You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Minimize
Search in All Title Contents
 
     

Building a Windows 10 v1703 reference image using MDT

Apr 06 2017

Here is a step-by-step quick guide on building the perfect Windows 10 v1703 reference image using MDT 8443.

Note #1: If you are looking for a Windows 7 version of this guide, check this post: http://deploymentresearch.com/Research/Post/521/Back-to-Basics-Building-a-Windows-7-SP1-Reference-Image-using-MDT-2013-Update-2 

Note #2: To automate this even further (you still need to do the step in this guide first), check out the Image Factory for Hyper-V solution by Mikael Nystrom (@mikael_nystrom).

WARNING – WARNING – WARNING

Before using this guide, please note that because of a knows issue the new Windows ADK v1703 can only be installed on machines with SecureBoot disabled.

You can read more about the issue here: https://social.msdn.microsoft.com/Forums/en-US/1fa43cc7-a82d-4dd3-8d28-f76fe2d7593e/hardware-development-kits-for-windows-10-version-1703-april-2017

WARNING – WARNING – WARNING 

See above again, and don’t yell at me if your Windows ADK 10 v1703 setup fails with this non-shiny error:

 

Error from ADK setup
The error from Windows ADK 10 v1703 setup.

 

Software Requirements

MDT 8443 can be installed either on a file server, or on your own laptop, but in this scenario I use a file server named MDT01. MDT 8443 requires Windows ADK 10 v1607 or later, but for Windows 10 v1703 you should use Windows ADK 10 v1703. I also recommend to download the various Visual C++ runtimes to include them in your reference image.

In this guide I also assume that you have a local WSUS server in your network, to which you have approved Windows 10 updates, Feature Packs (to get Microsoft .NET Framework updates) and Developer Tools, Runtimes and Redistributables / Visual Studio* (to get updates to Visual C++ runtimes).

Note: If you want to build a Windows 10 reference image for a virtual environment, like SCVMM, simply follow this guide to get the WIM file, and then use the Convert-WindowsImage.ps1 script on TechNet Script Center / Gallery to convert it to a VHD or VHDX file.

For this guide you need the following software.

 

Step-by-Step Guide

The entire process for creating a Windows 10 image using MDT takes about 40 - 60 minutes, fully automated. The initial setup of the solution takes about 30 – 45 minutes if done manually, and about 10 minutes if scripted. This guide covers the following seven steps:

  • Step 1 – Install Windows 10 ADK v1703 and MDT 8443
  • Step 2 – Create the MDT Build Lab Deployment Share   
  • Step 3 – Import the Windows 10 v1703 operating system
  • Step 4 – Optional - Import the latest Windows 10 v1703 Cumulative Update (recommended)
  • Step 5 – Add applications (Optional)
  • Step 6 – Create the MDT Task Sequence
  • Step 7 – Configure the deployment share
  • Step 8 - Create Windows Reference Images

Step 1 – Install Windows ADK 10 v1703 and MDT 8443

  1. On MDT01, install Windows 10 ADK v1703, and select the following components:
     
    1. Deployment Tools
    2. Windows Preinstallation Environment (Windows PE)
    3. Imaging and Configuration Designer (ICD)
    4. Configuration Designer
    5. User State Migration Tool (USMT    

 

 Note: SQL Server 2012 Express is removed from the Windows ADK 10 v1703 setup, was available in earlier releases.

image 
Windows ADK 10 v1703 Setup when installed on Windows Server 2012 R2, when installed on a client, you have more options, like UE-V and App-V.

           

2.  Install MDT 8443 using the default settings.

    image_thumb1   
    Installing MDT 8443.

        

    Step 2 – Create the MDT Build Lab Deployment Share

    1. On MDT01, using the Deployment Workbench (available on the start screen), right-click Deployment Shares and select New Deployment Share. Use the following settings for the New Deployment Share Wizard (my data volume on MDT01 is E:)
       
      1. a.    Deployment share path: E:\MDTBuildLab
        b.    Share name: MDTBuildLab$
        c.    Deployment share description: MDT Build Lab
        d.    Options: <default settings>

    2. Once the deployment share is created you also want to relax the security a bit. MDT locks it down to hard by default. Use the following PowerShell script to set some better permissions:

    # Check for elevation
    Write-Host "Checking for elevation"
    
    If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
        [Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
        Write-Warning "Aborting script..."
        Break
    }
    
    # Configure NTFS Permissions for the MDT Build Lab deployment share
    $DeploymentShareNTFS = "E:\MDTBuildLab"
    icacls $DeploymentShareNTFS /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(RX)'
    icacls $DeploymentShareNTFS /grant '"Administrators":(OI)(CI)(F)'
    icacls $DeploymentShareNTFS /grant '"SYSTEM":(OI)(CI)(F)'
    icacls "$DeploymentShareNTFS\Captures" /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(M)'
    
    # Configure Sharing Permissions for the MDT Build Lab deployment share
    $DeploymentShare = "MDTBuildLab$"
    Grant-SmbShareAccess -Name $DeploymentShare -AccountName "EVERYONE" -AccessRight Change -Force
    Revoke-SmbShareAccess -Name $DeploymentShare -AccountName "CREATOR OWNER" -Force
    

     

    Step 3 – Import the Windows 10 operating system

    1. On MDT01, mount the Windows 10 Enterprise x64 v1703.iso media (or whatever you named it). On my server it was mounted to the D:\ drive.
       
    2. Using the Deployment Workbench, expand the Deployment Shares node, expand MDT Build Lab, select the Operating Systems node and create a folder named Windows 10.
       
    3. Right-click the Windows 10 node, and select Import Operating System. Use the following settings for the Import Operating System Wizard.
       
      1. Full set of source files
      2. Source directory: D:\
      3. Destination directory name: W10X64v1703
      4. After adding the operating system, in the Windows 10 node, change the operating system name to Windows 10 Enterprise x64 v1703.        

    image 
    The Windows 10 Enterprise x64 v1703 operating system imported to deployment workbench.

     

      Step 4 – Optional - Import Packages

      In order to have the image updated during the build and capture process you should use a local WSUS server to get in control of the updates. However, there are scenarios where you may have to patch the machine before the Windows Update Agent can do it’s things, or any other component for that matter. For example, in the previous release of Windows 10, v1607, there was an issue with the Windows Update Agent would not run correctly unless you also added the latest cumulative update to MDT.

      Note: The Windows 10 v1703 media does not have any currently known issues that requires you to add a cumulative update, but here you find the steps if you need to in the future.

      1. Download the latest Windows 10 v1703 CU, and save it in C:\Setup\Windows 10 Updates on MDT01.
         
      2. On MDT01, using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Packages and create a folder named Windows 10 x64 v1703.
         
      3. In the Windows 10 x64 v1703 folder, right-click and select Import OS Packages. Point to the C:\Setup\Windows 10 Updates folder.
         
      4. Expand the Advanced Configuration node, and create a selection profile named Windows 10 x64 v1703. When creating the selection profile, select the Packages / Windows 10 x64 v1703 folder.

      image    
      A Windows 10 v1703 cumulative package imported into the Deployment Workbench.

       

      Step 5 – Add applications

      Not a hard requirement, but it make sense to add at least the various Visual C++ runtimes to your reference because quite frankly, you are installing Windows 10 to run apps, and many apps are depending on one or more of these runtimes. As you probably know, there are x86 and x64 versions of the runtimes, and for Windows 10 x64, you need both.

      For the Visual C++ runtimes, you make the install a bit easier by using a VBScript wrapper that installs all of them.

      1. On MDT01, extract the Visual C++ runtimes install wrapper to C:\Setup.
         
      2. Download each runtime from Microsoft Download Center, and copy to the corresponding folder in C:\Setup\Install - Microsoft Visual C++ - x86-x64\source.
         

      image
      Each runtime folder.
       

      1. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a folder named Microsoft.
         
      2. Right-click the Microsoft folder, and select New Application. Use the following settings for the New Application Wizard:
         
        a.    Application with source files
        b.    Publisher: <blank>
        c.    Application name: Install - Microsoft Visual C++ - x86-x64
        d.    Version: <blank>
        e.    Source Directory: C:\Setup\Install - Microsoft Visual C++ - x86-x64
        f.     Specify the name of the directory that should be created: Install - Microsoft Visual C++ - x86-x64
        g.    Command Line: cscript Install-MicrosoftVisualC++x86x64.wsf
        h.    Working directory: <default>

       

      Step 6 – Create and Configure the MDT Task Sequence,  and edit Unattend.xml

      1. On MDT01, using the Deployment Workbench, in the MDT Build Lab deployment share, select the Task Sequences node, and create a folder named Windows 10.
         
      2. Expand the Task Sequences node, right-click on the Windows 10 node, and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
         
        1. Task sequence ID: REFW10-X64-001
        2. Task sequence name: Windows 10 Enterprise x64 v1703
        3. Task sequence comments: Reference Build
        4. Template: Standard Client Task Sequence
        5. Select OS: Windows 10 Enterprise x64 v1703
        6. Specify Product Key: Do not specify a product key at this time
        7. Full Name: ViaMonstra
        8. Organization: ViaMonstra
        9. Internet Explorer home page: about:blank
        10. Do not specify an Administrator password at this time
           
      3. Edit the task sequence by navigating to the Task Sequences / Windows 10 folder, right-click the Windows 10 Enterprise x64 v1703 task sequence, and select Properties.
         
      4. On the Task Sequence tab, configure the Windows 10 Enterprise x64 v1703 task sequence with the following settings:
         
        1. Preinstall. Configure the Apply Patches action to use the Windows 10 x64 v1703 selection profile.
        2. State Restore. After the Tattoo action, add a new Group action with the following setting: 

          Name: Custom Tasks (Pre-Windows Update)
           
        3. State Restore. Enable the Windows Update (Pre-Application Installation) action.
        4. State Restore. Enable the Windows Update (Post-Application Installation) action.
        5. State Restore. After the Windows Update (Post-Application Installation) action, rename the existing Custom Tasks group to Custom Tasks (Post-Windows Update).
        6. State Restore / Custom Tasks (Pre-Windows Update). Add a new Install Roles and Features action with the following settings:

          Name: Install - Microsoft NET Framework 3.5.1
          Select the operating system for which roles are to be installed: Windows 10
          Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
           
        7. State Restore - Custom Tasks (Pre-Windows Update). After the Install - Microsoft NET Framework 3.5.1 action, add a new Install Application action with the following settings:
              Name: Install - Visual C++ 2005 SP1 – x86-x64
              Install a Single Application: Install - Visual C++ 2005 SP1 – x86-x64  
        8. After the Install - Microsoft Visual C++ 2015 - x86-x64 action, add a Computer Restart action.        
               
        9. Click OK.

      image 
      Task Sequence configured for the reference image build and capture.

       

      5. Edit the task sequence, by navigating to the Task Sequences / Windows 10 folder, right-click the Windows 10 Enterprise x64 v1703 task sequence, and select Properties.

      6. In the OS Info tab, click Edit Unattend.xml. A catalog file will now be generated, and then Windows System Image Manager (WSIM) will start.

      7. In WSIM, in the Answer File pane, expand 7 oobeSystem / amd64_Microsoft-Windows-Shell-Setup_neutral / OOBE, and then set ProtectYourPC to 3.

      image
      Disabling automatic update in the Unattend.xml. Will be handled by the Windows Update action in the task sequence instead.

       

        Step 7 – Configure the deployment share

        To configure the deployment settings, you modify the two rules files (Bootstrap.ini and CustomSettings.ini). You can do the either via the MDT Build Lab deployment share properties, or directly in the file system, in the E:\MDTBuildLab\Control folder. Below you find the configurations I used in this guide.

        Note: In my environment, my WSUS server is named WSUS01, and I’m using the default WSUS port in Windows Server 2012 R2 which is 8530.

        Bootstrap.ini
        [Settings]
        Priority=Default

        [Default]
        DeployRoot=\\MDT01\MDTBuildLab$
        UserDomain=VIAMONSTRA
        UserID=MDT_BA
        UserPassword=P@ssw0rd
        SkipBDDWelcome=YES

        CustomSettings.ini
        [Settings]
        Priority=Default

        [Default]
        _SMSTSORGNAME=ViaMonstra
        UserDataLocation=NONE
        ComputerBackupLocation=NETWORK
        DoCapture=YES
        OSInstall=Y
        AdminPassword=P@ssw0rd
        TimeZoneName=Pacific Standard Time
        JoinWorkgroup=WORKGROUP
        HideShell=NO  
        FinishAction=SHUTDOWN     
        WSUSServer=http://wsus01.corp.viamonstra.com:8530
        ApplyGPOPack=NO

        BackupShare=\\MDT01\MDTBuildLab$
        BackupDir=Captures
        BackupFile=%TaskSequenceID%_#month(date) & "-" & day(date) & "-" & year(date)#.wim

        SkipAdminPassword=YES
        SkipProductKey=YES
        SkipComputerName=YES
        SkipDomainMembership=YES
        SkipUserData=YES
        SkipLocaleSelection=YES
        SkipTaskSequence=NO
        SkipTimeZone=YES
        SkipApplications=YES
        SkipBitLocker=YES
        SkipSummary=YES
        SkipRoles=YES
        SkipCapture=NO
        SkipFinalSummary=YES
         

        1. On MDT01 in the E:\Labfiles\LTI Support Files\MDT Build Lab\Control folder, modify the Bootstrap.ini and CustomSettings.ini per the above examples.
           
        2. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties
           
          1. In the Windows PE tab, in the Platform dropdown list, make sure x86 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
             
            1. Image description: MDT Build Lab x86
            2. ISO file name: MDT Build Lab x86.iso
               
          2. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
            1. Selection profile: Nothing
            2. Select the Include all drivers from selection profile option


              image
              Configuring the deployment share not to add the Windows 10 CU into the boot image.

               
          3. In the Windows PE tab, in the Platform dropdown list, make sure x64 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
             
            1. Image description: MDT Build Lab x64
            2. ISO file name: MDT Build Lab x64.iso
               
            3. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:

                  1. Selection profile: Nothing
                    1. Select the Include all drivers from selection profile option
                       
                  1. Click OK.     
                     
                  2. Update the deployment share, by right-clicking the MDT Build Lab deployment share and select Update Deployment Share. Use the default Options for the Update Deployment Share wizard.

                image_thumb1 
                The contents of the E:\MDTBuildLab\Boot folder after updating the deployment share.

                Step 8 – Create Windows Reference Images

                Create a Windows 10 Reference WIM Image, fully automated.

                1. On MDT01, copy the E:\MDTBuildLab\Boot\MDT Build Lab x64.iso file to your VMware or Hyper-V machine.
                   
                2. Create a virtual machine named REF001, assign it two vCPUs and 4 GB RAM. Then mount MDT Build Lab x64.iso on the virtual machine.

                3. Start the REF001 virtual machine, and allow it to boot. Then complete the Deployment Wizard using the below settings:
                   
                  1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 v1703
                     
                  2. Specify whether to capture an image: Capture an image of this reference computer.
                     
                    1. Location: <default>
                    2. File name: <default>

                 

                The task sequence will now do the following:

                • Install the Windows 10 Enterprise operating system.    
                • Install the added applications, roles, and features.    
                • Stage WinPE on the local disk.    
                • Run Sysprep and reboot into WinPE.    
                • Capture the Windows 10 installation to a WIM file.

                 

                  MDT
                  MDT capturing a Windows 10 v1703 Image.








                    Happy deployment, and thanks for reading!
                    / The Deployment Research team



                    Ami Casto

                    Johan Arwidmark

                    Blog Archive

                    Minimize