Building A Windows 10 1803 (April 2018 Update) Reference Image with MDT

This post will walk through installing and configuring Microsoft Deployment Toolkit to build a reference image of Windows 10 1803 (April 2018 Update) using a Hyper-V Virtual Machine. It is assumed that you have a Server or PC ready to install MDT onto and create an file share for MDT to build the image with.

Here are the links to the software we’ll be using:

Additional software which may be useful to you:


Installing Microsoft Deployment Toolkit and Dependencies

  1. First we’ll install the Windows 10 1803 ADK. During setup additional files will need to be downloaded, so it may take some time depending on your internet connection.
  2. On the Select the features you want to install screen select:
  • Deployment Tools
  • Windows Preinstallation Environment (Windows PE)
  • Imaging And Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT)
  1. Now install MDT by running the setup file downloaded earlier. There is no specific configuration during the install wizard.


Creating the Deployment Share

  1. Open the Deployment Workbench from the Start Menu.
  2. Right click on Deployment Shares.
  3. Select New Deployment Share.
  4. Enter the path for the Deployment Share: E:\Build.
  5. Enter the Share nameBuild$.
  6. Give the share a description.
  7. On the Options screen, accept the defaults as you can change them later.
  8. Complete the wizard to create the share.
  9. By default, the share permissions are set the local administrators group. We’ll revisit this later.


Adding an Operating System

  1. Mount the Windows 10 1803 ISO in File Explorer.
  2. Go to Deployment WorkbenchOperating Systems.
  3. Right click and select New Folder.
  4. Enter the name Windows 10 1803 x64 and click through the wizard to create the folder.
  5. Right click again and select Import Operating System.
  6. In the wizard, select Full set of source files and then enter the root of the mounted ISO as the Source directory.
  7. For the destination directory name enter Windows 10 1803 x64 and complete the wizard.
  8. Go to the Operating Systems/Windows 10 1803 x64 node and rename the new entries added to Windows 10 1803<Edition>x64 for ease of use.


Creating Package Folder For Future Updates

  1. Go to Deployment Workbench > Packages.
  2. Create a folder named Windows 10 1803 x64.

Now we’ll create a selection profile so that the Task Sequence only attempts to install the updates for Windows 10 1803 x64.


Creating A Selection Profile

  1. Expand the Advanced Configuration node.
  2. Right click on Selection Profiles and select New Selection Profile.
  3. Name it Windows 10 1803 x64.
  4. On the Folders page, tick the Windows 10 1803 x64 folder under Packages and complete the wizard.


Importing Applications

If you want to add some applications to be a part of your reference image, here I’ll cover how to add Microsoft Office. MDT recognises Microsoft Office and provides automated/silent install options.

  1. Go to Deployment WorkbenchDeployment Share > Applications.
  2. Right click on Applications and select New Application.
  3. In the New Application Wizard, choose Application with source files.
  4. Give the application the name: Microsoft Office.
  5. Enter the Source directory of the installation files.
  6. Enter the Destination directory: Microsoft Office.
  7. For the Command line enter anything, we’ll revisit this later.
  8. On the summary page, click Next and after the files are copied click Finish to complete the wizard.


Configuring Applications

  1. Right click on Microsoft Office, go to the Office Products Tab.
  2. Choose the desired Office Product to Install from the drop down menu.
  3. Check the desired Office language.
  4. Enter a product key, unless you will be activating Office via KMS in which case leave the Product Key option unchecked.
  5. Check the Customer name option and enter the desired information.
  6. Check the Display level option and select None in the drop down menu.
  7. Check the Accept EULA option.
  8. Check the Always suppress reboot option.
  9. Click Apply.
  10. Go to the Details tab and the Quiet install command should now read:
    setup.exe /config proplus.ww\config.xml

Microsoft Office is now set up to be installed silently by a Task Sequence. If you wish to customise the installation to a greater degree, the Office Customization Tool can be launched from the Office Products tab. This process can also be done for Microsoft Visio and Project.

To add other popular third party software, you’ll need to repeat the steps above, with the relevant Command line to quietly or silently install them.

Google Chrome – Enterprise Installer

msiexec /I googlechromestandaloneenterprise64.msi /qn

Adobe Reader – Enterprise Installer

AdobeReaderDC.exe /sAll

We now need to create a new Task Sequence to create a reference image.


Creating a Task Sequence

  1. In Deployment Workbench, go to Task Sequences.
  2. Right click and select New Task Sequence.
  3. For the ID enter: W10-1803.
  4. Name it Build Windows 10 1803.
  5. Select Standard Client Task Sequence.
  6. Select the Operating System Windows 10 1803 x64.
  7. Select Do not specify a product key at this time.
  8. Enter an Organization name.
  9. Select Do not specify an Administrator password at this time.
  10. Complete the wizard.

Now we’ll configure the Task Sequence.


Configuring the Task Sequence

  1. Right click on the Task Sequence just created and select Properties.
  2. Go to the OS Info tab and click Edit Unattend.xml. It will take sometime to generate the catalog.
  3. When the Unattend.xml opens, go to 7 oobesystemamd64_Microsoft-Windows-Shell-Setup__neutral > OOBE.
  4. Change the ProtectYourPC setting to 3. This will prevent the image from randomly checking for updates whilst it is being built.
  5. Save the Unattend.xml, you can safely ignore an warnings.
  6. Go to the Task Sequence tab on the Properties window of the Task Sequence.
  7. Expand the Preinstall folder, and select the Apply Patches item.
  8. Change the Selection Profile to Windows 10 1803 x64.
  9. Go to the State Restore folder and select Windows Update (Pre-Application Installation).
  10. On the right side of the Properties window, go to the Options tab.
  11. Uncheck the Disable this step tick box and do the same with Windows Update (Post-Application Installation).
  12. If you skipped the Importing Applications section, please disable the Install Applications item and go to step 16, if not please continue.
  13. Go to the Install Applications item.
  14. In the right side of the Properties box, select the Install a single application option and click the Browse… button.
  15. Select Microsoft Office and change the name Install Applications to Microsoft Office.
  16. Install other Applications, copy and paste the Install Applications item and repeat steps 13 – 15 for the applications of your choice.
  17. Click Apply and close the Task Sequence.


Blocking Internet Access to prevent Microsoft Store App Updates

To block internet access to the VM whilst the image is building, we’ll use the script from Peter Löfgren’s System Center Ramblings post.

  1. First create a PowerShell script file called Internet-Access.ps1 with the following code:
## Creates the disable option used by the script
param (

## If the Disable command line option is not added, the script adds a Firewall Rule to block traffic on ports 80 (http) and 443 (https).
If (!$Disable)
   Write-Output "Adding internet block"
   New-NetFirewallRule -DisplayName "Block Outgoing 80, 443" -Enabled True -Direction Outbound -Profile Any -Action Block -Protocol TCP -RemotePort 80,443

## If the Disable command line option is added, the script removes the Firewall Rule created above.
If ($Disable)
   Write-Output "Removing internet block"
   Get-NetFirewallRule -DisplayName "Block Outgoing 80, 443" | Remove-NetFirewallRule
  1. Save the script in your MDT share, where the Task Sequence will be able to access it. I save my custom scripts in a folder called _scripts the Applications folder.
  2. In the Task Sequence created above, we’ll add the items required to run the PowerShell script to enable and disable the internet blocking firewall rules.
  • Go to the Task Sequence tab on the Properties window of the Task Sequence.
  • Go to State Restore and click on the Add button.
  • Go to General > Run PowerShell Script.
  • Name the new item PS Script – Disable Internet Access.
  • Enter Z:\Applications\_scripts\Internet-Access.ps1 or your own path to the PowerShell script we just created.
  • Scroll down the Task Sequence to just above the Imaging folder.
  • Once again, add a new Run PowerShell Script item.
  • Name it PS Script – Enable Internet Access.
  • Again, enter Z:\Applications\_scripts\Internet-Access.ps1 or or your own path to the PowerShell script.
  • Important: Add -Disable to the Parameters section.
  • Click Apply and OK to close the Task Sequence.

What will happen now is that after Windows boots up, a firewall rule will be added to block internet traffic on ports 80 and 443, and just before starting the SysPrep and capture process the firewall rule will be removed.

Next, we’ll create a domain user account for MDT.


Creating a service account for MDT in Active Directory

  1. Go to Active Directory Users and Computers.
  2. Create a user called mdt_admin and give it a complex password.
  3. Go to the Server or PC where the Deployment Share is hosted.
  4. Give the user mdt_admin Full Control share permissions and Full Control permissions to all the files and folders in the Deployment Share.

Next we need to configure the Bootstrap.ini and the CustomSettings.ini files to control certain aspects of the deployment environment. The settings below enable auto log in and skip the welcome screen, so these should only be used for lab or closed development environments.


Configuring Bootstrap.ini

  1. In Deployment Workbench, right click the Deployment Share and select Properties.
  2. Select the Rules tab and click the Edit Bootstrap.ini button.
  3. Add the settings below to the Bootstrap.ini.
  4. Close and Save the Bootstrap.ini



Configuring CustomSettings.ini

On the Rules tab of the Deployment Share properties window, add the settings below.



BackupFile=%TaskSequenceID%_#year(date) & "-" & month(date) & "-" & day(date) & "-" & hour(time) & "-" & minute(time)#.wim

We now need to create the boot media to boot the VM into the deployment environment.


Creating The Boot Media

  1. In Deployment Workbench, right click on the Deployment Share.
  2. Select Update Deployment Share.
  3. Select Completely regenerate the boot images.
  4. Complete the wizard. It will take some time to create the boot images.


Testing and Capturing a Reference Image

To test everything we need to copy the ISO file that we just generated. It is located in the Boot folder in the Deployment Share. Go to the Server or PC that is hosting the deployment share and navigate to the boot folder. Inside there should be a file named LiteTouchPE_x64.iso. Copy this file to a location where a Hyper-V Virtual Machine will be able to access it.

Create a new VM in Hyper-V with the following configuration:

  • 2x vCPUs
  • 4GB of RAM
  • Network Adapter with access the local network.
  • Virtual Hard Drive of at least 40GB, preferably on an SSD.
  • Boot from CD using the LiteTouchPE_x64.iso from MDT.
  • If using Hyper-V on Windows 10 1709 and above, make sure Use Automatic Checkpoints is disabled.

Start the VM and it will boot from the LiteTouchPE_x64.iso into the deployment environment. You will be presented with a screen with the name of the Task Sequence you created earlier. Select your Task Sequence and click Next and the task sequence will begin.

The Task Sequence will install Windows 10 1803, update from the WSUS server, install the optional applications if you added them, and then run Windows Update from the WSUS server again. It will then run SysPrep and the reboot back into the deployment environment and MDT will capture the image.

When this process completes the VM will be shutdown and a file named W10-1803_YEAR_MONTH_DAY_HOUR_MINUTE.wim will be in the Captures folder in the Deployment Share.


You now have a reference image for Windows 10 1803 and an Microsoft Deployment Toolkit installation, with a deployment share specifically configured for building reference images.

I take great care to test my ideas and make sure my articles are accurate before posting, however mistakes do slip through sometimes. If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.

I hope this article helps you out, please consider supporting my work here. Thank you.


59 thoughts on “Building A Windows 10 1803 (April 2018 Update) Reference Image with MDT

Add yours

  1. Awesome writeup thanks. I successfully followed your previous post about building and deploying Windows 10 1709 images. In recent two articles about building and deploying of WIndows 10 1803 images I noticed, you are now creating TWO shares in MDT – Build and Deploy one. In previous article there was only one deployment share, which hosted both reference and captured image. Can you please elaborate on this, what are (dis)advantages of both solutions? I guess I dont have to select boot option now, since we have two different Lighttouch boot images? Thanks.


    1. Hi Lukas,

      I’ve been running 2 shares for a while but haven’t written about it – I wasn’t sure it would be helpful for anyone.

      The downsides with having two shares are that: you have 2 shares to deal with, so it can be double the work in some cases but, at least in my case having each share focused on a single task helps a lot.

      The advantages are that: if you are responsible for building and testing, but not deploying images, then having a separate share to do that building and testing can be helpful. You don’t have to consider disrupting current deployments. Additionally, because the build share is only used for building, and all my building and testing is done on VMs, then drivers are not a consideration.

      With regards to having two litetouch boot images: the build share boot image is never used to PXE boot from. I only use the ISO to boot my own VMs.

      You could also consider this approach as “dev” and “live” deployment shares.

      As always I’m not saying this is the *only* way to do it, just *a* way to do it. It seems to work for me. Hope this helps. 🙂



  2. Thanks. I know there isn’t the only right way to do it, just as I am still learning I want to try something that has been already tried and proven good, so not to waste my time discovering what was discovered already. Now I have to teach other admins about MDT deployment and I was considering, whether show them to use one deployment share or two. I guess I would stick with one, to not confuse them too much. We are all responsible both for building and deploying, so everybody will be doing all tasks, so I think I can use only one deployment share.

    And do you know, if MDT is backwards compatible? I mean if I update MDT now for use with 1803, will it break my deployment share I have set up for 1709 images? Thanks.


    1. No problem Lukas, I’m happy to offer advice.

      I would agree that one share is probably a good place to start to prevent confusion.

      I use MDT 8450 with Win 10 1709 and 1703 images still and it seems to be working, so you shouldn’t have any problems.


      Liked by 1 person

  3. Hi, Great guide ! The only problem I have is with the Internet-Access.ps1, The task fails telling me it was not abble to locate the file…


    1. Hi Patrick,

      Be sure to have the Internet-Access.ps1 script in the deployment share somewhere and in the Task Sequence make sure the path is correct.

      Tip: If Z:\Applications\scripts doesn’t work, try %deployroot%\Applications\scripts.


      Liked by 1 person

  4. Hey, i got the problem, that the autologon after the first reboot ist not working. Wenn i manually login, the ts goes on. Any suggestions?
    greetings Marcel


    1. Hi there,

      I’ve only seen this problem with Win 10 1703, the issue wasn’t present in builds after this. I would recommend creating a new Task Sequence, making sure you on the latest build of MDT and the ADK.



      1. Hey, thanks for the answer. That was what i found according to this problem. I saw that i used a old ADK Version and upgraded it to the ADK Win10 1803. Useing the same Deployment share after doesnt change anything. I will test to create a new deployment share. According to this, is it better to have different shares for client&server deployment, or doesnt it matter to use one share for client and server deployment at the same time?


  5. Hi Mike, Thanks for your efforts to publish this! My question is what is the best practice to uninstall all Windows store apps?
    I `m trying to capture a custom.wim file from reference machine and if I run the script to clean all applications before to connect the system to the internet and install all applications I want then after captured the .wim the MDT deployment failed with the Error 5640. failed to install the Operating system, But if I capture the image with out to uninstall all Windows crap, it is working and I have to clean them after. Any suggestions on what TS we can uninstall all unnecessary apps?

    Liked by 1 person

    1. Hi Nick,

      The best practice is probably not to touch them at all. Microsoft are pushing Store apps, previously known as UWP apps, not actively promoting ways to remove them. I would personally suggest to use whatever method works for you and your environment/way of working. I prefer to run a PowerShell script during the build task sequence (near the end) to remove the built in apps and then use the setting in Group Policy, under Cloud Content called “Turn off Microsoft consumer experience” which prevents the social media apps, games and so on from being downloaded when users log on. Contrary to popular belief Microsoft do not ship Windows with Twitter, Candy Crush, etc. pre-installed, it’s downloaded after setup along with other updates for Store apps, if the GPO option is not set.

      I’m assuming you’ve followed the blog post, but in case you haven’t – there’s a point in the Task Sequence where I block internet access – don’t worry, the block is lifted before sysprep. This block is put in place to prevent Windows from doing Store updates during application installs, which often causes SysPrep to fail.



      1. Regarding Group Policy “Cloud Content called “Turn off Microsoft consumer experience” which prevents the social media apps, games and so on from being downloaded when users log on.” it says it only works for Enterprise or Eduaction. Is there a workaround for Windows 10 Pro?


  6. Hello Mike,
    Thanks for the post. I have got an error ‘Cannot find the script file “c:\ltibootstrap.vbs” ‘ and it didn’t finish capturing the image. I was trying it with a physical machine, not a VM. Any thoughts? Much appreciated. Thanks


    1. Hi there,

      It sounds like there could be many things going wrong here. I’m sorry but without a lot more detailed information, I can’t give appropriate advice.



      1. I recreated the whole thing in MDT and I had same issue. It seems my laptop is not properly getting the network access after “Enable internet access” step.. I added one more step ‘restart the computer’ before the “Copy sysprep files” and it resolved the problem.


    2. Hi! I Found a solution: in unnattended.xml open 7 oobeSystem – *Shell-Setup_neutral -FirstlogonCommands – Synchronous* – CommandLine. Change value to “wscript.exe %SystemDrive%\MININT\Scripts\LTIBootstrap.vbs”

      Liked by 1 person

  7. I was trying to build a reference Hyper-V machine, all was ok, but during first phase, when OS is installed, I was presented with login screen, user Administrator and I had to manualy click Login, after that sequence continued and installed apps etc. Can this be automated so I would not have to login manually?


    1. Hi Lukas,
      When creating a Task Sequence, you can specify an administrator password (even a blank one) which it uses to log in automatically. It shouldn’t be having an issue with logging in automatically, unless you are using Windows 10 1703 with no patches – as it was an issue then, but not with 1803, at least as far as I have seen.



      1. Hi, I created build reference sequence from scratch, this time I entered local admin password and when executing sequence, it ran ok, but I was again presented with login screen asking for administrator password, which I didnt enter, but I was watching real time log on MDT and I realized that sequence is actually still running and continuing even if I see just logon screen and not actual MDT progress bar. Is this normal? I dont mind it, but I would actually prefer to see what is going on.


          1. Thanks for reply. Maybe it is not normal, but it is this way. I found yesterday on Microsoft forum (forgot link, sorry) users which were reporting the very same issue. With 1709 it was ok, with 1803 there is logon screen displayed, but sequence is still running and finishes completely with no errors. Allegedly it has to something with some new 1803 functions. And another thing, which is different with 1803 is that it takes much longer to finish sequence, in my environment, it was almost double the time 1709 sequence took. It is stuck on “Getting ready” too long. I dont know why, I have same sequence, same apps as with 1709, it just takes quite long to build image and also to deploy image, around twice as long with the same setup.


              1. HI Mike

                Have you found a fix for this issue? I’m using win 10 2004 enterprise and having the same issue above

                Any help would be great, reading elsewhere seems a joining domain issue




    2. Are you trying to join the domain with your image? Make sure that if it does join the domain Group Policy is not altering or changing the Administrator login in anyway.


  8. Thanks for the walkthrough! If I don’t have a WSUS Server, should I skip the “WSUSServer=” row? Will it be using the regular Windows Update if I skip it?


    1. Hi Phillip,

      If you don’t have a WSUS server, yes you can just remove the line entirely or comment it out with a semicolon (;). It will use the regular Windows Update if the PC has access to the internet.



  9. I am getting this error when
    Creating the Deployment Share

    Share build_2$ could not be created
    The MDT is being opened Read Only
    Access to the path ‘c:\DeploymentShare’ is denied

    Access to the path ‘e:\DeploymentShare’ is denied ( on an external drive)


  10. I’ve spent the last 2 weeks working on creating a good W10 1803 deployment before I finally came across your site. It’s the best I’ve found, but I’m still running into a problem. I’m being asked for credentials to access a network share before the install begins the task sequence. I have the domain, username, and pwd listed in the bootstrap.ini, but that isn’t helping. The user has share and security permissions for the deployment share folder on the server. Thoughts?


    1. Hi David,

      It sounds like you have everything setup correct. A suggestion: I often use my own account to log in and run deployments in a lab, my account is in the domain admins group. As a test, if possible give domain admins full access/full control to the build share/files & folders and see if that makes a difference.



      1. Hi Mike, I found the answer… I needed to replace the existing image in the Windows Deployment Service. It’s functioning as designed now. Thanks for your suggestion and the site!


  11. Hi Mike, when I set the PS Script – Enable Internet Access. TS failed. I have SEP installed on my reference image and the script to uninstall all apps after that does not work as well. Could be I miss something. I found another script debloatwin10 app which is working but still has to uninstall manually some applications. I captured the image from a physical system we need to modify the image. TS for Office 2016 does not work with the command line you provided, and I try to Bitlocker the drive I receive an error ” The system is not configured ….” after the image is deployed. Thank you for your guide and effort but obviously, some customizations are not working on the same way with previous Windows versions. But this guidance it is really helpful.


    1. I can say I removed PS Script for disabling internet access. I had no negative impact on sysprep at all, all was running smoothly. Maybe it was needed in previous versions, but definitely is not needed for 1803. And it had negative impact on Office activation, which obviously didnt work, when internet access was disabled, so I had to manually activate it after deployment.


