Information
Microsoft Deployment Toolkit (MDT) is a powerful tool to manage Windows deployment. Although intended for corporate use, it can also make administrating a small home network easy. If you have few computers to take care off, or if you are an enthusiastic virtual machine user, MDT for sure is for you.
According to Microsoft, “Microsoft Deployment Toolkit provides a unified collection of tools, processes, and guidance for automating desktop and server deployments“.
In this tutorial, I will show how to set up MDT and use its Lite-Touch Installation (LTI) feature in workgroup or domain environments to deploy, repair, update and upgrade Windows 10. For advanced users, it might occasionally look like something for beginners only, my intention being to make instructions as clear and easy to follow as possible. However, I think that there might be a tip or two also for you advanced geeks.
I will use following terms about different computers:
MDT Workbench The PC on which the MDT is installed Reference The PC used to capture a custom image Target The PC on which Windows will be deployed
All computers can be either physical devices or virtual machines, and they must be connected to network. Notice that reference device is only needed if you want to capture and deploy a custom image. if you will only deploy basic Windows directly from a Microsoft Windows image without customizations, reference device will not be needed
Part One: Install and setup MDT Part Two: Create a Deployment Share Part Three: Import operating system Part Four: Create a Task Sequence Part Five: Deploy Windows to target device Part Six: Customize Deployment Part Seven: Add applications Part Eight: Add drivers Part Nine: Capture custom image Part Ten: Upgrade target device
Note
Parts One through Five show the basic deployment of standard Windows 10, without any customizations. Rest of the tutorial, starting from Part Six is optional, showing how to customize deployment image, add software and drivers, and so on.
1.1) The Windows Assessment and Deployment Kit (ADK) and Windows PE add-on for the ADK must be installed before you can use MDT. Download and install both, installing ADK first:
1.2) I recommend that you accept all defaults when installing ADK, although for MDT, we only need Deployment Tools and User State Migration Tool:
Windows PE addon does not let to choose what to install, you must accept all 5+ GB of it.
1.3) Download and install MDT:
1.4) Run MDT Deployment Workbench, you can find it in Start > M > Microsoft Deployment Toolkit.
A Deployment Share is a folder on MDT Workbench machine, containing everything needed to deploy Windows (imported operating systems, scripts, boot images for target devices).2.1) Select Deployment Shares > New Deployment Share:
2.2) Select the location and name for the deployment share folder:
2.3) Name the share. A share name is the name the shared folder can be found on network:
2.4) A Deployment Share will be created:
3.1) To import an operating system for deployment, mount a Windows ISO file (right click, select Mount). In Deployment Workbench, select your new Deployment Share in navigation pane, expand it and select Operating Systems. In Action pane, select New Folder. Name the folder as you wish. As I will import UK English Windows 10 x64 version 1809 ISO, I name the folder as Version 1809 x64 EN-GB:
3.2) MDT requires Windows image in a WIM file. An ISO created with Windows Media Creation Tool contains Windows image in install.esd file instead of install.wim, and therefore it cannot be used with MDT.
3.3) To download a WIM-based ISO, open Windows Media Creation Tool page in browser, press F12 to open developer tools, select Emulation tab, and change user agent string to Apple Safari. Wait the page to refresh. You can now download a WIM-based ISO:
3.3) Still in Operating Systems, select the new folder you created. In Action pane, select Import Operating System.
3.4) Select your source. Operating systems can be imported from a mounted ISO, DVD, USB flash drive or a folder containing Windows install files. To do this, select Full set of source files and click Next, in following page browse and select the source (mounted ISO, DVD, USB flash drive or a folder).
OS can also be imported from a WIM file, in which case select Custom image file, click Next and select your install.wim (or custom WIM) file:
If importing OS from a WIM file, in next page select Setup files are not required (install.wim already contains everything required to setup and install Windows):
3.5) When importing an OS from a complete ISO, MDT defaults the directory name to the first edition found in that ISO. In this case, because I imported a full consumer ISO which contains all editions except Enterprise, its first edition (INDEX:1) is Windows 10 Home. You can accept this default directory name, or change it to whatever you’d prefer:
In my case now, I changed directory name to Version 1809 x64 EN-GB.
When importing an OS from a WIM file, the default directory name is INSTALL.WIM. Again, you can accept the default name or change it. When imported, the operating systems found in ISO or WIM file are listed in MDT:
To deploy Windows from an imported operating system, we need to create a Task Sequence. A Task Sequence contains all required information to deploy (install) Windows on target machine.
For each unique deployment scenario, we will need a unique Task Sequence. Deploying W10 PRO edition, x64 bit architecture in UK English needs its own Task Sequence, and deploying W10 Education edition from the same imported operating system in MDT, we’ll need to create another unique Task Sequence for that.4.1) Expand your deployment share, select Task Sequences, select New Task Sequence. Give it a unique ID (required), name (required) and description (optional), click Next:
4.2) Select Standard Client Task Sequence and click Next:
4.3) Select OS (Windows edition) to deploy with this Task Sequence and click Next:
4.4) Select Do not specify a product key, and click Next. Alternatively, on enterprise networks, you can enter your MAK key here instead:
For private use, you could enter a product key here, but it is unnecessary. You can always activate Windows later, or Windows will be automatically activated if deploying to a target device with existing digital license for that edition.
4.5) Enter name, organization and IE home page (optional). The name and organization will be shown on the target computer as the owner of that device:
4.6) Now an important decision to make: built-in administrator account password for the target device. Personally, I would never leave that account without a password, but the decision is yours. Set the password, or select Do not specify an Administrator password at this time:
4.7) On Summary page, check that everything is as you'd prefer and click Next:
4.8) Your Task Sequence will be created:
4.9) The Deployment Share needs to be updated after creating the first Task Sequence. Select the share on left pane, select Update Deployment Share on Actions pane, accept default selection Optimize the boot image updating process, and click Next:
4.10) The deployment share will be updated, and all necessary scripts and ISO files to use for deployment will be created. You will find Lite-Touch Installation ISO files needed to boot target devices in %DeploymentShare%\Boot folder on your MDT Workbench machine:
4.11) Depending on your target device’s bit architecture, create a bootable USB flash drive from either LiteTouchPEx_64.iso orLiteTouchPE_x86.iso. If the target devices are virtual machines, no USB media is required.
4.12) To monitor deployment status (optional), right click the Deployment Share on left pane, select Properties, and enable monitoring:
5.1) By default, an MDT Deployment Share is shared to user group administrators. You should have access to it from target machines using any local admin account on MDT Workbench machine. However, depending on local networking and sharing settings, you might only be able to use the built-in administrator account to access Deployment Share folder, if you have not given permissions (full control) for everyone or a specific local admin account.
I strongly recommend that you will set a password for built-in administrator account on MDT Workbench device, and that you enable it if it is currently disabled. Using that account in deployment will bypass all possible sharing issues.
5.2) Boot the target device from LiteTouchPEx_64 or LiteTouchPE_x86 USB install media, or if target device is a virtual machine, from LiteTouchPEx_64.iso orLiteTouchPE_x86.iso file (steps 4.10 & 4.11).
Select keyboard layout and run the Deployment Wizard:
5.3) Enter credentials for MDT Workbench to access your Deployment Share:
If target device is joining a local workgroup instead of domain, enter MDT Workbench computer name as domain. In this example I have MDT installed on computer AGM-W10PRO03. As target computer joins a workgroup instead of domain, I use that computer name as domain.
5.4) All Task Sequences on share will be listed. Select the Task Sequence you want to use for deployment on this target machine. As we only have one Task Sequence at this point, select it and click Next:
5.5) Name the target device, or accept default name. Select if this is a workgroup computer or belongs to a domain:
5.6) As this is a clean install on a device without any previous operating system, there is no data to be moved. If deploying to a device which already contains an existing Windows 7 or later installation, you can select to move existing user accounts, user data and settings to a temporary folder on MDT Workbench machine. User data and settings will then be restored to target device during the final phase of deployment. Software will not be moved over to new installation, and must be re-installed:
Notice that if you select to move user data to new installation, all moved user accounts are by default disabled after deployment is done, and must be manually enabled before accounts can be used:
5.7) In Locale and time page, select keyboard layout and time zone for target device:
5.8) Select Do not capture image of this computer to do a normal deployment (clean install):
5.9) Select if BitLocker should be enabled on target device:
5.10) Finally, start the deployment:
5.11) You can follow the progress on target device:
If you enabled Monitoring in step 4.12, you can also monitor the progress in Deployment Workbench. Notice that monitoring in Deployment Workbench does not auto refresh. To refresh, click Refresh in Action pane:
5.12) Deployment completely bypasses OOBE. When ready, target device boots to desktop using built-in admin credentials. Do not touch anything, do not start anything until Deployment Wizard tells deployment has been finished:
5.13) At this point, only existing user account on target device is the built-in admin account. To start using the computer, create at least one local admin account, sign out from built-in admin, sign in to local admin and disable built-in admin.
6.1)To customize deployment task and image, we can edit its answer file Unattend.xml. Right click the deployment task sequence, select Properties, select OS Info tab, and click Edit Unattend.xml to open it in Windows System Image Manager (WSIM), part of Windows ADK you installed in steps 1.1 & 1.2:
6.2) When answer file is edited first time, MDT creates a catalog file. Be patient, this can take a while; on this mid-level i7 laptop of mine, it can take up to 15 minutes. If you, like me, do not want to wait, you can stop the catalog creation process:
Wait process to stop, and repeat step 6.1, and the answer file will now open in WSIM immediately:
6.2) For what can be done with answer file and complete reference, see this support article on Microsoft Docs: Components | Microsoft Docs
Some quick tips can be found in Step Four of this tutorial: Create media for automated unattended install of Windows 10 | Tutorials
MDT generated answer file Unattend.xml is, as so often with Microsoft products and services, made only for American users in USA. All language and region settings are US English. For us users in rest of the world, it might cause deployment to fail when used as it is.
When editing answer file, be sure to change International-Core settings in Pass 1 WindowsPE, Pass 4 Specialize and Pass 7 OobeSystem:
In my case now, I changed InputLocale (keyboard layout) to 040b:0000040b (Finnish), OS language and rest of the locales to EN-GB (UK English).
Change the SetupUILanguage setting in Pass 1 WindowsPE under International-Core, too, to match the language of your install / deployment media:
See complete list of language and region values: Default Input Profiles (Input Locales) in Windows | Microsoft Docs
6.3) Here's my modified Unattend.xml used in this sample deployment. Only changes I have made to default answer file is to change locale and user interface language settings from MDT default US English to UK English, changed default keyboard layout to Finnish (040b:0000040b), added myself as owner and TenForums as organization on target device, and make it to join workgroup TenForums:
Code:<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <ImageInstall> <OSImage> <WillShowUI>OnError</WillShowUI> <InstallTo> <DiskID>0</DiskID> <PartitionID>1</PartitionID> </InstallTo> <InstallFrom> <Path>.\Operating Systems\W10 1809 EN-GB\Sources\install.wim</Path> <MetaData> <Key>/IMAGE/INDEX</Key> <Value>1</Value> </MetaData> </InstallFrom> </OSImage> </ImageInstall> <ComplianceCheck> <DisplayReport>OnError</DisplayReport> </ComplianceCheck> <UserData> <AcceptEula>true</AcceptEula> </UserData> </component> <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SetupUILanguage> <UILanguage>en-GB</UILanguage> </SetupUILanguage> <InputLocale>040b:00000409b</InputLocale> <SystemLocale>en-GB</SystemLocale> <UILanguage>en-GB</UILanguage> <UserLocale>en-GB</UserLocale> <UILanguageFallback>en-GB</UILanguageFallback> </component> </settings> <settings pass="generalize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Identification> <Credentials> <Username></Username> <Domain></Domain> <Password></Password> </Credentials> <JoinDomain></JoinDomain> <JoinWorkgroup>TenForums</JoinWorkgroup> <MachineObjectOU></MachineObjectOU> </Identification> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <ComputerName></ComputerName> <ProductKey></ProductKey> <RegisteredOrganization>TenForums</RegisteredOrganization> <RegisteredOwner>Kari</RegisteredOwner> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <TimeZone>W. Europe Standard Time</TimeZone> </component> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Description>EnableAdmin</Description> <Order>1</Order> <Path>cmd /c net user Administrator /active:yes</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action="add"> <Description>UnfilterAdministratorToken</Description> <Order>2</Order> <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action="add"> <Description>disable user account page</Description> <Order>3</Order> <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action="add"> <Description>disable async RunOnce</Description> <Order>4</Order> <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer /v AsyncRunOnce /t REG_DWORD /d 0 /f</Path> </RunSynchronousCommand> </RunSynchronous> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>040b:0000040b</InputLocale> <SystemLocale>en-GB</SystemLocale> <UILanguage>en-GB</UILanguage> <UserLocale>en-GB</UserLocale> <UILanguageFallback>en-GB</UILanguageFallback> </component> <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DisableSR>1</DisableSR> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <UserAccounts> <AdministratorPassword> <Value>VABpAHQAeQBzAG8AZgB0ADEAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value> <PlainText>false</PlainText> </AdministratorPassword> </UserAccounts> <AutoLogon> <Enabled>true</Enabled> <Username>Administrator</Username> <Domain>.</Domain> <Password> <Value>VABpAHQAeQBzAG8AZgB0ADEAUABhAHMAcwB3AG8AcgBkAA==</Value> <PlainText>false</PlainText> </Password> <LogonCount>999</LogonCount> </AutoLogon> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>wscript.exe %SystemDrive%\LTIBootstrap.vbs</CommandLine> <Description>Lite Touch new OS</Description> <Order>1</Order> </SynchronousCommand> </FirstLogonCommands> <OOBE> <HideEULAPage>true</HideEULAPage> <ProtectYourPC>1</ProtectYourPC> <HideLocalAccountScreen>true</HideLocalAccountScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> </OOBE> <RegisteredOrganization>TenForums</RegisteredOrganization> <RegisteredOwner>Kari</RegisteredOwner> <TimeZone>W. Europe Standard Time</TimeZone> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>040b:0000040b</InputLocale> <SystemLocale>en-GB</SystemLocale> <UILanguage>en-GB</UILanguage> <UserLocale>en-GB</UserLocale> <UILanguageFallback>en-GB</UILanguageFallback> </component> </settings> <settings pass="offlineServicing"> <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DriverPaths> <PathAndCredentials wcm:keyValue="1" wcm:action="add"> <Path>\Drivers</Path> </PathAndCredentials> </DriverPaths> </component> </settings> <cpi:offlineImage cpi:source="catalog://agm-w10pro03/deploymentshare$/operating systems/w10 1809 en-gb/sources/install_windows 10 pro.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>
This answer file will completely automate OOBE.
6.4) To automate Deployment Wizard, steps 5.4 through 5.10 in this tutorial, we need to edit CustomSettings.ini file located in %DeploymentShare%\Control folder. Right click your Deployment Share on left pane and select Properties, then select Rules tab to open CustomSettings.ini:
Screenshot shows the default MDT CustomSettings.ini file.
6.5) CustomSettings.ini can be edited in directly in Properties window. Here's mine used in this sample deployment:
Full Properties refence: Toolkit reference - Microsoft Deployment Toolkit | Microsoft Docs
This sample CustomeSettings.ini will tell system to install OS, skip all possible Deployment Wizard prompts without asking user interaction, selects the Task Sequence to be run, and tells which applications should be silently installed on target machine, which are then told in following lines. The five lines Applications001 to Applications005 tell system which applications I chose to install silently in background on target machine (Chrome, Firefox, Opera, VLC Player and Office 365). See Part Seven for how to add applications to deployment.
You can use this sample CustomSettings.ini, editing it to match your needs (organization, Task Sequence name, apps to install etc.):
Code:[Settings] Priority=Default Properties=MyCustomProperty [Default] OSInstall=Y _SMSTSORGNAME=TenForums SkipAdminPassword=YES SkipCapture=YES SkipApplications=YES Applications001={a6a564c5-4c2c-41e8-9f68-c13d9b63ecd8} Applications002={38b1a9d8-c8b6-405b-b40d-27794c9c3a99} Applications003={9ba3ae8a-856b-4f39-9a69-95f307309d3a} Applications004={32ce5ae2-ffa7-4770-a6ff-4b8c6958dee8} Applications005={afde4f64-9e61-4c2f-958f-b553ff90f2d2} SkipBDDWelcome=YES SkipTaskSequence=YES TaskSequenceID=DEMO SkipBitLocker=YES SkipComputerBackup=YES SkipComputerName=YES SkipDeploymentType=YES SkipDomainMembership=YES SkipUserData=YES SkipLocaleSelection=YES SkipProductKey=YES SkipSummary=YES SkipTimeZone=YES EventService=http://AGM-W10PRO03:9800Warning
When SkipTaskSequence=YES is used, MDT LiteTouch installation runs the task told in TaskSequenceID=ID.
If that task sequence is for instance for clean installing Windows 10, but you actually wanted to upgrade existing Windows 8.1 installation on target device to Windows 10, you must edit CustomSettings.ini and change the TaskSequenceID to your upgrade task sequence ID.
If you forget this, your Windows 8.1 will be wiped clean, and Windows 10 clean installed instead.
See Part 10 for creating an upgrade task sequence.
6.6) The CustomSettings.ini file shown in previous step 6.6 completely bypasses all steps in Deployment Wizard, requiring no user interaction, and adds some applications to be silently installed (see Part Seven). However, you still need to select the keyboard layout and run Deployment Wizard manually on target machine (step 5.2), and enter network credentials to access Deployment share on MDT Workbench machine (step5.3).
To automate those two steps, in Properties window and its Rules tab for your deployment share, select Edit Bootstrap.ini:
6.7) Bootstrap.ini opens in Notepad. Here first the default Bootstrap.ini, then my modified one:
6.8) Change / add properties as follows:
6.9) When Bootstrap.ini has been modified, you must regenerate the LTI boot files which you created in steps 4.9 & 4.10:
Here's MDT deployment in action, a time lapse video of sample deployment to a target device (Hyper-V virtual machine) using the exact Unattend.xml, CustomeSettings.ini and Bootstrap.ini files shown in this Part Six. Deployment is completely "hands-free", fully automated using these files. Boot the target device from LTI boot ISO or USB, everything else is automated:
All three files shown in this part (Unattend.xml, CustomSettings.ini, Bootstrap.ini) can be edited in Notepad or any other text editor. See Part Seven for how to add application installers in CustomSettings.ini to silently and automatically installed on target machine.
Unattend.xml can be found in your %DeploymentShare%\Control\TaskSequnceID folder. Both INI files can be found in %DeploymentShare%\Control.
Unattend.xml can in addition be edited in Windows System Image Manager, outside MDT.
7.1) You can add any application installer to MDT deployment task. Download the installer as an EXE file, and save it in a separate folder. For instance, for this sample I downloaded Chrome installer and instead of running it, I saved it in folder %userprofile%\Downloads\Chrome. The installer must be in its own folder, one application installer in one folder!
7.2) To add application, in this sample Chrome, to deployment, in MDT Deployment Workbench select your deployment share, select Applications, select New application, and select Application with source files:
7.3) Add Publisher (optional), Application name (required), Version (optional) and Language (optional):
7.4) In Source page of New Application Wizard, browse to and select the folder where you saved the application installer and click Next. Accept defaults in Destination page.
7.5) In Command Details page, enter the command for silent install. If not using silent install, the deployment would stop to ask user interaction.
In this example, as I am adding Chrome, the command for silent install is as follows:
ChromeSetup.exe /silent /install
7.6) Chrome is now added to deployment. For this example, I also added Firefox, Opera and VLC Player. Silent install command lines for these are as follows:
Firefox:
Firefox Setup 66.0.2.exe -ms
(Firefox installer name contains its version number. Change it according to version you downloaded.)
Opera:
OperaSetup.exe /SILENT /allusers=yes /launchopera=no /setdefaultbrowser=no
VLC Player:
vlc-3.0.6-win64.exe /L=1033 /S /NCRC
(Like Firefox, installer name contains version number, change it according to version you downloaded. L switch is language, 1033 is English.)
Unfortunately, it would be impossible for me to list silent installation commands for every available application, above only a few samples. Bing is your friend in this task, just search for APPNAME Silent Install
7.7) I also added Microsoft Office to deployment image. I downloaded the Office Deployment Tool (ODT) and created an XLM script with Office Customization Tool (OCT) to download Office from Microsoft cloud (CDN, Content Delivery Network) as told in this tutorial: Custom install or change Microsoft Office with Office Deployment Tool | Tutorials
I saved both ODT setup file Setup.exe and OCT configuration file Configuration.xml to folder Office:
The Office configuration file Configuration.xml used in this example:
Code:<Configuration ID="1e03e53a-9a5d-41d4-91eb-1353c6790ff4"> <Add OfficeClientEdition="32" Channel="Insiders" ForceUpgrade="TRUE"> <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> <Language ID="fi-fi" /> <Language ID="sv-se" /> <Language ID="de-de" /> </Product> </Add> <Property Name="SharedComputerLicensing" Value="0" /> <Property Name="PinIconsToTaskbar" Value="FALSE" /> <Property Name="SCLCacheOverride" Value="0" /> <Updates Enabled="TRUE" /> <Display Level="Full" AcceptEULA="TRUE" /> <Logging Level="Off" /> </Configuration>
It downloads and installs Office Pro Plus, latest version, in US English, and adds Office language packs for Finnish, Swedish and German.
7.8) To add Office as New Application to MDT Deployment Workbench, follow the steps 7.2 through 7.5. The install command to add in step 7.5 is as follows:
setup.exe /configure Configuration.xml
Whereas Chrome, Firefox, Opera and VLC Player where added as silent installers in this example deployment, Office will be first downloaded from Microsoft CDN on target device using the configuration file provided. This adds a few minutes to deployment because target device must download almost 4 GB of data, but it is a very easy and convenient way to install Office
If you have an Office ISO, you can use it as a source when adding new application. Mount the ISO and use it as source. In that case, the install command would be simplysetup.exe
7.9) All applications added:
7.10) When deployment task is now run on target device, you can choose which applications will be installed:
7.11) If you want to do an automated deployment as told in Part Six, you can modify the CustomSettings.ini (step 6.6). Add following lines to INI file:
SkipApplication=YES means that Deployment Wizard when run on target device does not ask which applications to install. In following lines we will then add applications with their GUID, first application being Applications001=GUID, next one Applications002=GUID and so on.Code:SkipApplications=YES Applications001={a6a564c5-4c2c-41e8-9f68-c13d9b63ecd8}
The application GUID can be found in its properties. Select Applications in your deployment share, right click an application on middle pane, select Properties. The GUID can be seen in General tab:
In my example case, adding Chrome, Firefox, Opera, VLC and Office to be installed automatically, that section of CustomSettings.ini looks like this:
Code:SkipApplications=YES Applications001={a6a564c5-4c2c-41e8-9f68-c13d9b63ecd8} Applications002={38b1a9d8-c8b6-405b-b40d-27794c9c3a99} Applications003={9ba3ae8a-856b-4f39-9a69-95f307309d3a} Applications004={32ce5ae2-ffa7-4770-a6ff-4b8c6958dee8} Applications005={afde4f64-9e61-4c2f-958f-b553ff90f2d2}
8.1) To add hardware drivers, select your deployment share, select Out-of-Box Drivers, select Import Drivers, browse to and select the folder containing drivers you'd like to add:
8.2) As I want to wipe the hard disk on an HP laptop and deploy a new custom image, I first exported its current, working drivers as told in this tutorial: DISM - Add or Remove Drivers on an Offline Image | Tutorials (Part Two).
I then imported them to my deployment share:
8.3) When deploying to that laptop with MDT, it will be somewhat faster because instead of Windows Setup searching and downloading drivers, they already exist.
In my opinion, adding drivers to deployment image is mostly unnecessary. Windows 10 is extremely good in finding and installing correct drivers, and it does really not take too much time. I recommend adding drivers to MDT only if you have a very specific device which needs a specific driver.
In Part 6 we automated the deployment task by editing the CustomSettings.ini file. If left as-is, when we run the MDT script on our target device, it will automatically start a new OS deployment. Instead of capturing a custom image or upgrading target device on the reference machine, its OS would be completely wiped and replaced with a clean install.
We must edit the CustomSettings.ini every time before Capture task as shown in this Part Nine and Upgrade task shown in Part Ten are run on target devices.
The following code shows all the edits I made just now to CustomSettings.ini we edited in Part Six. I changed two YES values to NO in two lines (blue highlight). Also, I added a semicolon followed by a space to the beginning of the TaskSequence line (red), and to every Applications00X line to avoid unnecessary reinstall of applications.
A Semicolon flags its line as a remark or comment, which is then ignored when the task is run:
Code:[Default] OSInstall=Y _SMSTSORGNAME=TenForums SkipAdminPassword=YES SkipCapture=NO SkipApplications=YES ; Applications001={a6a564c5-4c2c-41e8-9f68-c13d9b63ecd8} ; Applications002={38b1a9d8-c8b6-405b-b40d-27794c9c3a99} ; Applications003={9ba3ae8a-856b-4f39-9a69-95f307309d3a} ; Applications004={32ce5ae2-ffa7-4770-a6ff-4b8c6958dee8} ; Applications005={afde4f64-9e61-4c2f-958f-b553ff90f2d2} SkipBDDWelcome=YES SkipTaskSequence=NO ; TaskSequenceID=DEP01 SkipBitLocker=YES SkipComputerBackup=YES SkipComputerName=YES SkipDeploymentType=YES SkipDomainMembership=YES SkipUserData=YES SkipLocaleSelection=YES SkipProductKey=YES SkipSummary=YES SkipTimeZone=YES EventService=http://AGM-W10PRO03:9800
With these changes, automatic deployment is not run, letting me to choose Upgrade or Capture task.9.1) In Parts Six & Seven, we customized the deployment image by modifying answer file, INI files and adding software. Personally, I prefer to capture a custom image, and then import the captured custom WIM file to MDT as OS as told in Part Three
Start by installing Windows 10 on a reference machine. I always use Hyper-V virtual machines as reference machines, temporary virtual machines to build a custom image.
9.2) While Windows ins installing on reference machine, create a new Task Sequence as in steps 4.1 through 4.8, this time selecting Sysprep and Capture from dropdown list in Select Template page of New Task Sequence Wizard:
9.3) When reference machine has finished Windows Setup and boots to OOBE showing region and language selection screen, press CTRL + SHIFT + F3 to restart in Audit Mode:
Windows boots to Audit Mode using default built-in admin credentials.
9.4) Customize Windows as you'd prefer, install software, change settings. Notice that as reference machine is at this point not activated, personalization settings cannot be changed. Workaround: to change theme and colors, copy an earlier exported Windows Theme file to reference machine and apply theme.
9.5) When ready, do not sign out / restart / shut down. Still in Audit Mode, signed in as built-in admin, open File Explorer on reference machine, select This PC (#1 in screenshot), select Computer tab (#2), and select Map network drive (#3). Enter the network path to your deployment share (\\server\share, #4), unselect Reconnect at sign-in (#5), select Connect using different credentials (#6), and finally click Finish (#7):
Tutorial: Map Network Drive in Windows 10 | Tutorials
9.6) Enter network credentials to access your deployment share on MDT Workbench machine:
9.7) Open mapped deployment share in File Explorer, browse to Scripts folder and run script LiteTouch.vbs:
Be sure to run the VBScript file (.vbs), not the Windows Script File (.wsf)! Small but important difference.
9.8) The script runs Deployment Wizard on reference machine. Sign in to deployment share on MDT Workbench machine as in step 5.3, and when prompted, select your new capture Task Sequence:
9.9) Click Next and start capture process. Reference machine will run Sysprep:
9.10) After Sysprep, reference machine restarts to WinPE to capture the WIM image:
9.11) If capture process has errors or warnings, check details to see if there's reason to be concerned. Warnings are usually not serious, like these two warning I got now, Image will be OK:
9.12) By default, you'll find captured images in Captures folder in your deployment share. You can now import it as OS to deployment share, selecting Custom Image File as told in step 3.4, and deploy it to other machines.
10.1) I want to upgrade some physical and virtual machines to latest Windows Insider Skip Ahead build, build 18865 when writing this. To do that, I must first mount the build 18865 ISO and import it to deployment share as told in Part Three.
10.2) Next step is to create a new Upgrade Task Sequence as told in Part Four, this time selecting Standard Client Upgrade Task Sequence in Select Template page, thereafter select the Insider build 18865:
10.3) On target machine, sign out from your current account and sign in to built-in admin account. Map the deployment share on MDT Workbench machine as told in steps 9.5 and 9.6.
10.4) Run LiteTouch.vbs script as told in step 9.7, selecting the upgrade task:
10.5) The upgrade starts:
Be patient, the progress bar remains still quite long, upgrade can take anything from 15 minutes to over an hour, depending on your hardware.
That's it!
Kari
Microsoft Deployment Toolkit - Easy and Fast Windows Deployment
-
New #1
Hi Kari
Once again another great tutorial! I started stepping through it and had a couple comments so far
1. re: "To download a WIM-based ISO, open Windows Media Creation Tool page in browser, press F12"
I happened to use Chrome and couldn't find the Emulation tab. After checking other browsers, looks like it must use IE or MS Edge browser for this step to see an Emulation tab
2. MDT download and Win 10 v1903 compatibility?
MS released Win 10 v1903 since you posted. Accordingly, when a user clicks your links they get v1903 versions for Media Creation Tool and ADK. Yet MS hasn't updated the MDT download yet.
It still downloads MDT v8456 which only states support for Win 10 v1809. I've seen people ask in MS Technet forums if its also Win 10 v1903 compatible with no official answer (whether a new MDT is coming or MS just need update MDT release notes to include the latest v1903)
-
New #2
First, sorry for delayed reply.
Full instructions to get WIM-based ISO, see Option Three in this tutorial: Download Windows 10 ISO File
No problems. MDT works with Windows 7 and later operating systems, all versions.2. MDT download and Win 10 v1903 compatibility?
MS released Win 10 v1903 since you posted. Accordingly, when a user clicks your links they get v1903 versions for Media Creation Tool and ADK. Yet MS hasn't updated the MDT download yet. It still downloads MDT v8456 which only states support for Win 10 v1809. I've seen people ask in MS Technet forums if its also Win 10 v1903 compatible with no official answer (whether a new MDT is coming or MS just need update MDT release notes to include the latest v1903)
Kari
-
New #3
I am getting this error when trying to edit the unattend.xml through the workbench.
Windows 1903 build.
Code:Performing the operation "generate" on target "Catalog". Starting: "C:\Program Files\Microsoft Deployment Toolkit\Bin\Microsoft.BDD.Catalog40.exe" "C:\DeploymentShare\Operating Systems\Windows 10 Enterprise x64\Sources\install.wim" 3 > "C:\Users\LOCALA~1\AppData\Local\Temp\Microsoft.BDD.Catalog.log" 2>&1 No existing catalog file found. PROGRESS: 0: Starting. PROGRESS: 0: Creating mount folder: C:\Users\Local Admin\AppData\Local\Temp\IMGMGR_install_Windows 10 Enterprise_noiiasez.1sl. PROGRESS: 5: Creating temp folder: C:\Users\Local Admin\AppData\Local\Temp\IMGMGR_install_temp_luf3gy2u.3z2. PROGRESS: 10: Mounting Windows image: C:\DeploymentShare\Operating Systems\Windows 10 Enterprise x64\Sources\install.wim. This might take a few minutes. PROGRESS: 30: Mounted Windows image. PROGRESS: 33: Serializing Data. PROGRESS: 63: Cleaning up... PROGRESS: 63: Unmounting Windows image: C:\DeploymentShare\Operating Systems\Windows 10 Enterprise x64\Sources\install.wim. PROGRESS: 66: Deleting mount folder. PROGRESS: 69: Cleaning up... ERROR: Unable to generate catalog on C:\DeploymentShare\Operating Systems\Windows 10 Enterprise x64\Sources\install.wim: System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.ComponentStudio.ComponentPlatformImplementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. File name: 'Microsoft.ComponentStudio.ComponentPlatformImplementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.ComponentStudio.ComponentPlatformInterface.Cpi.CreateOfflineImageInstance(OfflineImageInfo imageInfo) at Microsoft.ComponentStudio.ComponentPlatformInterface.OfflineImageCatalog.Serialize(OfflineImageInfo imageInfo) at Microsoft.ComponentStudio.ComponentPlatformInterface.OfflineImageInfo.CreateCatalog() at Microsoft.BDD.Catalog.Program.DoCatalog() WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog]. Non-zero return code from catalog utility, rc = 2002
-
New #4
Forgive my ignorance here, but if I have a system which has multiple Win 10 Pro partitions, ("production" and several "test" or "scratch" partitions) and I multi-boot, can I use this approach to save time and standardize across the different partitions?
-
-
New #6
If you use MDT to deploy Windows, the whole disk will be wiped, all partitions deleted before creating new partitions as told in Task Sequence. If you have multiple Windows on different partitions on same disk, you cannot use MDT to deploy Windows just to one partition, keeping the others.
Kari
-
New #7
Problem with Section 6 of Tutorial on Multiple Machines
I've followed this tutorial successfully through section # 5 and have been able to deploy windows with no problem.
However, today I decided that I would start following the steps in section 6. On the very first step, in trying to create a catalog file, it fails.
Please note that I already have installed the WSIM fix which resolves issues related to this when running on Windows 1903. Note that that I can successfully create catalog files and answer files through WSIM.
Information about my configuration and things I have tried:
I am running on Windows 10 Pro x64 1909.
I have the Windows 1903 / 1909 ADK installed with the Deployment Tools and User State Migration Tools (USMT) options.
I am using a Windows 10 x64 1909 ISO image as my source
The Windows PE add-on is installed.
The WSIM patch is installed.
I have tried on 2 completely different systems and get the exact same failure on both.
I have verified that on both systems I can generate catalog files and create answer files via WSIM.
So, to workaround this issue, can I simply import my existing answer files created in WSIM into MDT somehow? Since I already have existing answer files, even if creation through MDT was working, I would still like to know if I can simply use my already existing files.
Here is the log showing the failure I am running into:
Code:Performing the operation "generate" on target "Catalog". Starting: "C:\Program Files\Microsoft Deployment Toolkit\Bin\Microsoft.BDD.Catalog40.exe" "E:\DeploymentShare\Operating Systems\Win 10 x64 1909\Sources\install.wim" 6 > "C:\Users\hanness\AppData\Local\Temp\Microsoft.BDD.Catalog.log" 2>&1 No existing catalog file found. PROGRESS: 0: Starting. PROGRESS: 0: Creating mount folder: C:\Users\hanness\AppData\Local\Temp\IMGMGR_install_Windows 10 Pro_gv35g5o1.f0n. PROGRESS: 5: Creating temp folder: C:\Users\hanness\AppData\Local\Temp\IMGMGR_install_temp_iyceu1ay.4qj. PROGRESS: 10: Mounting Windows image: E:\DeploymentShare\Operating Systems\Win 10 x64 1909\Sources\install.wim. This might take a few minutes. PROGRESS: 30: Mounted Windows image. PROGRESS: 33: Serializing Data. PROGRESS: 63: Cleaning up... PROGRESS: 63: Unmounting Windows image: E:\DeploymentShare\Operating Systems\Win 10 x64 1909\Sources\install.wim. PROGRESS: 66: Deleting mount folder. PROGRESS: 69: Cleaning up... ERROR: Unable to generate catalog on E:\DeploymentShare\Operating Systems\Win 10 x64 1909\Sources\install.wim: System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.ComponentStudio.ComponentPlatformImplementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. File name: 'Microsoft.ComponentStudio.ComponentPlatformImplementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.ComponentStudio.ComponentPlatformInterface.Cpi.CreateOfflineImageInstance(OfflineImageInfo imageInfo) at Microsoft.ComponentStudio.ComponentPlatformInterface.OfflineImageCatalog.Serialize(OfflineImageInfo imageInfo) at Microsoft.ComponentStudio.ComponentPlatformInterface.OfflineImageInfo.CreateCatalog() at Microsoft.BDD.Catalog.Program.DoCatalog() WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog]. Non-zero return code from catalog utility, rc = 2002
-
New #8
First, please do not use C tags when posting code or long text. Use CODE tags instead, to make post shorter. C and CS tags are meant for one line command samples.
I just tested, I am running WSIM 18980, works perfectly with MDT.
OK, then. The individual unattend.xml answer file for each task sequence is stored in $DeploymentShare\Control\TaskSequenceName folder:
Can you open your task sequence answer files normally when MDT is not running, running WSIM from Windows Kits and opening answer file from there?
In any case, it is totally OK to manually open and edit it in any text or code editor (Notepad, Code Writer etc.).
Kari
-
New #9
Kari, sorry about the misuse of the C tag.
I can open the answer file in the location you specified with the WSIM, but thanks to your screenshots I have a good idea where the problem must be. For some reason my version o WSIM is older (10.0.18362.144). I applied the WSIM patch exactly as the instructions indicate from an elevated command prompt after changing to the directory where the files were extracted. My WSIM is also installed in the default location.
I'll have to do some troubleshooting to see if I can figure out why I'm not getting the latest version.
Thanks again for your help.
- - - Updated - - -
Kari, is it possible that you are running an insider build of WSIM? I just uninstalled the Win PE add-on, and the ADK, re-downloaded both from scratch, and reinstalled. Applied the WSIM update patch, and I'm still on that older build.
Microsoft Deployment Toolkit - Easy and Fast Windows Deployment
How to use MDT to deploy Windows 10Published by Kari "Kalsarikänni" FinnCategory: Installation & Upgrade
11 Apr 2020
Quote
Related Discussions
