Deploy Windows Captured Image Using SCCM and MDT

Let’s understand how to Deploy Windows Captured Image Using SCCM and MDT. This post will help you manage the deployment of Windows Captured Image & Deploy Windows Image using MDT + SCCM.

Let’s learn How To Deploy Windows 10 Image Using Microsoft Deployment Toolkit (MDT), and the same Image can be used in SCCM or MECM.

In my previous post, I described the working mechanism of the Sysprep tool and the process of capturing the Windows Image. Learn How to Sysprep Capture Windows 10 Image using DISM.

Since we had successfully captured the windows image, the next step would be to deploy the captured image.

Introduction – Deploy Windows 10 Image

We have many options to manage and proceed with the deployment. We will choose the Microsoft Deployment Toolkit (A.K.A MDT) to deploy the captured WIM File.

Microsoft Deployment Tool (MDT) will allow you to create Zero Touch Installation to deliver an automated deployment scenario.

• Requires no interaction by the user.
• Users do not need to know any configuration information before initiating the deployment process.
• You can customize your task sequence much easier.
• It can preconfigure the user profile and apply user-based settings and customizations.
• With CopyProfile, you can make changes to default user settings and apply them to the user profile on system during deployment.

Prerequisites

• Microsoft Deployment Toolkit (MDT) 8456 Download
• Windows ADK 10 v1903 Download
• WinPE Addon for Windows ADK 10 v1903 Download
• Windows 10 Image
• Configure MDT Deployment Share to Create Reference Image

Implementation Activities & Tasks

Import Custom Image for Deployment

• Expand the Deployment Shares and the MDT Deployment Share.
• Create a folder structure inside the Operating Systems. This helps in the organization of selection profiles. Right Click in Operating Systems > Created Folder and select Import Operating System

Select the Custom Image file to add a captured image you wish to deploy.

Click on Browse; specify the location of the wim file. After Specify the full path, you can check the box to move the files to the deployment share and click Next. To save your time!

Don’t forget to keep a copy of imported Images.

Select Setup files that are not needed and Click Next.

Accept this default directory name or specify the directory’s name and click Next.

Review the values and click Next.

You will get a message “The Import Operating System Wizard completed successfully” Click Finish.

The captured image of the reference computer is added under Operating Systems.

Prepare the drivers repository.

You need to download all device drivers for required models available on the OEM Manufacturer’s website. Once you have downloaded the necessary drivers, store them for a specific model in a folder.

Download Extract and Import Drivers within your folder into MDT

Next, we want to create a folder structure under the Out-of-Box Drivers node in MDT to organize our drivers. This will not only allow easy manageability of drivers.

To add drivers for the operating system of different hardware models, Check this Microsoft Blog.

Create and Configure the MDT Task Sequence

Right-click on the Task Sequence node and select “New Task Sequence.”

Provide the Task sequence ID and Task sequence name.

Select Template Standard Client Task Sequence from the available list.

Select OS: choose the imported Custom Image to deploy with this Task Sequence.

Select Do not specify a product key at this time.

Fill the fields Full Name, Organization, Internet Explorer Home Page (these fields can be modified through Answers File at a later stage), and click Next.

Select Don’t specify an Administrator password at this time Option. Click Next.

Review the details and click Next.

Task Sequence creation process completed successfully. Click Finish to close the wizard.

We have a pretty bare-bones task sequence that will only install Windows and nothing else.

We need to edit Task Sequences and add custom steps to perform other actions required with this Windows installation into a target machine.

Customize the Task Sequence

Edit the task sequence by navigating to the Task Sequences, right-click on created task sequence Name, and selecting Properties.

Under the Preinstall section, we will configure the Inject Drivers step to use the selection profile > Nothing in the task sequence.

We will add a custom Task Sequence Variable step above the Inject Drivers step to set our DriverGroup001 variable to point to the model’s path that we are installing the %model% variable filled.

Task Sequence will appear as shown below; apply changes click on Apply and OK.

Answer files (unattend.xml)

Right-click on the task sequence you created and choose “Properties.” On the “OS Info” tab, click on “Edit Unattend.xml,” which will be Windows System Image Manager.

It started to generate a catalog file automatically for the selected WIM. This process could take a while, depending on your configuration. 

Once the generation is complete, you’re free to change your Unattend.xml. 

For all unattended settings that can be applied with the answer file. Complete description about components; see this Microsoft Docs Unattend Components.

Run the Validation check, click on the Tools menu and select Validate Answer File.

In the Messages area at the bottom of the screen, you should see that your validation answer file has errors. Double click on any results to be taken a right to that setting to remediate any issues.

Make the necessary changes, validate the answer file, and save and exit. 

Create a Selection Profile

Selection profiles, available in the Advanced Configuration node, provide a way to filter content in the Deployment Workbench.

Selection profiles are used for several purposes in the Deployment Workbench and Lite Touch deployments. For example, they can be used to: 

• Control which drivers and packages are injected into the boot images. 
• Control which drivers are injected during the task sequence. 
• Control what is included in any media that you create. 
• Control what is replicated to other deployment shares. 
• Filter which task sequences and applications are displayed in the Deployment Wizard.  

Expand Advanced Configuration. Right Click on Selection Profiles and select New Selection Profile.

Provide the Selection profile name and Comments for best practice.

Here we can select the available applications, Operating Systems, Drivers, Packages, and Task Sequences that we need to include in the Image.

Note: Selecting more than necessary will result in larger ISO files and USB storage requirements.

Once done with the selection, click on Next.

Here we will get a summary page with detailed information.

Click on the Finish button to complete the process.

A custom Selection Profile has been created based on your selection.

Note: If you need to make any changes later, you can modify the selection profiles by right-clicking> properties in the completed profile.

Creating an Offline MDT Deployment Media

Right Click on Media and select New Media.

Under New Media Wizard, provide the Media path by clicking on the Browse option. We have created a new directory under C drive named “MDT Offline Media.”

Note: The path of the provided directory should be empty.

Now select the selected profile from the drop-down list which was created earlier.

Review the selected values and Click on Next.

Please wait for a while to complete the process. Once you get a message, “The Process completed successfully,” Click on Finish.

Under Media, Now you can see new media has been created.

Right-click in media [here in my case, MEDIA001] and choose Properties.

Select the Platforms Supported; provide the appropriate name for ISO.

Configure MDT Deployment Share Rules

You modify the two rules files (Bootstrap.ini and CustomSettings.ini) to automate media Installations. The rules control the Windows Deployment Wizard on the client and provide the following settings to the machine being deployed:

• Computer name
• Domain to join, and organizational unit (OU) in AD to hold the computer object.
• Whether to enable BitLocker
• Regional settings You can manage hundreds of locations in the rules.

Click on the Rules tab, where you will get default settings.

Important! Generate a computer name based on a serial number
A serial number can contain 15 characters, but the Windows setup limits a computer name to 15 characters. More Details Configure MDT deployment share rules

Below the configurations I used, you can modify the Rules in the deployment process based on Toolkit Reference.

CustomSettings.ini

Select the Rules tab and modify the properties window using the sample information.

[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Test Infra
OSInstall=YES
OSDComputerName=PC-%SerialNumber%
SkipApplications=YES
SkipAppsOnUpgrade=YES
SkipBitLocker=YES
SkipCapture=YES
SkipComputerName=YES
SkipComputerBackup=YES
SkipDeploymentType=YES
DeploymentType=NEWCOMPUTER
SkipDomainMembership=YES
SkipAdminPassword=YES
AdminPassword=P@ssWord
SkipLocaleSelection=YES
KeyboardLocale=en-US
UserLocale=en-US
UILanguage=en-US
SkipPackageDisplay=YES
SkipProductKey=YES
SkipSummary=YES
TimeZoneName=UTC
SkipTimeZone=YES
SkipUserData=Yes
SkipTaskSequence=YES
TaskSequenceID=W10X64
_SMSTSOrgName=Test Infra
SkipFinalSummary=NO

Bootstrap.ini

Click Edit Bootstrap.ini will open the configuration in Notepad and modify it using the following information.

[Settings]
Priority=Default
[Default]
SkipBDDWelcome=YES

Click on Apply to save the changes and Click on OK to close the Media Properties.

WinPE Drivers

You can create separate folders under your Out-of-Box Drivers node for WinPE_x86 and WinPE_x64 drivers and add the drivers. In the Windows PE tab, in the Platform drop-down list, make sure x64 is selected. Select the Drivers and Patches tab.

By default, MDT will inject all network adapters and mass storage drivers into the WIM file. From the Selection profile drop-down list, choose the selection profile that you created
for WinPEx64.

Why need to Update Deployment Share

Generally, you need to update the deployment share when you make changes that affect the boot image. That would include:

• Added a driver that needs to be injected in WinPE.
• Modified the boot image settings.
• Changes to the Bootstrap.ini file.
• Updated any of the scripts or files.

Update the deployment share by right-clicking the MDT Build Lab deployment share and selecting Update Deployment Share. Use the default options for the Update Deployment Share Wizard.

It will only inject drivers into WindowsPE from the specified folder in your selected profile.

Split a Windows Image File (.wim) 

We need to configure or validate this setting once before deployment with an image having more than 4GB as FAT32 is required to boot the UEFI System with a maximum supported file size of 4GB. 

After splitting the Image into a set of smaller (.swm) files, it can handle images having more than the size of 4GB when installing windows images from USB or DVD.

In the Deployment share > Control > Settings.xml. Open with Notepad to modify.

Make Sure that the Settings.xml File has the following settings: Save and close the Notepad.

<SkipWimSplit>False</ SkipWimSplit> 

Important Tips! Before updating media content, it’s better to close all the opened instances of Deployment Share, a path used by some other process. If needed, sign out from the logged-in User Account, log in to Server, and Open Deployment Share> Advanced Configuration> Media> Update Media Content.

Right Click on Media and select Update Media Content.

Now the ISO Image creation will be in progress, and it will take a longer time to complete the process.

Once Media generation is completed successfully, Click on Finish to close the wizard.

Media has been created successfully; you can see the ISO files to use for deployment have been made under the path you specified.

Create a bootable USB from the ISO for offline deployment, depending on your target devices.

Author