Installing Microsoft Deployment Toolkit and Deploying Windows 10 – From Scratch!

If you’ve read my other posts you’ll know that usually I make a post focusing on building a reference image and then another post on deploying that image.

This post is very similar but I’m going to streamline things by just covering the installation of MDT, and deploying Windows 10 1909. I have also recently published a video walkthrough covering this to my YouTube channel.

What you’ll need:

  • A server to host the MDT share.
  • A client PC, or the MDT server above to install the tools.
  • A VM to test the install task sequence.

This walkthrough will cover installing the tools on a client PC and then the MDT deployment share will be hosted on a server.

Here are the links to the software we’ll be using:

 

Installing Microsoft Deployment Toolkit and Dependencies

  1. First we’ll install the Windows 10 1903 ADK. During setup additional files will need to be downloaded, so it may take some time depending on your internet connection.
  2. On the Select the features you want to install screen select:
  • Deployment Tools
  • Imaging And Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT)
  1. Install WinPE by running the adkwinpesetup.exe. There is no specific configuration during the install wizard.
  2. Install MDT by running the MicrosoftDeploymentToolkit_x64.msi. There is no specific configuration during the install wizard.

 

Install the Windows System Image Manager Update

  1. Unzip the archive containing the WSIM 1903 fix.
  2. Copy the two files: ImageCat.exe and ImgMgr.exe to the location the ADK is installed to. The default location is: C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\WSIM.
  3. After installation you will still not be able to access WSIM through MDT. You will need to load WSIM from the Start Menu then open the XML file for the Operating System you wish to change. The XML answer file will be located in \\server\deploymentshare$\Control\Task-Sequence-ID\Unattend.xml.

 

Creating the Deployment Share

  1. Go to the server that will host the deployment share.
  2. Create a folder called DeploymentShare.
  3. Share the folder by right-clicking on the folder and go to Properties > Sharing > Advanced Sharing.
  4. Tick the Share this folder check box.
  5. Enter DeploymentShare$ as the Share name. We do this so the share is hidden.
  6. Go to Permissions, remove Everyone.
  7. Add Domain Users and leave the permissions as Allow Read. Add Domain Admins and check Allow Full Control permissions.
  8. Go back on the client PC where the MDT tools installed.
  9. Open the Deployment Workbench from the Start Menu.
  10. Right click on Deployment Shares.
  11. Select New Deployment Share.
  12. Under Deployment share path enter the UNC path: \\server\DeploymentShare$
  13. Enter a description in the Deployment share description text field.
  14. On the Options screen, accept the defaults as we’ll change them later.
  15. Complete the wizard to create the share.

 

Adding an Operating System

  1. Mount the Windows 10 1909 ISO in File Explorer.
  2. Go to Deployment Workbench > Operating Systems.
  3. Right click and select New Folder.
  4. Enter the name Windows 10 1909 x64 and click through the wizard to create the folder.
  5. Right click again and select Import Operating System.
  6. In the wizard, select Full set of source files and then enter the root of the mounted ISO as the Source directory.
  7. For the destination directory name enter Windows 10 1909 x64 and complete the wizard.

 

Adding Packages

  1. Go to Deployment Workbench > Packages.
  2. Create a folder named Windows 10 1909 x64.
  3. Go to the website catalog.update.microsoft.com
  4. Search for Windows 10 version 1909.
  5. Download the latest Cumulative Update for Windows 10 1909 x64.
  6. Download the latest Servicing Stack Update for Windows 10 x64.
  7. Create a folder and put both update files in the folder.
  8. Go to Deployment Workbench > Packages.
  9. Right-click on the folder Windows 10 1909 x64.
  10. Select Import Packages.
  11. In the Package source directory enter the path to the new folder we created containing the updates.
  12. Click Next and complete the wizard.

Now we’ll create a selection profile so that the task sequence only installs updates for Windows 10 1909 x64.

 

Creating A Selection Profile

  1. Expand the Advanced Configuration node.
  2. Right click on Selection Profiles and select New Selection Profile.
  3. Name it Windows 10 1909 x64.
  4. On the Folders page, tick the Windows 10 1909 x64 folder under Packages and complete the wizard.

 

Importing Applications

Here I’m going to cover how to add Microsoft Office 2016, but the method is the same for all applications.

  1. Go to Deployment WorkbenchDeployment Share > Applications.
  2. Right click on Applications and select New Application.
  3. In the New Application Wizard, choose Application with source files.
  4. Give the application the name: Microsoft Office 2016.
  5. Enter the Source directory of the installation files.
  6. Enter the Destination directory: Microsoft Office 2016.
  7. For the Command line enter anything, we’ll revisit this later.
  8. On the summary page, click Next and after the files are copied click Finish to complete the wizard.

 

Configuring Microsoft Office 2016 in MDT

  1. Right click on Microsoft Office 2016, go to the Office Products Tab.
  2. Choose the desired Office Product to Install from the drop down menu.
  3. Check the desired Office language.
  4. Enter a product key, unless you will be activating Office via KMS in which case leave the Product Key option unchecked.
  5. Check the Customer name option and enter the desired information.
  6. Check the Display level option and select None in the drop down menu.
  7. Check the Accept EULA option.
  8. Check the Always suppress reboot option.
  9. Click Apply.
  10. Go to the Details tab and the Quiet install command should now read:
    setup.exe /config proplus.ww\config.xml

Microsoft Office is now set up to be installed silently by a task sequence. This process can also be done for Microsoft Visio and Project 2016. If you wish to customise the installation to a greater degree, the Office Customization Tool can be launched from the Office Products tab.

This only works with the Office 2016 family of products. Office 365 and 2019 do not support this method and should be installed like a regular application. To customise Office 365 and 2019, check out my post: Deploying Office 2019 or Office 365.

 

Adding Third-party Applications

To add other popular third party software, you’ll need to repeat the steps above with the relevant Command line to execute a silent install. You’ll also need to fill in the Working directory: .\Applications\App-name

Google Chrome – Enterprise Installer

msiexec /i googlechromestandaloneenterprise64.msi /qn

Adobe Reader – Enterprise Installer

AdobeReaderDC.exe /sAll

VLC Player

VLC.exe /S

7-Zip

msiexec.exe /i 7zip.msi /qn

 

We now need to create a new task sequence to deploy Windows 10 along with the applications.

 

Creating a Task Sequence

  1. In Deployment Workbench, go to Task Sequences.
  2. Right click and select New Task Sequence.
  3. For the ID enter: W10-1909-A.
  4. Name it Deploy Windows 10 1909 x64 <Edition>.
  5. Select Standard Client Task Sequence.
  6. Select the Operating System Windows 10 1909 x64 <Edition>.
  7. Select Do not specify a product key at this time if you are using KMS.
  8. Enter an Organization name.
  9. Enter the local Administrator password.
  10. Complete the wizard.

Now we’ll configure the task sequence.

 

Configuring the Task Sequence

  1. Right click on the Task Sequence just created and select Properties.
  2. Go to the Task Sequence tab on the Properties window of the Task Sequence.
  3. Expand the Initialization folder in the left hand pane.
  4. Go to the Gather local only item.
  5. In the Properties window select Gather local data and process rules.
  6. Enter the following in the Rules file: customsettings.ini
  7. Expand the Preinstall folder, and select the Apply Patches item.
  8. Change the Selection Profile to Windows 10 1909 x64.
  9. Go to the State Restore folder and select Windows Update (Pre-Application Installation).
  10. On the right side of the Properties window, go to the Options tab.
  11. Uncheck the Disable this step tick box and do the same with Windows Update (Post-Application Installation).
  12. Go to the Install Applications item.
  13. In the right side of the Properties box, select the Install a single application option and click the Browse… button.
  14. Select Microsoft Office 2016 and change the name Install Applications to Microsoft Office 2016.
  15. To install other Applications, copy and paste the Install Applications item and repeat the previous steps.
  16. Click Apply and close the task sequence.

Next we need to configure the Bootstrap.ini and the CustomSettings.ini files to control certain aspects of the deployment environment. The settings below enable auto login and skip the welcome screen, so these should only be used for lab or closed development environments.

 

Configuring Bootstrap.ini

  1. In Deployment Workbench, right click the Deployment Share and select Properties.
  2. Select the Rules tab and click the Edit Bootstrap.ini button.
  3. Add the settings below to the Bootstrap.ini.
  4. Close and Save the Bootstrap.ini
[Settings]
Priority=Default

[Default]
DeployRoot=\\SERVER-NAME\DeploymentShare$
SkipBDDWelcome=YES

 

Configuring CustomSettings.ini

The settings below need some explanation. The [Virtual Machine] section is regarding driver installs which we’ll cover later in this post.

The JoinDomain= section is important. Here I’ve put the account sysadmin to use as the account to join the device being imaged to the domain contoso.com. The account entered here must have the relevant permissions to join a device to the domain.

The other settings are location preferences relevant to the UK and resolution settings which prevent the finished device from defaulting to a resolution of 1024 x 768, and instead using the recommended resolution Windows receives from the display.

On the Rules tab of the Deployment Share properties window, add the settings below.

[Settings]
Priority=Model, Default, SetOSD
Properties=OSDPrefix

[Virtual Machine]
DriverGroup001=Virtual Machine
DriverSelectionProfile=nothing
OSDComputerName=%TaskSequenceID%

[Default]
_SMSTSORGNAME=Deployment Share
_SMSTSPackageName=%TaskSequenceName%

OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES

TimeZoneName=GMT Standard Time
KeyboardLocale=0809:00000809
UILanguage=en-GB
UserLocale=en-GB
KeyboardLocale=en-GB
BitsPerPel=32
VRefresh=60
XResolution=1
YResolution=1
HideShell=YES

JoinDomain=contoso
DomainAdmin=sysadmin
DomainAdminPassword=lamepassword
MachineObjectOU=OU=PCs,DC=contoso,DC=com

SkipUserData=YES
SkipDomainMembership=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipSummary=YES
SkipFinalSummary=YES
FinishAction=SHUTDOWN
WSUSServer=http://SERVER-NAME:8530
SLShare=\\SERVER-NAME\DeploymentShare$\Logs
EventService=http://SERVER-NAME:9800

We now need to create the boot media in order to boot the VM into WinPE for deployment.

 

Creating The Boot Media

  1. In Deployment Workbench, right click on the Deployment Share.
  2. Select Update Deployment Share.
  3. Select Completely regenerate the boot images.
  4. Complete the wizard. It will take some time to create the boot images.

 

Testing The Task Sequence

To test everything we need to copy the ISO file that we just generated. It is located in the Boot folder in the Deployment Share. Go to the server that is hosting the deployment share and navigate to the boot folder. Inside there should be a file named LiteTouchPE_x64.iso. Copy this file to a location where a virtual machine will be able to access it.

Create a new VM with the following configuration:

  • For Hyper-V Only: Generation 1, not 2. I’ve had issues reported with Gen2 VMs.
  • 2x vCPUs
  • 4GB of RAM
  • Network Adapter with access the local network.
  • Virtual Hard Drive of at least 40GB, preferably on an SSD.
  • Boot from CD using the LiteTouchPE_x64.iso from MDT.

 

  1. Start the VM and it will boot from the LiteTouchPE_x64.iso into WinPE.
  2. You will be presented with a login screen. Here you should login with Active Directory credentials that have access to the deployment share.
  3. Once logged in you will be presented with a screen with the name of the task sequence you created earlier. Select your Task Sequence and click Next.
  4. You’ll be prompted to enter a Computer Name.
  5. Click Next and the task sequence will begin.

The task sequence will install Windows 10 1909. Windows Update will run and install updates from the WSUS server and the VM will be added to the Active Directory domain. When this process completes the VM will shut down.

Boot up the VM and check to see if it has successfully joined the domain and has all the applications installed.

 

Driver Management

In this section we’re going to configure how drivers are managed during deployment. There are a few ways to do this, here I’ll show the method I’ve been using which has worked very well for a variety of manufactures and models of devices.

The first thing you’ll need is the model numbers for all the devices you want to deploy to. You can find this out by booting the device in to its current version of Windows or the deployment environment using the LiteTouch_x64.iso boot disc or PXE booting. I haven’t covered PXE booting in this post but here’s a previous post I wrote on how to setup PXE booting for MDT: PXE Booting for Microsoft Deployment Toolkit.

When the device is booted into WinPE, press F8 to get a command prompt, and type out the following command:

wmic computersystem get model

The output of the command is the model number you’ll need.

The next thing you’ll need is the drivers. I’ve found Windows 10 is good at installing missing drivers from Windows Update, but it can take some time and it would be better for the device to be running with all the drivers it needs once deployment has completed.

Windows 10 tends to have some drivers built right in and I’ve found they are usually very stable, so I only add drivers to MDT that Windows 10 cannot find. Deploy the image to each type of device you have and use Device Manager to see what’s missing.

If you’re missing drivers, go to Settings > Windows Update and use Check online for updates from Microsoft Update which should find and install the relevant drivers. Then using the Update History and see what you need to find and import into MDT.

Note: I recommend to avoid using WSUS to download and install drivers as it inflates the WSUS database, slowing WSUS down and making it difficult to manage.

To import drivers into MDT you’ll need the INF files. Most large manufacturers do a decent job of providing drivers that can be used with MDT. Should you have difficulty with them you can use the Microsoft Update Catalog to search for and download the specific drivers that Windows Update installs and use them with MDT. I use this method myself and although it can be time consuming, the results are worth it.

Once you have the drivers you require, we need to add them to MDT.

