Windows 10 Deployment with MDT

Please refer to the tutorial below for Windows 10 Deployment with MDT

Components used in this lab

1. Windows 2019 Server Core as AD Domain Controller

• AVENTIS-AD01 – 192.168.1.230

2. Windows 2019 Server as MDT Deployment Server

• AVENTIS-MGMT – 192.168.1.232

Software Required for MDT Installation

1. Download Windows ADK for Windows 10, version 1903 and Windows PE Add on for ADK and save it locally

Windows PE is available separately form the Assessment and Deployment Kit (ADK) starting from Windows 10 version 1809

2. Download Microsoft MDT 8456 – MicrosoftDeploymentToolkit_x64.msi
3. Download ISO Installation file for Windows 10 1909 from [Microsoft Volume License Service Center] (https://www.microsoft.com/Licensing/servicecenter/default.aspx)
4. Driver Pack for HP Laptop
5. Installation Files for Applications, like 7Zip, Foxit Reader and etc

Installation of Windows Deployment Service (WDS)

Install WDS Role with the PowerShell

#Enable WDS Role
Install-WindowsFeature wds-deployment -includemanagementtools

Open Windows Deployment Service and right click on Server-SERVER_NAME-Configure Server

Select Integrated with Active Directory

Select the Remote Installation Folder

Select Response to all client computers (known and unknown)

Uncheck Add image to the server now

We will prepare the Boot & Capture Image in later stage

Preparation of DHCP Server for PXE Boot

Add the following DHCP Options to existing DHCP Server running on AVENTIS-AD01

#Define 060 as PXEClient
Add-DhcpServerv4OptionDefinition -ComputerName $env:COMPUTERNAME -Name "PXEClient" -Description "PXE Support" -OptionId 060 -Type String

#Set PXE Boot Options
Set-DhcpServerv4OptionValue -OptionId 066 -Value "192.168.1.232"
Set-DhcpServerv4OptionValue -OptionId 067 -Value "\boot\x64\wdsnbp.com"

DHCP Option 066 & 067 are configured

Do not configure Option 60 if DHCP Server is NOT installed on MDT Server, or VM will failed to boot from PXE with error PXE-E55 ProxyDHCP did not reply to request on port 4011

Installation of Windows ADK & MDT

Install ADK v1903 by double click on C:\Users\administrator.LAB\Downloads\Windows Kits\10\ADK\adksetup.exe

Select the following features when prompted

• Deployment Tools
• Imaging And Configuration Designer (ICD)
• Configuration Designer
• User State Migration Tool (USMT)

Install WinPE by double click on C:\Users\administrator.LAB\Downloads\Windows Kits\10\ADKWinPEAddons\adkwinpesetup.exe

Installation of MDT v8456

Launch MDT by opening Deployment Workbench

Create Deployment Share with PowerShell

Import PowerShell Module for MDT

Import-Module “C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1”

Create a New Deployment Share called MDT$ in M:\MDT on AVENTIS-MGMT

$MDT_Folder = "M:\MDT"
$MDT_Share = "MDT$"
$MDT_Path = "\\192.168.1.232\MDT$"

New-Item -Path $MDT_Folder -ItemType directory
New-SmbShare -Name $MDT_Share -Path $MDT_Folder -FullAccess Administrators

New-PSDrive -Name "DS001" -PSProvider "MDTProvider" -Root $MDT_Folder -Description "MDT Deployment Share" `
-NetworkPath $MDT_Path -Verbose | add-MDTPersistentDrive -Verbose

Prepare Boot Image in WDS

A boot image is a WindowsPE which is a stripped down OS that only includes the necessary tools to install, deploy, and repair Windows.

