I’ve always been hard-pressed to find a guide that includes everything from installing and configuring MDT to actually creating a reference image, capturing it, setting up drivers, and then deploying your reference image. So today, I am going to start a guide that will walk you through this entire process. Please bare with it as it will be a long guide and I’ll try to be as thorough as possible. The best part about using MDT for capturing and deploying images, other than the fact that it’s free (not including the cost of a server license if you need PXE boot functionality), is it’s versatility. You can have a single reference image that can be deployed to multiple machine models and types. It just takes some setting up which we’ll get to starting now.
The first thing you’ll need is a host machine. I’ll focus on using a PC with minimum hardware specs to get you started. You can use really any PC desktop with 4 core or dual core processor with Hyper-Threading, 4GB RAM, and 500 GB hard drive space. The operating system does not have to be a server OS but if you only run it on Windows 7, 8.1, or 10, you will not have the ability to boot your PCs using PXE. Not a huge deal as you can still boot them using a LiteTouch image (more on this later) on a USB drive, it’s just more hassle.
Installing the Windows ADK
Once you have your Host PC with an OS installed, you’ll need to install the Windows Assessment and Deployment Kit or Windows ADK. This link is for the Windows 10 1511 ADK but depending on when you read this, it may be best to just use your Google Fu to find the latest version. The Windows ADK is what installs all of the tools needed for deploying images such as Windows PE, User State Migration Tool, Windows System Image Manager, and DISM.
When you run adksetup.exe, you will get the option to either Install the ADK or download it. You can download it to save it to a network share for later but in this case, I’ll just install it.
After you opt out of the CEIP and accept the EULA , you really only need 3 options selected. Deployment Tools, Windows Preinstallation Environment (Windows PE), and User State Migration Tool (USMT). This may take some time depending on your internet connection as it downloads all of the necessary components.
Installing MDT 2013
Once the deployment tools are installed, you’ll need to install the Microsoft Deployment Toolkit. The latest version at the time of this writing is MDT 2013 Update 2. You can find it here. Again, Google Fu will get you the latest version if needed. I’m assuming you are using a 64 bit installation of Windows so you really only need the “MicrosoftDeploymentToolkit2013_x64.msi” file. Once downloaded, run it and it is safe to just select all of the defaults through the install.
Creating a deployment share
Once installed, Go into your Start Menu and open Deployment Workbench.
In the left hand column, right-click on “Deployment Shares” and select “New Deployment Share”.
For the path, you can really put it anywhere with enough storage to hold some operating system ISOs and captured images. For now, we’ll leave the default at “C:\DeploymentShare”, click next and give the share a name.
We’ll leave the default share name as “C:\DeploymentShare$”.
Click next and give it a description. You can leave it at the default.
Clicking next will give you a few default options for your task sequences. You can un-check them all for now if you like. Click next to review the Summary and then click Next again to create the Deployment Share. Finally click Finish.
NOTE: You are going to need a service account for all of your MDT functions. I personally use a dedicated domain admin account for this. You can probably use an alternate role here but this account will need administrative rights to the Host PC as well as any network shares you plan to install applications from. It will also need the ability to join PCs to your domain.
Back in the Deployment Workbench, right-click on your newly created deployment share and click Properties.
Click on the Rules tab, click on Edit Bootstrap.ini and add the following under the DeployRoot parameter:
1 2 3 4 |
UserDomain=DOMAIN UserID=MDTAdmin UserPassword=Password SkipBDDWelcome=YES |
These are the credentials that Windows PE will use when connecting to the deployment share. After editing, Save and close Notepad.
In the text box of the Rules Tab, change everything so it looks like the below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[Settings] Priority=TaskSequenceID, Default Properties=MyCustomProperty [Default] SkipAdminPassword=YES SkipProductKey=YES SkipBitLocker=YES SkipLocaleSelection=YES KeyboardLocale=en-US UILanguage=en-US UserLocale=en-US SkipTimeZone=YES TimeZoneName=Mountain Standard Time [001] JoinDomain=DOMAIN MachineObjectOU=OU=Staged Computers,DC=DOMAIN,DC=local DomainAdmin=MDTAdmin DomainAdminPassword=Password DomainAdminDomain=DOMAIN |
NOTE: For MachineObjectOU above, I created an OU in my Active Directory for putting new machines during imaging. I have a basic subset of GPOs on this OU for my own functions. You can use the default Computers OU if you like.
Patching the DeployWiz_SelectTS.vbs file
Under the Settings section, you’ll notice we changed “Priority=Default” to “Priority=TaskSequenceID, Default” because we are going to replace one of our deployment scripts with a custom one so we can use different settings for different task sequences. Putting “TaskSequenceID first means that section’s settings will take priority over the default settings. In order to make this work, we need to patch the “DeployWiz_SelectTS.vbs” script located in “C:\DeploymentShare\Scripts”. Copy that file to your desktop and rename it to something like “DeployWiz_SelectTS-Backup.vbs”. Now open the original file in a text editor. Notepad++ will make this much easier.
After the line that says “Dim oTaskOsUpgrade” add the following:
1 2 |
Dim sCmd Set oShell = createObject("Wscript.shell") |
Now scroll to the very bottom and just before “End Function” type the following:
1 2 |
sCmd = "wscript.exe """ & oUtility.ScriptDir & "\ZTIGather.wsf""" oItem = oShell.Run(sCmd, , true) |
You can now save and close this file. Here’s an already patched version for MDT 2013 Update 2 if you don’t feel comfortable editing yours.
NOTE: Thanks to Javier Llorente for the below contribution which is very helpful for Build 8443:
Regarding the patch in the DeployWiz_SelectTS.vbs script, for MDT build 8443 you will have to add an extra line; in “Function ValidateTSList”, after the line that says “Dim oTS” add the following:
1 2 3 |
Dim sCmd Dim oItem Set oShell = createObject("Wscript.shell") |
The two lines at the bottom are as in MDT 2013 Update 2.
Kudos on this workaround goes to Ward Vissers in “MDT Build 8443 Automatically move computers to the right OU” http://www.wardvissers.nl/2016/12/29/mdt-build-8443-automatically-move-computers-to-the-right-ou/
Importing our base Operating System disc
We now need to import our first operating system disc. I’m going to use a Windows 10 ISO that’s been extracted using 7zip.
You’ll select the default option “Full set of source files” and click Next.
For Source Directory, click on Browse and select the folder where you’ve extracted your Windows ISO.
The default option will copy the files to the deployment share. Otherwise, you can check the box to move them instead. Click next and you can either leave the default or rename the folder it will create in the deployment share for your operating system. Otherwise, click Next, Next, and then Finish.
Depending on the operating system disc you import, you may end up with 2 operating systems listed. In my case, I have Windows 10 Home and Pro. To keep things clean, I’m going to delete the Home image.
Creating a task sequence for our base operating system
We’re finally ready to create our Task Sequence. In the Workbench, right-click Task Sequences and select New Task Sequence.
I like to keep my task sequence IDs short so I’ll use “001” for the ID and “Deploy Windows 10 Pro” for the name.
Pick “Standard Client Task Sequence”.
Select the operating system you imported.
You can specify a Product Key here but for now, I’ll leave it blank.
Specify your default user settings for the OS.
Specify the password you want to use for the local administrator account on the newly imaged machine.
Review the summary and click Next and then Finish.
I want to make a couple quick adjustments to the task sequence so right-click the task sequence you just created and select Properties.
First, click on the Task Sequence tab. This contains all of the objects that are a part of the task sequence. I like to enable the “Windows Update (Post-Application Installation)” object.
Now click on the OS Info tab and click “Edit Unattend.xml”. The first time opening this will take a few minutes to generate a catalog for the selected operating system. There’s a couple things I do in here. One is to set the default time zone, enter in the KMS Client product key, and this is also where I set CopyProfile=True for when I’m deploying a reference image I’ve already configured and captured.
You may encounter validation errors when saving this file. This is almost always due to deprecated options that are still set by default. It’s important to delete these settings before saving this Unattend.xml. The errors are listed at the bottom and scrolling to the right will give you the location of the setting you need to remove. Delete each setting and hit Save again. Once there are no other validations errors, close the Unattend file and close the Task Sequence properties window.
Importing Windows PE drivers
Depending on the hardware you will be deploying images to, you may need some drivers for booting into Windows PE (LiteTouch). We use Dell PCs here and Dell is really good about providing driver packages for both Windows PE and Windows for imaging. You’ll want to download the WinPE driver packs for the hardware you’ll be deploying to. They typically come in the form of a .cab file which you can extract to folders with 7zip. Once you have your WinPE driver folder extracted, you’ll need to import them into the Workbench.
Right-click on Out-of-Box Drivers and click “New Folder”.
We’ll name it “WinPE”.
Click Next, Next, and Finish.
Right-click our new WinPE folder and select “Import Drivers”.
Click Browse to select the folder where you’ve placed your WinPE drivers.
Click Next, Next, and once it completes, you will almost always have at least a couple warnings that you can, for the most part, ignore. Now click Finish.
Creating a Driver Selection Profile for Windows PE
Because we only want to use WinPE specific drivers in our boot image, we’ll need to create a Driver Selection Profile for them specifically. Expand Advanced Configuration and right-click on Selection Profiles and select .
We’ll be incredibly creative and name this “WinPE Drivers”.
Click Next and now you’ll check the box next to the WinPE folder we created earlier under Out-of-Box Drivers.
Click Next, Next, and Finish.
Configuring our LiteTouchPE boot image
Now we need to tell our deployment share to only use drivers from our WinPE selection profile in the WinPE (MDT calls this a LiteTouchPE image) boot image. Right-click again on the deployment share and select Properties. Then click on the Windows PE tab.
I work only with 64bit capable hardware and Windows versions so on the general tab I uncheck the option to “Generate a LiteTouch bootable ISO image” for the x86 platform.
Change the platform dropdown at the top to x64 (if that’s what you’ll be deploying), and click the Drivers and Patches tab below that.
Select your WinPE Drivers selection profile from the Selection Profile dropdown. I usually leave the radio button below at its default setting to only include network and mass storage drivers but you can also include video drivers if needed.
Click OK.
We can now update our deployment share to create a LiteTouchPE boot image. Right-click on your deployment share and select “Update Deployment Share”.
The default option is to “Optimize the boot image updating process” and we’ll leave it at that for now. Click Next, Next again, and now it will mount the LiteTouchPE image and inject our WinPE drivers into it. This can take a few minutes depending on how many drivers are being injected and how fast your Host PC is. Once done, click Finish.
You can now open Windows Explorer and navigate into C:\DeploymentShare\Boot. This is where MDT saved your LiteTouchPE images.
If you are running a Server 2008 R2 or Server 2012 R2 OS, you could import this Boot image into Windows Deployment Services and it would then show up as an option when PXE (F12) booting. However, since we’re working with a Windows 7 Host PC, we can either burn the ISO to a CD or what I do is extract the ISO with 7zip and copy the contents to a USB drive that’s been formatted FAT32. FAT32 is very important if you want to deploy images to UEFI hardware. We should now have a working deployment share and a working LiteTouch PE boot USB drive/CD.
This will conclude Part 1 of this series. Part 2 will focus on deploying our first image, configuring the operating system, and then capturing it as a custom reference image.
Part 2 —>
Regarding the patch in the DeployWiz_SelectTS.vbs script, for MDT build 8443 you will have to add an extra line; in “Function ValidateTSList”, after the line that says “Dim oTS” add the following:
Dim sCmd
Dim oItem
Set oShell = createObject(“Wscript.shell”)
The two lines at the bottom are as in MDT 2013 Update 2.
Kudos on this workaround goes to Ward Vissers in “MDT Build 8443 Automatically move computers to the right OU” (http://www.wardvissers.nl/2016/12/29/mdt-build-8443-automatically-move-computers-to-the-right-ou/).
Thanks a lot for your article!
— Javier Llorente
Thanks for this Javier!
Has anyone tried this same fix in MDT Build 8456? I’m working on updating my MDT to the latest install and I’m having issues getting the TS Selection to work like it did previously with this fix in place.