Build and Capture Windows 10 2004 (20H1) Reference Image

News and Updates

An update for Microsoft Deployment Toolkit (MDT_KB4564442) has been released: This update fixes the boot loop issue and replaces Johan’s workaround with an officially supported fix. Details on how to install it are on Michael Niehaus’ blog post here. and you can download the fix here. I will add installation instructions in the walkthrough below. NOTE: If you have existing shares you will need to copy the files from the extracted update to %DeployRoot%\Tools and overwrite the existing files in all shares. You will then need to update the deployment shares and recreate boot media.

The Windows ADK for Windows 10, version 2004 has been released: At the time of writing, I’ve been unsuccessful in deploying any supported version of Windows 10 using the latest ADK. However, Johan Arwidmark’s Deployment Research site has a temporary fix and explains what the problem is. I highly recommend you check out his site.

Current Known Issue: With the current version of the ADK and WinPE (2004) and MDT (8456) after sysprep is run and the VM attempts to boot into WinPE to capture from the local disk, it boot loops and then turns off the VM. Booting from the LiteTouchPE_x64.iso bypasses this issue and the image will capture.

Lifecycle Support Notes from Microsoft: The Windows 10 Enterprise and Education 1709 support window has been extended six months to October 13th 2020 due to the COVID-19 pandemic.

If you are using Enterprise or Education editions of Windows 10, from 1809 onwards the YY09 (YYH2) versions of Windows 10 will get 30 months of support and the YY03 versions will only get 18 months. So you may want to consider if you deploy the YY03 versions at all and focus on YY09 releases. Here’s the official information from Microsoft here.

 

This article is based on current information as of 2020-06-04. I will update it in future as things progress.

In this article as with my previous ones we will walk through installing and configuring Microsoft Deployment Toolkit to build and capture a reference image of Windows 10 2004 using a Hyper-V Virtual Machine. It’s assumed that you have a server or PC ready to install MDT and create a file share for MDT to build the image with, and finally we’ll be focusing on the 64-bit Enterprise edition of Windows 10.

Here are the links to the software we’ll be using:

Additional software which may be useful:

 

Installing Microsoft Deployment Toolkit and Dependencies

  1. First, we’ll install the Windows 10 2004 ADK. During setup additional files will need to be downloaded, so it may take some time depending on your internet connection.
  2. On the Select the features you want to install screen select:
  • Deployment Tools
  • Imaging And Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT)
  1. WinPE is a separate install. Install the WinPE add-on by running the adkwinpesetup.exe, there is no specific configuration during the install wizard.
  2. Now install MDT by running the setup file downloaded earlier. There is no specific configuration during the install wizard.
  3. Finally, extract the files from MDT_KB4564442, and copy them to %ProgramFiles%\Microsoft Deployment Toolkit\Templates\Distribution\Tools replacing the existing files.

 

Creating the Deployment Share

  1. Open the Deployment Workbench from the Start Menu.
  2. Right click on Deployment Shares.
  3. Select New Deployment Share.
  4. Enter the path for the Deployment Share: E:\Build.
  5. Enter the Share nameBuild$.
  6. Give the share a description.
  7. On the Options screen, accept the defaults as you can change them later.
  8. Complete the wizard to create the share.
  9. By default, the share permissions are set the local administrators group. We’ll revisit this later.

 

Adding an Operating System

  1. Mount the Windows 10 2004 ISO in File Explorer.
  2. Go to Deployment WorkbenchOperating Systems.
  3. Right click and select New Folder.
  4. Enter the name Windows 10 2004 x64 and click through the wizard to create the folder.
  5. Right click again and select Import Operating System.
  6. In the wizard, select Full set of source files and then enter the root of the mounted ISO as the Source directory.
  7. For the destination directory name enter Windows 10 2004 x64 and complete the wizard.
  8. Go to the Operating Systems/Windows 10 2004 x64 node and rename the new entries added to Windows 10 2004 <Edition> x64 for ease of use.

