Windows 10 21H1 May 2021 Update on gal.vin

Deploy Windows 10 21H1 Reference Image

Sun, 09 May 2021 00:51:50 +0100

News and Updates

An update for Microsoft Deployment Toolkit (MDT_KB4564442) has been released: This update fixes a boot loop issue. Details on how to install it are on Michael Niehaus' blog post here and you can download the fix here. Installation instructions will also be in the walkthrough below. NOTE: If you have existing shares you will need to copy the files from the extracted update to %DeployRoot%\Tools and overwrite the existing files in all shares. You will then need to update the deployment shares and recreate boot media.

Lifecycle Support Notes from Microsoft: If you are using Enterprise or Education editions of Windows 10, from 1809 onwards the YY09 (YYH2) versions of Windows 10 will get 30 months of support and the YY03 versions will only get 18 months. So you may want to consider if you deploy the YY03 versions at all and focus on YY09 releases. Here’s the official information from Microsoft here

This article is based on current information as of 2021-09-25. I will update it in future as things progress.

In this article as with my previous ones we will walk through configuring Microsoft Deployment Toolkit to deploy the reference image created in the previous article: Build and Capture Windows 10 21H1 Reference Image

Installing the MDT Update: MDT_KB4564442

Extract the files from the self-extracting archive and copy them to %ProgramFiles%\Microsoft Deployment Toolkit\Templates\Distribution\Tools replacing the existing files. If you have existing shares you will need to copy the files from the update to %DeployRoot%\Tools and overwrite the existing files in all shares. You will then need to update the deployment shares and recreate boot media.

Open the Deployment Workbench from the Start Menu
Right click on Deployment Shares
Select New Deployment Share
Enter the path for the Deployment Share: E:\Deploy
Enter the Share name: Deploy$
Give the share a description
On the Options screen, accept the defaults as we can change them later
Complete the wizard to create the share
By default, the share permissions are set the local administrators group. We’ll revisit this later

Add an Operating System

Go to Deployment Workbench > Operating Systems
Right click and select Import Operating System
In the wizard, select Custom image file and then navigate to the Captures folder of the Build Deployment Share as the Source file
When prompted to Specify operating system setup files, select Setup files are not needed
For the destination directory name enter a name that you want to use and complete the wizard
Go to the Operating Systems node and rename the reference image we just captured to something more readable

Create a Task Sequence

In Deployment Workbench, go to Task Sequences
Right click and select New Task Sequence
For the ID enter: W10-21H1
Name it Deploy Windows 10 version 21H1
Select Standard Client Task Sequence
For the Operating System, select the custom image that we imported previously
Select Do not specify a product key at this time if you are using KMS
Enter an Organization name
Enter the local Administrator password
Complete the wizard

Now we’ll configure the Task Sequence.

Configuring the Task Sequence

Right click on the Task Sequence just created and select Properties
Expand the Initialization folder in the left-hand pane
Go to the Gather local only item
In the Properties window select Gather local data and process rules
Enter the following in the Rules file: customsettings.ini
Go to the State Restore folder and select Windows Update (Pre-Application Installation)
On the right side of the Properties window, go to the Options tab
Uncheck the Disable this step tick box and do the same with Windows Update (Post-Application Installation)
Select the Install Applications item and check the Disable this step tick box
Click Apply and close the Task Sequence

In the previous post we created a user called mdt_admin in Active Directory to be used as a service account. We must give that user access to the new deployment share we have created here.

Go to the server or PC where the Deployment Share is hosted
Give the user mdt_admin Full Control share permissions and Full Control permissions to all the files and folders in the Deployment Share
You may also want to give similar permissions to users or groups that are going to be using the deployment share

Next, we need to configure the Bootstrap.ini and the CustomSettings.ini files to control certain aspects of the deployment environment. The settings below are a bare minimum configuration from my lab, and you may want to add more to overtime.

Configure Bootstrap.ini

In Deployment Workbench, right click the Deployment Share and select Properties
Select the Rules tab and click the Edit Bootstrap.ini button
Add the settings below to the Bootstrap.ini
Close and Save the Bootstrap.ini

[Settings]
Priority=Default
 
[Default]
DeployRoot=\\SERVER-NAME\Deploy$
SkipBDDWelcome=YES

Configure CustomSettings.ini

The settings below deserve some explanation. The [Virtual Machine] section is regarding driver installs which we’ll cover more later in this post. The Join Domain section is important. Here I’ve put the mdt_admin account to use as the account to join the device being imaged to the domain contoso.com. If you are following this guide to the letter, the mdt_admin account would not have the appropriate permissions to join a device to a domain, and so you should either give it the permissions required or create a new account for that specific purpose.

The other settings are location preferences relevant to the UK and resolution settings which prevent the finished device from defaulting to a resolution of 1024 x 768, and instead use the recommended resolution Windows receives from the display.

On the Rules tab of the Deployment Share properties window, add the settings below.

[Settings]
Priority=Model, Default, SetOSD
Properties=OSDPrefix

[Virtual Machine]
DriverGroup001=Virtual Machine
DriverSelectionProfile=nothing
OSDComputerName=%TaskSequenceID%

[Default]
_SMSTSORGNAME=Deploy
_SMSTSPackageName=%TaskSequenceName%

; MDT deployment settings
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES

; Locale and screen res
TimeZoneName=GMT Standard Time
KeyboardLocale=0809:00000809
UILanguage=en-GB
UserLocale=en-GB
KeyboardLocale=en-GB
BitsPerPel=32
VRefresh=60
XResolution=1
YResolution=1
HideShell=YES

; Join Domain
JoinDomain=contoso.com
DomainAdminDomain=contoso.com
DomainAdmin=mdt_admin
DomainAdminPassword=p@ssw0rd
MachineObjectOU=OU=PCs,DC=contoso,DC=com

; Other Settings
SkipUserData=YES
SkipDomainMembership=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipSummary=YES
SkipFinalSummary=YES
FinishAction=SHUTDOWN
WSUSServer=http://SERVER-NAME:8530
SLShare=\\SERVER-NAME\deploy$\Logs
EventService=http://SERVER-NAME:9800

We now need to create the boot media to boot the VM into the deployment environment.

Creating the Boot Media

In Deployment Workbench, right click on the Deployment Share.
Select Update Deployment Share.
Select Completely regenerate the boot images.
Complete the wizard. It will take some time to create the boot images.

Testing the Task Sequence

To test everything, we need to copy the ISO file that we just generated. It is in the Boot folder in the Deployment Share. Go to the Server or PC that is hosting the deployment share and navigate to the boot folder. Inside there should be a file named LiteTouchPE_x64.iso. Copy this file to a location where a Hyper-V Virtual Machine will be able to access it. To prevent confusion with the ISO we generated from the Build deployment share, we’ll append -deploy to the name of this new ISO. Create a new VM in Hyper-V with the following configuration:

For Hyper-V Only: Generation 1, not 2. I’ve had issues reported with Gen2 VMs
At least 2x vCPUs
At least 4GB of RAM
Network Adaptor with access the local network
Virtual Hard Drive of at least 40GB, preferably on fast media
Boot from CD using the LiteTouchPE_x64-deploy.iso from MDT
If using Hyper-V on Windows 10 1709 or above, make sure Use Automatic Checkpoints is disabled

Start the VM and it will boot from the LiteTouchPE_x64-deploy.iso into the deployment environment, you will be presented with a login screen and here you should login with the Active Directory credentials that have access to the Deployment Share. Once logged in you will be presented with a screen with the name of the Task Sequence you created earlier. Select your Task Sequence and click Next. You’ll be prompted to enter a name for the device, it will also be added to Active Directory under this name. Click Next and the task sequence will begin.

When the task sequence completes the VM will be shutdown.

This completes the basic testing of the deployment task sequence. Now we’ll get into drivers and further configuration.

Setting the Default Application Associations

Here’s how to configure the default application associations in the deployment task sequence.

Using an existing Windows 10 install navigate to Settings > System > Default apps
Set the Default apps and any other file associations as required
Open Windows PowerShell (Admin) by right-clicking on the Windows/Start button or pressing Win + X
In the PowerShell window type the following and press enter: Dism /Online /Export-DefaultAppAssociations:C:\AppAssoc.xml
After a few seconds you should see The operation completed successfully in the PowerShell window
Navigate to C:\ and copy AppAssoc.xml to your MDT deployment share: \\SERVER-NAME\Deploy$\_custom
Open the Deployment Workbench and go to Deployment Share > Task Sequences
Right click on the Task Sequence Deploy Windows 10 21H1 and select Properties
Click on the Task Sequence tab and navigate to Postinstall > Configure
Click the Add button at the top of the Task Sequence actions view and go to General > Run Command Line
Enter Set Default App Associations in the Name field, and in the Command line field enter: Dism.exe /Image:%OSDisk% /Import-DefaultAppAssociations:%DEPLOYROOT%\Applications\_scripts\AppAssoc.xml
Click Apply to save the changes

Driver Management

Now we’re going to configure how drivers are installed for the physical devices we’re going to deploy Windows 10 to. There are a few ways to do this, here I’ll show the method I’ve been using which has worked very well for a variety of manufactures and models of devices.

The first thing you’ll need is the model numbers for all the devices you want to roll out the image to. You can find this out by booting the device in to its current version of Windows or the deployment environment using the LiteTouch_x64.iso boot disc or PXE booting, which I haven’t covered in this post but here’s a previous post I wrote on how to setup PXE booting for MDT: PXE Booting for Microsoft Deployment Toolkit.

When the device is booted into the deployment environment, press F8 to get a command prompt, and typing out the following command: wmic computersystem get model The output of the command is the model number you’ll need. The next thing you’ll need is the drivers. I’ve found Windows 10 is good at installing missing drivers from Windows Update, but it can take some time and it would be better for the device to be running with all the drivers it needs once deployment has completed.

Windows 10 tends to have some drivers built right in and I’ve found they are usually very usable, so generally I only add drivers to MDT that Windows 10 cannot find. Deploy the reference image to each type of device you have and use Device Manager to see what’s missing.

If you are missing drivers, go to Settings > Windows Update and use Check online for updates from Microsoft Update which should find and install the relevant drivers. Then using the Update History and see what you need to find and import into MDT.

Note: I recommend avoiding using WSUS to download and install drivers as it inflates the WSUS database, slowing WSUS down and making it difficult to manage.

To import drivers into MDT you’ll need the INF files. Most large manufacturers do a decent job of providing drivers that can be used with MDT. Should you have difficulty with them you can use the Microsoft Update Catalog to search for and download the specific drivers that Windows Update installs and use them with MDT. Once you have the drivers you require, we need to add them to MDT.

Open the Deployment Workbench
Navigate to Deployment Share > Out-of-Box Drivers
Right click and select New Folder, call the folder Windows 10 x64
Right click on the Windows 10 x64 folder and select New Folder
Name the folder a human readable name for the model of device you’ll be adding drivers for
Right click on the folder you just created and create folders for each driver type you’ll be adding, e.g. Graphics, Chipset, Bluetooth
Right click on a driver type folder and select Import Drivers
Enter the source directory of the drivers for that driver type
Check the Import drivers even if they are duplicates of an existing driver check box
Click Next and complete the wizard. The wizard will copy all the files needed to the driver type folder
Repeat steps 7-10 for each driver type required

We now need to edit the CustomSettings.ini to configure the driver location for each model.

