• Home  / 
  • Research
  •  /  Building a Windows 10 v1809 reference image using Microsoft Deployment Toolkit (MDT)

Building a Windows 10 v1809 reference image using Microsoft Deployment Toolkit (MDT)

Here is a step-by-step quick guide on building the perfect Windows 10 v1809 reference image using MDT 8450, Windows ADK 10 v1809, and WinPE Addon for Windows ADK 10 v1809. If you are looking for a Windows 7 version of this guide, check this post: https://deploymentresearch.com/521/Back-to-Basics-Building-a-Windows-7-SP1-Reference-Image-using-MDT-2013-Update-2

Note: Since back in the Windows Vista timeframe, there is no technical requirement to create reference images in order to deploy Windows. The main reason for doing it is just deployment speed, and to some extent network efficiency (WIM images are highly compressed). However, in a world with better and better peer to peer solutions, you can make deployments go quite fast even without a reference image.

Software Requirements

MDT 8450 can be installed either on a file server, or on your own laptop, but in this scenario I use a file server named MDT01. MDT 8450 requires Windows ADK 10 v1709 or later, but for Windows 10 v1809 you should use Windows ADK 10 v1809, and the WinPE Addon for Windows ADK 10 v1809. I also recommend to download the various Visual C++ runtimes to include them in your reference image.

In this guide I also assume that you have a local WSUS server in your network, to which you have approved Windows 10 updates, Feature Packs (to get Microsoft .NET Framework updates) and Developer Tools, Runtimes and Redistributables / Visual Studio* (to get updates to Visual C++ runtimes).

Note: If you want to build a Windows 10 reference image for a virtual environment, like SCVMM, simply follow this guide to get the WIM file, and then use the Convert-WindowsImage.ps1 script on TechNet Script Center / Gallery to convert it to a VHD or VHDX file.

For this guide you need the following software.

Note: Visual C++ runtimes 2005 and 2008 are not included since they are no longer supported, and doesn't get any security updates.

 

Step-by-Step Guide

The entire process for creating a Windows 10 image using MDT takes about 40 – 60 minutes, fully automated. The initial setup of the solution takes about 30 – 45 minutes if done manually, and about 10 minutes if scripted. This guide covers the following seven steps:

  • Step 1 – Install Windows 10 ADK v1809, WinPE Addon for Windows ADK 10 v1809, and MDT 8450
  • Step 2 – Create the MDT Build Lab Deployment Share
  • Step 3 – Import the Windows 10 v1809 operating system
  • Step 4 – Add applications
  • Step 5 – Create the MDT Task Sequence
  • Step 6 – Configure the deployment share
  • Step 7 – Create Windows Reference Images

 

Step 1 – Install Windows 10 ADK v1809, WinPE Addon for Windows ADK 10 v1809, and MDT 8450

In this example I have a file server named MDT01, running Windows Server 2019 (Windows Server 2016 is is fine too 🙂 ).

1. On MDT01, install Windows 10 ADK v1809, and select the following components:

  • Deployment Tools
  • Imaging and Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT    
image
Windows ADK 10 v1809 Setup when installed on Windows Server 2019.

2. Install WinPE Addon for Windows 10 ADK v1809, and select the following component:

Windows Preinstallation Environment (Windows PE)

image
Installing WinPE Addon for Windows ADK 10 v1809.

3.  Install MDT 8450 using the defa
ult settings.

image
Installing MDT 8450.

Step 2 – Create the MDT Build Lab Deployment Share

  1. On MDT01, using the Deployment Workbench (available on the start screen), right-click Deployment Shares and select New Deployment Share. Use the following settings for the New Deployment Share Wizard (my data volume on MDT01 is E:)

a.    Deployment share path: E:\MDTBuildLab
b.    Share name: MDTBuildLab$
c.    Deployment share description: MDT Build Lab
d.    Options: (default)

2. Once the deployment share is created you also want to relax the security a bit. MDT locks it down to hard by default. Use the following PowerShell script to set some better permissions (modify script to fit your environment): http://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Set-MDTBuildLabPermissions.ps1

3. Copy the following scripts to the E:\MDTBuildLab\Scripts folder:

  • Config-DisableWindowsStoreUpdates.wsf
  • Config-EnableWindowsStoreUpdates.wsf

Step 3 – Import the Windows 10 operating system

On MDT01, mount the Windows 10 Enterprise x64 v1809.iso media (or whatever you named it). On my server it was mounted to the D: drive.

  1. Using the Deployment Workbench, expand the Deployment Shares node, expand MDT Build Lab, select the Operating Systems node and create a folder
    named Windows 10.
  2. Right-click the Windows 10 node, and select Import Operating System. Use the following settings for the Import Operating System Wizard.
    1. Full set of source files
    2. Source directory: D:\
    3. Destination directory name: W10X64v1809
    4. After adding the operating system, in the Windows 10 node, change the operating system name to Windows 10 Enterprise x64 v1809.

Note: The Windows 10 v1809 media comes with many Windows version, in the below example I simply removed all but the Enterprise version.

image
The Windows 10 Enterprise x64 v1809 operating system imported to deployment workbench.

Step 4 – Add applications

Not a hard requirement, but it make sense to add at least the various Visual C++ runtimes to your reference because quite frankly, you are installing Windows 10 to run apps, and many apps are depending on one or more of these runtimes. As you probably know, there are x86 and x64 versions of the runtimes, and for Windows 10 x64, you need both.

Note: Visual C++ 2015 is included in Visual C++ 2017, so you only need to install Visual C++ 2017.

For the Visual C++ runtimes, you make the install a bit easier by using a VBScript wrapper that installs all of them.

  1. On MDT01, extract the Visual C++ runtimes install wrapper to C:\Setup.
  2. Download each runtime from Microsoft Download Center, and copy to the corresponding folder in C:\Setup\Install – Microsoft Visual C++ – x86-x64\source.
image
Each runtime folder.

3. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a folder named Microsoft.

4. Right-click the Microsoft folder, and select New Application. Use the following settings for the New Application Wizard:

  • Application with source files
  • Publisher:
  • Application name: Install – Microsoft Visual C++ – x86-x64
  • Version:
  • Source Directory: C:\Setup\Install – Microsoft Visual C++ – x86-x64
  • Specify the name of the directory that should be created: Install – Microsoft Visual C++ – x86-x64
  • Command Line: cscript Install-MicrosoftVisualC++x86x64.wsf
  • Working directory:

5. Download the WSUS reference cleanup script (Script to clear WSUS references from the image: http://gallery.technet.microsoft.com/Remove-WSUS-configuration-86d3f21c ), and extract to C:\Setup\Action-CleanWSUSConfig.

6. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a folder named ViaMonstra.

7. Right-click the ViaMonstra folder, and select New Application. Use the following settings for the New Application Wizard:

  • Application with source files
  • Publisher:
  • Application name: Action – Clean WSUS Config
  • Version:
  • Source Directory: C:\Setup\Action-CleanWSUSConfig
  • Specify the name of the directory that should be created: Action – Clean WSUS Config
  • Command Line: cscript Action-CleanWSUSConfig.wsf
  • Working directory:
image
Action – Clean WSUS Config application added to MDT.

Step 5 – Create and
Configure the MDT Task Sequence

  1. On MDT01, using the Deployment Workbench, in the MDT Build Lab deployment share, select the Task Sequences node, and create a folder named Windows 10.
  2. Expand the Task Sequences node, right-click on the Windows 10 node, and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
    1. Task sequence ID: REFW10-X64-001
    2. Task sequence name: Windows 10 Enterprise x64 v1809
    3. Task sequence comments: Reference Build
    4. Template: Standard Client Task Sequence
    5. Select OS: Windows 10 Enterprise x64 v1809
    6. Specify Product Key: Do not specify a product key at this time
    7. Full Name: ViaMonstra
    8. Organization: ViaMonstra
    9. Internet Explorer home page: about:blank
    10. Do not specify an Administrator password at this time
  3. Edit the task sequence by navigating to the Task Sequences / Windows 10 folder, right-click the Windows 10 Enterprise x64 v1809 task sequence, and select Properties.
  4. On the Task Sequence tab, configure the Windows 10 Enterprise x64 v1809 task sequence with the following settings:
    1. Postinstall. After the Configure action, add a Run Command Line action with the following settings:Name: Disable Windows Store Updates
      Command Line: cscript.exe "%SCRIPTROOT%\Config-DisableWindowsStoreUpdates.wsf"
    2. State Restore. After the Tattoo action, add a new Group action with the following setting:Name: Custom Tasks (Pre-Windows Update)
    3. State Restore. Enable the Windows Update (Pre-Application Installation) action.
    4. State Restore. Enable the Windows Update (Post-Application Installation) action.
    5. State Restore. After the Windows Update (Post-Application Installation) action, rename the existing Custom Tasks group to Custom Tasks (Post-Windows Update).
    6. State Restore / Custom Tasks (Pre-Windows Update). Add a new Install Roles and Features action with the following settings:Name: Install – Microsoft NET Framework 3.5.1
      Select the operating system for which roles are to be installed: Windows 10
      Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
    7. State Restore – Custom Tasks (Pre-Windows Update). After the Install – Microsoft NET Framework 3.5.1 action, add a new Install Application action with the following settings:
      ?    Name: Install – Microsoft Visual C++ – x86-x64
      ?    Install a Single Application: Install – Microsoft Visual C++ – x86-x64
    8. After the Install – Microsoft Visual C++ – x86-x64 action, add a Computer Restart action.
    9. State Restore. After the Apply Local GPO Package action, add a new Group action with the following setting:Name: Custom Tasks (Cleanup)
    10. State Restore – Custom Tasks (Cleanup). Add a new Install Application action with the following settings:
      1. Name: Action – Clean WSUS Config
      2. Install a Single Application: Action – Clean WSUS Config
    11. State Restore / Imaging / Capture Image. After the Gather local only action, add a Run Command Line action with the following settings:Name: Enable Windows Store Updates
      Command Line: cscript.exe "%SCRIPTROOT%\Config-EnableWindowsStoreUpdates.wsf"
    12. Click OK.
image
Task Sequence configured for the reference image build and capture.

Step 6 – Configure the deployment share

To configure the deployment settings, you modify the two rules files (Bootstrap.ini and CustomSettings.ini). You can do the either via the MDT Build Lab deployment share properties, or directly in the file system, in the E:\MDTBuildLab\Control folder. Below you find the configurations I used in this guide.

Note: In my environment, my WSUS server is named WSUS01, and I'm using the default WSUS port in Windows Server 2012 R2 which is 8530.

Bootstrap.ini

[Settings]
Priority=Default

[Default]
DeployRoot=\\MDT01\MDTBuildLab$
UserDomain=VIAMONSTRA
UserID=MDT_BA
UserPassword=P@ssw0rd
SkipBDDWelcome=YES

CustomSettings.ini

[Settings]
Priority=Default

[Default]
_SMSTSORGNAME=ViaMonstra
UserDataLocation=NONE
ComputerBackupLocation=NETWORK
DoCapture=YES
OSInstall=Y
AdminPassword=P@ssw0rd
TimeZoneName=Pacific Standard Time
JoinWorkgroup=WORKGROUP
HideShell=NO
FinishAction=SHUTDOWN
WSUSServer=http://wsus01.corp.viamonstra.com:8530
ApplyGPOPack=NO

BackupShare=MDT01MDTBuildLab$
BackupDir=Captures
BackupFile=%TaskSequenceID%_#month(date) & "-" & day(date) & "-" & year(date)#.wim

SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipRoles=YES
SkipCapture=NO
SkipFinalSummary=YES
  1. On MDT01 in the E:\Labfiles\LTI Support Files\MDT Build Lab\Control folder, modify the Bootstrap.ini and CustomSettings.ini per the above examples.
  2. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties.
    1. In the Windows PE tab, in the Platform dropdown list, make sure x86 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
      1. Image description: MDT Build Lab x86
      2. ISO file name: MDT Build Lab x86.iso
    2. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
      1. Selection profile: Nothing
      2. Select the Include all drivers from selection profile option
        image
        Configuring the deployment share not to add the Windows 10 CU into the boot image.
    3. In the Windows PE tab, in the Platform dropdown list, make sure x64 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
      1. Image description: MDT Build Lab x64
      2. ISO file name: MDT Build Lab x64.iso
    4. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
      1. Selection profile: Nothing
      2. Select the Include all drivers from selection profile option
    5. Click OK.
    6. Update the deployment share, by right-clicking the MDT Build Lab deployment share and select Update Deployment Share. Use the default Options for the Update Deployment Share wizard.
image
The contents of the E:\MDTBuildLab\Boot folder after updating the deployment share.

Step 7 – Create Windows Reference Images

Create a Windows 10 Reference WIM Image, fully automated.

  1. On MDT01, copy the E:\MDTBuildLab\Boot\MDT Build Lab x64.iso file to your VMware or Hyper-V machine.
  2. Create a virtual machine named REF001, assign it two vCPUs and 4 GB RAM. Then mount MDT Build Lab x64.iso on the virtual machine.
  3. Start the REF001 virtual machine, and allow it to boot. Then complete the Deployment Wizard using the below settings:
    1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 v1809
    2. Specify whether to capture an image: Capture an image of this reference computer.
      1. Location:
      2. File name:

The task sequence will now do the following:

  • Install the Windows 10 Enterprise operating system.
  • Install the added applications, roles, and features.
  • Stage WinPE on the local disk.
  • Run Sysprep and reboot into WinPE.
  • Capture the Windows 10 installation to a WIM file.
MDT_thumb1_thumb
MDT capturing a Windows 10 Image.

Resources

Note: Please also check these posts:

Fixing why Sysprep fails in Windows 10 due to Windows Store updates
https://deploymentresearch.com/615/Fixing-why-Sysprep-fails-in-Windows-10-due-to-Windows-Store-updates

Remove WSUS configuration before capturing a Reference Image with MDT (by @NickolajA )
http://www.scconfigmgr.com/2014/12/29/remove-wsus-configuration-before-capturing-a-reference-image-with-mdt/

Image Factory
Automate this process even further (you still need to do the step in this guide first), check out the Image Factory for Hyper-V solution by Mikael Nystrom (@mikael_nystrom).
http://github.com/DeploymentBunny/ImageFactoryV3ForHyper-V

About the author

Johan Arwidmark

32
Leave a Reply

avatar
14 Comment threads
18 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
15 Comment authors
JohnRufatValdasAnthonyMatt Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
John
Guest
John

If I'm using MDT integration with SCCM to achieve the above, am I able to install an MDT application (ConfigWSUSCleanUp, for example) through a task sequence in SCCM (albeit an MDT task sequence)?

Thanks!

Rufat
Guest
Rufat

Hi Johan,
I'm experiencing problem with Create WIM step. I have standard TS with all configuration I need.
Steps:
1. Create new vm.
2. Boot vm from LAB Deployment Share using PXE.
3. TS automatically selected from Rules.
4. OS Installed and suspended regarding to Suspend step configured in TS.
5. Necessary configurations made to OS.
6. Click Resume script on desktop
7. VM restarted and sysprep started.
8. Sysprep finished and VM shutting down.

Wim file still not created on share.

9. Started the same vm from PXE boot again.
10.Choose LAB boot image to boot from PXE.
11. TS again automatically created
12. TS finished without creating WIM file.

Valdas
Guest
Valdas

Hey, thanks for the post. I am wondering if it is possible to set-up Mandatory users to the image in MDT ? I have a project with 2000 computers which are in public section and after every log off user data needs to reset like it is 1st time for it every time it logs in.

Anthony
Guest
Anthony

Hi Johan,

Im a newbie to MDT deployment having previously used WDS for imaging machines (i know, its a sin!). I have been following your guide and checked out your PluralSight course, its great but moves quite fast for a newbie doing this for the first time.
I have WDS installed on the same server as my MDT but havent configured anything in WDS yet following the steps in your guide here – presumably i need to configure PXE boot via WDS to get this working?

Appreciate your advice here.

Regards

Anthony

Matt
Guest
Matt

Regarding the Enable/Disable Windows Store scripts:

I think I followed your instructions for setting up these two scripts. When running the TS, however, I am met with failure. The error message is:

Failed to run the action: Disable Windows Store Updates.
Incorrect function. (Error: 00000001; Source: Windows)

I added the scripts to the script directory and set the steps up according to the instructions laid out in this post. Additionally, I read the entire post https://deploymentresearch.com/fixing-why-sysprep-fails-in-windows-10-due-to-windows-store-updates/

Jan Vinterberg
Guest
Jan Vinterberg

Hi Johan,
Long time fan here 🙂
Will you update the "Install-MicrosoftVisualC++x86x64.wsf" file?
VS2019 ReDist is taking over for VS2017, i have made the changes to my own file, but i guess others can use it as well.

Chris
Guest
Chris

Under Step 2 > Options, I don't see any settings in your guide or screenshot. Do I leave the defaults? Thanks!

Robert
Guest
Robert

Thanks so much for this tutorial, Johan!

One little thing: in Step 2, you say: "Copy the following scripts to the E:\MDTBuildLabScripts folder." I did this and my deployment failed. I was trying to figure out where E:\MDTBuildLabScripts was referenced (nowhere) such that Windows would know where to find it. It took me a while to realize that there is a backslash missing between "MDTBuildLab" and "Scripts".

Thanks again!

Chris
Guest
Chris

John,
Fantastic tutorial thank you for putting the time and effort (and trial and error) into this! I'm dogging my way through this and I have a questions about WSUS. We don't have WSUS in this environment, so do I just omit that line in the ini? or leave it [WSUS=] ?

Thanks!

hitesh mistry
Guest
hitesh mistry

Hi,
I have just built new win10 1903 image on Hyper-v with standard software and carried out windows updates. When I try to capture the image it fails with "microsoft.Wallet" which I have tried removing for users and allusers but sysprep still fails on that.
Any ideas how I can remove the app.

Thanks.

Carlton Whitmore
Guest

Johan – I'm working on Win10 Enterprise build 1903 x64 (generated from OSDBuilder.) I'm able to setup the task sequence for capture in MDT, but when I try to edit the unattend.xml from the OSInfo tab I get the error: "Non-zero return code from catalog utility, rc = 2002" I have reinstalled latest ADK, ADK PE add-on along with MDT. I've also recreated OS WIM. I'm running this from Win10 Enterprise build 1903 x64 machine. I found a post online that had same issue. They said 32-bit OS worked find, but 64-bit was issue. Have you seen this? Thanks again… Read more »

STR1CT
Guest
STR1CT

Wondering why you dont load a WinPE selection profile on the reference image? I notice loading the WinPE drivers on my deployment image takes a long time. Couldn't this be done in the reference image to save that time on the deploys?

Carlton Whitmore
Guest
Carlton Whitmore

Johan – Thanks for taking the time to record these instructions. I did notice one discrepancy. Under the WinPE tab section, you mention setting the platform to x86 then you say to set it to x64. Everything else looks great!

Love A
Guest
Love A

I know this is a kind of "old" build, but were just getting there.

Some pointers:

"%SCRIPTROOT%Config-EnableWindowsStoreUpdates.wsf"

Forgot a "\" after "%SCIRPTROOT%" on both enable and disable step, wont work without it.
And maybe a note that if you copy-paste "cscript "%SCRIPTROOT%Config-EnableWindowsStoreUpdates.wsf"" to the task sequence the quotas will be wrong, so these need to be re-entered 🙂

If anyone else like us are prepairing for 1809.

Love A
Guest
Love A

P.S Thanks for an awesome guide! Helping me set-up the MDT for the very first time.


>