  1. Open the Deployment Workbench.
  2. Navigate to Deployment Share > Out-of-Box Drivers.
  3. Right click and select New Folder, call the folder Windows 10 x64.
  4. Right click on the Windows 10 x64 folder and select New Folder.
  5. Name the folder a human readable name for the model of device you’ll be adding drivers for.
  6. Right click on the folder you just created and create folders for each driver type you’ll be adding, eg. Graphics, Chipset, Bluetooth.
  7. Right click on a driver type folder and select Import Drivers.
  8. Enter the source directory of the drivers for that driver type.
  9. Check the Import drivers even if they are duplicates of an existing driver check box.
  10. Click Next and complete the wizard. The wizard will copy all the files needed to the driver type folder.
  11. Repeat steps 7-10 for each driver type required.

 

We now need to edit the CustomSettings.ini to configure the driver location for each model.

  1. Go to the Deployment Workbench and right click on the Deployment Share, select Properties.
  2. Go to the Rules tab in the Properties window.
  3. Enter the text below under the [Settings] section but after the Properties.
  4. Once you’ve added in all the models required, click Apply to save the changes.
    [MODEL-NUMBER]
    DriverGroup001=Windows 10 x64\Human-Readable-Model-Number
    DriverSelectionProfile=nothing
    OSDPrefix=PC

    You’ll need to enter the above text for each model. Below is an example of my CustomSettings.ini for reference.

    [Settings]
    Priority=Model, Default, SetOSD
    Properties=OSDPrefix
    
    [HP 250 G5 Notebook PC]
    DriverGroup001=Windows 10 x64\HP 250 G3
    DriverSelectionProfile=nothing
    OSDPrefix=HP
    
    [80J2]
    DriverGroup001=Windows 10 x64\Lenovo E50
    DriverSelectionProfile=nothing
    OSDPrefix=LEN
    
    [Virtual Machine]
    DriverGroup001=Virtual Machine
    DriverSelectionProfile=nothing
    OSDPrefix=VM
    
    [Default]
    _SMSTSORGNAME=Deploy
    _SMSTSPackageName=%TaskSequenceName%
    UserDataLocation=NONE
    ComputerBackupLocation=\\SERVER-NAME\Deploy$\Captures
    OSDComputerName=%OSDPrefix%-%SerialNumber%
    ...
    
    

The deployment share is now configured to install drivers for the models specified.

Boot the physical device into WinPE and run the task sequence. After it completes, check Device Manager and all devices should be successfully installed.

 

Adding Drivers to the WinPE Boot Media

It may be necessary to add drivers to the WinPE boot media for devices such as storage or network adaptors.

To determine if drivers are required:

  1. Boot the device in question into the deployment environment and press F8 to bring up a command prompt.
  2. Type ipconfig and if you have an IP address, you should not have to add network adaptor drivers
  3. Type diskpart, and when diskpart has loaded, type list disk. If the local hard drive is listed, you should not need to add storage drivers.

If you do need to add drivers to the boot image:

  1. In the Deployment Workbench, go to Deployment Share > Out-of-Box Drivers.
  2. Right click and select New Folder, call the folder WinPE x64.
  3. Right click on the WinPE x64 folder and select New Folder.
  4. Name the folder a suitable name for the model of device you’ll be adding drivers for.
  5. Right click on the folder you just created and create folders for each driver type you’ll be adding, eg. Storage, Network.
  6. To import the drivers, right click on a driver type folder and select Import Drivers.
  7. Enter the source directory of the drivers and tick the Import drivers even if they are duplicates of an existing driver check box.
  8. Click Next and complete the wizard. The wizard will copy all the files needed to the driver type folder.
  9. Repeat steps 6-8 for each driver type required.
  10. Now we must create a Selection Profile for WinPE x64.
  11. Go to Advanced Configuration > Selection Profiles.
  12. Right click on Selection Profiles and select New Selection Profile.
  13. Enter WinPE x64 as the Selection profile name.
  14. In the folders list navigate to DS001:\ > Out-of-Box Drivers > WinPE x64 and check the box next to the folder.
  15. Click Next > Next > Finish to complete the wizard.
  16. Right click on the Deployment Share and select Properties.
  17. Go to the Windows PE tab and change the Platform drop down menu to x64.
  18. Go to the Drivers and Patches tab, and change the Selection profile drop down menu to WinPE x64.
  19. Make sure that Include only drivers of the following types is selected and both Include all network drivers in the selection profile and Include all mass storage drivers in the selection profile are checked.
  20. Click Apply to save the changes, click OK to close the Properties window.
  21. Right click the Deployment Share and select Update Deployment Share.
  22. Select Completely regenerate the boot images, and then Next. The boot images will be regenerated with the drivers included.
  23. Click Finish to complete the wizard.

The WinPE boot media should now have the network and/or storage drivers required.

 

I take great care to test my ideas and make sure my articles are accurate before posting, however mistakes do slip through sometimes. If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.

I hope this article is useful to you. Please consider supporting my work on patreon, or by donating with paypal, or ko-fi.

-Mike

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: