be present when installing other languages.

Access to the Internet

When you use the “Add-WindowsCapability” cmdlet, if you do not specify a Source, the default location set by Group Policy is used. If that fails, Windows Update is also used for online images.

In this post, we will specify the Source as CCMCache using some PowerShell.

Scripts

As already mentioned, we will use the “Add-WindowsCapability” cmdlet to install the RSAT Feature. We will also use the “Remove-WindowsCapability” cmdlet for uninstalling the Feature and the “Get-WindowsCapability” cmdlet for the application detection method.

Add-WindowsCapability_DHCP.ps1

#Specify Source as current script directory
$ScriptRoot = Split-Path -Path $MyInvocation.MyCommand.Path
Add-WindowsCapability -Name "Rsat.DHCP.Tools~~~~0.0.1.0" -Online -Source: $ScriptRoot

Remove-WindowsCapability_DHCP.ps1

Remove-WindowsCapability -Name "Rsat.DHCP.Tools~~~~0.0.1.0" -Online

Get-WindowsCapability_DHCP.ps1

If (Get-WindowsCapability -Name "Rsat.DHCP.Tools~~~~0.0.1.0" -Online | Where {$_.State -eq "Installed"})
{ 
write-Output "Installed"
}

Putting it all together

Our source directory (Content Location) for the DHCP RSAT Feature should now contain:-

1. metadata (folder from the extracted ISO)
2. FoDMetadata_Client.cab
3. Microsoft-Windows-DHCP-Tools-FoD-Package31bf3856ad364e35amd64~~.cab
4. Microsoft-Windows-DHCP-Tools-FoD-Package31bf3856ad364e35amd64en-GB.cab
5. Microsoft-Windows-DHCP-Tools-FoD-Package31bf3856ad364e35amd64en-US.cab
6. Add-WindowsCapability_DHCP.ps1
7. Get-WindowsCapability_DHCP.ps1
8. Remove-WindowsCapability_DHCP.ps1

1 . Create a new Application. Choose “Manually specify the application information” and click “Next”

2 . Enter a name for the application (and any other information you need) and click “Next”

3 . Enter a “Localized application name” (and any other information you need - including a nice icon!) and click “Next”

4 . To configure a “Deployment Type”, click “Add”

5 . Choose Type “Script Installer” and click “Next”

6 . Choose a Deployment Type Name and click “Next”

7 . Set the following information and click “Next”

Content Location = \\server\packages\Microsoft FOD\1809 - DHCP

*Installation Program = Powershell.exe -ExecutionPolicy Bypass -File “Add-WindowsCapability_DHCP.ps1”

*Uninstall Program = Powershell.exe -ExecutionPolicy Bypass -File “Remove-WindowsCapability_DHCP.ps1”

*Assumes you are not already bypassing the client execution policy

8 . Choose to use a Custom Script for application detection and click “Edit”

9 . In the Script Editor dialogue, choose Script Type “PowerShell” and click “Open”

10 . Browse to “Get-WindowsCapability_DHCP.ps1” and click “Open” and then “Ok”

11 . Click “Next” to complete the Application Detection method

12 . I like to specify an “Installation Requirement” to ensure the OS is Windows 10 1809. For this we can query the OS build to ensure it is “17763”. Click “Add”

13 . Click “Create”

14 . Enter the following information and click “Ok”

Name: Windows 10 Build Number
Description: Windows 10 Build Number
Condition Type: Setting
Setting Type: Registry Value
Hive Name: HKEY_LOCAL_MACHINE
Key Name: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Value Name: CurrentBuild

15 . Choose the Global Condition that we just created and in the value field type “17763”. Click “Ok”

16 . Click “Next” to proceed to Software Dependencies

17 . Click “Next” to read the Application Summary

18 . Click “Next” to create the Deployment and click “Close”

19 . The Deployment Type has been created, click “Next”

20 . Click “Next” to confirm the Application Settings

21 . Click “Close” to complete the wizard

Rinse and Repeat

We can follow the same steps to create Applications for DNS, DSLD, FS, GPO and RDS RSAT Features. I have created an application for each RSAT Feature because each will use a different Detection Method.

To help duplicating and modifying your installation, removal and detection scripts, the Windows-Capability Name for the other RSAT tools are:-

Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0
Rsat.CertificateServices.Tools~~~~0.0.1.0
Rsat.DHCP.Tools0.0.1.0
Rsat.Dns.Tools~~~~0.0.1.0
Rsat.FailoverCluster.Management.Tools~~~~0.0.1.0
Rsat.FileServices.Tools~~~~0.0.1.0
Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0
Rsat.IPAM.Client.Tools~~~~0.0.1.0
Rsat.LLDP.Tools~~~~0.0.1.0
Rsat.NetworkController.Tools~~~~0.0.1.0
Rsat.NetworkLoadBalancing.Tools~~~~0.0.1.0 Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0 Rsat.RemoteDesktop.Services.Tools~~~~0.0.1.0
Rsat.ServerManager.Tools~~~~0.0.1.0
Rsat.Shielded.VM.Tools~~~~0.0.1.0 Rsat.StorageMigrationService.Management.Tools~~~~0.0.1.0 Rsat.StorageReplica.Tools~~~~0.0.1.0
Rsat.SystemInsights.Management.Tools~~~~0.0.1.0 Rsat.VolumeActivation.Tools~~~~0.0.1.0
Rsat.WSUS.Tools~~~~0.0.1.0

Deployment

The (Add/Remove/Get)-Windows-Capability cmdlets require elevation. Consider this when deploying to Devices or Users.

With this in mind, you need to ensure that you have chosen to “Install as System” on the User Experience tab of the Deployment Type we created earlier.

Once deployed as “Available”, and after the client has run a Machine/User Policy Refresh, the application appears in Software Center.

Our Application Detection method has worked if we peek in appdiscovery.log on the client

Lets install the new Application

Appenforce.log on the client gives more information on the installation

The application should be available from the Start Menu after installation

Summary

Some points to remember:-

1. The EN-US cab files for each feature must also be present in your source directory for each Application you create
2. The Application must be deployed to “Install as System” because the *-WindowsCapability cmdlets require elevation

Happy Feature deploying :)