 

Creating Package Folder for Future Updates

  1. Go to Deployment Workbench > Packages.
  2. Create a folder named Windows 10 2004 x64.

Now we’ll create a selection profile so that the Task Sequence only attempts to install updates for Windows 10 2004 x64 that we make available through MDT.

 

Creating A Selection Profile

  1. Expand the Advanced Configuration node.
  2. Right click on Selection Profiles and select New Selection Profile.
  3. Name it Windows 10 2004 x64.
  4. On the Folders page, tick the Windows 10 2004 x64 folder under Packages and complete the wizard.

 

Importing Applications

In my previous articles I’ve covered how to add Microsoft Office 2016, in this one I’m going to omit the information as it is probably time to move to Office 2019/365 and they both install very differently from Office 2016. I have a separate article and YouTube video walk through on how to deploy Office 2019/365.

 

The New Microsoft Edge – Business Download

msiexec /i MicrosoftEdgeEnterpriseX64.msi /qn

 

Google Chrome – Enterprise Installer

msiexec /I googlechromestandaloneenterprise64.msi /qn

 

Adobe Reader – Enterprise Installer

AdobeReaderDC.exe /sAll

 

We now need to create a new Task Sequence to create a reference image.

 

Creating a Task Sequence

  1. In Deployment Workbench, go to Task Sequences.
  2. Right click and select New Task Sequence.
  3. For the ID enter: W10-2004.
  4. Name it Build Windows 10 2004.
  5. Select Standard Client Task Sequence.
  6. Select the Operating System Windows 10 2004 x64.
  7. Select Do not specify a product key at this time.
  8. Enter an Organization name.
  9. Select Do not specify an Administrator password at this time.
  10. Complete the wizard.

Now we’ll configure the Task Sequence.

 

Configuring the Task Sequence

  1. Right click on the Task Sequence just created and select Properties.
  2. Go to the Task Sequence tab on the Properties window of the Task Sequence.
  3. Expand the Preinstall folder and select the Apply Patches item.
  4. Change the Selection Profile to Windows 10 2004 x64.
  5. Go to the State Restore folder and select Windows Update (Pre-Application Installation).
  6. On the right side of the Properties window, go to the Options tab.
  7. Uncheck the Disable this step tick box and do the same with Windows Update (Post-Application Installation).
  8. If you skipped the Importing Applications section, please disable the Install Applications item and go to step 16, if not please continue.
  9. Go to the Install Applications item.
  10. In the right side of the Properties box, select the Install a single application option and click the Browse… button.
  11. Select Microsoft Edge and change the name Install Applications to Microsoft Edge.
  12. Install other Applications, copy and paste the Install Applications item and repeat steps 13 – 15 for the applications of your choice.
  13. Click Apply and close the Task Sequence.

 

Blocking Internet Access to prevent Microsoft Store App Updates

To block internet access to the VM whilst the image is building, we’ll use my Internet Access Control Utility.

Running the script with the -disable switch will create a firewall rule that will block internet traffic on ports 80 and 443.

  1. First download Internet Access Control Utility from GitHub and copy it to \\mdt-server\build-share\_custom.
  2. In the Task Sequence created above, we’ll add the items required to run the PowerShell script.
  3. Go to the Task Sequence tab on the Properties window of the Task Sequence.
  4. Go to State Restore and click on the Add button.
  5. Go to General > Run PowerShell Script.
  6. Name the new item PS Script – Disable Internet Access.
  7. Enter Z:\_custom\Internet-Access-Control.ps1.
  8. Add -Disable to the Parameters section.
  9. Scroll down the Task Sequence to just above the Imaging folder.
  10. Once again, add a new Run PowerShell Script item.
  11. Name it PS Script – Enable Internet Access.
  12. Again, enter Z:\_custom\Internet-Access-Control.ps1.
  13. Add -Enable to the Parameters section.
  14. Click Apply and OK to close the Task Sequence.

Next, we’ll create a domain user account for MDT for use as a service account.

