Some Notes On Building a Windows 10 1703 (Creators Update) Reference Image with Microsoft Deployment Toolkit

With the release of Windows 10 1703 (Creators Update) ISO on the Volume Licensing Service Center, I’ve recently been looking into using the “final” code with Microsoft Deployment Toolkit (MDT) to build reference images and discover what issues are present. This post is a round up of differences and issues I’ve found with building and deploying Windows 10 1703 thus far, and some resolutions.

For a full walk through on installing MDT and creating a Windows 10 1703 (Creators Update) reference image, check out this post.

My lab setup is the same as with my previous Windows 10 1607 guide, although I’ve reinstalled my main PC (which I use an admin PC) with a fresh copy of Windows 10 1703. The MDT, WDS and WSUS servers are Windows Server 2016, as before. For more detailed information on how to setup a lab like this, please see my previous post.

To start building images with Windows 10 1703, you will need the following:

  • Upgrade/Install the new Windows 10 1703 ADK. PLEASE NOTE that if you have SecureBoot enabled, it will fail to install. This is a known issue and there is a workaround.
  • Upgrade/Install MDT Build 8443 – there has been no update for Windows 10 1703.
  • After upgrading/installing, update the deployment shares and regenerate the boot images by Right Clicking the deployment share > Update Deployment Share > Completely regenerate the boot images.
  • Download the Windows 10 1703 ISO from the VLSC site, mount it in Windows Explorer and Import it as an Operating System in MDT.

Here’s the differences I’ve found with Windows 10 1703:


There’s No RSAT for Windows 10 1703

Previously there were Remote Server Administration Tools (RSAT) for each big update to Windows 10. This is no longer the case! I encountered no issues installing the RSAT tools for Windows 10 1607 on my 1703 PC. If you’ve upgrade from 1607 to 1703, you may have to reinstall or re-enable them which you can do by pressing Win Key + X > Apps and Features > Programs and Features (under Related settings, see image) > Turn Windows features on or off.

The Control Panel > Settings migration is happening, slowly but surely.


Auto Logon No Longer Works With MDT and Windows 10 1703

Update 29/06/2017: KB4022716 and the following Cumulative Updates for Windows 1703 fixes (KB4025342 onwards on this page) this issue. You can add the update to MDT Packages and have it installed with the deployment. I have tested this and can confirm it fixes the issue. Thanks to Michael Niehaus (@mniehaus) for tweeting about this.

Update 03/05/2017: After a Twitter conversation with Michael Niehaus (@mniehaus) this has been confirmed to be a bug, although it only effects the second logon.

I first noticed this during testing the Insider builds with MDT and thought it might be fixed for the final version, but unfortunately it doesn’t appear to be. My workaround is to never set an Administrator password in the Task Sequence. This is not necessarily a problem for building the image, but for the deploying Task Sequence it can be worked around by setting the administrator’s account password near the end of the Task Sequence, either as a Command Line action:

net user administrator P@ssw0rd

Or with a short PowerShell script:

$Password = convertto-securestring "f0r3g@t3" -asplaintext -force
$user = "Administrator"

Set-LocalUser $user -Password $Password


Removing UWP Apps From Windows 10 1703

As I wrote about recently here, you can, if you so choose, remove the built-in UWP apps from Windows 10 1703 during the MDT Task Sequence with a PowerShell script. If you’ve been doing this with Windows 10 1607, you will need to check which apps to keep and remove with Windows 10 1703 as there are some new ones included.


WSUS Updates Getting “stuck”

I wrote about how to resolve this issue with Windows 10 1607/Windows Server 2016 here. This issue is not present in Windows 10 1703, so you do not need to add the Cumulative Update to the Packages folder in MDT for 1703, but remember that Windows Server 2016 still requires it. Please Note: I did have an issue with WSUS updates hanging on one of my builds. I used a Hyper-V Virtual Machine and mistakenly only assigned 1 vCPU. When increasing the vCPUs to 2, the issue was resolved.


Windows 10 Opens The Default Browser To On Every Login

I wrote about this issue and how to resolve it for Windows 10 1607 here. This issue still occurs with Windows 10 1703. The OS is trying to determine what internet connectivity is available. The registry change in my post still works with 1703 to prevent the browser opening on logon but it also prevents Microsoft Office Clipart from functioning properly, so a much better solution is to whitelist in your firewall/proxy devices. This allows Windows to determine that it has open internet access and the browser does not open at login. The site above this site redirects to your regional

I take great care to test my ideas and make sure my articles are accurate before posting, however mistakes do slip through sometimes. If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.

I hope this article helps you out, please consider supporting my work here. Thank you.


18 thoughts on “Some Notes On Building a Windows 10 1703 (Creators Update) Reference Image with Microsoft Deployment Toolkit

Add yours

  1. hello, mdt 8443, adk 1703, win 10 1703 and wsus on Server 2016 (14393.1198).
    WSUS Updates getting “stuck” – always searching for updates. Wsus has installed KB4015217.
    When I abort the deployment and log in as domain user, the same machine finds wsus and updates after a minute.
    I tested on virtual machine and physical machins.

    thank you


    1. Hi there, I haven’t experienced any WSUS update freezes with Win 1703 and the config you have mentioned. It does appear (to me at least) to take a little longer to find and install the updates, but they do install without issue and I’ve done a number of builds of Win 10 1703 on both VMs and physical devices and not had any WSUS issues. The KB you mentioned is for Win 10 1607/Win Server 2016 ( so shouldn’t install for Win 10 1703.


      1. Thank you for the info. Last night I created a new deployment folder. After a test, the devices searches 3 hours for updates…
        Maybe are wrong GPOs…



        1. It could depend on a number of things. During a deployment a VM of mine will take around 10 minutes “searching” for updates, which seems longer to me, but I’ve not had it take as long as 3 hours.

          It might be worth looking at the WSUS server, is it struggling? Is there an issue with network connectivity or bandwidth limitations? It could be a number of things, unfortunately.


  2. thank you. you’re right. Last night mdt complete a machine inkl. updates (elapsed time 7 hours). I will continue to do research.
    Strange is: When I deploy without Pre/Post updates in MDT (it takes 20 min), and when finished I Login as Domain user, immediately it beginns to download updates. It seems the local MDT User could not take updates.

    Thank you again for all your Blogs – great


  3. I found the solution: I had to add DoNotConnectToWindowsUpdateInternetLocations registry key.

    Thank you for all your tipps and good work

    Liked by 1 person

  4. Have you found how to skip the screen in 1703 during imaging where the computer actually makes an audio thing about setting up the network?


    1. I know exactly what you are referring too, I haven’t found a way to disable it (or to mute it at least) but I also haven’t really found it to be a issue personally. I will look into it and let you know if I find anything.


      1. Figured it’d be worth the ask. I have been looking on occasion and have not found a solution.

        Also a nugget for you, if you use OneDrive for users data (we are moving that way) some images are breaking the OneDrive run once setup. You have to add a reg key to HKLM RunOnce pointing to “C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup” so it will properly update the reg key everytime a new user creates a profile. Otherwise OneDrive will not install in that users appdata properly and not run.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

Up ↑

%d bloggers like this: