Walkthrough: Building a Windows 10 1709 (Fall Creators Update) Reference Image with Microsoft Deployment Toolkit

Update 30/10/2017: If SysPrep is consistently failing when building your Windows 10 1709 image, it is most likely due to the Windows Store update process updating the built in UWP apps. This issue is a known issue, but one I’ve managed to dodge when building previous versions of Windows 10. With 1709, I’ve had SysPrep fail every time. More information on this issue is available directly from Microsoft here.

Solution: The best way to prevent SysPrep from failing is to disable the Store update process or to disable internet access.

For more information on how to disable the Windows Store update process, please read this blog post from Johan Arwidmark’s Deployment Research.

If the fix above isn’t working for you (it didn’t work for me either) or you would rather disable internet access without resorting to editing your network configuration, check out this post from Peter Löfgren’s System Center Ramblings, where he has created a PowerShell script to use Windows Firewall to block internet access for the duration of the image build process.

This post is designed to walk through installing and configuring Microsoft Deployment Toolkit to build a reference image of Windows 10 1709 (better known as the Fall Creators Update) using a Hyper-V Virtual Machine. Some useful links before we get started:

Installing & Configuring Microsoft Deployment Toolkit and Dependencies.

We’ll be using Microsoft Deployment Toolkit (MDT) version 8443, which at the time of writing is the most recent release and supports Windows 10 1709.

Here’s the links to download the software we’ll be installing:

First we’ll install the Windows 10 1709 ADK. The setup will need to download additional files so it may take some time depending on your internet connection.

On the Select the features you want to install screen select:

  • Deployment Tools
  • Windows Preinstallation Environment (Windows PE)
  • Imaging And Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT)

Now install MDT by running the setup file downloaded earlier, there is no specific configuration during the install wizard. After it’s installed we need to create the Deployment Share.

Create the Deployment Share

  1. Open the Deployment Workbench from the Start Menu.
  2. Right click on Deployment Shares.
  3. Select New Deployment Share.
  4. Enter the path for the Deployment Share: E:\BuildShare.
  5. Enter the Share nameBuildShare$.
  6. Give the share a descriptive name.
  7. On the Options screen, accept the defaults as you can change them later.
  8. Complete the wizard to create the share.

We now need to add an Operating System to work with.

Add an Operating System

  1. Mount the Windows 10 1709 .iso in File Explorer.
  2. Go to Deployment WorkbenchOperating Systems.
  3. Right click and select New Folder.
  4. Enter the name Windows 10 1709 x64 and click through the wizard to create the folder.
  5. Right click again and select Import Operating System.
  6. In the wizard, select Full set of source files and then enter the root of the mounted .iso as the Source directory.
  7. For the destination directory name enter Windows 10 1709 x64 and complete the wizard.
  8. Go to the Operating Systems/Windows 10 1709 x64 node and rename the new entries you just added to Windows 10 1709<Edition>x64.

 

Next we’ll be adding the latest Cumulative Update for Windows 10 1709 downloaded earlier, to do this we’ll be adding it to the Packages section of MDT. The reason we do this is so the CU will be installed with the Operating System, rather than relying on WSUS or Windows Updates to download and install it. The advantage of doing it this way is the entire Task Sequence will be faster and Windows will be up to date when it is installed.

Importing Packages

  1. Go to Deployment Workbench > Packages.
  2. Create a folder named Windows 10 1709 x64.
  3. Right click on the folder and select Import OS Packages and go through the wizard to add the package. The downloaded update .msu file must be in a folder by itself.

Now we create a selection profile so that the Task Sequence only attempts to install the update for Windows 10 1709 x64.

Creating A Selection Profile

  1. Expand the Advanced Configuration node.
  2. Right click on Selection Profiles and select New Selection Profile.
  3. Name it Windows 10 1709 x64.
  4. On the Folders page, tick the Windows 10 1709 x64 folder under Packages and complete the wizard.

