Endpoint Services, MECM, USMT (User State Migration Tool)
OverviewThis document describes the requirements for and implementation of USMT in MECM.
Microsoft Endpoint Configuration Manager (MECM)
University of Illinois IT Pros leveraging MECM, hosted by Technology Services' Endpoint Service team
- General Information
- Provisioning A State Migration Point Site System
- Creating Computer Associations
- USMT In Task Sequences
- Data Retention
- Captured Information
The User State Migration Tool (USMT), in conjunction with a State Migration Point-enabled site system, allows IT Pros to capture, migrate, and restore user data between endpoints via MECM.
Provisioning A State Migration Point Site System
In order to leverage USMT, a State Migration Point role must be installed and configured on a site system assigned to a unit. Such a system must be running a minimum of Windows Server 2012, and should have enough storage to accommodate the anticipated volume of user profiles to be captured. In addition, the Primary Site computer account for your campus must be a member of the Administrators group on the server.
This role can be installed on a site server alongside the Distribution Point role if desired.
Please submit a provisioning request, along with the FQDN of the site server, to https://go.illinois.edu/epshelp, to configure a State Migration Point for your unit.
Creating Computer Associations
In order to leverage USMT, an association must be created between the source and destination endpoints within MECM. If USMT capture is run on an unassociated endpoint, then that endpoint will be considered the destination as well as the source, and defined as "in-place". Associations, their properties, and their migration status can be tracked in the console.
To create a computer association:
- In the console, under "\Assets and Compliance\Overview\User State Migration\(YOUR UNIT)", click "Create Computer Association".
- Under the "Computer Association" tab, search for a source and destination via either computer or user name.
- Under the "User Accounts" tab, define the migration behavior by one of three criteria.
- Capture all user accounts and restore specified accounts
- Capture and restore specified computer accounts
Associations may also be created when importing a new computer into MECM, in the "Source computer:" field of the wizard. These, and those automatically created by in-place associations, will appear at the root level of "\Assets and Compliance\Overview\User State Migration\", and should be moved into your unit folder as soon as possible.
USMT In Task Sequences
In the console, under "\Software Library\Overview\Operating Systems\Task Sequences\.DEMO DAYS", there are two sample task sequences: "DEMO DAYS-USMT Capture" and "DEMO DAYS-USMT Restore". They may be copied and deployed independently, or their contents copied and incorporated into other task sequences, depending on the desired outcome. Remember that a USMT Capture run on an endpoint without a computer association will treat that endpoint as the target, as well as the source, and will capture all user accounts.
An endpoint running USMT via task sequence must do so from within Windows (not PXE) with all applications closed, and will search for any available State Migration Point within its boundary.
See this article for more information regarding the process.
Captured USMT data is encrypted and stored on the State Migration Point as a .mig file. This data can be later restored to an associated target machine via task sequence, or accessed manually with an encryption key. The path to this data, as well as the encryption key, can be accessed by right-clicking the object under "\Assets and Compliance\Overview\User State Migration\(YOUR UNIT)", and selecting "View Recovery Information".
Steps on how to manually recover data from .mig files can be found here.
By default, a State Migration Point will hold captured data from up to 100 endpoints (storage permitting), and captured data will be deleted 1 day following a successful restore. This grace period may be extended via request.
Since USMT is sensitive to file locks during the capture process, the following files are excluded.
- *.ost files
- *.nst files
- C:\ProgramData\Microsoft\Windows Defender
Additional sources for more information
- Manage user state in Configuration Manager - https://learn.microsoft.com/en-us/mem/configmgr/osd/get-started/manage-user-state
- Create a task sequence to capture and restore user state in Configuration Manager - https://learn.microsoft.com/en-us/mem/configmgr/osd/deploy-use/create-a-task-sequence-to-capture-and-restore-user-state