Site icon Cybertek Defense

Windows Deployment Services and Microsoft Deployment Toolkit Image Deployment

WDS (Windows Deployment Services) deploys Windows operating systems over the network.  It utilizes a mixture of roles from the server such as adding boot and OS (Operating System) images and storing drivers.  WDS eliminates the need to manually image computers with a boot disk and install individual programs.  MDT (Microsoft Deployment Tool) is also used with WDS to create the OS and procedures.  Rather than creating a custom image and using sysprep, MDT can manage different OS’s, drivers, applications, and task sequences for deployment.  

The image from MDT can be uploaded into WDS and then WDS can push the image out to computers using PXE.  PXE (Preboot eXecution Environment) is the service used to send and receive images over the network.  WDS can also capture images from remote computers.  The same PXE service is utilized to retrieve the computer OS, but the computer must already be in sysprep mode before the image is obtained.  This walkthrough does not discuss the steps for capturing images. 

Requirements:

Set up the MDT production deployment share

When you are ready to deploy Windows in a production environment, you will first create a new MDT deployment share.

Create the MDT production deployment share

  1. Using the Deployment Workbench, right-click Deployment Shares and select New Deployment Share.
  2. On the Path page, in the Deployment share path text box, type the location where the deployment share will be saved and click Next.
  3. On the Share page, in the Share name text box, leave default if already populate or add the name of the deployment share and click Next.
  4. On the Descriptive Name page, in the Deployment share description text box, type MDT Production and click Next.
  5. On the Options page, accept the default settings and click Next twice, and then click Finish.
  6. Using File Explorer, verify that you can access the deployment share.

Step 1: Add an image

The next step is to add an image into the deployment share with the setup files required to successfully deploy Windows. When adding an image, you still need to copy setup files (an option in the wizard) because Windows stores additional components in the Sources\SxS folder which is outside the image and may be required when installing components.

Add the Windows image

Make sure you extract the contents of the Windows ISO image so that you can see the sources folder.  The sources folder should contain a boot and image file that is used for deployment setup.

  1. Using the Deployment Workbench, expand the Deployment Shares node, and then expand MDT Production; select the Operating Systems node, and create a folder named Windows.
  2. Right-click the Windows folder and select Import Operating System.
  3. On the OS Type page, select Full set of source files and click Next.
  4. On the Source page, in the Source directory text box, browse to the folder where the extract Windows ISO is located and click Next.
  5. On the Destination page, in the Destination directory name text box, type the name of the directory, click Next twice, and then click Finish.

Note
The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.

Figure 2. The imported operating system after renaming it.

Step 2: Add an application

When you configure your MDT Build Lab deployment share, you will also add any applications to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the MDT Production deployment share using Adobe Reader as an example.

Create the install: Adobe Reader XI x86

In this example, we assume that you have downloaded the Adobe Reader XI installation file (AdbeRdr11000_eu_ES.msi) to E:\Setup\Adobe Reader on MDT01.

  1. Using the Deployment Workbench, expand the MDT Production node and navigate to the Applications node.
  2. Right-click the Applications node, and create a new folder named Adobe.
  3. In the Applications node, right-click the Adobe folder and select New Application.
  4. On the Application Type page, select the Application with source files option and click Next.
  5. On the Details page, in the Application name text box, type Install – Adobe Reader XI – x86 and click Next.
  6. On the Source page, in the Source Directory text box, browse to E:\Setup\Adobe Reader XI and click Next.
  7. On the Destination page, in the Specify the name of the directory that should be created text box, type Install – Adobe Reader XI – x86and click Next.
  8. On the Command Details page, in the Command Line text box, type msiexec /i AdbeRdr11000_eu_ES.msi /q, click Next twice, and then click Finish.

Figure 3. The Adobe Reader application added to the Deployment Workbench.

Step 3: Prepare the drivers repository

In order to deploy Windows with MDT successfully, you need drivers for the boot images and for the actual operating system.  This walkthrough uses WDS to import the drivers into the OS images.  Refer to STEP 3: Add drivers into specific groups based on model of laptop under WDS Setup for more information.

Step 4: Create the deployment task sequence

This section will show you how to create the task sequence used to deploy your production Windows image. You will then configure the tasks sequence to enable patching via a Windows Server Update Services (WSUS) server.

Create a task sequence for Windows

  1. Using the Deployment Workbench, select Task Sequences in the MDT Production node, and create a folder named Windows.
  2. Right-click the new Windows folder and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
  1. Task sequence ID: W10-X64-001
  2. Task sequence name: Windows Image
  3. Task sequence comments: Production Image
  4. Template: Standard Client Task Sequence
  5. Select OS: Windows Image
  6. Specify Product Key: Do not specify a product key at this time
  7. Full Name: Contoso
  8. Organization: Contoso
  9. Internet Explorer home page: about:blank
  10. Admin Password: Do not specify an Administrator Password at this time ### Edit the Windows task sequence
  11. Right-click the Windows Image task sequence, and select Properties.
  12. On the Task Sequence tab, configure the Windows Image task sequence with specific settings for the deployment.

Figure 6. The task sequence for production deployment.

Step 5: Configure the MDT production deployment share

In this section, you will learn how to configure the MDT Build Lab deployment share with the rules required creating a simple and dynamic deployment process. This includes configuring commonly used rules and an explanation of how these rules work.  The rules are generated automatically when the deployment share is created.  You do not need to modify the rules unless you want to add or skip settings during the deployment process.

Configure the rules

  1. Right-click the MDT Production deployment share and select Properties.
  2. Select the General tab and check the Platforms Support based on what version you are deploying to.
  3. Select the Rules tab and modify using the following information:
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
OSInstall=YES
UserDataLocation=AUTO
TimeZoneName=Pacific Standard Time 
AdminPassword=P@ssw0rd
JoinDomain=contoso.com
DomainAdmin=CONTOSO\MDT_JD
DomainAdminPassword=P@ssw0rd
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
SLShare=\\MDT01\Logs$
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
USMTMigFiles001=MigApp.xml
USMTMigFiles002=MigUser.xml
HideShell=YES
ApplyGPOPack=NO
WSUSServer=mdt01.contoso.com:8530
SkipAppsOnUpgrade=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=NO
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=NO
SkipBitLocker=YES
SkipSummary=YES
SkipCapture=YES
SkipFinalSummary=NO
 [Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
SkipBDDWelcome=YES

Note
It will take a while for the Deployment Workbench to create the monitoring database and web service.

Figure 7. The Windows PE tab for the x64 boot image.

The rules explained

The rules for the MDT deployment share deploy the machines into a domain instead of a workgroup and that you do not automate the logon.

The Bootstrap.ini file

This is the MDT Production Bootstrap.ini without the user credentials (except domain information):

 [Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
SkipBDDWelcome=YES

The CustomSettings.ini file

This is the CustomSettings.ini file with the new join domain information:

 [Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
OSInstall=Y
UserDataLocation=AUTO
TimeZoneName=Pacific Standard Time 
AdminPassword=P@ssw0rd
JoinDomain=contoso.com
DomainAdmin=CONTOSO\MDT_JD
DomainAdminPassword=P@ssw0rd
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
SLShare=\\MDT01\Logs$
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
USMTMigFiles001=MigApp.xml
USMTMigFiles002=MigUser.xml
HideShell=YES
ApplyGPOPack=NO
WSUSServer=http://mdt01.contoso.com:8530
SkipAppsOnUpgrade=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=NO
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=NO
SkipBitLocker=YES
SkipSummary=YES
SkipCapture=YES
SkipFinalSummary=NO
EventService=http://MDT01:9800

The additional properties to use in the MDT Production rules file are as follows:

Update the deployment share

Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.

  1. Right-click the MDT Production deployment share and select Update Deployment Share.
  2. Use the default options for the Update Deployment Share Wizard.

Note
The update process will take 5 to 10 minutes.

Step 5: Deploy the Windows 10 client image

These steps will walk you through the process of using task sequences to deploy Windows images through a fully automated process. First, you need to add the boot image to WDS and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the PXE to start the full deployments in the datacenter.  WDS can be installed on a separate server than the DHCP, DNS, and AD DS server/s. 

WDS Setup

STEP 1: Install WDS role

STEP 2: Configure the role

STEP 3: Add drivers into specific groups based on model of laptop

NOTE: Adding drivers from different model computers will be stored in WDS under one folder.  WDS does not sort what drivers go to what model computer.  We can configure what drivers should go to what model computer later in this step.

NOTE: Some drivers may fail to be imported.  Determine the name of each driver and repeat the above steps to add individual inf files

STEP 4: Add the boot image to deploy the Windows operating system.  The boot images will come from the deployment share under the sources folder.  The file is called.

Figure 9. The boot image added to the WDS console.

Deploy Images

STEP 1: Deploy the Windows OS

There are two ways to enable PXE on a laptop.  This allows you to choose the NIC card as a boot option.  With secure boot enabled and booting to UEFI, there is no option to boot to the NIC card.  Use option 1 first, otherwise use option 2 below.

See also

Exit mobile version