 

Creating a service account for MDT in Active Directory

  1. Go to Active Directory Users and Computers.
  2. Create a user called mdt_admin and give it a complex password.
  3. Go to the Server or PC where the Deployment Share is hosted.
  4. Give the user mdt_admin Full Control share permissions and Full Control permissions to all the files and folders in the Deployment Share.

Next, we need to configure the Bootstrap.ini and the CustomSettings.ini files to control certain aspects of the deployment environment. The settings below enable auto log in and skip the welcome screen, so these should only be used for lab or closed development environments.

 

Configuring Bootstrap.ini

  1. In Deployment Workbench, right click the Deployment Share and select Properties.
  2. Select the Rules tab and click the Edit Bootstrap.ini button.
  3. Add the settings below to the Bootstrap.ini.
  4. Close and Save the Bootstrap.ini
[Settings]
Priority=Default

[Default]
DeployRoot=\\SERVER-NAME\Build$
UserDomain=contoso.com
UserID=mdt_admin
UserPassword=p@ssw0rd
SkipBDDWelcome=YES

 

Configuring CustomSettings.ini

On the Rules tab of the Deployment Share properties window, add the settings below.

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipDomainMembership=YES
SkipSummary=YES
SkipFinalSummary=YES
SkipComputerName=YES
SkipUserData=YES

_SMSTSORGNAME=Build Share
_SMSTSPackageName=%TaskSequenceName%
DoCapture=YES
ComputerBackupLocation=\\SERVER-NAME\Build$\Captures
BackupFile=%TaskSequenceID%_#year(date) &amp; "-" &amp; month(date) &amp; "-" &amp; day(date) &amp; "-" &amp; hour(time) &amp; "-" &amp; minute(time)#.wim
WSUSServer=http://WSUS-SERVER-NAME:8530
FinishAction=SHUTDOWN
SLShare=\\SERVER-NAME\Build$\Logs
EventService=http://SERVER-NAME:9800

We now need to create the boot media to boot the VM into the deployment environment.

 

Creating the Boot Media

  1. In Deployment Workbench, right click on the Deployment Share.
  2. Select Update Deployment Share.
  3. Select Completely regenerate the boot images.
  4. Complete the wizard. It will take some time to create the boot images.

 

Testing and Capturing a Reference Image

To test everything, we need to copy the ISO file that we just generated. It is in the Boot folder in the Deployment Share. Go to the Server or PC that is hosting the deployment share and navigate to the boot folder. Inside there should be a file named LiteTouchPE_x64.iso. Copy this file to a location where a Hyper-V Virtual Machine will be able to access it.

Create a new VM in Hyper-V with the following configuration:

  • For Hyper-V Only: Generation 1, not 2. I’ve had issues reported with Gen2 VMs.
  • At least 2x vCPUs
  • At least 4GB of RAM
  • Network Adaptor with access the local network.
  • Virtual Hard Drive of at least 40GB, preferably on fast media.
  • Boot from CD using the LiteTouchPE_x64.iso from MDT.
  • If using Hyper-V on Windows 10 1709 or above, make sure Use Automatic Checkpoints is disabled.

Start the VM and it will boot from the LiteTouchPE_x64.iso into the deployment environment. You will be presented with a screen with the name of the Task Sequence you created earlier. Select your Task Sequence and click Next and the task sequence will begin.

The Task Sequence will install Windows 10 2004, update from the WSUS server, install the optional applications if you added them, and then run Windows Update from the WSUS server again. It will then run SysPrep and attempt to reboot back into the deployment environment from the local disk and send the image to the MDT server. However currently I have experienced issues when booting into WinPE from the disk. I have worked around this by booting from a LiteTouchPE_x64.iso to get into WinPE. The capture then runs as normal. Hopefully this will be fixed in a future update.

When this process completes the VM will be shutdown and a file named W10-2004_YEAR_MONTH_DAY_HOUR_MINUTE.wim will be in the Captures folder in the Deployment Share.

 

You now have a reference image for Windows 10 2004 and a Microsoft Deployment Toolkit installation, with a deployment share specifically configured for building and capturing reference images.

We’ll cover setting up a deployment share and focus on tasks to support deploying Windows to real hardware in this article.

 

Please consider supporting my work:

  • Sign up using Patreon.
  • Support with a one-time payment using PayPal.

If you’d like to get in touch with me please leave a comment, send me a tweet or DM, or send me a message via my contact form.

-Mike

Many thanks to my patrons!

Kayleigh Price
Mark Stenglein
Lukáš Maršálek
Michael Agu
Rick Olsen

13 thoughts on “Build and Capture Windows 10 2004 (20H1) Reference Image

Add yours

  1. I have had luck with the 2004 ADK, but keeping the 1903 WinPE. Something is not right in the 2004 WinPE–I try to deploy an image on a VM (using 2004 WinPE) and after the image finishes installing, the next step is to apply the unattend.xml with DISM, and it fails there. Not sure why. SMSTS logs don’t show anything.

    Liked by 1 person

    1. Hi there,

      I haven’t mixed WinPE 2004 with ADK 1903 so I can’t say I’ve experience that myself. I tend to keep the versions in lock with each other. You might have more luck using WinPE 1903 along with ADK 1903.

      -Mike

      Like

      1. The only issue I had with the 1903PE and the 2004ADK was that after sysprep, it did not want to boot on it’s own to WinPE, however, with a WinPE MDT ISO in the VM, I could boot to that, and the TS would continue as if nothing was wrong and capture the WIM. I am testing the 2004PE with the fix for UEFI script to see if that resolves the issue.

        Liked by 1 person

        1. UPDATE – when using Johan Arwidmark’s script, I can do a successful B & C with The 2004 ADK and PE. The only thing is, it still boot loops when doing the reboot into WinPE after sysprep, however, since I am doing this on a VM, the boot media ISO is mounted in the removable disk drive, so if I boot to it during the boot loop, when WinPE loads, the TS picks right back up and captures the WIM.

          Liked by 1 person

  2. In my case, using the Arwidmark script, the VM tried to boot from HD after the sysprep (it always said loading files during boot up) and after 4x, it shut down. I simply had to press a key to make sure it will boot from CD/DVD (or the ISO). After that, the action “Create WIM” started. That issue didn’t happen with 1909.

    Liked by 1 person

  3. Do you have issues with creating the reference image or with installing a client with the reference image?

    It created the wim/reference image to me even though the reference computer simply did turn off after generating the file (no “successful” message). I’m using MDT 8456 and ADK 200e as well. The generated reference image seems to work in my case though since the “installing operating process” already finished. However, I did not yet complete the installation. Will report back if I’ll encounter some issues after the installation.

    Like

    1. Successfully deployed on a VM…Time to check on a physical machine.
      Too bad that the 2004 administratives template files are not yet available.
      I only had the above mentioned issues creating the reference image. Everything else worked the same as with 1909.

      Like

  4. The reason it boot loops when doing the reboot into WinPE after sysprep is that you build your image on gen1 VM (BIOS)
    As Johan writes on his blog
    https://deploymentresearch.com/making-mdt-work-with-windows-adk-2004-for-bios-machines/
    There is a issue with Microsoft.BDD.Utility.dll, Johan’s script solves the problem in WinPe for deploy scenarios but when computer boots up in full os and run gather script the IsUEFI variabel is set to TRUE again
    The easiest way you can solve this is to add ts step before sysprep and set ts variable IsUEFI = false then you can do a successful B & C or add i script that detects if BIOS or UEFI and set IsUEFI variable correctly

    Like

  5. Is anyone having issues getting the TS Progress Bar to show when SetupComplete.cmd runs on an in-place upgrade TS? On my Win10 2004 IPU TS, when the setupcomplete.cmd runs, no TS is visible, even though the steps are running. I cannot for the life of me figure out why it will not show up. I have searched high and low… I am running the most recent MDT with the PROD versions of the Latest ADK and WinPE.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: