How To Create A Windows 10 Reference Image For Deployment

Here is a step-by-step quick guide on building the perfect Windows 10 21H2 reference paradigm using Microsoft Deployment Toolkit (MDT) 8456.

Real Globe Annotation: Since Windows Vista, at that place is no technical requirement to create reference images in social club to deploy Windows. After all, the ISO that you download from Microsoft contains WIM images that are in a deployable state. The main reason for creating reference images, meaning images with one or more applications in them, is oft just deployment speed, and to some extent network efficiency (WIM images are highly compressed). However, in a globe with better and ameliorate peer to peer solutions, better networking, better hardware, you tin brand deployments get quite fast even without a reference image. While more than and more organizations are moving to use a sparse image, and deploy settings and applications at deployment time instead, if yous even so need a reference image. Here is how to create i.

Block Internet Access

Due to how aggressive Windows x is regarding updating its native applications, which is known for breaking Sysprep, make sure the virtual machine does not have Internet access during the build and capture process.

Software Requirements

MDT tin be installed either on a file server, or on your own laptop, but in this scenario, I use a file server named MDT01. Windows ten 21H2 requires Windows ADK x 2004 or subsequently, but since you likely want to evaluate Windows 11 as well, I recommend using Windows ADK for Windows xi 21H2 that supports both Windows 10 21H2 and Windows xi 21H2.

Note: Please don't use the newly released (May 2022) Windows ADK for Windows 11 22H2. It'due south non fully compatible with MDT 8456 since it no longer contains the x86 version of WinPE which MDT expects to discover.

For this guide you need the post-obit software.

• Windows 10 Enterprise 21H2 (make sure to apply the latest media).
• Windows ADK for Windows 11 21H2: Download and install the Windows ADK | Microsoft Docs
• WinPE Addon for Windows ADK for Windows 11 21H2: Download and install the Windows ADK | Microsoft Docs
• Microsoft Deployment Toolkit (MDT) 8456: Microsoft Deployment Toolkit documentation | Microsoft Docs
• MDT 8456 HotFix: Windows 10 deployments neglect with Microsoft Deployment Toolkit on computers with BIOS type firmware
• Script to relax default deployment share permissions: http://github.com/DeploymentResearch/DRFiles/hulk/chief/Scripts/Set-MDTBuildLabPermissions.ps1

Step-past-Step Guide

The entire procedure for creating a Windows x paradigm using MDT takes about twenty – 30 minutes, fully automated. This guide covers the following seven steps:

• Step ane – Install Windows ADK for Windows xi, and MDT 8456
• Step 2 – Create the MDT Build Lab Deployment Share
• Step iii – Import the Windows ten operating system
• Pace 4 – Add applications
• Footstep 5 – Create the MDT Job Sequence
• Step 6 – Configure the deployment share
• Step 7 – Create Windows Reference Images

Stride 1 – Install Windows ADK for Windows xi, and MDT 8456

In this example I accept a virtual machine named MDT01, running Windows Server 2022 LTSC (Windows Server 2016 LTSC or Windows Server 2019 LTSC is fine also). The VM has two vCPUs and 4 GB RAM.

1. On MDT01, install Windows ADK for Windows xi, and select the following components:

• Deployment Tools
• Imaging and Configuration Designer (ICD)
• Configuration Designer
• User Country Migration Tool (USMT

Windows ADK 1Setup

2. Install WinPE Addon for Windows ADK for Windows 11, and select the post-obit component:

Windows Preinstallation Environment (Windows PE)

Installing WinPE Addon for Windows ADK

3.  Install MDT 845half dozen using the default settings.

Installing MDT.

4. Install the MDT 8456 HotFix by extracting MDT_KB4564442.exe and extract information technology to a folder. In my lab, I extracted information technology to the Eastward:\Setup\MDT 8456 HotFix folder.

4a. Copy the x86 version of the new Microsoft.BDD.Utility.dll from E:\Setup\MDT 8456 HotFix\x86 to C:\Plan Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86. Replace the existing file.

4b. Copy the x64 version of the new Microsoft.BDD.Utility.dll from E:\Setup\MDT 8456 HotFix\x64 to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64. Replace the existing file.

1. On MDT01, using the Deployment Workbench (available on the start screen), right-click Deployment Shares and select New Deployment Share. Apply the following settings for the New Deployment Share Wizard (my data volume on MDT01 is E:)

a.    Deployment share path: E:\MDTBuildLab
b.    Share proper noun: MDTBuildLab$
c.    Deployment share description: MDT Build Lab
d.    Options: (default)

MDT Build Lab deployment share created

2. Once the deployment share is created you too want to relax the security a bit. MDT locks it down to hard by default. Employ the following PowerShell script (named Set-MDTBuildLabPermissions.ps1) to prepare some better permissions (change script to fit your environs):

            #Requires -RunAsAdministrator  # Configure NTFS Permissions for the MDT Build Lab deployment share $DeploymentShareNTFS = "E:\MDTBuildLab" icacls $DeploymentShareNTFS /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(RX)' icacls $DeploymentShareNTFS /grant '"Administrators":(OI)(CI)(F)' icacls $DeploymentShareNTFS /grant '"SYSTEM":(OI)(CI)(F)' icacls "$DeploymentShareNTFS\Captures" /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(Chiliad)'  # Configure Sharing Permissions for the MDT Build Lab deployment share $DeploymentShare = "MDTBuildLab$" Grant-SmbShareAccess -Proper noun $DeploymentShare -AccountName "Everyone" -AccessRight Change -Force Revoke-SmbShareAccess -Proper noun $DeploymentShare -AccountName "CREATOR OWNER" -Force          

Annotation: In my surround the MDT01 server is joined to a domain, and my service account used for the deployments is VIAMONSTRA\MDT_BA. If using a dissimilar domain, or if using a workgroup server for your build and capture change the Set-MDTBuildLabPermissions.ps1 script to reflect that.

Running the Set-MDTBuildLabPermissions.ps1 script

Step 3 – Import the Windows ten operating organization

Note: Make certain to always download the latest version of Windows 10 Enterprise 21H2. Microsoft releases new media monthly.

On MDT01, mount the Windows 10 Enterprise x64 21H2.iso media (or whatever you named information technology). On my server it was mounted to the D: drive.

1. Using the Deployment Workbench, aggrandize the Deployment Shares node, expand MDT Build Lab, select the Operating Systems node and create a binder
   named Windows 10.
2. Right-click the Windows 10 node, and select Import Operating Organization. Utilize the post-obit settings for the Import Operating Organisation Sorcerer.
   1. Total gear up of source files
   2. Source directory: D:\
   3. Destination directory name: REFW10X64-21H2
   4. Later calculation the operating system, in the Windows 10 node, remove the indexes/images you don't demand, and rename the remaining operating system to Windows 10 Enterprise x64 21H2

Note: The Windows 10 media comes with many Windows version, in the beneath example I simply removed all just the Enterprise version, and gave it a better name.

The Windows x Enterprise x64 operating organisation imported to deployment workbench.

Step 4 – Add together applications

In this example yous add together Microsoft 365 Apps for enterprise (formerly named Microsoft Office 365 ProPlus) to MDT. Use the Office Deployment Toolkit (ODT) to create a package of Microsoft 365 Apps for enterprise before continuing with these steps.

1. On MDT01, download the Part Deployment Toolkit (ODT), and excerpt it to E:\Setup\ODT.

2. Using an elevated Control prompt, download the installers by running the following command:

setup.exe /download configuration-Office365-x64.xml

Microsoft 365 Apps for enterprise (well, Function) downloaded via setup.exe from ODT.

3. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a binder named Microsoft.

4. Correct-click the Microsoft binder, and select New Application. Use the following settings for the New Application Wizard:

• Application with source files
• Publisher:
• Application name: Install – Microsoft 365 Apps for enterprise
• Version:
• Source Directory: E:\Setup\ODT
• Specify the name of the directory that should be created: Install – Microsoft 365 Apps for enterprise
• Command Line: setup.exe /configure configuration-Office365-x64.xml
• Working directory: (default)

Microsoft 365 Apps for enterprise (Role) added every bit an application.

Step 5 – Create and Configure the MDT Task Sequence

1. On MDT01, using the Deployment Workbench, in the MDT Build Lab deployment share, select the Chore Sequences node, and create a folder named Windows 10.
2. Expand the Task Sequences node, right-click on the Windows 10 node, and select New Chore Sequence. Utilise the following settings for the New Task Sequence Wizard:
   1. Job sequence ID: REFW10-X64-001
   2. Job sequence name: Windows 10 Enterprise x64 21H2
   3. Job sequence comments: Reference Build
   4. Template: Standard Customer Job Sequence
   5. Select Os: Windows 10 Enterprise x64 21H2
   6. Specify Product Key: Practice not specify a product key at this time
   7. Full Proper name: ViaMonstra
   8. Organization: ViaMonstra
   9. Internet Explorer dwelling house page: about:bare
   10. Do non specify an Administrator password at this time
3. Edit the task sequence by navigating to the Job Sequences / Windows 10 folder, right-click the Windows ten Enterprise x64 21H2 chore sequence, and select Backdrop.
4. On the Task Sequence tab, configure the Windows x Enterprise x64 21H2 task sequence with the following settings:
   1. In the Land Restore / Custom Tasks grouping, add a new Install Application action with the following settings:
      Name: Install – Microsoft 365 Apps for enterprise
      Install a Unmarried Application: Install – Microsoft 365 Apps for enterprise
      

Task Sequence configured for the reference image build and capture.

To configure the deployment settings, you modify the ii rules files (Bootstrap.ini and CustomSettings.ini). You tin exercise the either via the MDT Build Lab deployment share properties, or directly in the file system, in the E:\MDTBuildLab\Control folder. Beneath you lot find the configurations I used in this guide.

Bootstrap.ini

            [Settings] Priority=Default  [Default] DeployRoot=\\MDT01\MDTBuildLab$ UserDomain=VIAMONSTRA UserID=MDT_BA [email protected] SkipBDDWelcome=Yeah          

CustomSettings.ini

            [Settings] Priority=Default  [Default] _SMSTSORGNAME=ViaMonstra UserDataLocation=NONE ComputerBackupLocation=NETWORK DoCapture=YES OSInstall=Y [email protected] TimeZoneName=Pacific Standard Time JoinWorkgroup=WORKGROUP HideShell=NO FinishAction=SHUTDOWN ApplyGPOPack=NO  BackupShare=\\MDT01\MDTBuildLab$ BackupDir=Captures BackupFile=%TaskSequenceID%_#month(date) & "-" & twenty-four hours(date) & "-" & yr(date)#.wim  SkipAdminPassword=YES SkipProductKey=YES SkipComputerName=YES SkipDomainMembership=Yes SkipUserData=YES SkipLocaleSelection=Yep SkipTaskSequence=NO SkipTimeZone=Yeah SkipApplications=Yeah SkipBitLocker=YES SkipSummary=Yep SkipRoles=Yep SkipCapture=NO SkipFinalSummary=Aye          

1. On MDT01, modify the Bootstrap.ini and CustomSettings.ini per the preceding examples.
   
2. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties.
   1. In the Windows PE tab, in the Platform dropdown list, make sure x86 is selected. So in the Low-cal Touch Boot Image Settings expanse, configure the following settings:
      1. Image clarification: MDT Build Lab x86
      2. ISO file proper noun: MDT Build Lab x86.iso
   2. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
      1. Choice profile: Nothing
      2. Select the Include all drivers from selection profile option
         

         

         Configuring the deployment share not to add the Windows ten CU into the kick image.
         
   3. In the Windows PE tab, in the Platform dropdown list, make sure x64 is selected. Then in the Lite Touch on Boot Image Settings area, configure the following settings:
      1. Epitome description: MDT Build Lab x64
      2. ISO file name: MDT Build Lab x64.iso
   4. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
      1. Selection profile: Zippo
      2. Select the Include all drivers from selection profile option
         
   5. Click OK.
   6. Update the deployment share, by right-clicking the MDT Build Lab deployment share and select Update Deployment Share. Use the default Options for the Update Deployment Share magician.

The contents of the Eastward:\MDTBuildLab\Kicking folder afterwards updating the deployment share.

Footstep 7 – Create Windows Reference Images

Now it is fourth dimension to create a Windows 10 Reference WIM Epitome, fully automatic.

Note: To make sure Sysprep does not fail during the build and capture procedure, make certain the virtual machine you are using does not have Internet admission during the entire procedure.

1. On MDT01, copy the East:\MDTBuildLab\Boot\MDT Build Lab x64.iso file to your VMware or Hyper-V machine.
2. Create a virtual machine named REF001, assign it 2 vCPUs and 4 GB RAM. Then mount MDT Build Lab x64.iso on the virtual machine.
3. Start the REF001 virtual machine, and allow it to boot. Then complete the Deployment Wizard using the below settings:
   1. Select a chore sequence to execute on this figurer: Windows 10 Enterprise x64 21H2
   2. Specify whether to capture an paradigm: Capture an image of this reference computer.
      1. Location:
      2. File name:

The task sequence volition now practice the following:

• Install the Windows 10 Enterprise operating system.
• Install the added applications, roles, and features.
• Stage WinPE on the local disk.
• Run Sysprep and reboot into WinPE.
• Capture the Windows 10 installation to a WIM file.

MDT capturing a Windows 10 Image.

Resources

Note: Please besides check these posts:

Epitome Manufactory
Automate this procedure even farther (y'all still need to exercise the step in this guide first), check out the Image Manufacturing plant for Hyper-V solution by Mikael Nystrom (@mikael_nystrom).
http://github.com/DeploymentBunny/ImageFactoryV3ForHyper-V

Source: https://www.deploymentresearch.com/building-a-windows-10-21h2-reference-image-using-microsoft-deployment-toolkit-mdt/

Posted by: dvorakbefave.blogspot.com

Share this post