Importing Applications (Optional)

You may want to add some applications to be a part of your reference image, here I’ll cover how to add Microsoft Office. MDT recognises Microsoft Office and provides automated/silent install options.

  1. Go to Deployment WorkbenchDeployment Share > Applications.
  2. Right click on Applications and select New Application.
  3. In the New Application Wizard, choose Application with source files.
  4. Give the application the name: Microsoft Office.
  5. Enter the Source directory of the installation files.
  6. Enter the Destination directory: Microsoft Office.
  7. For the Command line enter anything – we’ll revisit this soon.
  8. On the summary page, click Next and after the files are copied click Finish to complete the wizard.

Configure the Application – Microsoft Office

  1. Right click on Microsoft Office, go to the Office Products Tab.
  2. Choose the desired Office Product to Install from the drop down menu.
  3. Check the desired Office language.
  4. Enter a product key, unless you will be activating Office via KMS in which case leave the Product Key option unchecked.
  5. Check the Customer name option and enter the desired information.
  6. Check the Display level option and select None in the drop down menu.
  7. Check the Accept EULA option.
  8. Check the Always suppress reboot option.
  9. Click Apply.
  10. Go to the Details tab and the Quiet install command should now read:
    setup.exe /config proplus.ww\config.xml

Microsoft Office is now set up to be installed silently by a Task Sequence. If you wish to customise the installation to a greater degree, the Office Customization Tool can be launched from the Office Products tab. This process can also be done for Microsoft Visio and Project applications.

We need to now create the Task Sequence that will create our reference image of Windows 10 1709.

Create a Task Sequence

  1. In Deployment Workbench, go to Task Sequences.
  2. Right click and select New Task Sequence.
  3. For the ID enter: W10-1709.
  4. Name it Build Windows 10 1709.
  5. Select Standard Client Task Sequence.
  6. Select the Operating System Windows 10 1709 x64.
  7. Do not specify a product key at this time.
  8. Enter an Organization name.
  9. Do not specify an Administrator password at this time.
  10. Complete the wizard.

Now we’ll configure the Task Sequence.

Configure the Task Sequence

  1. Right click on the Task Sequence just created and select Properties.
  2. Go to the OS Info tab and click Edit Unattend.xml. It will take sometime to generate the catalog.
  3. When the Unattend.xml opens, go to 7 oobesystemamd64_Microsoft-Windows-Shell-Setup__neutral > OOBE.
  4. Change the ProtectYourPC setting to 3. This will prevent the image from randomly checking for updates whilst it is being built.
  5. Save the Unattend.xml, you can safely ignore an warnings.
  6. Go to the Task Sequence tab on the Properties window of the Task Sequence.
  7. Expand the Preinstall folder, and select the Apply Patches item.
  8. Change the Selection Profile to Windows 10 1709 x64.
  9. Go to the State Restore folder and select Windows Update (Pre-Application Installation).
  10. On the right side of the Properties window, go to the Options tab.
  11. Uncheck the Disable this step tick box and do the same with Windows Update (Post-Application Installation).
  12. If you skipped the Importing Applications section, please disable the Install Applications item and go to step 16, if not please continue.
  13. Go to the Install Applications item.
  14. In the right side of the Properties box, select the Install a single application option and click the Browse… button.
  15. Select Microsoft Office and change the name Install Applications to Microsoft Office.
  16. Click Apply and close the Task Sequence.

Blocking Internet Access to prevent Windows Store App Updates

To block internet access to the VM whilst the image is building, we’ll use the script from Peter Löfgren’s System Center Ramblings post. First create a PowerShell script called Internet-Access.ps1 with the following code:

## Creates the disable option used by the script
param (
   [Parameter(Mandatory=$False,Position=0)]
   [Switch]$Disable
)

## If the Disable command line option is not added, the script adds a Firewall Rule to block traffic on ports 80 (http) and 443 (https).
If (!$Disable)
{
   Write-Output "Adding internet block"
   New-NetFirewallRule -DisplayName "Block Outgoing 80, 443" -Enabled True -Direction Outbound -Profile Any -Action Block -Protocol TCP -RemotePort 80,443
}

## If the Disable command line option is added, the script removes the Firewall Rule created above.
If ($Disable)
{
   Write-Output "Removing internet block"
   Get-NetFirewallRule -DisplayName "Block Outgoing 80, 443" | Remove-NetFirewallRule
}

Save the script in your MDT share, where the Task Sequence will be able to access it. I save my custom scripts in a folder called _scripts the Applications folder.

Now, in the Task Sequence created above, we’ll add the items required to run the PowerShell script to enable and disable the internet blocking firewall rules.

  • Go to the Task Sequence tab on the Properties window of the Task Sequence.
  • Go to State Restore and click on the Add button.
  • Go to General > Run PowerShell Script.
  • Name the new item PS Script – Disable Internet Access.
  • Enter Z:\Applications\_scripts\Internet-Access.ps1 or your own path to the PowerShell script we just created.
  • Scroll down the Task Sequence to just above the Imaging folder.
  • Once again, add a new Run PowerShell Script item.
  • Name it PS Script – Enable Internet Access.
  • Again, enter Z:\Applications\_scripts\Internet-Access.ps1 or or your own path to the PowerShell script.
  • Important: Add -Disable to the Parameters section.
  • Click Apply and OK to close the Task Sequence.

Now just after booting up, a firewall rule will be added to block traffic on ports 80 and 443, and just before starting the SysPrep and capture process the firewall rule will be removed.

Next we’ll create a domain user account for MDT.

Create an Active Directory User for MDT

  1. Go to Active Directory Users and Computers.
  2. Create a user called mdt_admin.
  3. On the server where the deployment share is hosted, give mdt_admin Full Control share permissions and Full Control permissions to all the files and folders under the deployment share.

Now we’ll configure the Bootstrap.ini and the Rules.ini files to control certain aspects of the deployment environment. The settings below enable auto log in and skip the welcome screen, so these should only be used for lab/closed environments.

Configure Bootstrap.ini

  1. In Deployment Workbench, right click the Deployment Share and select Properties.
  2. Select the Rules tab and click the Edit Bootstrap.ini button.
  3. Add the settings below to the Bootstrap.ini.
  4. Close and Save the Bootstrap.ini
[Settings]
Priority=Default

[Default]
DeployRoot=\\SERVERNAME\BuildShare$
UserDomain=contoso.com
UserID=mdt_admin
UserPassword=p@ssw0rd
SkipBDDWelcome=YES

Configure Rules/CustomSettings.ini

On the Rules tab of the Deployment Share properties window, add the settings below. A lot of the settings are specific to my demo environment such as my location in the world.

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipDomainMembership=YES
SkipSummary=YES
SkipFinalSummary=YES
SkipComputerName=YES
SkipUserData=YES

_SMSTSORGNAME=Build Share
_SMSTSPackageName=%TaskSequenceName%
DoCapture=YES
ComputerBackupLocation=\\SERVERNAME\BuildShare$\Captures
BackupFile=%TaskSequenceID%_#year(date) & "-" & month(date) & "-" & day(date) & "-" & hour(time) & "-" & minute(time)#.wim
WSUSServer=http://SERVERNAME:8530
FinishAction=SHUTDOWN
SLShare=\\SERVERNAME\BuildShare$\Logs
EventService=http://SERVERNAME:9800

Now it’s time to create the boot media to boot into the deployment environment.

Creating The Boot Media

  1. In Deployment Workbench, right click on the Deployment Share.
  2. Select Update Deployment Share.
  3. Select Completely regenerate the boot images.
  4. Complete the wizard. It will take some time to create the boot images.

Testing The Boot Media

To test the boot media, copy the LiteTouchPE_x64.iso from \\SERVERNAME\BuildShare$\Boot to a location where a Hyper-V Virtual Machine will be able to access it.

Create a new VM in Hyper-V and configure it as such:

  • 2x vCPUs
  • 4GB of RAM
  • NIC with access the MDT server and WSUS server.
  • Virtual Hard Drive of at least 80GB, preferably on an SSD.
  • Boot from DVD Drive using the LiteTouchPE_x64.iso from MDT.

Start the VM and it should boot from the LiteTouchPE_x64.iso into the deployment environment. You should be presented with a wizard and the name of the Task Sequence you created earlier. Select it and click Next.

The Task Sequence will now run, install Windows 10 1709, update from the WSUS server, install Microsoft Office applications (if you added them) and then run Windows Update from the WSUS server again to update the Office apps, run SysPrep and the reboot back into the MDT environment and capture the image.

When this process completes the VM will be shutdown and a file named W10-1709_YEAR_MONTH_DAY_HOUR_MINUTE.wim will be in \\SERVERNAME\BuildShare$\Captures.

You may also want to add scripts and tweaks to your Task Sequence, such as this PowerShell script to uninstall any UWP apps which aren’t needed or these common applications, depending on your environment.

Google Chrome – Enterprise Installer

msiexec /I googlechromestandaloneenterprise64.msi /qn

Adobe Reader – Enterprise Installer

AdobeReaderDC.exe /sAll

You now have a functioning Microsoft Deployment Toolkit server, with a Deployment Share specifically configured for building reference images, and a Task Sequence to build and capture a Windows 10 1709 reference image.

I hope this has helped you out in some way. If you’d like to get in touch with me, please leave a comment or tweet me.

-Mike

Follow Mike on Twitter – @Digressive

34 thoughts on “Walkthrough: Building a Windows 10 1709 (Fall Creators Update) Reference Image with Microsoft Deployment Toolkit

  1. Mike,

    Excellent walk-through as usual.

    I just received my 1709 iso from MSDN – but the images available are all “multi-image” where the WIM looks like this:

    Image Name Index
    Windows 10 Education 1
    Windows 10 Education N 2
    Windows 10 Enterprise 3
    Windows 10 Enterprise N 4
    Windows 10 Pro 5
    Windows 10 Pro N 6

    How do I handle these image indexes within a standard MDT task sequence?

    Michael Niehaus talks about 1709 here:

    https://blogs.technet.microsoft.com/windowsitpro/2017/10/13/windows-10-version-1709-coming-soon/

    But does not offer any insight as to how to target a specific index within an MDT task sequence. Appreciate any info if you have any experience with it.

    Cheers,

    Bruce

    Like

    1. Hi Bruce,
      I did see that there’s now multiple editions in one WIM, which is good. As for deploying them, seeing as they are in MDT as separate OS’s all I’ve been doing is creating a task sequence for each one I want to deploy. So I’ve not needed to target a specific index. Not sure if that really answers your question?

      -Mike

      Like

  2. Mike,

    Just building a TS now – and just read that I should see 6 different OS types when importing the OS image. Should have no issues with it now 🙂 Will report back after I give this a go.

    B

    Liked by 1 person

  3. Hi
    Have you been able to try removing the preprovisioned apps in the OS such as mail, people, solitaire, camera etc?
    When i tried it then they still appear once the wim is reconstructed into an ISO

    Like

      1. Ah thanks, I didnt know about that indexes bit! I was removing the apps from index 2, not index 1
        Hopefully it will work when i get to try it on monday!

        Liked by 1 person

  4. Mike, I am having a terrible time getting MDT to import an OS. I downloaded the Installation Media from MS and had it put on a usb-stick for installation on another PC. I copied the iso to the hd and then mounted it (saw it as if it was a dvd) … no luck. Get a fix all errors message with no detail. Tried to decompress the iso … no luck.
    Copied a win10 1703 dvd to the hd (just as a test) and it worked. I did install the new adk. Since I am not a business, I haven’t been able to download the OS from the site you have in the document. I build the clones for a charitable group that refurbs PC’s and gives them to needy kids for free. We are part of the MS MRR program, so we get the licenses for a reduced rate …. but are having a tough time getting installation media.
    Any help / ideas would be greatly appreciated ….

    Gary D

    Like

    1. Hi there Gary,

      Sorry to hear you’re having trouble. The one point that stands out to me is where you download the OS from, although you mentioned that it works fine 1703, so I assume you downloaded that from the same place. Just to be clear, I am not in any way insinuating that you are obtaining Windows from a dodgy site, you mentioned downloading it from MS, so we’re all good there. The only thing I can think of is that the ISO you have, is it for the Professional/Education/Enterprise editions of 1709? I think MDT only supports those editions and won’t work with some others, although I haven’t actually tried myself. Also, just the standard checks: could it be the the ISO is corrupted in some way? Another possibility could be that, with the changes in how 1709 is packaged, it could be causing you these issues that you didn’t get with 1703 when importing. I’m sorry I can’t give you a solid answer, it sounds like you’re doing great work.

      -Mike

      Like

      1. Thanks for the quick reply …. yep, we are legal. We do a google search on download windows 10 installation media. Get a copy of the media to be installed on another PC (puts it on a usb stick or dvd-iso). Like some of the other post … I think it has to do with MS putting all versions plus 32 and 64 bit on the same installation media. I will go back to the site and try to download only a 64bit install and see if that is the problem.
        Gary D

        Like

  5. We upgraded some of our images that we host on VMWare from 1703 to 1709, then attempted to capture them like we always do, but the capture fails with the same error each time. Panther logs state: “Package Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy was installed for a user, but not provisioned for all users”. The way we’ve gotten around it in the past is running a few powershell commands:
    get-appxpackage | remove-appxpackage
    get-appxprovisionedpackage -online | remove-appxprovisionedpackage

    It shows that it looks like it’s removing the app packages including Miracast, however the error persists. I did a test though: I installed a 1709 fresh install on a VM, then immediately attempted a capture, and it worked perfectly. I didn’t even have to run the powershell commands. The research I’ve been doing has turned up that we needed a registry key to block certain appx packages from automatically downloading/updating while we worked on the image:

    reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore /v AutoDownload /t REG_DWORD /d 00000002 /f
    reg add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SilentInstalledAppsEnabled /t REG_DWORD /d 00000000 /f
    reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent /v DisableWindowsConsumerFeatures /t REG_DWORD /d 00000001 /f

    I’m wondering… do we need to build our images fresh and put in the registry key? This would waste a lot of time for other images that are already pre-built…

    Other thought: should we just put in these registry keys before we upgrade the rest of our images to 1709 from 1703? (Then maybe we won’t have this issue with trying to capture later on again?)

    Thanks,
    Daniel

    Like

    1. Hi there,
      The problem is when building the image, access to the internet needs to be disabled, or auto updating needs to be disabled – as you mentioned.

      I also noticed that building an image which basically just installs Windows then captures works totally fine.

      Personally I build fresh images when a new version of Windows 10 comes out, and I do that using VM’s with internet access disabled. I have a script that automates the process, which I’ve written about here: https://gal.vin/2017/08/26/image-factory/

      But you can set registry keys to disable auto updating after installing Windows, but before doing any other tasks. Johan Arwidmark wrote about how to do that here: https://deploymentresearch.com/Research/Post/615/Fixing-why-Sysprep-fails-in-Windows-10-due-to-Windows-Store-updates

      -Mike

      Like

  6. Great article – thank you

    Options like changing the lock screen background, start menu modifications, task bar modifications, do they all need to be completed by capturing a reference image ?

    Or if I was to follow your aticle, is there a need to use a reference image ?

    Like

    1. Hi there,
      No they don’t need to be done by capturing a reference image. They can be done in a Task Sequence when deploying a new Windows installation, or with Group Policy.

      -Mike

      Like

      1. Awesome – thanks Mike

        Once an image has been captured ( we don’t have SCCM ) is it most efficient to then manage the updates moving forward from within MDT ?

        Like

      2. I assume you mean the next “big” Windows 10 update, the feature updates? Yes, MDT is best I think. WSUS/Windows Update can push them out and get you on the latest version of the OS, but you have no control over them, or at least not like with MDT.

        -Mike

        Like

  7. Hey Mike,

    For me, using the local group policy editor and disabling the store as well as updates from the store has worked for me with Syspreping 1709. For my client, they have the windows store disabled anyways so it works out in the end,but for those who actually use the store in the enterprise, you can just set up a domain GPO to enable the store if needed, which will take place after the image has been deployed.

    Like

  8. I am using the Windows 10 volume licensing ISO (SW_DVD5_Win_Pro_Ent_Edu_N_10_1709_64BIT_English_MLF_X21-50143) which now bundles Windows 10 Enterprise, and Windows 10 Education, and Windows 10 Pro together.
    I am trying to perform a “Standard Client Upgrade Task Sequence” using MDT 6.3.8443.1000 and WADK 10.1.16299.15. I have selected the “Windows 10 Enterprise” OS in the “New Task Sequence Wizard” but I am getting the error “Setup failed to upgrade OS from Windows10v1709\setup.exe, rc = -1047526912″ followed by “ZTI ERROR – Non-zero return code by LTIApply, rc = 1”, and then “Litetouch deployment failed, Return Code = -2147467259 0x80004005”. I assume this is because of the ISO contains multiple images but do not see a way to select the Image Index in the “Upgrade Windows” Task Sequence. The “Upgrade Windows” Task Sequence displays the “Windows 10 v1709 Enterprise install.wim”.

    Like

    1. Hi there,
      That’s really odd, I’ve done pretty much what you said and I’ve not had those issues, at least with upgrading from 1607 and 1703 to 1709. It shouldn’t be because of the multiple images in the ISO because, when you import it into MDT, you should get all the separate editions as separate OS’s. I’ve seen the error you posted many times for many different reasons, so I’m afraid based of what you said, nothing stand out to me. I’m assuming your running the upgrade Task Sequence from MDT using the LiteTouch.vbs or using SCCM? Here’s some screenshots from my upgrade task sequence, hopefully it helps.

      -Mike

      Like

      1. Yes I am using MDT LiteTouch.vbs only, and my envuironment looks like your swcreen shots. I am using the “Standard Client Upgrade Task Sequence” and it worked fine with “Windows 10 Creators update 1703”, but broke when I changed the “Operating system to install” to “Windows 10 1709 Enterprise x64”.
        Since the multiple images was the only major change to the imported media, I assumed thats what broke it.
        I did change the display name for the operating system but I have done that before with the preious imported images with no problems.
        I will download new media and see if re-importing it keeping the default names makes a difference.

        Liked by 1 person

  9. Hey Mike,

    Just wondering if you have ever seen this oddball behavior within an MDT layout.

    Suddenly today – out of the blue – when I run an upgrade of 1709 into an existing VM of 1607 – I get this bizarre error with about a minute before the install is actually complete:

    Onscreen – Windows is still running it’s last update cycle (Spinning circle light blue screen saying Working On Updates 100% Don;t turn off your PC. This will take a while) and then suddenly this dialog pops up as if it’s trying to “reoffer” me a selection of task sequences to run?

    I wish I could post a few screen caps up here but the dialog is titled Windows Deployment Wizard with the words Task Sequence in large print cross the top. Inside the border I see “Select a task sequence to execute on this computer”. Inside the dialog panel is another weird error “No task sequences are available (Tasksequences.xml does not exist, is empty or is inaccessible”)

    Overlaid upon the Task Sequence dialog is another small messagebox with an OK button that displays this:

    A VBScript Runtime Error has occurred:

    Error: 500 = Variable is undefined

    VBScript Code:
    ——————-
    InitializeTSList

    If click Ok on the box – I get another message asking if I want to quit the wizard. I then click Yes and go right back into the Messagebox. I do the OK/yes dance a couple more times and then the wizard finally redisplays my global list of task sequences again.I finallt hit Cancel one last time and the mess goes away and install stumbkles to completion.

    My setuperr.log is full of bizarre entries that make little sense to me (and I am a programmer!).

    Would appreciate any sort of push in a general direction to figure out what is going on?

    Cheers,

    Bruce

    Like

      1. Mike,

        This is most bizarre. I did an upgrade to 1703 using the same MDT share, layout etc and it completed perfectly?

        At first I thought maybe my OS source files were messed up so I completely dumped everything and re-imported a fresh set of 1709 files from the iso – but that did not work either.

        From what I can see so far – it may have something to do with the name of the Task Sequence or some other obscure thing in the bowels of the MDT install.

        I will keep hunting.

        B

        Like

      2. Mike,

        Just found out that I am not the only one with this..

        https://social.technet.microsoft.com/Forums/en-US/96b5c809-a59d-4d90-9136-69ecec101c05/upgrade-task-sequence-not-working-on-windows-adk-10-v1709-and-mdt-8443?forum=mdt

        I am going to stand down on any in-place upgrades to 1709 until MS gets MDT properly updated for all 1709 scenarios.

        1709 works great with MDT 8443 as long as I am doing a clean install TS. But the upgrade is a problem…

        B

        Like

  10. Thank you for the write up! Super helpful…running into one issue though. When the image is applying settings I get an error stating that the install cannot proceed and that it failed at the specialized portion of the unattend.xml. The exact same task sequence will work with an older version of Win10. Just not Fall Creators. Have you seen something like this?

    Like

    1. Hi there,
      I have had some issues before with the unattend.xml, but it can be many things. My common problem is that, because I automate the computer name, sometimes it’s too long. Outside of that, I’ve not had many issues with it I’m afraid.
      -Mike

      Like

      1. Mike and anyone else who comes across this,

        It appears to be an issue with my Hyper-V VM. I am able to successfully image a laptop and a VMWare workstation VM. I am not going to dig any further on this, but if anyone does run across this issue and finds a solution it might be helpful to the next guy!

        Like

    2. Hi Ryan. As this issue happened during Windows Setup, you should check the setupact.log in %WinDir%\panther (OOBE phase) or %WinDir%\panther\UnattendGC (Specialize phase) for more information. SetupErr.log is rarely useful. I did run into an interesting issue, where it seems that Device Guard (or WDAC in 1709) is enabled out of the box and somehow blocks the execution of reg.exe, which is being used in the unattend file to execute some RunSynchronous commands. Check if you are seeing error 0x800711c7 in the log.

      Like

  11. Ryan,

    Would be helpful to see exactly what the error message is? If you have altered a few other parts of unattend.xml – would be interested to see what you changed.

    And the Hyper-V thing – that’s all I use here – just build a stock VM (Gen 2) with 2048 RAM, 4 CPU and at least 40GB hard disk – have never had an issue with unattend.xml. (The only thing I ever change is the Protect your PC setting).

    And have you updated the Deployment share and created some fresh iso’s lately?

    B

    Like

  12. Mike,

    Thanks for the great write up!

    Wanted to see if you have any suggestions about deploying larger programs such as ACAD? We were making use of audit mode in Windows 7 so the application itself was included on the image. This helped speed up the process since there is some customization we must do to the application manually. Seems like with the newer versions of 10, Audit mode isn’t really an option anymore.

    Like

    1. Hi Brent,
      Thanks for the kind words. As of this week, I’ve moved onto a new project at a much larger organisation, and I will absolutely be dealing with large applications and Windows 10 deployment. I’ll post about any findings and improvements as I come across them. I’ve no time frame for this at the moment though as I’m currently re-building the team and infrastructure.
      -Mike

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s