    2. Hi Nick,

      Firstly apologies for the late reply, I’ve only just seen your comment.

      From what you’ve said it seems like you’re fighting a whole load of issues. My guide is focused on clean images from VMs so I’ve not much to offer in the way of advice I’m afraid. I can say that I’ve noticed Microsoft keep the Windows 10 ISO’s up to date now and it may be effecting some of my points in the guide – I’ll have to check this out at some point.

      I’ve not had any problems with the Office 2016 command line install and that shouldn’t be effected by Windows 10 or MDT. As Lukas mentioned disabling the Internet will effect Office online activation, unless your using a KMS server.

      Thanks for your kind words, apologies that I can’t be more helpful.



  12. Mike, I’m SO RELIEVED to find these instructions! I am desperately trying to refresh about 100 PCs on our high school campus in the next two weeks. I’ve been trying all summer to fix our broken WDS. I’m not very experienced with deployment but had it working via PXE boot capture and custom install images a few years back. Since then Win 10 happened and my labs are all terribly out of date. So crossing my fingers… Thank you. Thank you!

    P.S. I just got to adding the rules in the deployment share properties and saw: WSUSServer=http://WSUS-SERVER-NAME:8530. I don’t have a WSUS Server configured and wonder if it is required for this all to work. Thanks for your contribution to the deployment world!

    Liked by 1 person

    1. Hi Dave,

      Thanks for the kind words, I’m glad this has helped you. The WSUS server isn’t required, if you leave it blank, Windows will attempt to check Windows update from the internet if it has internet access. You can also disable the Windows Update checks in the Task Sequence to disable it entirely.



  13. Hey Mike. I sent you messages on Instagram and Twitter earlier today and got no response, so I created an account here to make a reply. I keep getting errors once the vm boots up and was wondering if you could give some assistance.


    1. Hi there DJ,

      I’m afraid this past week I’ve been extremely busy with work. I’ve not had time to check messages or respond yet and for that I apologise. Please leave you questions here and I’ll respond as I can, or perhaps someone else might if they follow the comments.



  14. Hi Mike,

    Firstly great guide… As your some sort of Deployment master, I wonder if you could help me out on an issue I appear to be having… I built a Windows 10 1803 system on a virtual machine, entered into Audit Mode, I was able to do Windows Updates OK – and add additional software to the setup. I didn’t run any scripts to remove any of the built in Windows Store apps (as I wanted to keep them in for this image) I then ran a Sysprep & Capture Task to upload the captured WIN file to my deployment server – everything appeared to work OK – I didn’t get any errors in Sysprep, I was expecting something to break here with the Windows Store Apps, has something changed in 1803 or Audit Mode to stop them from updating??

    Anyway… When I deploy my custom image, again, this all happens OK,, it’s connected to the domain, no issues, log on as a domain user – the software I included in the image works no problem – but if I try clicking on one of the Windows Store App’s from the start menu or layout, (Store, Mail, Photos, Calendar, Film & TV, Groove Music, Video Editor etc etc) the icon dims out and you have a white progress bar appears, as if it’s trying to install the app for the user, but it just sits there doing nothing… you can leave it all day and it does nothing.

    If I go into Windows Settings – Apps – None of these Windows Store Apps appear in the list (Some websites mentioned about going into advanced settings and reset the app, but they’re not listed to do that)

    I’ve also tried running the command wsreset command with no luck.

    If I log in as the local admin account – these Windows Store Apps work fine,

    Any ideas or tips as to what’s broken?? And how I can fix it?!?!

    Many Thanks,



    1. Hi Matt,

      Apologies for the delay in replying and thanks for the kind words although, I’m no deployment master, I just developed what I feel is a good system for myself and wanted to share it so that it could help others if required.

      On to your questions:

      To my understanding SysPrep breaks when the Windows 10 Microsoft Store checks for app updates and receives them, this changes the apps and something to do with that stop SysPrep from completing. During Audit mode, the update process doesn’t run (or didn’t run during your time with it, or couldn’t access the internet) and so SysPrep could complete successfully because the apps hadn’t changed.

      Regarding the Store apps not running after deployment for users other than the local administrator account, it’s been a while since I last used Audit mode, but I would start looking here.

      Sorry I can’t be of more help, but hopefully this might point you in the right area.