Go to the Deployment Workbench and right click on the Deployment Share, select Properties
Go to the Rules tab in the Properties window
Enter the following text under the [Settings] section but after the Properties
Once you’ve added in all the models required, click Apply to save the changes

[MODEL-NUMBER]
DriverGroup001=Windows 10 x64\Human-Readable-Model-Number
DriverSelectionProfile=nothing
OSDPrefix=PC

You’ll need to enter the above text for each model. Below is an example of my CustomSettings.ini for reference.

[Settings]
Priority=Model, Default, SetOSD
Properties=OSDPrefix
 
[HP 250 G5 Notebook PC]
DriverGroup001=Windows 10 x64\HP 250 G3
DriverSelectionProfile=nothing
OSDPrefix=HP
 
[80J2]
DriverGroup001=Windows 10 x64\Lenovo E50
DriverSelectionProfile=nothing
OSDPrefix=LEN
 
[Virtual Machine]
DriverGroup001=Virtual Machine
DriverSelectionProfile=nothing
OSDPrefix=VM
 
[Default]
_SMSTSORGNAME=Deploy
_SMSTSPackageName=%TaskSequenceName%
UserDataLocation=NONE
ComputerBackupLocation=\\SERVER-NAME\Deploy$\Captures
OSDComputerName=%OSDPrefix%-%SerialNumber%
...

The Deploy deployment share is now configured to install drivers for the models specified.

Boot the physical device into the deployment environment and run the Deploy Windows 10 21H1. After it completes, check Device Manager and all devices should be successfully installed.

Adding Drivers to the MDT Boot Image

It may be necessary to add drivers to the MDT Boot Image for devices such as storage or network adaptors. To determine if drivers are required:

Boot the device in question into the deployment environment and press F8 to bring up a command prompt
Type ipconfig and if you have an IP address, you should not have to add network adaptor drivers
Type diskpart, and when diskpart has loaded, type list disk. If the local hard drive is listed, you should not need to add storage drivers

If you do need to add drivers to the boot image:

In the Deployment Workbench, go to Deployment Share > Out-of-Box Drivers
Right click and select New Folder, call the folder WinPE x64
Right click on the WinPE x64 folder and select New Folder
Name the folder a suitable name for the model of device you’ll be adding drivers for
Right click on the folder you just created and create folders for each driver type you’ll be adding, e.g. Storage, Network
To import the drivers, right click on a driver type folder and select Import Drivers
Enter the source directory of the drivers and tick the Import drivers even if they are duplicates of an existing driver check box
Click Next and complete the wizard. The wizard will copy all the files needed to the driver type folder
Repeat steps 6-8 for each driver type required
Now we must create a Selection Profile for WinPE x64
Go to Advanced Configuration > Selection Profiles
Right click on Selection Profiles and select New Selection Profile
Enter WinPE x64 as the Selection profile name
In the folders list navigate to DS001:\ > Out-of-Box Drivers > WinPE x64 and check the box next to the folder
Click Next > Next > Finish to complete the wizard
Right click on the Deployment Share and select Properties
Go to the Windows PE tab and change the Platform drop down menu to x64
Go to the Drivers and Patches tab and change the Selection profile drop down menu to WinPE x64
Make sure that Include only drivers of the following types is selected and both Include all network drivers in the selection profile and Include all mass storage drivers in the selection profile are checked
Click Apply to save the changes, click OK to close the Properties window
Right click the Deployment Share and select Update Deployment Share
Select Completely regenerate the boot images, and then Next. The boot images will be regenerated with the drivers included
Click Finish to complete the wizard

The MDT boot media should now have the network and/or storage drivers required. You now have a reference image for Windows 10 21H1 which is ready to deploy.

Support My Work

Please consider supporting my work:

Support with a one-time donation using PayPal.

If you have any questions or comments, please leave them below.

-Mike

Build and Capture Windows 10 21H1 Reference Image

Sun, 09 May 2021 00:13:32 +0100

News and Updates

This article is based on current information as of 2021-09-25. I will update it in future as things progress.

In this article as with my previous ones we will walk through installing and configuring Microsoft Deployment Toolkit to build and capture a reference image of Windows 10 version 21H1 using a Hyper-V Virtual Machine. It’s assumed that you have a server or PC ready to install MDT and create a file share for MDT to build the image with, and finally we’ll be focusing on the 64-bit Enterprise edition of Windows 10. Here are the links to the software we’ll be using:

Additional software which may be useful:

Rufus
Remote Server Administration Tools for Windows 10 - Double check that you download the version of RSAT for the version of server you want to administer.

Installing Microsoft Deployment Toolkit and Dependencies

First, we’ll install the Windows 10 version 2004 ADK. During setup additional files will need to be downloaded, so it may take some time depending on your internet connection.
On the “Select the features you want to install” screen, select the following:
- Deployment Tools
- Imaging And Configuration Designer (ICD)
- Configuration Designer
- User State Migration Tool (USMT)
WinPE is a separate install. Install the WinPE add-on by running the adkwinpesetup.exe, there is no specific configuration during the install wizard.
Now install MDT by running the setup file downloaded earlier. There is no specific configuration during the install wizard.
Finally, extract the files from MDT_KB4564442, and copy them to %ProgramFiles%\Microsoft Deployment Toolkit\Templates\Distribution\Tools replacing the existing files.

Open the “Deployment Workbench” from the Start Menu
Right click on “Deployment Shares”
Select “New Deployment Share”
Enter the path for the Deployment Share: E:\Build
Enter the share name: Build$
Give the share a description
On the Options screen, accept the defaults as you can change them later
Complete the wizard to create the share
By default, the share permissions are set the local administrators group. We’ll revisit this later

Adding an Operating System

Mount the Windows 10 version 21H1 ISO in File Explorer
Go to “Deployment Workbench” > “Operating Systems”
Right click and select “New Folder”
Enter the name “Windows 10 version 21H1 x64” and click through the wizard to create the folder
Right click again and select “Import Operating System”
In the wizard, select “Full set of source files” and then enter the root of the mounted ISO as the “Source directory”
For the destination directory name enter “Windows 10 version 21H1 x64” and complete the wizard
Go to the “Operating Systems” > “Windows 10 version 21H1 x64” node and rename the new entries added to “Windows 10 version 21H1 Edition x64” for ease of use.

Creating Package Folder for Future Updates

Go to “Deployment Workbench” > “Packages”
Create a folder named “Windows 10 version 21H1 x64”

Now we’ll create a selection profile so that the Task Sequence only attempts to install updates for Windows 10 version 21H1 x64 that we make available through MDT.

Creating A Selection Profile

Expand the “Advanced Configuration” node
Right click on “Selection Profiles” and select “New Selection Profile”
Name it “Windows 10 version 21H1 x64”
On the “Folders” page, tick the “Windows 10 version 21H1 x64” folder under “Packages” and complete the wizard

Importing Applications

If you want to add some applications to be a part of your reference image, here I’ll cover how to add VLC as an example application.

Go to “Deployment Workbench” > “Deployment Share” > “Applications”
Right click on “Applications” and select “New Application”
In the New Application Wizard, choose “Application with source files”
Give the application the name: VLC
Enter the “Source” directory of the installation files
Enter the “Destination” directory: VLC
For the “Command line” enter anything, we’ll revisit this later
On the summary page, click “Next” and after the files are copied click “Finish” to complete the wizard

Configuring Applications

Right click on VLC, go to the Details tab
Enter the following for the “Quiet install command”: vlc-setup.exe /S

VLC is now set up to be installed silently by the Task Sequence.

To add other software, you’ll need to repeat the steps above, with the relevant Command line to silently install them. Below are a few command lines for some software I frequently install silently, along with the links to the ‘offline’ installers.

Google Chrome - Enterprise Installer

msiexec /I googlechromestandaloneenterprise64.msi /qn

Adobe Reader - Enterprise Installer

AdobeReaderDC.exe /sAll

We now need to create a new Task Sequence to create a reference image.

Creating a Task Sequence

In “Deployment Workbench”, go to “Task Sequences”
Right click and select “New Task Sequence”
For the ID enter: “W10-21H1”
Name it “Build Windows 10 21H1”
Select “Standard Client Task Sequence”
Select the Operating System “Windows 10 21H1 x64”
Select “Do not specify a product key at this time”
Enter an “Organization” name
Select “Do not specify an Administrator password at this time”
Complete the wizard

Now we’ll configure the Task Sequence.

Configuring the Task Sequence

Right click on the “Task Sequence” just created and select “Properties”
Go to the “Task Sequence” tab on the “Properties” window of the Task Sequence
Expand the “Preinstall” folder and select the “Apply Patches” item
Change the “Selection Profile” to “Windows 10 21H1 x64”
Go to the “State Restore” folder and select “Windows Update (Pre-Application Installation)”
On the right side of the “Properties” window, go to the “Options” tab
Uncheck the “Disable this step” tick box and do the same with “Windows Update (Post-Application Installation)”
If you skipped the “Importing Applications” section, please disable the Install Applications item and go to step 16, if not please continue
Go to the “Install Applications” item
In the right side of the “Properties” box, select the “Install a single application” option and click the “Browse…” button
Select “Google Chrome” and change the name Install Applications to “Google Chrome”
Install other Applications, copy and paste the “Install Applications” item and repeat steps 13 - 15 for the applications of your choice
Click “Apply” and close the Task Sequence

Blocking Internet Access to prevent Microsoft Store App Updates

To block internet access to the VM whilst the image is building, we’ll use my Internet Access Control Utility.

Running the script with the -disable switch will create a firewall rule that will block internet traffic on ports 80 and 443.

First download Internet Access Control Utility from GitHub and copy it to \\mdt-server\build-share\_custom
In the “Task Sequence” created above, we’ll add the items required to run the PowerShell script
Go to the “Task Sequence” tab on the “Properties” window of the Task Sequence
Go to “State Restore” and click on the “Add” button
Go to “General” > “Run PowerShell Script”
Name the new item “PS Script - Disable Internet Access”
Enter Z:\_custom\Internet-Access-Control.ps1
Add -Disable to the Parameters section
Scroll down the Task Sequence to just above the “Imaging” folder
Once again, add a new “Run PowerShell Script” item
Name it “PS Script - Enable Internet Access”
Again, enter Z:\_custom\Internet-Access-Control.ps1
Add -Enable to the Parameters section
Click “Apply” and OK to close the Task Sequence

Next, we’ll create a domain user account for MDT for use as a service account.

Creating a service account for MDT in Active Directory

Go to “Active Directory Users and Computers”
Create a user called mdt_admin and give it a complex password
Go to the Server or PC where the “Deployment Share” is hosted
Give the user mdt_admin “Full Control” share permissions and “Full Control” file permissions to all the files and folders in the “Deployment Share”

Next, we need to configure the “Bootstrap.ini” and the “CustomSettings.ini” files to control certain aspects of the deployment environment. The settings below enable auto log in and skip the welcome screen, so these should only be used for lab or closed development environments.

Configuring Bootstrap.ini

In “Deployment Workbench”, right click the “Deployment Share” and select “Properties”
Select the “Rules” tab and click the “Edit Bootstrap.ini” button
Add the settings below to the “Bootstrap.ini”
Close and Save the Bootstrap.ini

[Settings]
Priority=Default
 
[Default]
DeployRoot=\\SERVER-NAME\Build$
UserDomain=contoso.com
UserID=mdt_admin
UserPassword=p@ssw0rd
SkipBDDWelcome=YES

Configuring CustomSettings.ini

On the “Rules” tab of the “Deployment Share” properties window, add the settings below.

[Settings]
Priority=Default
Properties=MyCustomProperty
 
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipDomainMembership=YES
SkipSummary=YES
SkipFinalSummary=YES
SkipComputerName=YES
SkipUserData=YES
 
_SMSTSORGNAME=Build Share
_SMSTSPackageName=%TaskSequenceName%
DoCapture=YES
ComputerBackupLocation=\\SERVER-NAME\Build$\Captures
BackupFile=%TaskSequenceID%_#year(date) & "-" & month(date) & "-" & day(date) & "-" & hour(time) & "-" & minute(time)#.wim
WSUSServer=http://WSUS-SERVER-NAME:8530
FinishAction=SHUTDOWN
SLShare=\\SERVER-NAME\Build$\Logs
EventService=http://SERVER-NAME:9800

We now need to create the boot media to boot the VM into the deployment environment.

Creating the Boot Media

In “Deployment Workbench”, right click on the “Deployment Share”
Select “Update Deployment Share”
Select “Completely regenerate the boot images”
Complete the wizard. It will take some time to create the boot images

Testing and Capturing a Reference Image

To test everything, we need to copy the ISO file that we just generated. It is in the “Boot” folder in the “Deployment Share”. Go to the Server or PC that is hosting the deployment share and navigate to the boot folder. Inside there should be a file named LiteTouchPE_x64.iso. Copy this file to a location where a Hyper-V Virtual Machine will be able to access it.

Create a new VM in Hyper-V with the following configuration:

For Hyper-V Only: Use Generation 1, not 2 VMs. I’ve had issues reported with Gen2 VMs
At least 2x vCPUs
At least 4GB of RAM
Network Adaptor with access the local network
Virtual Hard Drive of at least 40GB, preferably on fast media
Boot from CD using the LiteTouchPE_x64.iso from MDT
If using Hyper-V on Windows 10 1709 or above, make sure “Use Automatic Checkpoints” is disabled

Start the VM and it will boot from the LiteTouchPE_x64.iso into the deployment environment. You will be presented with a screen with the name of the “Task Sequence” you created earlier. Select your Task Sequence, click Next and the process will begin. The Task Sequence will install Windows 10 version 21H1, update from the WSUS server, install the optional applications if you added them, and then run Windows Update from the WSUS server again. It will then run SysPrep and attempt to reboot back into the deployment environment from the local disk and send the image to the MDT server.

When this process completes the VM will be shutdown and a file named W10-21H1_YEAR_MONTH_DAY_HOUR_MINUTE.wim will be in the Captures folder in the Deployment Share.

You now have a reference image for Windows 10 version 21H1 and a Microsoft Deployment Toolkit installation, with a deployment share specifically configured for building and capturing reference images. We’ll cover setting up a deployment share and focus on tasks to support deploying Windows to real hardware in this article.

Support My Work

Please consider supporting my work:

Support with a one-time donation using PayPal

If you have any questions or comments, please leave them below.

-Mike

Windows 10 21H1 May 2021 Update on gal.vin

Deploy Windows 10 21H1 Reference Image

News and Updates

Installing the MDT Update: MDT_KB4564442

Creating the Deployment Share

Add an Operating System

Create a Task Sequence

Configuring the Task Sequence

Securing the Deployment Share

Configure Bootstrap.ini

Configure CustomSettings.ini

Creating the Boot Media

Testing the Task Sequence

Setting the Default Application Associations

Driver Management

Adding Drivers to the MDT Boot Image

Support My Work

Build and Capture Windows 10 21H1 Reference Image

News and Updates

Installing Microsoft Deployment Toolkit and Dependencies

Creating the Deployment Share

Adding an Operating System

Creating Package Folder for Future Updates

Creating A Selection Profile

Importing Applications

Configuring Applications

Creating a Task Sequence

Configuring the Task Sequence

Blocking Internet Access to prevent Microsoft Store App Updates

Creating a service account for MDT in Active Directory

Configuring Bootstrap.ini

Configuring CustomSettings.ini

Creating the Boot Media

Testing and Capturing a Reference Image

Support My Work