Author Archives: Jeff

Office 365/Exchange Online Permissions GUI Version 2

A while ago I wrote a little Powershell GUI for changing Office 365 calendar and mailbox permissions. I have since updated it to this latest version. The code is below or you can download the script here. It’s a pretty rough GUI and I think I still have a bug in some error message dialogs I need to work out but it’s been functional for our uses as of now. You can right-click the .ps1 file and select “Run with Powershell”.


MDT 2013 Part 3

Welcome to part 3 of installing, configuring, deploying, and capturing images with MDT. In Part 2 we deployed a base Windows image, configured it, and captured it for redeploying to new PCs. In this part, we will import our newly captured reference image, set up driver folders for our hardware, and create a new task sequence to deploy our reference image to a new PC.


Importing our new reference image

Continuing on from Part 2, after you’ve successfully captured your reference image, it should now be located in the Captures folder inside your deployment share.









We need to import this into MDT. Open the Deployment Workbench, right-click on Operating Systems, and select Import Operating System.










We’re going to select “Custom image file” this time. Click Next.









Click Browse and navigate to your captured .wim file. For these images, I always select “Move the files to the deployment share instead of copying them.” to save disk space as they are typically around 4GB or larger.









Setup files are not needed.









To keep things straight, I always leave the directory name the same as the .wim file image name.









Review the Summary and click Next.


















Setting up driver folders for our hardware

Now, before we create a new task sequence, we will want to set up driver folders for the hardware you will be deploying to. We first need to know what machine model WMI sees. To get this information, you’ll need a working model of one of these machines that has an OS on it. Open a command prompt and type in wmic computersystem get model. The model name that is returned is what your folder will be called. Under the Out-of-Box Drivers folder in MDT, create a new folder containing your operating system name. Below that, another folder with the architecture you’re deploying to, and then finally a folder under that containing the machine model name. It should look like this: Out-of-Box Drivers > Windows 10 > x64 > Latitude 6430U.









Now right-click on your model folder and select Import Drivers.










I’ve already downloaded a Windows 10 driver .CAB file from Dell that I’ve extracted to a folder using 7zip so I Browse to that folder and click Next.









Review the Summary and click Next.









You’ll sometimes see warnings about drivers not supporting a particular platform. You can ignore these.









You’ll now see a bunch of drivers in your machine model folder.









Creating a new task sequence to deploy our reference image

We now need to create a new task sequence and then tell our task sequence to inject these model specific drivers. So, right-click on Task Sequences and select “New Task Sequence”.










Because I want to differentiate this from our base Windows install Task Sequence, I’ll give this one the ID of “CU001” and name it “Deploy Windows 10 Custom Image”. And click Next.









Select Standard Client Task Sequence and click Next.









Now you’ll select your custom image you imported earlier and click Next.









On the next screen you can enter a product key, like your VLK MAK key, otherwise, select the default option to “Do not specify a product key at this time.” Click Next.









Enter some default user info. Click Next.









Enter in what you want for a local admin password on your soon-to-be imaged PC. Click Next.









Review the Summary, click Next, and then Finish.

















Setting up the Task Sequence

Now that you have a new task sequence created, we need to generate a catalog file for the OS and tell the task sequence to use the machine-specific drivers. Double-click your new task sequence to open it, and click on the Task Sequence Tab.










This lists all of the stages and steps the task sequence takes to apply an image to the new PC. There’s plenty you can do in here but we won’t get into that right now. For now, we need to expand the Preinstall section. Click On whatever step is right above Inject Drivers, then click on Add at the top of the columns, hover over General, then select “Set Task Sequence Variable”.










For the name, you can use something like “Set Drivers Path”, “Set Driver Group”, etc. Then in the “Task Sequence Variable” field, type in DriverGroup001 and the value needs to be the folder path to your drivers from the Out-of-Box Drivers section in MDT. In my case it looks like this, Windows 10\x64\%Model%. The %Model% is a variable that MDT populates using WMI depending on the machine model you’re deploying to.










Next click on the Inject Drivers step. In the “Choose a selection profile” dropdown, change it to “Nothing”. Click Apply.










