Windows 10 Deployment with MDT
Please refer to the tutorial below for Windows 10 Deployment with MDT
Components used in this lab
- Windows 2019 Server Core as AD Domain Controller
- AVENTIS-AD01 – 192.168.1.230
- Windows 2019 Server as MDT Deployment Server
- AVENTIS-MGMT – 192.168.1.232
Software Required for MDT Installation
- Download Windows ADK for Windows 10, version 1903 and Windows PE Add on for ADK and save it locally
Windows PE is available separately form the Assessment and Deployment Kit (ADK) starting from Windows 10 version 1809
- Download Microsoft MDT 8456 – MicrosoftDeploymentToolkit_x64.msi
- Download ISO Installation file for Windows 10 1909 from [Microsoft Volume License Service Center] (https://www.microsoft.com/Licensing/servicecenter/default.aspx)
- Driver Pack for HP Laptop
- Installation Files for Applications, like 7Zip, Foxit Reader and etc
Installation of Windows Deployment Service (WDS)
Install WDS Role with the PowerShell
#Enable WDS Role
Install-WindowsFeature wds-deployment -includemanagementtools
Open Windows Deployment Service and right click on Server-SERVER_NAME-Configure Server
Select Integrated with Active Directory
Select the Remote Installation Folder
Select Response to all client computers (known and unknown)
Uncheck Add image to the server now
We will prepare the Boot & Capture Image in later stage
Preparation of DHCP Server for PXE Boot
Add the following DHCP Options to existing DHCP Server running on AVENTIS-AD01
#Define 060 as PXEClient
Add-DhcpServerv4OptionDefinition -ComputerName $env:COMPUTERNAME -Name "PXEClient" -Description "PXE Support" -OptionId 060 -Type String
#Set PXE Boot Options
Set-DhcpServerv4OptionValue -OptionId 066 -Value "192.168.1.232"
Set-DhcpServerv4OptionValue -OptionId 067 -Value "\boot\x64\wdsnbp.com"
DHCP Option 066 & 067 are configured
Do not configure Option 60 if DHCP Server is NOT installed on MDT Server, or VM will failed to boot from PXE with error PXE-E55 ProxyDHCP did not reply to request on port 4011
Installation of Windows ADK & MDT
Install ADK v1903 by double click on C:\Users\administrator.LAB\Downloads\Windows Kits\10\ADK\adksetup.exe
Select the following features when prompted
- Deployment Tools
- Imaging And Configuration Designer (ICD)
- Configuration Designer
- User State Migration Tool (USMT)
Install WinPE by double click on C:\Users\administrator.LAB\Downloads\Windows Kits\10\ADKWinPEAddons\adkwinpesetup.exe
Installation of MDT v8456
Launch MDT by opening Deployment Workbench
Create Deployment Share with PowerShell
Import PowerShell Module for MDT
Import-Module “C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1”
Create a New Deployment Share called MDT$ in M:\MDT on AVENTIS-MGMT
$MDT_Folder = "M:\MDT"
$MDT_Share = "MDT$"
$MDT_Path = "\\192.168.1.232\MDT$"
New-Item -Path $MDT_Folder -ItemType directory
New-SmbShare -Name $MDT_Share -Path $MDT_Folder -FullAccess Administrators
New-PSDrive -Name "DS001" -PSProvider "MDTProvider" -Root $MDT_Folder -Description "MDT Deployment Share" `
-NetworkPath $MDT_Path -Verbose | add-MDTPersistentDrive -Verbose
Prepare Boot Image in WDS
A boot image is a WindowsPE which is a stripped down OS that only includes the necessary tools to install, deploy, and repair Windows.
Mount Windows 10 1909 ISO File
#Mount Windows 10 1909 ISO File
$ISO = "E:\MyLAB\MDT\WIN10_1909.iso"
$MountInfo = Mount-DiskImage -ImagePath $ISO
Write-Output "ISO is mounted to $(($MountInfo | Get-Volume).DriveLetter):\"
#Dismount ISO when done
Dismount-DiskImage -ImagePath $ISO
Right click on Boot Image-Add Boot Image
Select E:\Sources\Boot.wim
Enter Image Name, like WIN10-BOOT
Import VMware Drivers to Boot Image
Please follow the steps below to import VMware Drivers to Boot image if you are preparing the Windows 10 reference image in VMware ESXi Host
Download VMware Tools (windows.iso) from ESXi host with SCP
scp [email protected]:/vmimages/tools-isoimages/windows.iso /home/mobaxterm
Mount the ISO file and extract the contents to M:\MDT-Apps\VMware with "setup64.exe /a /p"
VMware Drivers are extracted to M:\MDT-Apps\VMware\VMware\VMware Tools\VMware\Drivers
Open Windows Deployment Services and right click on Drivers – Add Driver Package to import drivers
Create a Driver Group called VMware where prompted
Accept all default values when prompted, and VMware Drivers are imported successfully
Right click on WIN10-BOOT and select Add Drivers Package to Image
Click Search for Packages
VMware Drivers are imported to boot.wim image successfully
Prepare Capture Image
A capture Image is used to capture a Windows 10 Reference Images and import it to MDT for deployment
Right Click on WIN10-BOOT and select Create Capture Image
Enter Name & Location for Capture Image
Check Add Image to the Windows Deployment Server Now
Enter the Location & Image Name when prompted
WIN10-BOOT & WIN10-CAPTURE are created in WDS successfully
Prepare Windows 10 Reference Image
Refer to Prepare Windows 10 Image for MDT Deployment
Capture Windows 10 Reference Image
Refer to Capture Windows 10 Image for MDT Deployment
Import Windows 10 Reference Image
Import the captured WIN10-2004.wim file to MDT
- -SetupPath – Location of the Windows 10 ISO File
- -DestinationFolder – Create a new Folder for WIN10-2004.wim image
# Import WIM file
$SourceFile = "M:\WIN10-2004.wim"
$MDT_Drive = (Get-MDTPersistentDrive)
# creates temporary and persistent drives to map to MDT Drive - DS001
New-PSDrive -Name $MDT_Drive.Name -PSProvider MDTProvider -Root $MDT_Drive.Path
Import-MDTOperatingSystem -Path "DS001:\Operating Systems" -SourceFile $SourceFile -SetupPath D: -DestinationFolder "WIN10PRO-2004"
Rename the imported image
Get-ChildItem "DS001:\Operating Systems"
Name
----
WIN10-1909.wim
WIN10PRO-2004 in WIN10PRO-2004 WIN10-2004.wim
Rename-Item '.\WIN10PRO-2004 in WIN10PRO-2004 WIN10-2004.wim' "WIN10PRO-2004.wim"
WIN10PRO-2004.wim is imported to Deployment Share – Operating Systems successfully
Out of Box Drivers
Drivers for Windows 10 can be organized in folder and injected to Windows 10 during MDT deployment
Download and extract SCCM Driver Pack, like HP Driver Pack and import to MDT Server using PowerShell below
# Create a New Folder
New-Item -path "DS001:\Out-of-Box Drivers" -enable "True" -Name "VMware" -ItemType "folder" -Verbose
# Import Drivers
Import-MDTDriver -path "DS001:\Out-of-Box Drivers\VMware" -SourcePath "M:\Drivers\VMware" -Verbose
New folder called VMware is created in Out-of-Box-Drivers with all VMware Drivers imported
Selection Profile
Selection Profile can be used to control what drivers and packages are injected into the Boot Image.
Create a new Selection Profile called VMware with all drivers in Out-of-Box Drivers\VMware
New-Item -path "DS001:\Selection Profiles" -enable "True" -Name "VMware" -Definition "<SelectionProfile><Include path=`"Out-of-Box Drivers\VMware`" /></SelectionProfile>" -ReadOnly "False" -Verbose
Task Sequence
Task sequences are basic XML files which call on a series of scripts to run parameters chosen by the user, when the task was created.
Create a new Task Sequence based on the template Client.xml to deploy WIN10PRO-2004.wim to new computer
Import-MDTTaskSequence -Path "DS001:\Task Sequences" -Name "WIN10PRO-2004" -Template "Client.xml" -ID "010" -OperatingSystemPath "DS001:\Operating Systems\WIN10PRO-2004.wim" `
-Version 1.0 -Verbose
Customize the Task Sequence
- Disable Format and Partition Disk (BIOS)
- Remove the Recovery Partition and increase the Windows (Primary) partition to use 100% of the remaining spaces
- Inject Drivers – Select the Drive Profile to be installed during OS Deployment
- Install Operating System – Select the WIM file that will be deployed and Select Next Available Formatted Partition
- Inject Drivers – Select Continue on Error
- Add a PowerShell Script in State Restore – Custom Tasks – Run PowerShell Script
Create a PowerShell Script called PostInstallation.ps1 in M:\DeploymentShare\Scripts\Custom
# PostInstallation.ps1
# Join to AD Domain
$cred = New-Object System.Management.Automation.PsCredential("LAB\Administrator", (ConvertTo-SecureString "P@ssw0rd!@#$" -AsPlainText -Force))
Add-Computer -DomainName "lab.aventislab.com" -Credential $cred -OUPath "OU=MDT,DC=lab,DC=aventislab,DC=com"
- Enter the location of PowerShell Script – %SCRIPTROOT%\Custom\PostInstallation.ps1
- Disable Apply Local GPO Package
We had create a task sequence to deploy Windows 10 PRO successfully
Convert the Task Sequence to Template
Copy the the Task Sequence we prepared above from M:\DeploymentShare\Control\010\ts.xml to M:\DeploymentShare\Templates\TS-WIN10PRO-UEFI-VM.xml
Open the XML file with Notepad and change the Display Name this Template
Select the Template – TS-WIN10PRO-WUFI-VM when you want to create a similar Task Sequence in the future.
Update Deployment Share
Update Deployment Share with the latest file from the Windows ADK to updates or regenerates the required Windows PE boot images in both WIM and ISO file formats.
- Right click on MDT Deployment Share – General and uncheck x86 as we are going to use x64 files only
- Modify the CustomSettings.ini (Rules) and Bootstrap.ini in M:\DeploymentShare\Control
[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
AdminPassword=Vind@100
SkipComputerBackup=YES
SkipBitLocker=NO
BDERecoveryKey=AD
BDEInstall=TPMPin
SkipCapture=YES
SkipComputerName=NO
SkipComputerBackup=YES
SkipDomainMembership=YES
SkipFinalSummary=YES
SkipLocaleSelection=YES
KeyboardLocale=en-us
UserLocale=en-us
UILanguage=en-us
SkipPackageDisplay=No
SkipProductKey=YES
SkipSummary=YES
SkipTaskSequence=NO
SkipTimeZone=YES
TimeZoneName=Singapore Standard Time
WSUSServer=http://prod-mdt.lab.aventislab.com:8530
SkipUserData=Yes
FinishAction=REBOOT
EventService=http://PROD-MDT.lab.aventislab.com:9800[Settings]
Priority=Default
[Default]
DeployRoot=\\PROD-MDT\DeploymentShare$
UserID=lab\administrator
UserPassword=P@ssw0rd!@#$- Uncheck Generate a Lite Touch Bootable ISO Image as we are not going to use the WinPE ISO file to boot up VM
- Update Deployment Share
Update-MDTDeploymentShare -Path "DS001:" -Verbose
MDT Monitoring
MDT Monitoring let you to monitor the progress of deployment tasks and check for error message from MDT console
Check Enable Monitoring for this Deployment Share
Ensure that Microsoft Deployment Toolkit Monitor Service is running
Get-Service -Name MDT_Monitor | ft
Status Name DisplayName
------ ---- -----------
Running MDT_Monitor Microsoft Deployment Toolkit Monito...
Allow inbound TCP 9800 & 9801 if Windows Firewall is enabled – Optional Steps
# Allow inbound TCP 8002 TCP 9800
New-NetFirewallRule -DisplayName "In-TCP-9800" -Direction Inbound -Protocol TCP -LocalPort 9800 -Action Allow
New-NetFirewallRule -DisplayName "In-TCP-9801" -Direction Inbound -Protocol TCP -LocalPort 9801 -Action Allow
# TCP 9800 & 9801 is in listening mode
Get-NetTCPConnection | ? LocalPort -like "980*"
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting
------------ --------- ------------- ---------- ----- --------------
:: 9801 :: 0 Listen
:: 9800 :: 0 Listen
Verify that EventService=http://PROD-MDT.lab.aventislab.com:9800 is added in CustomSettings.ini
Access to http://192.168.1.232:9801/MDTMonitorData/ to confirm that the page below is displayed
You can monitor the deployment progress in MDT Console now