  15. Hi Mike –

    First, Awesome Article. Thank you. I am new to MDT and have one question. Now that you have captured the referenced image, how I get this referenced image to transfer to an external hard drive/usb and boot from either onto a physical machine? I have about 50 machines to image and was thinking: If I have the captured image working on a vm with all the apps and everything, now what? How do I use external drive/usb, make it bootable and image the machines? Thank you


    1. Hi Duraid,

      I’m sure what you want to do is possible – however my article is based on my own experience using MDT to image machines over the network, booting using PXE – which is usually done by pressing F12 on the BIOS screen. You can create a bootable USB drive to image the machine using MDT over the network if you don’t want to do PXE, but I have no experience with offline imaging with MDT.

      My apologies, hopefully someone else has experience with this and can advise you. If I do find any information I will let you know.



  16. Mike:
    Great Article, but slight issue. I have followed the directions, but when retrieve the LiteTouchPE_x64.iso, it does not boot up. I get the Windows logo, turning circle, cursor with hourglass, and then black screen with cursor (can move cursor with mouse). Any ideas???


    1. Hi Victor,

      If the VM being used to build the image already has Windows installed on it, you’ll need to change the boot device to the CD-ROM. My walk through assumes the VM is new with a blank VHD and so boots from the CD-ROM (the .iso) as there is nothing else to boot from.



      1. Hello Mike:
        Yes, your assumption is correct, my VM is new with a blank VHD and when i try to boot the LiteTouchPE_x64.iso generated by MDT, after booting from the Virtual CD Rom, the .iso does not boot. I get the Windows logo, turning circle, cursor with hourglass, and then black screen with cursor. I have deleted the contents of the \\Build\Boot directory and “Update Deployment Share” multiple times with WinPE Dell and VMware drivers injected with no changes…..also the “Generic_x64.iso” does not boot aswell. Thanks



        1. Hi Victor,

          Thanks for the info. So it sounds like the VM could be having trouble connecting to the MDT share, perhaps due to network drivers, network connectivity or permissions on the MDT share. When you boot the VM and you have the mouse cursor, press F8 to get a command prompt and can use it to perform some tests. If you run “ipconfig” you should have an IP address. You can also run “diskpart” and “list disk” to see if the local hard disk is being recognised.

          It could be (but I don’t think likely) that the additional drivers are causing an issue. Just as a test, you could try building an .iso with no additional drivers added.



  17. Hi,

    great guide here, thank you for this!

    in the 1709 guide the cumulative update is implemented in the Preinstall tasks. So i decided to make this here again. But after the image is deployed windows 10 reports to the WSUS that it is still needed and downloads/installs the whole package again.
    To see which Updates are installed (after new deploy) i used the get-hotfix command in PS and it shows me the cumulutavie update Pack. That seems right…
    So why windows 10 doesnt recognize it as installed and reports to WSUS that the pack is still needed?
    Some suggestions?

    greets meddi


    1. Hi meddi,

      I’m not sure, but I’ve seen the same behaviour with some updates and not others with other versions of Win10. What I would think is that the update is applied in the preinstall phase, but then when Windows Update runs it’s detection some part of the update is needed to be re-applied? It’s only a thought. Perhaps it might be rectified if you add the most recent cumulative update to MDT’s packages folder, if you haven’t already.



  18. Hi, when I try to import OS, I get the no WIM found, this is because MS is now using ESD files and not WIM.
    This isn’t mentioned in this article, which is for the 1803 version, same as I’m using….
    now I can convert the ESD to WIM but I’m still puzzled why no mentions it in the article or comments, perhaps there is another windows 1803 iso?

    thank you!


      1. Hi there,

        That’s right – MDT is for large enterprise deployments and so doesn’t work with the consumer installer, only the ISO’s from the Volume Licensing Center or MSDN. These sites are linked in the guide for this reason.



  19. Hi,
    first i would like to thank you for taking the time to write this very good guide!
    however i ran into some issues
    Sysprep is restarting not shuting down as you described
    capture file is not moved to capture folder under Build$ .
    i get a strange error whe the machine returns after sysprep restart. ” can’t find script file ‘LTIBootstrap.vbs'”

    Application installment is disabled and i skipped the PS script.
    any ideas ?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

Up ↑

%d bloggers like this: