News and Updates
An update for Microsoft Deployment Toolkit (MDT_KB4564442) has been released: This update fixes a boot loop issue. Details on how to install it are on Michael Niehaus' blog post here and you can download the fix here. Installation instructions will also be in the walkthrough below. NOTE: If you have existing shares you will need to copy the files from the extracted update to %DeployRoot%\Tools
and overwrite the existing files in all shares. You will then need to update the deployment shares and recreate boot media.
Lifecycle Support Notes from Microsoft: If you are using Enterprise or Education editions of Windows 10, from 1809 onwards the YY09 (YYH2) versions of Windows 10 will get 30 months of support and the YY03 versions will only get 18 months. So you may want to consider if you deploy the YY03 versions at all and focus on YY09 releases. Here’s the official information from Microsoft here.
This article is based on current information as of 2021-09-25. I will update it in future as things progress.
In this article as with my previous ones we will walk through installing and configuring Microsoft Deployment Toolkit to build and capture a reference image of Windows 10 version 21H1 using a Hyper-V Virtual Machine. It’s assumed that you have a server or PC ready to install MDT and create a file share for MDT to build the image with, and finally we’ll be focusing on the 64-bit Enterprise edition of Windows 10. Here are the links to the software we’ll be using:
- Windows 10 version 2004 Assessment and Deployment Kit (ADK)
- Windows PE add-on for ADK 2004
- Microsoft Deployment Toolkit (8456)
- Microsoft Deployment Toolkit (8456) Update KB4564442
- Windows 10 version 21H1 x64 | Windows Insider Preview ISO | Volume Licensing Service Center
Additional software which may be useful:
- Rufus
- Remote Server Administration Tools for Windows 10 - Double check that you download the version of RSAT for the version of server you want to administer.
Installing Microsoft Deployment Toolkit and Dependencies
- First, we’ll install the Windows 10 version 2004 ADK. During setup additional files will need to be downloaded, so it may take some time depending on your internet connection.
- On the “Select the features you want to install” screen, select the following:
- Deployment Tools
- Imaging And Configuration Designer (ICD)
- Configuration Designer
- User State Migration Tool (USMT)
- WinPE is a separate install. Install the WinPE add-on by running the adkwinpesetup.exe, there is no specific configuration during the install wizard.
- Now install MDT by running the setup file downloaded earlier. There is no specific configuration during the install wizard.
- Finally, extract the files from MDT_KB4564442, and copy them to
%ProgramFiles%\Microsoft Deployment Toolkit\Templates\Distribution\Tools
replacing the existing files.
Creating the Deployment Share
- Open the “Deployment Workbench” from the Start Menu
- Right click on “Deployment Shares”
- Select “New Deployment Share”
- Enter the path for the Deployment Share:
E:\Build
- Enter the share name:
Build$
- Give the share a description
- On the Options screen, accept the defaults as you can change them later
- Complete the wizard to create the share
- By default, the share permissions are set the local administrators group. We’ll revisit this later
Adding an Operating System
- Mount the Windows 10 version 21H1 ISO in File Explorer
- Go to “Deployment Workbench” > “Operating Systems”
- Right click and select “New Folder”
- Enter the name “Windows 10 version 21H1 x64” and click through the wizard to create the folder
- Right click again and select “Import Operating System”
- In the wizard, select “Full set of source files” and then enter the root of the mounted ISO as the “Source directory”
- For the destination directory name enter “Windows 10 version 21H1 x64” and complete the wizard
- Go to the “Operating Systems” > “Windows 10 version 21H1 x64” node and rename the new entries added to “Windows 10 version 21H1 Edition x64” for ease of use.
Creating Package Folder for Future Updates
- Go to “Deployment Workbench” > “Packages”
- Create a folder named “Windows 10 version 21H1 x64”
Now we’ll create a selection profile so that the Task Sequence only attempts to install updates for Windows 10 version 21H1 x64 that we make available through MDT.
Creating A Selection Profile
- Expand the “Advanced Configuration” node
- Right click on “Selection Profiles” and select “New Selection Profile”
- Name it “Windows 10 version 21H1 x64”
- On the “Folders” page, tick the “Windows 10 version 21H1 x64” folder under “Packages” and complete the wizard
Importing Applications
If you want to add some applications to be a part of your reference image, here I’ll cover how to add VLC as an example application.
- Go to “Deployment Workbench” > “Deployment Share” > “Applications”
- Right click on “Applications” and select “New Application”
- In the New Application Wizard, choose “Application with source files”
- Give the application the name: VLC
- Enter the “Source” directory of the installation files
- Enter the “Destination” directory: VLC
- For the “Command line” enter anything, we’ll revisit this later
- On the summary page, click “Next” and after the files are copied click “Finish” to complete the wizard
Configuring Applications
- Right click on VLC, go to the Details tab
- Enter the following for the “Quiet install command”:
vlc-setup.exe /S
VLC is now set up to be installed silently by the Task Sequence.
To add other software, you’ll need to repeat the steps above, with the relevant Command line to silently install them. Below are a few command lines for some software I frequently install silently, along with the links to the ‘offline’ installers.
Google Chrome - Enterprise Installer
msiexec /I googlechromestandaloneenterprise64.msi /qn
Adobe Reader - Enterprise Installer
AdobeReaderDC.exe /sAll
We now need to create a new Task Sequence to create a reference image.
Creating a Task Sequence
- In “Deployment Workbench”, go to “Task Sequences”
- Right click and select “New Task Sequence”
- For the ID enter: “W10-21H1”
- Name it “Build Windows 10 21H1”
- Select “Standard Client Task Sequence”
- Select the Operating System “Windows 10 21H1 x64”
- Select “Do not specify a product key at this time”
- Enter an “Organization” name
- Select “Do not specify an Administrator password at this time”
- Complete the wizard
Now we’ll configure the Task Sequence.
Configuring the Task Sequence
- Right click on the “Task Sequence” just created and select “Properties”
- Go to the “Task Sequence” tab on the “Properties” window of the Task Sequence
- Expand the “Preinstall” folder and select the “Apply Patches” item
- Change the “Selection Profile” to “Windows 10 21H1 x64”
- Go to the “State Restore” folder and select “Windows Update (Pre-Application Installation)”
- On the right side of the “Properties” window, go to the “Options” tab
- Uncheck the “Disable this step” tick box and do the same with “Windows Update (Post-Application Installation)”
- If you skipped the “Importing Applications” section, please disable the Install Applications item and go to step 16, if not please continue
- Go to the “Install Applications” item
- In the right side of the “Properties” box, select the “Install a single application” option and click the “Browse…” button
- Select “Google Chrome” and change the name Install Applications to “Google Chrome”
- Install other Applications, copy and paste the “Install Applications” item and repeat steps 13 - 15 for the applications of your choice
- Click “Apply” and close the Task Sequence
Blocking Internet Access to prevent Microsoft Store App Updates
To block internet access to the VM whilst the image is building, we’ll use my Internet Access Control Utility.
Running the script with the -disable switch will create a firewall rule that will block internet traffic on ports 80 and 443.
- First download Internet Access Control Utility from GitHub and copy it to
\\mdt-server\build-share\_custom
- In the “Task Sequence” created above, we’ll add the items required to run the PowerShell script
- Go to the “Task Sequence” tab on the “Properties” window of the Task Sequence
- Go to “State Restore” and click on the “Add” button
- Go to “General” > “Run PowerShell Script”
- Name the new item “PS Script - Disable Internet Access”
- Enter
Z:\_custom\Internet-Access-Control.ps1
- Add
-Disable
to the Parameters section - Scroll down the Task Sequence to just above the “Imaging” folder
- Once again, add a new “Run PowerShell Script” item
- Name it “PS Script - Enable Internet Access”
- Again, enter
Z:\_custom\Internet-Access-Control.ps1
- Add
-Enable
to the Parameters section - Click “Apply” and OK to close the Task Sequence
Next, we’ll create a domain user account for MDT for use as a service account.
Creating a service account for MDT in Active Directory
- Go to “Active Directory Users and Computers”
- Create a user called
mdt_admin
and give it a complex password - Go to the Server or PC where the “Deployment Share” is hosted
- Give the user
mdt_admin
“Full Control” share permissions and “Full Control” file permissions to all the files and folders in the “Deployment Share”
Next, we need to configure the “Bootstrap.ini” and the “CustomSettings.ini” files to control certain aspects of the deployment environment. The settings below enable auto log in and skip the welcome screen, so these should only be used for lab or closed development environments.
Configuring Bootstrap.ini
- In “Deployment Workbench”, right click the “Deployment Share” and select “Properties”
- Select the “Rules” tab and click the “Edit Bootstrap.ini” button
- Add the settings below to the “Bootstrap.ini”
- Close and Save the Bootstrap.ini
|
|
Configuring CustomSettings.ini
On the “Rules” tab of the “Deployment Share” properties window, add the settings below.
|
|
We now need to create the boot media to boot the VM into the deployment environment.
Creating the Boot Media
- In “Deployment Workbench”, right click on the “Deployment Share”
- Select “Update Deployment Share”
- Select “Completely regenerate the boot images”
- Complete the wizard. It will take some time to create the boot images
Testing and Capturing a Reference Image
To test everything, we need to copy the ISO file that we just generated. It is in the “Boot” folder in the “Deployment Share”. Go to the Server or PC that is hosting the deployment share and navigate to the boot folder. Inside there should be a file named LiteTouchPE_x64.iso
. Copy this file to a location where a Hyper-V Virtual Machine will be able to access it.
Create a new VM in Hyper-V with the following configuration:
- For Hyper-V Only: Use Generation 1, not 2 VMs. I’ve had issues reported with Gen2 VMs
- At least 2x vCPUs
- At least 4GB of RAM
- Network Adaptor with access the local network
- Virtual Hard Drive of at least 40GB, preferably on fast media
- Boot from CD using the
LiteTouchPE_x64.iso
from MDT - If using Hyper-V on Windows 10 1709 or above, make sure “Use Automatic Checkpoints” is disabled
Start the VM and it will boot from the LiteTouchPE_x64.iso
into the deployment environment. You will be presented with a screen with the name of the “Task Sequence” you created earlier. Select your Task Sequence, click Next and the process will begin. The Task Sequence will install Windows 10 version 21H1, update from the WSUS server, install the optional applications if you added them, and then run Windows Update from the WSUS server again. It will then run SysPrep and attempt to reboot back into the deployment environment from the local disk and send the image to the MDT server.
When this process completes the VM will be shutdown and a file named W10-21H1_YEAR_MONTH_DAY_HOUR_MINUTE.wim
will be in the Captures folder in the Deployment Share.
You now have a reference image for Windows 10 version 21H1 and a Microsoft Deployment Toolkit installation, with a deployment share specifically configured for building and capturing reference images. We’ll cover setting up a deployment share and focus on tasks to support deploying Windows to real hardware in this article.
Support My Work
Please consider supporting my work:
- Support with a one-time donation using PayPal
If you have any questions or comments, please leave them below.
-Mike