Image Factory for Microsoft Deployment Toolkit v2.9

In a previous post I wrote about my Image Factory for MDT, powered by Hyper-V and PowerShell. This post will serve as a change log and documentation page, as the previous post was more about how the utility is written as a reference.

This utility is available to download from the Microsoft TechNet Gallery, the PowerShell Gallery and GitHub.

I take great care to test my ideas and make sure my articles are accurate before posting, however mistakes do slip through sometimes. If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.

I hope this article helps you out, please consider supporting my work here. Thank you.

-Mike

 

Features and Requirements

  • The utility is designed to run on a device with MDT installed.
  • The device must also have Hyper-V management tools installed.
  • The MDT shares can be local or on a remote device.
  • The Hyper-V host can be local or on a remote device.

The utility has been tested on Hyper-V installations on Windows 10, Windows Server 2016 (Datacenter and Core installations) and Windows Server 2012 R2 (Datacenter and Core Installations) and MDT installations on Windows 10 and Windows Server 2016 (GUI installs only).

When run, the utility will:

  1. Create a Hyper-V Virtual Machine.
  2. Boot it from the MDT LiteTouch boot media.
  3. Run the specified Task Sequence.
  4. Capture the WIM file to MDT.
  5. Destroy the Virtual Machine and VHD used.
  6. Move on to the next specified task sequence.
  7. Do steps 1-6 for all specified Task Sequences.
  8. Import the WIM files into the deployment share of MDT.
  9. Remove the captured WIM files.
  10. Optionally create a log file and email it to an address of your choice.

The utility should be run with the -Remote switch when the Hyper-V host is a remote device.

The utility should be run with the -Compat switch when the Hyper-V host a remote server running Windows Server 2012 R2.

 

Generating A Password File

The password used for SMTP server authentication must be in an encrypted text file. To generate the password file, run the following command in PowerShell, on the computer that is going to run the script and logged in with the user that will be running the script. When you run the command you will be prompted for a username and password. Enter the username and password you want to use to authenticate to your SMTP server.

Please note: This is only required if you need to authenticate to the SMTP server when send the log via e-mail.

$creds = Get-Credential
$creds.Password | ConvertFrom-SecureString | Set-Content c:\scripts\ps-script-pwd.txt

After running the commands, you will have a text file containing the encrypted password. When configuring the -Pwd switch enter the path and file name of this file.

 

Configuration

The table below shows all the command line options available with descriptions and example configurations.

Command Line Switch Mandatory Description Example
-Build Yes Location of the MDT build share. It can be the same share as the deployment share and it can be a local path or UNC. \\server\buildshare$ OR C:\BuildShare
-Deploy Yes Location of the MDT deployment share. It can be the same share as the deployment share and it can be a local path or UNC. \\server\deploymentshare$ OR C:\DeploymentShare
-Vh Yes Name of the Hyper-V server. Can be remote or local. VS01
-Vhd Yes Path relative to the Hyper-V server of where to put the VHD file for the VM(s) that will be generated C:\Hyper-V\VHD
-Boot Yes Path relative to the Hyper-V server of where the ISO file is to boot from. C:\iso\LiteTouchPE_x64.iso
-Vnic Yes Name of the virtual switch that the Virtual Machine should use to communicate with the network. If the name of the switch contains space, it should be surrounded by “double quotes”. vSwitch-Ext
-Ts Yes The Task Sequence IDs from MDT that should be run. Separate more than one with a comma [,] and no spaces. REF-W10-1703,REF-W10-1607,REF-WS2016
-L No Location to store the optional log file. The name of the log file is automatically generated. C:\foo
-Subject No The subject line that the email should have. Encapsulate with single or double quotes. ‘Server: Notification’
-SendTo No The email address to send the log file to. me@contoso.com
-From No* The email address that the log file should be sent from.

*This switch isn’t mandatory but is required if you wish to email the log file.

example@contoso.com
-Smtp No* SMTP server address to use for the email functionality.

*This switch isn’t mandatory but is required if you wish to email the log file.

mail01.contoso.com

OR

smtp.live.com

OR

smtp.office365.com

-User No* The username of the account to use for SMTP authentication.

*This switch isn’t mandatory but may be required depending on the configuration of the SMTP server.

example@contoso.com
-Pwd No* The location of the file containing the encrypted password of the account to use for SMTP authentication.

*This switch isn’t mandatory but may be required depending on your SMTP server.

c:\foo\ps-script-pwd.txt
-UseSsl No* Add this option if you wish to use SSL with the configured SMTP server.

Tip: If you wish to send email to outlook.com or office365.com you will need this.

*This switch isn’t mandatory but may be required depending on the configuration of the SMTP server.

N/A

 

As mentioned above, this utility can be run in a variety of configurations. For example you could run it on a Windows 10 device with MDT and the Hyper-V Management tools installed, or a single MDT deployment share and a remote Hyper-V host running Windows 10, Windows Server 2016 or Windows Server 2012 R2.

The utility will make changes to your MDT customsettings.ini file – after making a backup, of course! These changes are necessary so that the process runs completely automated. Depending on your environment, you may need to make additional changes.

 

Running A Separate Build Share

I would recommend running a separate Build share so that:

  1. You don’t tie up the main Deployment Share whilst running the image factory.
  2. You can have an environment which has the bare minimum configuration to build images on a Hyper-V VM.
  3. You can set the boot media to auto logon into the deployment environment, without compromising your main deployment share.

Here are the settings you’ll need to add to your Bootstrap.ini to auto login to your Build Share. Don’t forget to update your build share in MDT and regenerate your boot images!

[Settings]
Priority=Default

[Default]
DeployRoot=\\mdt01\e$\BuildShare
UserDomain=corp.contoso.com
UserID=mdt_admin
UserPassword=P@ssw0rd
SkipBDDWelcome=YES

 

I’ve listed my bare minimum customsettings.ini that I use for my own image building below.

The script makes these changes to your customsettings.ini. It sets the current task sequence to run, tells the WinPE deployment environment to skip asking for a Task Sequence and skip asking for a computer name.

TaskSequenceID=$id
SkipTaskSequence=YES
SkipComputerName=YES

 

My bare minimum customsettings.ini for my Build Share

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipDomainMembership=YES
SkipSummary=YES
SkipFinalSummary=YES
SkipComputerName=YES
SkipUserData=YES

_SMSTSORGNAME=gal.vin | Build Share
_SMSTSPackageName=%TaskSequenceName%
DoCapture=YES
ComputerBackupLocation=\\mdt01\buildshare$\Captures
BackupFile=%TaskSequenceID%_#year(date) & "-" & month(date) & "-" & day(date) & "-" & hour(time) & "-" & minute(time)#.wim
WSUSServer=http://wsus01:8530
FinishAction=SHUTDOWN
SLShare=\\mdt01\buildshare$\Logs
EventService=http://admin01:9800

 

Change Log

2019-09-04 v2.9

  • Added custom subject line for e-mail.

2018-12-17 v2.8

  • The script will now set automatic checkpoints to ‘disabled’ on the VM’s. This is to help with VM disk management and cleanup.

2017-10-16 v2.7

  • Changed SMTP authentication to require an encrypted password file.
  • Added instructions on how to generate an encrypted password file.

2017-10-09 v2.6

  • Added necessary information to add the script to the PowerShell Gallery.

2017-09-18 v2.5

  • Added a sanity check of the MDT deployment share. The script now checks for an existing CustomSettings-backup.ini file. If it exists, it reports that the deployment share is not clean.
  • Added extra line breaks when editing the CustomSettings.ini as previously it was adding the required configuration on the last line of the ini file and causing the deployment to fail. Many thanks to Twitter user @thestardawg for reporting this bug.

2017-08-26 v2.4

  • Improved logging so that the log file and console output is now more readable.

2017-07-22 v2.3

  • Improved commenting on the code for documentation purposes.
  • Added authentication and SSL options for e-mail notification.

2017-05-11 v2.2

  • Added command line configuration options so the script itself does not need to be edited.
  • Added code to manage the Virtual Machines without the need for extra configuration options.
  • Removed some unnecessary extra configuration options and variables.

2017-04-25 v2.1

I’ve added logging to the script and the ability to email the log on completion. I’ve also added a variable to configure the Virtual Switch that the VM’s Network Adaptor should use. This was an oversight on the previous version.

2017-04-17 Minor update

I’ve added hour and minutes to the WIM file creation name as I have been running multiple images of the same Task Sequence within a day and needed some extra data to prevent the image from over writing the previous one. I’ve also made another script, using this one as a base so I can generate VMs to test the deployment of the captured images after I’ve manually renamed them in MDT and added to the task sequences. The VMs are named after the Task Sequence ID and do not delete after the Task Sequence completes.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: