You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Minimize
Search in All Title Contents
 
     

Back to Basics - Building a Windows 7 SP1 Reference Image using MDT 2013 Update 2

Jan 16 2016

A little while ago, a good friend (you know who you are :) ) asked for help on creating a new Windows 7 reference image. So here it is: A Step-by-step guide to create the perfect Windows 7 reference image using MDT 2013 Update 2.

Heads up: Putting the Windows 7 SP1 April 2016 Convenience Update (KB3125574) in your image, using the instructions in this post, will show one failed update (KB3037623) once Windows update runs on the machine. Does not seem to be a very critical update (update to Hyper-V integration components), but I have asked the WU team to confirm.

Optional workaround:  If you really must have the above update, you can just install the July 2016 rollup to get a working Windows Agent, and allow the MDT windows update action to install the 300+ updates. However that will increase your build time with 1 – 2 hours.

The trick

The below changes to the CustomSettings.ini are critical if you want to install the Windows 7 SP1 April 2016 Convenience Update as part of your Windows 7 reference image build. These changes makes sure to exclude multiple-reboot updates that are already in the convenience update, but flagged incorrectly on Microsoft Update.

; Exclude updates that are already included in W7 Convenience update, but flagged incorrectly on Microsoft Update
WUMU_ExcludeKB1=2965788
WUMU_ExcludeKB2=2984976
WUMU_ExcludeKB3=3126446
WUMU_ExcludeKB4=3075222
WUMU_ExcludeKB5=3069762
WUMU_ExcludeKB6=3036493
WUMU_ExcludeKB7=3067904
WUMU_ExcludeKB8=3035017
WUMU_ExcludeKB9=3003743
WUMU_ExcludeKB10=3039976
WUMU_ExcludeKB11=2862330
WUMU_ExcludeKB12=2529073
      

 

Step-by-Step Guide

The entire process for creating a Windows 7 reference image using MDT 2013 Update 2 takes about 1,5 – 2 hours if you have a fast Hyper-V or VMware host, fully automated. The initial setup of the solution takes about 30 – 45 minutes if done manually, and about 10 minutes if scripted. This guide covers the following steps:

  • Step 1 – Install Windows 10 ADK v1607 and MDT 2013 Update 2
  • Step 2 – Create the MDT Build Lab Deployment Share   
  • Step 3 – Import the Windows 7 operating system
  • Step 4 – Import critical hotfixes
  • Step 5 – Add Visual C++ runtimes, .NET Framework, and Internet Explorer 11
  • Step 6 – Add LOB applications (Optional)
  • Step 7 – Create the MDT Task Sequence
  • Step 8 – Modify the Windows 7 unattend.xml file
  • Step 9 – Configure the deployment share
  • Step 10 – Create Windows Reference Images

 

Software Requirements

MDT 2013 Update 2 can be installed either on a file server, or on your own laptop, but in this scenario I use a file server named MDT01. MDT 2013 Update 2 requires Windows ADK 10 (use v1607 or later). In this guide I also assume that you have a local WSUS server in your network, to which you have approved Windows 7 updates, Feature Packs (to get Microsoft .NET Framework updates) and Developer Tools, Runtimes and Redistributables / Visual Studio* (to get updates to Visual C++ runtimes). If adding in Office 2013 or Office 2016 to your reference image (optional), make sure to approve those updates too.

Note 1: In addition to the Windows 7 Updates available directly in WSUS, and the Internet Explorer 11 prerequisites, you also add the following hotfix for Windows 7 that is not included in the Windows 7 SP1 convenience update:

KB2728738, imported to WSUS via WSUS import from Microsoft Update Catalog feature, and approved manually

KB3172605 the Windows 7 SP1 July 2016 Rollup, which includes the latest Windows update agent. THIS IS A MUST!

image
Some commonly approved updates for reference image builds in WSUS.

For this guide you need the following software.

Step 1 – Install Windows 10 ADK v1607 and MDT 2013 Update 2

  1. On MDT01, install Windows ADK 10 v1607, and select the following components: 

    Deployment Tools
    Windows Preinstallation Environment (Windows PE)
    Imaging and Configuration Designer (ICD).
    Optional, not needed for reference image builds.
    Configuration Designer. Optional, not needed for reference image builds.
    User State Migration Tool (USMT). Optional, not needed for reference image builds.        
         
    1. image
      The Windows ADK 10 v1607 Setup.
           
  2. Install MDT 2013 Update 2 using the default settings.


    MDT
    The MDT 2013 Update 2 setup.  

 

Step 2 – Create the MDT Build Lab Deployment Share

  1. On MDT01, using the Deployment Workbench (available on the start screen), right-click Deployment Shares and select New Deployment Share. Use the following settings for the New Deployment Share Wizard (my data volume on MDT01 is E:)
     
    1. a.    Deployment share path: E:\MDTBuildLab
      b.    Share name: MDTBuildLab$
      c.    Deployment share description: MDT Build Lab
      d.    Options: <default settings>

Step 3 – Import the Windows 7 operating system

  1. On MDT01, mount the Windows 7 Enterprise SP1 x64.iso media. On my server it was mounted to the D:\ drive.
  2. Using the Deployment Workbench, expand the Deployment Shares node, expand MDT Build Lab, select the Operating Systems node and create a folder named Windows 7.
  3. Right-click the Windows 7 node, and select Import Operating System. Use the following settings for the Import Operating System Wizard

    a.   Full set of source files
    b.   Source directory: D:\
    c.   Destination directory name: W7X64
    d.   After adding the operating system, using the Deployment Workbench, in the Windows 7 node, change the operating system name to Windows 7 Enterprise SP1 x64.         

     
  4. image
    The Windows 7 SP1 operating system imported to deployment workbench.

 

Step 4 – Import critical hotfixes, rollup updates and new Windows Update Agent

Not all updates that you need are available to be installed via WSUS, so therefor it’s recommended to install them via the MDT offline servicing function. That also goes for the Internet Explorer 11 prerequisites.

  1. On MDT01, using Deployment Workbench, expand MDT Build Lab / Packages, and create a folder named Windows 7 x64.
  2. Right-click the Windows 7 x64 folder, and import the Windows 7 SP1 Convenience Update Prerequisite (April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2). https://support.microsoft.com/en-us/kb/3020369

    Note: Do not import the Windows 7 SP1 Convenience Update into packages, the servicing update must be installed first. See instructions on how to add it later.

  3. Right-click the Windows 7 x64 folder, and import the Internet Explorer 11 prerequisites:       
         
  4. KB2670838. https://support.microsoft.com/en-us/kb/2670838
    KB2729094. https://support.microsoft.com/en-us/kb/2729094       
    KB2834140. https://support.microsoft.com/en-us/kb/2834140       

    Note: Internet Explorer 11 has more prereqs, but they are already included in the new convenience update. if you don’t add the above updates the IE 11 Setup will download them. See below snippet from IE11_main.log which is located in the C:\Windows folder.
     

    Download for KB2834140 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=303935 -> KB2834140_amd64.MSU.
    Download for KB2670838 initiated. Downloading
    http://go.microsoft.com/fwlink/?LinkID=272391 -> KB2670838_amd64.CAB.
    Download for KB2729094 initiated. Downloading
    http://go.microsoft.com/fwlink/?LinkID=258385 -> KB2729094_amd64.MSU.       
     
               

  5. using Deployment Workbench, expand MDT Build Lab / Advanced Configuration. 
     
  6. In the Selection Profiles node, create a selection profile named Windows 7 x64, and select the Packages / Windows 7 x64 folder when creating it.

WB001 
The new Windows Update agent and other updates imported to the Packages node.

Step 5 – Add Visual C++ runtimes, .NET Framework, Internet Explorer 11, April 2016 Convenience Update, and July 2016 Rollup Update

For reference images, it make sense to add the various Visual C++ runtimes and Microsoft .NET Framework… After all, you are installing Windows 7 to run apps, and many apps are depending on one or more of these runtimes. As you probably know, there are x86 and x64 versions of the runtimes, and for Windows 7 x64, you need both. Also, since Internet Explorer 11 is the only supported version of Internet Explorer these days, you should install that too. Finally, the July 2016 Rollup Updates is a must, or Windows update installations will take forever.

For the Visual C++ runtimes, you make the install a bit easier by using a VBScript wrapper that installs all of them.

  1. On MDT01, extract the Visual C++ runtimes install wrapper to C:\Setup.
     
  2. Download each runtime from Microsoft Download Center, and copy to the corresponding folder in C:\Setup\Install - Microsoft Visual C++ - x86-x64\source.

    image     
    Each runtime folder.

       
  3. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a folder named Microsoft.
     
  4. Right-click the Microsoft folder, and select New Application. Use the following settings for the New Application Wizard:

    a.    Application with source files
    b.    Publisher: <blank>
    c.    Application name: Install - Microsoft Visual C++ - x86-x64
    d.    Version: <blank>
    e.    Source Directory: C:\Setup\Install - Microsoft Visual C++ - x86-x64
    f.     Specify the name of the directory that should be created: Install - Microsoft Visual C++ - x86-x64
    g.    Command Line: cscript Install-MicrosoftVisualC++x86x64.wsf
    h.    Working directory: <default>
     
  5. Repeat the above step to create applications for Internet Explorer 11, Microsoft .NET Framework 4.6.1 and Rollup Updates. Use the following command lines for the applications:       
               
    Install - Internet Explorer 11 for Windows 7 - x64: IE11-Setup-Full.exe
    Install - Microsoft .NET Framework 4.6.1 - x64: NDP461-KB3102436-x86-x64-AllOS-ENU.exe /passive /norestart
    Install - Windows 7 SP1 April 2016 Convenience Rollup (KB3125574) – x64: wusa.exe Windows6.1-kb3125574-v4-x64.msu /quiet /norestart
    Install - Install - Windows 7 SP1 July 2016 Rollup (KB3172605): wusa.exe AMD64-all-windows6.1-kb3172605-x64.msu /quiet /norestart


    Note: For details on the IE 11 package, see the Adding Internet Explorer 11 to your Windows 7 SP1 reference image post.

Step 6 – Add LOB applications

Not a hard requirement, but if for example everybody in your organization is using Office 2013 (and the same version of it), it make sense to add that to your reference image. After all it’s a fairly big application, and it can also be updated from WSUS during the task sequence. In this example I assume you have used the Office 2013 customization wizard to create a transformation file (MSP), and added it to the updates folder of your Office 2013 installation files.

  1. On MDT01, using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications / Microsoft.       
     
  2. Right-click the Microsoft folder, and select New Application, Use the following settings for the New Application Wizard:    
      
    a.    Application with source files
    b.    Publisher: <blank>
    c.    Application name: Install - Microsoft Office 2013 Pro Plus - x86       
    d.    Version: <blank>
    e.    Source Directory: <path to your Office 2013 setup folder, including custom MSP file in the Updates folder>      
    f.    Specify the name of the directory that should be created: Install - Microsoft Office 2013 Pro Plus - x86
    g.    Command Line: Setup.exe       
    h.    Working directory: <default>        
     
          

image 
Office 2013 and Updates added to the applications.

     

    Step 7 – Create the MDT Task Sequence, add the applications, and enable Windows Updates

    1. On MDT01, using the Deployment Workbench, in the MDT Build Lab deployment share, select the Task Sequences node, and create a folder named Windows 7.
       
    2. Expand the Task Sequences node, right-click on the Windows 7 node, and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
       
      1. Task sequence ID: REFW7-X64-001
      2. Task sequence name: Windows 7 Enterprise SP1 x64
      3. Task sequence comments: Reference Build
      4. Template: Standard Client Task Sequence
      5. Select OS: Windows 7 Enterprise SP1 x64
      6. Specify Product Key: Do not specify a product key at this time
      7. Full Name: ViaMonstra
      8. Organization: ViaMonstra
      9. Internet Explorer home page: about:blank
      10. Do not specify an Administrator password at this time
         
    3. Edit the task sequence, by navigating to the Task Sequences / Windows 7 folder, right-click the Windows 7 Enterprise SP1 x64 task sequence, and select Properties.
       
    4. On the Task Sequence tab, configure the Windows 7 Enterprise SP1 x64 task sequence with the following settings:
       
      1. Preinstall. Configure the Apply Patches action to use the Windows 7 x64 selection profile.
      2. State Restore. After the Tattoo action, add a new Group action with the following setting: 

        Name: Custom Tasks (Pre-Windows Update)
         
      3. State Restore. Enable the Windows Update (Pre-Application Installation) action.
      4. State Restore. Enable the Windows Update (Post-Application Installation) action.
      5. State Restore. After the Windows Update (Post-Application Installation) action, rename the existing Custom Tasks group to Custom Tasks (Post-Windows Update).
      6. State Restore - Custom Tasks (Pre-Windows Update). Add a new Install Application action with the following settings:
         
            Name: Install - Windows 7 SP1 Convenience Rollup (KB3125574) - x64
            Install a Single Application: Install - Windows 7 SP1 Convenience Rollup (KB3125574) - x64
         
      7. After the Install - Windows 7 SP1 Convenience Rollup (KB3125574) - x64 action, add a Computer Restart action.
      8. Then add the following application:

        Install - Windows 7 SP1 June 2016 Rollup (KB3161608)
      9. After the Install - Windows 7 SP1 June 2016 Rollup (KB3161608) action, add a Computer Restart action.
      10. Then add the following applications:
         
        Install - Microsoft Visual C++ - x86-x6
        Install - Internet Explorer 11 for Windows 7       
             
      11. After the Install - Internet Explorer 11 for Windows 7 action, add a Computer Restart action. Then add the following applications.
         
      12. Install - Microsoft .NET Framework 4.6.1 – x64
        Install - Microsoft Office 2013 Pro Plus - x86      
         
      13. After the Install - Microsoft Office 2013 Pro Plus - x86 action, add a Computer Restart action.
             
      14. Click OK.

    image 
    Task Sequence configured for the reference image build and capture.

       

      Step 8 – Modify the Windows 7 unattend.xml file

      During the task sequence, the Windows 7 deployment will start to run Windows update automatically which will interfere with the installation of the runtimes and other components. To prevent that, and to only run Windows update when instructed by the task sequence, you need to modify the Windows 7 unattend.xml file.

      1. Using Notepad, open the E:\MDTBuildLab\Control\REFW7-X64-001\Unattend.xml file.
      2. Locate <ProtectYourPC>, and change the setting from 1 to 3. This will turn off Windows Update Automatic Updates until the MDT Windows Update action runs.

      image
      Editing the Windows 7 unattend.xml file.

       

      Step 9 – Configure the deployment share

      To configure the deployment settings, you modify the two rules files (Bootstrap.ini and CustomSettings.ini). You can do the either via the MDT Build Lab deployment share properties, or directly in the file system, in the E:\MDTBuildLab\Control folder. Below you find the configurations I used in this guide.

      Note: In my environment, my WSUS server is named WSUS01, and I’m using the default WSUS port in Windows Server 2012 R2 which is 8530.

      Bootstrap.ini

      [Settings] 
      Priority=Default
      
      [Default] 
      DeployRoot=\\MDT01\MDTBuildLab$ 
      UserDomain=VIAMONSTRA 
      UserID=MDT_BA 
      UserPassword=P@ssw0rd 
      
      SkipBDDWelcome=YES
      

      CustomSettings.ini

      [Settings] 
      Priority=Default
      
      [Default] 
      _SMSTSORGNAME=ViaMonstra 
      UserDataLocation=NONE 
      DoCapture=YES 
      OSInstall=Y 
      AdminPassword=P@ssw0rd 
      TimeZoneName=Pacific Standard Time 
      JoinWorkgroup=WORKGROUP 
      HideShell=NO   
      FinishAction=SHUTDOWN   
      WSUSServer=http://wsus01.corp.viamonstra.com:8530 
      ApplyGPOPack=NO
      
      ; Exclude updates that are already included in W7 Convenience update, but flagged incorrectly on Microsoft Update
      WUMU_ExcludeKB1=2965788
      WUMU_ExcludeKB2=2984976
      WUMU_ExcludeKB3=3126446
      WUMU_ExcludeKB4=3075222
      WUMU_ExcludeKB5=3069762
      WUMU_ExcludeKB6=3036493
      WUMU_ExcludeKB7=3067904
      WUMU_ExcludeKB8=3035017
      WUMU_ExcludeKB9=3003743
      WUMU_ExcludeKB10=3039976
      WUMU_ExcludeKB11=2862330
      WUMU_ExcludeKB12=2529073
      
      SkipAdminPassword=YES 
      SkipProductKey=YES 
      SkipComputerName=YES 
      SkipDomainMembership=YES 
      SkipUserData=YES 
      SkipLocaleSelection=YES 
      SkipTaskSequence=NO 
      SkipTimeZone=YES 
      SkipApplications=YES 
      SkipBitLocker=YES 
      SkipSummary=YES 
      SkipRoles=YES 
      SkipCapture=NO 
      SkipFinalSummary=YES 
      
          


       
      1. On MDT01 in the E:\MDT Build Lab\Control folder, modify the Bootstrap.ini and CustomSettings.ini per the above examples.
         
      2. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties
         
        1. In the Windows PE tab, in the Platform dropdown list, make sure x86 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
          1. Image description: MDT Build Lab x86
          2. ISO file name: MDT Build Lab x86.iso
        2. In the Windows PE tab, in the Platform dropdown list, make sure x64 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
          1. Image description: MDT Build Lab x64
          2. ISO file name: MDT Build Lab x64.iso
        3. Click OK.     
           
      3. Update the deployment share, by right-clicking the MDT Build Lab deployment share and select Update Deployment Share. Use the default Options for the Update Deployment Share wizard.

      image_thumb1 
      The contents of the E:\MDTBuildLab\Boot folder after updating the deployment share.

       

      Step 10 – Create Windows Reference Images

      Create a Windows 7 Reference WIM Image, fully automated.

      1. On MDT01, copy the E:\MDTBuildLab\Boot\MDT Build Lab x64.iso file to your VMware or Hyper-V machine.
      2. Create a Gen 1 (BIOS-based) virtual machine named REF001, assign it two vCPUs and 4 GB RAM. Then mount MDT Build Lab x64.iso on the virtual machine.      

        image
        VM settings, two vCPU’s and 4 GB of RAM.

      3. Start the REF001 virtual machine, and allow it to boot. Then complete the Deployment Wizard using the below settings:

        1. Select a task sequence to execute on this computer: Windows 7 Enterprise SP1 x64         
        2. Specify whether to capture an image: Capture an image of this reference computer.
          1. Location: <default>
          2. File name: <default>

      The task sequence will now do the following:    
      Install the Windows 7 Enterprise operating system.    
      Install the added applications
      Run Windows Update    
      Stage WinPE on the local disk.    
      Run Sysprep and reboot into WinPE.    
      Captured the Windows 7 installation to a WIM file.    

      Done :)

      image
      MDT 2013 Update 2 capturing a Windows 7 Image, and since you are using Windows 10 ADK v1607, you also get a nice progress bar.

       

      WU      
      This is what a Windows 7 machine looks like after installing the KB3125574 convenience update plus running the MDT windows update action, note the failed KB3037623 update.








        Happy deployment, and thanks for reading!
        / The Deployment Research team



        Ami Casto

        Johan Arwidmark

        Blog Archive

        Minimize