Now we need to generate the catalog file for the operating system. This will generate the Unattend.xml file that the task sequence uses during deployment. Click on the “OS Info” button in the task sequence Properties box. Clicking on the “Edit Unattend.xml” button will start generating the catalog file. This can take a few to several minutes.









Once done, you’ll be greeted by the Windows System Image Manager. This is basically a GUI for generating a proper Unattend.xml file.









The first thing we’ll do is expand the Specialize phase, and click on the Shell Setup grouping (specifically amd64_Microsoft-Windows-Shell-Setup_neutral). In here, put your correct time zone, a product key if needed, and set the CopyProfile option to True. CopyProfile=True will copy all of your customizations from the administrator profile you configured in your reference image before you sysprepped it.








The last thing you’ll want to do in here is validate the answer file. You do this by clicking the orange check mark in the tool bar. When you do this, any errors will show up in the Messages window at the bottom of the window. For whatever reason, there are options set by default by MDT that fail validation. You will see a description of the error and scrolling to the right in the window will give you the path to the setting. You can either revert or delete the settings that are causing validation to fail. Once deleted, check validation again until you see no more errors. Then click the Save button in the toolbar. Then close the window.






You can now close the task sequence Properties window.

We need to add a section into our MDT Rules for our new task sequence. So again, right-click your deployment share in MDT and click Properties. Then click the Rules tab. Since we already have some settings we like listed under ID 001, we’ll copy those and create a new section under that with the ID from our new task sequence. In my case it is CU001.










Creating a bootable USB for LiteTouchPE

We finally have our custom image imported, our drivers set up, and a new task sequence configured. Now we can deploy our reference image to some actual hardware. You’ll need a LiteTouch PE boot image either on USB or a LiteTouch PE boot image imported into Windows Deployment Services. We’ll discuss the USB drive option here. First, open Windows Explorer, navigate to C:\DeploymentShare\Boot. Right-click the LiteTouchPE_x64.iso file and extract it to a folder with 7zip. Plug in your USB thumb drive. Open a command prompt and type in diskpart. DiskPart is what we’ll use to format the USB drive as sometimes you don’t always get the Fat32 format option in Windows Explorer. We first need to find our USB drive so type in list disk and hit Enter. Find your USB drive in the list and then type in select disk 6 (or whatever number your USB drive is. Mine is number 6). The next command will wipe the drive of all partitions and data so PLEASE make sure you have selected the correct disk first! Once you’re sure you have the correct disk selected, type in the following, hitting Enter after each line:


create part pri

format quick fs=fat32 label=”LiteTouchPE”


This formats the drive as FAT32 and labels it as LiteTouchPE. You should now see it in Windows Explorer. Type exit to close out of diskpart.

Since you have already extracted the contents of your LiteTouchPE_x64.iso to a folder, you can copy all of the contents of that folder to your USB drive. Once it’s done copying, you can eject the USB drive and plug it into your PC to be imaged.

Deploying your custom image

You now need to boot to the USB drive. Once booted, you should see the MDT Deployment Wizard open up.

Select your new deployment task sequence and click Next.







You can change the name here as all other information should already be prepopulated from the Rules section in MDT.







We’re not moving user data and settings nor are we restoring it so you can click next through those pages.













You can now click Begin.







You can see it injecting our drivers here.







And finally, you should be greeted with a “Completed successfully” screen. And as you can see, by setting CopyProfile=True in the Unattend.xml, it copied over the customizations I made to the desktop icons and task bar.








As you can see, once MDT is configured, it’s very easy to deploy an image to just about any machine model using a single reference image. There is tons more that can be accomplished with MDT which I may include in a future guide but for now, I hope this helps you get started. If you have any comments, questions, or suggestions, feel free to drop those in the comments below.


MDT 2013 Part 2

Welcome to part 2 of installing, configuring, deploying, and capturing images with MDT. In Part 1 we walked step-by-step through installing the ADK, MDT 2013 and getting MDT ready to deploy our first image. This will be another long, drawn out post so please, bare with me.

Now that you have MDT configured, we need to first create a reference image. This guide will show you how you can create a single reference image that gets deployed to all of your PCs regardless of the model. To do this, we need to have Hyper-V manager installed. Creating a reference image in Hyper-V makes updating the image in the future much easier than using a dedicated PC because you will have activation re-arm issues if you sysprep too many times. You can simply revert to a snapshot that was done before sysprepping/capturing, update the image, snapshot it again, and then sysprep/capture it again. We will create a basic Hyper-V virtual machine that we can deploy our base operating system to, configure it, snapshot it, sysprep it, and then capture it back into MDT. We’ll then import it as a custom Windows Image file and create a new task sequence for deploying this “golden” image to a standalone PC.

Installing Hyper-V and booting into LiteTouchPE

First things first, we need to install Hyper-V manager on your Host PC. If you’re using Windows 7 on your host PC, here’s a quick little guide on installing Hyper-V manager. For Server 2008 R2/Server 2012 R2, this guide should be almost the same for both. Once you get Hyper-V installed, you can create a generic virtual machine with minimal specs (1GB RAM, 20-40GB Hard drive space, etc). After you’ve selected memory size, hard drive size and location, select the option to “Install an operating system from a bootable CD/DVD-ROM.” Select “Image file” and point it to your LiteTouchPE_x64.iso in “C:\DeploymentShare\Boot”. Now once you start your virtual machine, it will boot into LiteTouchPE.


Applying a base operating system image

Once LiteTouchPE boots, you’ll greeted with the Deployment Wizard.









For your reference image, you should avoid joining it to your domain. Instead pick a Workgroup name for now and click Next









Then click Begin.









It will begin by formatting the drive, injecting drivers, and then finally copying the image.
























It will eventually boot into the OS and continue.















Eventually, it should present you with a “Completed successfully” screen.








Customizing your reference image

From here, there is a lot you can do to configure your reference image. For this guide, I will only make a couple small changes. I’ll remove some pinned apps from the Windows 10 Start menu, add the “This PC” icon to the desktop, and change the search box to an icon on the taskbar.










Once you’ve made your changes, I usually restart once for good measure. Once restarted we are going to take a snapshot in Hyper-V before moving onto the sysprep and capture phase. This way in a month or so, we can revert to this snapshot, run the latest Windows updates, then create a new snapshot, and sysprep and capture again.

In the Hyper-V Manager window, go up to Action and click on “Checkpoint…”, for the name I usually do “today’s date-Pre-Sysprep” (ie. 040816-PreSysprep) and then click Yes to rename it.


Creating a sysprep and capture task sequence

Before we can capture an image, we have to create a Sysprep and Capture Task Sequence in MDT. Back at your Host PC, open the Deployment Workbench again, right-click on Task Sequences and select “New Task Sequence”. For the ID, I put in CAP001 and named it “Capture Windows 10 Pro”. Click Next.









From the dropdown, select “Sysprep and Capture”. Click Next.









Pick your operating system. Click Next









Just like before, you can enter a Product Key, but for now I’ll not enter one.









These settings mean very little so enter what you want here.









Again, the admin password means little here so enter what you want or don’t specify one at this time. Click Next and then Finish.









We now have a Sysprep and Capture task sequence ready to use.

You’ll need to add the below section into your deployment share Rules.  Right-click on your deployment share and select Properties. Then click the Rules tab.










Sysprepping and capturing your reference image

Now back to your reference image VM, open Windows Explorer and in the address bar, type in the path to your deployment share. In my case, the path is \\MDTAdmin-PC\DeploymentShare$










Open the Scripts folder, and then double-click on the “BDDAutorun.wsf” file.








You’ll see the same Deployment Wizard screen again, but this time you’ll see your Sysprep and Capture task sequence. Select your Capture task sequence and click Next.








You’ll now have the option to Sysprep and Capture your reference image and copy it to the deployment share. The location is already populated because we specified it in the Rules section in MDT. I recommend giving it a name that is somewhat descriptive so you’ll know what you’re working with once you’re back at your Host PC. So something like “Win10-041116.wim”. Then click Next. And then click Begin. Once you click Begin, don’t touch it. Just let it run through the process, otherwise, you will need to revert to your snapshot if things go badly.








The task sequence will then run Sysprep and prepare the image to boot into LiteTouchPE to capture the image back to the deployment share.
































This process can take some time depending on how fast your hardware and network is. Once that’s done, and we click Finish, the VM will shut down since that is what we put in for our “FinishAction” in the Rules section in MDT for that particular task sequence. We’re basically done with our Reference Image VM now. In the future, when it’s time to update your image, just revert to the snapshot you took in Hyper-V and turn on the VM. Update it, then run the BDD_Autorun.wsf wizard again to capture your new image.

This will conclude Part 2  of this series. Part 3 will focus on importing our newly captured reference image, setting up driver folders, and creating a new task sequence to deploy our reference image.

Part 3 —>


MDT 2013 Part 1

I’ve always been hard-pressed to find a guide that includes everything from installing and configuring MDT to actually creating a reference image, capturing it, setting up drivers, and then deploying your reference image. So today, I am going to start a guide that will walk you through this entire process. Please bare with it as it will be a long guide and I’ll try to be as thorough as possible. The best part about using MDT for capturing and deploying images, other than the fact that it’s free (not including the cost of a server license if you need PXE boot functionality), is it’s versatility. You can have a single reference image that can be deployed to multiple machine models and types. It just takes some setting up which we’ll get to starting now.

The first thing you’ll need is a host machine. I’ll focus on using a PC with minimum hardware specs to get you started. You can use really any PC desktop with 4 core or dual core processor with Hyper-Threading, 4GB RAM, and 500 GB hard drive space. The operating system does not have to be a server OS but if you only run it on Windows 7, 8.1, or 10, you will not have the ability to boot your PCs using PXE. Not a huge deal as you can still boot them using a LiteTouch image (more on this later) on a USB drive, it’s just more hassle.


Installing the Windows ADK

Once you have your Host PC with an OS installed, you’ll need to install the Windows Assessment and Deployment Kit or Windows ADK. This link is for the Windows 10 1511 ADK but depending on when you read this, it may be best to just use your Google Fu to find the latest version. The Windows ADK is what installs all of the tools needed for deploying images such as Windows PE, User State Migration Tool, Windows System Image Manager, and DISM.








When you run adksetup.exe, you will get the option to either Install the ADK or download it. You can download it to save it to a network share for later but in this case, I’ll just install it.







After you opt out of the CEIP and accept the EULA , you really only need 3 options selected. Deployment Tools, Windows Preinstallation Environment (Windows PE), and User State Migration Tool (USMT). This may take some time depending on your internet connection as it downloads all of the necessary components.








Installing MDT 2013

Once the deployment tools are installed, you’ll need to install the Microsoft Deployment Toolkit. The latest version at the time of this writing is MDT 2013 Update 2. You can find it here. Again, Google Fu will get you the latest version if needed. I’m assuming you are using a 64 bit installation of Windows so you really only need the “MicrosoftDeploymentToolkit2013_x64.msi” file. Once downloaded, run it and it is safe to just select all of the defaults through the install.








Creating a deployment share

Once installed, Go into your Start Menu and open Deployment Workbench.







In the left hand column, right-click on “Deployment Shares” and select “New Deployment Share”.











For the path, you can really put it anywhere with enough storage to hold some operating system ISOs and captured images. For now, we’ll leave the default at “C:\DeploymentShare”, click next and give the share a name.









We’ll leave the default share name as “C:\DeploymentShare$”.









Click next and give it a description. You can leave it at the default.









Clicking next will give you a few default options for your task sequences. You can un-check them all for now if you like. Click next to review the Summary and then click Next again to create the Deployment Share. Finally click Finish.









NOTE: You are going to need a service account for all of your MDT functions. I personally use a dedicated domain admin account for this. You can probably use an alternate role here but this account will need administrative rights to the Host PC as well as any network shares you plan to install applications from. It will also need the ability to join PCs to your domain.

Back in the Deployment Workbench, right-click on your newly created deployment share and click Properties.










Click on the Rules tab, click on Edit Bootstrap.ini and add the following under the DeployRoot parameter:









These are the credentials that Windows PE will use when connecting to the deployment share. After editing, Save and close Notepad.

In the text box of the Rules Tab, change everything so it looks like the below.