WDS (Windows Deployment Services) deploys Windows operating systems over the network. It utilizes a mixture of roles from the server such as adding boot and OS (Operating System) images and storing drivers. WDS eliminates the need to manually image computers with a boot disk and install individual programs. MDT (Microsoft Deployment Tool) is also used with WDS to create the OS and procedures. Rather than creating a custom image and using sysprep, MDT can manage different OS’s, drivers, applications, and task sequences for deployment.
The image from MDT can be uploaded into WDS and then WDS can push the image out to computers using PXE. PXE (Preboot eXecution Environment) is the service used to send and receive images over the network. WDS can also capture images from remote computers. The same PXE service is utilized to retrieve the computer OS, but the computer must already be in sysprep mode before the image is obtained. This walkthrough does not discuss the steps for capturing images.
Requirements:
- Windows Server 2008 or later
- DHCP
- DNS
- WDS
- Active Directory Domain Services
- Operating System
- Software
- Keys
- Drivers
- Etc.
- MDT
- Minimum of 10 GBs of free space (local computer) for image repository
Set up the MDT production deployment share
When you are ready to deploy Windows in a production environment, you will first create a new MDT deployment share.
Create the MDT production deployment share
- Using the Deployment Workbench, right-click Deployment Shares and select New Deployment Share.
- On the Path page, in the Deployment share path text box, type the location where the deployment share will be saved and click Next.
- On the Share page, in the Share name text box, leave default if already populate or add the name of the deployment share and click Next.
- On the Descriptive Name page, in the Deployment share description text box, type MDT Production and click Next.
- On the Options page, accept the default settings and click Next twice, and then click Finish.
- Using File Explorer, verify that you can access the deployment share.
Step 1: Add an image
The next step is to add an image into the deployment share with the setup files required to successfully deploy Windows. When adding an image, you still need to copy setup files (an option in the wizard) because Windows stores additional components in the Sources\SxS folder which is outside the image and may be required when installing components.
Add the Windows image
Make sure you extract the contents of the Windows ISO image so that you can see the sources folder. The sources folder should contain a boot and image file that is used for deployment setup.
- Using the Deployment Workbench, expand the Deployment Shares node, and then expand MDT Production; select the Operating Systems node, and create a folder named Windows.
- Right-click the Windows folder and select Import Operating System.
- On the OS Type page, select Full set of source files and click Next.
- On the Source page, in the Source directory text box, browse to the folder where the extract Windows ISO is located and click Next.
- On the Destination page, in the Destination directory name text box, type the name of the directory, click Next twice, and then click Finish.
Note
The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
Figure 2. The imported operating system after renaming it.
Step 2: Add an application
When you configure your MDT Build Lab deployment share, you will also add any applications to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the MDT Production deployment share using Adobe Reader as an example.
Create the install: Adobe Reader XI x86
In this example, we assume that you have downloaded the Adobe Reader XI installation file (AdbeRdr11000_eu_ES.msi) to E:\Setup\Adobe Reader on MDT01.
- Using the Deployment Workbench, expand the MDT Production node and navigate to the Applications node.
- Right-click the Applications node, and create a new folder named Adobe.
- In the Applications node, right-click the Adobe folder and select New Application.
- On the Application Type page, select the Application with source files option and click Next.
- On the Details page, in the Application name text box, type Install – Adobe Reader XI – x86 and click Next.
- On the Source page, in the Source Directory text box, browse to E:\Setup\Adobe Reader XI and click Next.
- On the Destination page, in the Specify the name of the directory that should be created text box, type Install – Adobe Reader XI – x86and click Next.
- On the Command Details page, in the Command Line text box, type msiexec /i AdbeRdr11000_eu_ES.msi /q, click Next twice, and then click Finish.
Figure 3. The Adobe Reader application added to the Deployment Workbench.
Step 3: Prepare the drivers repository
In order to deploy Windows with MDT successfully, you need drivers for the boot images and for the actual operating system. This walkthrough uses WDS to import the drivers into the OS images. Refer to STEP 3: Add drivers into specific groups based on model of laptop under WDS Setup for more information.
Step 4: Create the deployment task sequence
This section will show you how to create the task sequence used to deploy your production Windows image. You will then configure the tasks sequence to enable patching via a Windows Server Update Services (WSUS) server.
Create a task sequence for Windows
- Using the Deployment Workbench, select Task Sequences in the MDT Production node, and create a folder named Windows.
- Right-click the new Windows folder and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
- Task sequence ID: W10-X64-001
- Task sequence name: Windows Image
- Task sequence comments: Production Image
- Template: Standard Client Task Sequence
- Select OS: Windows Image
- Specify Product Key: Do not specify a product key at this time
- Full Name: Contoso
- Organization: Contoso
- Internet Explorer home page: about:blank
- Admin Password: Do not specify an Administrator Password at this time ### Edit the Windows task sequence
- Right-click the Windows Image task sequence, and select Properties.
- On the Task Sequence tab, configure the Windows Image task sequence with specific settings for the deployment.
Figure 6. The task sequence for production deployment.
Step 5: Configure the MDT production deployment share
In this section, you will learn how to configure the MDT Build Lab deployment share with the rules required creating a simple and dynamic deployment process. This includes configuring commonly used rules and an explanation of how these rules work. The rules are generated automatically when the deployment share is created. You do not need to modify the rules unless you want to add or skip settings during the deployment process.
Configure the rules
- Right-click the MDT Production deployment share and select Properties.
- Select the General tab and check the Platforms Support based on what version you are deploying to.
- Select the Rules tab and modify using the following information:
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
OSInstall=YES
UserDataLocation=AUTO
TimeZoneName=Pacific Standard Time
AdminPassword=P@ssw0rd
JoinDomain=contoso.com
DomainAdmin=CONTOSO\MDT_JD
DomainAdminPassword=P@ssw0rd
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
SLShare=\\MDT01\Logs$
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
USMTMigFiles001=MigApp.xml
USMTMigFiles002=MigUser.xml
HideShell=YES
ApplyGPOPack=NO
WSUSServer=mdt01.contoso.com:8530
SkipAppsOnUpgrade=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=NO
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=NO
SkipBitLocker=YES
SkipSummary=YES
SkipCapture=YES
SkipFinalSummary=NO
- Click Edit Bootstrap.ini and modify using the following information:
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
SkipBDDWelcome=YES
- In the Windows PE tab, in the Platform drop-down list, make sure to select only the deployed bit architecture you are deploying to by unchecking Generate a Lite Touch bootable ISO image under Lite Touch Boot Image Settings for each Platform. This will help save space on the computer so you are not creating both x86 and x64 bit deployment images.
- Select OK.
Note
It will take a while for the Deployment Workbench to create the monitoring database and web service.
Figure 7. The Windows PE tab for the x64 boot image.
The rules explained
The rules for the MDT deployment share deploy the machines into a domain instead of a workgroup and that you do not automate the logon.
The Bootstrap.ini file
This is the MDT Production Bootstrap.ini without the user credentials (except domain information):
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
SkipBDDWelcome=YES
The CustomSettings.ini file
This is the CustomSettings.ini file with the new join domain information:
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
OSInstall=Y
UserDataLocation=AUTO
TimeZoneName=Pacific Standard Time
AdminPassword=P@ssw0rd
JoinDomain=contoso.com
DomainAdmin=CONTOSO\MDT_JD
DomainAdminPassword=P@ssw0rd
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
SLShare=\\MDT01\Logs$
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
USMTMigFiles001=MigApp.xml
USMTMigFiles002=MigUser.xml
HideShell=YES
ApplyGPOPack=NO
WSUSServer=http://mdt01.contoso.com:8530
SkipAppsOnUpgrade=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=NO
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=NO
SkipBitLocker=YES
SkipSummary=YES
SkipCapture=YES
SkipFinalSummary=NO
EventService=http://MDT01:9800
The additional properties to use in the MDT Production rules file are as follows:
- JoinDomain. The domain to join.
- DomainAdmin. The account to use when joining the machine to the domain.
- DomainAdminDomain. The domain for the join domain account.
- DomainAdminPassword. The password for the join domain account.
- MachineObjectOU. The organizational unit (OU) to which to add the computer account.
- ScanStateArgs. Arguments for the User State Migration Tool (USMT) ScanState command.
- USMTMigFiles(*). List of USMT templates (controlling what to backup and restore).
- EventService. Activates logging information to the MDT monitoring web service.
Update the deployment share
Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.
- Right-click the MDT Production deployment share and select Update Deployment Share.
- Use the default options for the Update Deployment Share Wizard.
Note
The update process will take 5 to 10 minutes.
Step 5: Deploy the Windows 10 client image
These steps will walk you through the process of using task sequences to deploy Windows images through a fully automated process. First, you need to add the boot image to WDS and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the PXE to start the full deployments in the datacenter. WDS can be installed on a separate server than the DHCP, DNS, and AD DS server/s.
WDS Setup
STEP 1: Install WDS role
- Within the server manager, select Add Roles
- Select Windows Deployment Services from the server roles list
- Make sure Deployment Server and Transport Server is selected
- Select Install
- Reboot the server
STEP 2: Configure the role
- Within the server manager, select Windows Deployment Services under roles
- Expand Servers
- The server name will be listed notating that it is not configured. Right click the server name and select Configure Server. Use the following settings
- Folder location: F:\Windows Deployment
- A folder will be created based on the name you put in the path
- If the folder location is on the same hard drive/location as the operating system, and there are no other locations to store the folder, select Yes from the warning message
- DHCP Option 60: Leave the default boxes unchecked for Do no listen on port 67 and Configure DHCP option 60 to ‘PXEClient’
- PXE Server Initial Settings: Respond to all client computers (known and unknown)
- Require administrator approval for unknown computers: Unchecked
- Folder location: F:\Windows Deployment
STEP 3: Add drivers into specific groups based on model of laptop
- Right click Drivers and select Add Driver Group using the following settings
- Type a name for this driver group: “model of the computer”
- Client Hardware Filters: Filters are not needed at this time
- Install Image Filters: Filters are not needed at this time
- Packages to Install: Install only the driver packages that match a client’s hardware
- To add specific drivers from inf files (CAB files will not work, CAB files will need to be extracted to reveal the inf files), right click Drivers and select Add Driver Package
NOTE: Adding drivers from different model computers will be stored in WDS under one folder. WDS does not sort what drivers go to what model computer. We can configure what drivers should go to what model computer later in this step.
- You can add the inf files as a group or individually
- Driver Package Location: Browse to the location where the inf files are
- Available Drivers: List of all drivers that can be imported
- Summary: Select what drivers to be included of the import
- Driver Groups: Select an existing driver group: “Group name created from earlier”
- Finish
- Driver Package Location: Browse to the location where the inf files are
NOTE: Some drivers may fail to be imported. Determine the name of each driver and repeat the above steps to add individual inf files
STEP 4: Add the boot image to deploy the Windows operating system. The boot images will come from the deployment share under the sources folder. The file is called.
- Under the WDS console, right-click Boot Images and select Add Boot Image
- Browse to the deployment share, under the Boot folder, select the LiteTouchPE.wim file and add the image with the default settings.
Figure 9. The boot image added to the WDS console.
Deploy Images
STEP 1: Deploy the Windows OS
There are two ways to enable PXE on a laptop. This allows you to choose the NIC card as a boot option. With secure boot enabled and booting to UEFI, there is no option to boot to the NIC card. Use option 1 first, otherwise use option 2 below.
- OPTION 1: Boot into the BIOS and make changes to the following.
- (System Configuration > Integrated NIC) Enabled UEFI Network Stack: Enable
- OPTION 2: Boot into the BIOS and make changes to the following. Select Apply after making each individual change
- Secure Boot Enabled: Disabled
- Advanced Boot Options: Enable Legacy Option ROMS’s
- Boot Sequence: Legacy
- Select Exit to reboot the computer
- Select F12 to boot into the boot manager
- Select Onboard NIC (IPV4)
- The MAC Address will associate with the DHCP server and communicate with the WDS server
- Press F12 when it prompts Press F12 for network service boot
- Select Boot For Deploying Images
- It will now transfer the boot image file over the network to setup the deployment
- Utilize the following for the capture setup
- Enter the credentials to connect to the WDS server
- Select the image that is based on the make and model of the computer
- Delete any partitions listed and select Disk 0 Unallocated Space partition to install the deployment image on
- It will now deploy the captured image from WDS
- Post installation steps will need to be completed once the image is done
See also