Mount Windows 10 1909 ISO File

#Mount Windows 10 1909 ISO File
$ISO = "E:\MyLAB\MDT\WIN10_1909.iso"
$MountInfo = Mount-DiskImage -ImagePath $ISO 
Write-Output "ISO is mounted to $(($MountInfo | Get-Volume).DriveLetter):\"

#Dismount ISO when done
Dismount-DiskImage -ImagePath $ISO

Right click on Boot Image-Add Boot Image

Select E:\Sources\Boot.wim

Enter Image Name, like WIN10-BOOT

Import VMware Drivers to Boot Image

Please follow the steps below to import VMware Drivers to Boot image if you are preparing the Windows 10 reference image in VMware ESXi Host

Download VMware Tools (windows.iso) from ESXi host with SCP

scp [email protected]:/vmimages/tools-isoimages/windows.iso /home/mobaxterm

Mount the ISO file and extract the contents to M:\MDT-Apps\VMware with "setup64.exe /a /p"

VMware Drivers are extracted to M:\MDT-Apps\VMware\VMware\VMware Tools\VMware\Drivers

Open Windows Deployment Services and right click on Drivers – Add Driver Package to import drivers

Create a Driver Group called VMware where prompted

Accept all default values when prompted, and VMware Drivers are imported successfully

Right click on WIN10-BOOT and select Add Drivers Package to Image

Click Search for Packages

VMware Drivers are imported to boot.wim image successfully

Prepare Capture Image

A capture Image is used to capture a Windows 10 Reference Images and import it to MDT for deployment

Right Click on WIN10-BOOT and select Create Capture Image

Enter Name & Location for Capture Image

Check Add Image to the Windows Deployment Server Now

Enter the Location & Image Name when prompted

WIN10-BOOT & WIN10-CAPTURE are created in WDS successfully

Prepare Windows 10 Reference Image

Refer to Prepare Windows 10 Image for MDT Deployment

Capture Windows 10 Reference Image

Refer to Capture Windows 10 Image for MDT Deployment

Import Windows 10 Reference Image

Import the captured WIN10-2004.wim file to MDT

• -SetupPath – Location of the Windows 10 ISO File
• -DestinationFolder – Create a new Folder for WIN10-2004.wim image

# Import WIM file 
$SourceFile = "M:\WIN10-2004.wim"
$MDT_Drive = (Get-MDTPersistentDrive)

# creates temporary and persistent drives to map to MDT Drive - DS001
New-PSDrive -Name $MDT_Drive.Name -PSProvider MDTProvider -Root $MDT_Drive.Path

Import-MDTOperatingSystem -Path "DS001:\Operating Systems" -SourceFile $SourceFile -SetupPath D: -DestinationFolder "WIN10PRO-2004"

Rename the imported image

Get-ChildItem "DS001:\Operating Systems"

Name                                              
----                                              

WIN10-1909.wim                                    
WIN10PRO-2004 in WIN10PRO-2004 WIN10-2004.wim  

Rename-Item '.\WIN10PRO-2004 in WIN10PRO-2004 WIN10-2004.wim' "WIN10PRO-2004.wim"

WIN10PRO-2004.wim is imported to Deployment Share – Operating Systems successfully

Out of Box Drivers

Drivers for Windows 10 can be organized in folder and injected to Windows 10 during MDT deployment

Download and extract SCCM Driver Pack, like HP Driver Pack and import to MDT Server using PowerShell below

# Create a New Folder
New-Item -path "DS001:\Out-of-Box Drivers" -enable "True" -Name "VMware" -ItemType "folder" -Verbose

# Import Drivers
Import-MDTDriver -path "DS001:\Out-of-Box Drivers\VMware" -SourcePath "M:\Drivers\VMware" -Verbose

New folder called VMware is created in Out-of-Box-Drivers with all VMware Drivers imported

Selection Profile

Selection Profile can be used to control what drivers and packages are injected into the Boot Image.

Create a new Selection Profile called VMware with all drivers in Out-of-Box Drivers\VMware

New-Item -path "DS001:\Selection Profiles" -enable "True" -Name "VMware" -Definition "<SelectionProfile><Include path=`"Out-of-Box Drivers\VMware`" /></SelectionProfile>" -ReadOnly "False" -Verbose

Task Sequence

Task sequences are basic XML files which call on a series of scripts to run parameters chosen by the user, when the task was created.

Create a new Task Sequence based on the template Client.xml to deploy WIN10PRO-2004.wim to new computer

Import-MDTTaskSequence -Path "DS001:\Task Sequences" -Name "WIN10PRO-2004" -Template "Client.xml" -ID "010" -OperatingSystemPath "DS001:\Operating Systems\WIN10PRO-2004.wim" `
-Version 1.0 -Verbose

Customize the Task Sequence

1. Disable Format and Partition Disk (BIOS)

2. Remove the Recovery Partition and increase the Windows (Primary) partition to use 100% of the remaining spaces

3. Inject Drivers – Select the Drive Profile to be installed during OS Deployment

4. Install Operating System – Select the WIM file that will be deployed and Select Next Available Formatted Partition

5. Inject Drivers – Select Continue on Error

6. Add a PowerShell Script in State Restore – Custom Tasks – Run PowerShell Script

Create a PowerShell Script called PostInstallation.ps1 in M:\DeploymentShare\Scripts\Custom

# PostInstallation.ps1
# Join to AD Domain
$cred = New-Object System.Management.Automation.PsCredential("LAB\Administrator", (ConvertTo-SecureString "P@ssw0rd!@#$" -AsPlainText -Force))
Add-Computer -DomainName "lab.aventislab.com" -Credential $cred -OUPath "OU=MDT,DC=lab,DC=aventislab,DC=com"

7. Enter the location of PowerShell Script – %SCRIPTROOT%\Custom\PostInstallation.ps1

8. Disable Apply Local GPO Package

We had create a task sequence to deploy Windows 10 PRO successfully

Convert the Task Sequence to Template

Copy the the Task Sequence we prepared above from M:\DeploymentShare\Control\010\ts.xml to M:\DeploymentShare\Templates\TS-WIN10PRO-UEFI-VM.xml

Open the XML file with Notepad and change the Display Name this Template

Select the Template – TS-WIN10PRO-WUFI-VM when you want to create a similar Task Sequence in the future.

Update Deployment Share

Update Deployment Share with the latest file from the Windows ADK to updates or regenerates the required Windows PE boot images in both WIM and ISO file formats.

1. Right click on MDT Deployment Share – General and uncheck x86 as we are going to use x64 files only

2. Modify the CustomSettings.ini (Rules) and Bootstrap.ini in M:\DeploymentShare\Control

[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
AdminPassword=Vind@100
SkipComputerBackup=YES
SkipBitLocker=NO
BDERecoveryKey=AD
BDEInstall=TPMPin
SkipCapture=YES
SkipComputerName=NO
SkipComputerBackup=YES
SkipDomainMembership=YES
SkipFinalSummary=YES
SkipLocaleSelection=YES
KeyboardLocale=en-us
UserLocale=en-us
UILanguage=en-us
SkipPackageDisplay=No
SkipProductKey=YES
SkipSummary=YES
SkipTaskSequence=NO
SkipTimeZone=YES
TimeZoneName=Singapore Standard Time
WSUSServer=http://prod-mdt.lab.aventislab.com:8530
SkipUserData=Yes
FinishAction=REBOOT
EventService=http://PROD-MDT.lab.aventislab.com:9800

[Settings]
Priority=Default

[Default]
DeployRoot=\\PROD-MDT\DeploymentShare$
UserID=lab\administrator
UserPassword=P@ssw0rd!@#$

3. Uncheck Generate a Lite Touch Bootable ISO Image as we are not going to use the WinPE ISO file to boot up VM

4. Update Deployment Share

Update-MDTDeploymentShare -Path "DS001:" -Verbose

MDT Monitoring

MDT Monitoring let you to monitor the progress of deployment tasks and check for error message from MDT console

Check Enable Monitoring for this Deployment Share

Ensure that Microsoft Deployment Toolkit Monitor Service is running

Get-Service -Name MDT_Monitor | ft

Status   Name               DisplayName                           
------   ----               -----------                           
Running  MDT_Monitor        Microsoft Deployment Toolkit Monito...

Allow inbound TCP 9800 & 9801 if Windows Firewall is enabled – Optional Steps

# Allow inbound TCP 8002 TCP 9800
New-NetFirewallRule -DisplayName "In-TCP-9800" -Direction Inbound -Protocol TCP -LocalPort 9800 -Action Allow
New-NetFirewallRule -DisplayName "In-TCP-9801" -Direction Inbound -Protocol TCP -LocalPort 9801 -Action Allow

# TCP 9800 & 9801 is in listening mode
Get-NetTCPConnection | ? LocalPort -like "980*"

LocalAddress                        LocalPort RemoteAddress                       RemotePort State       AppliedSetting
------------                        --------- -------------                       ---------- -----       --------------
::                                  9801      ::                                  0          Listen
::                                  9800      ::                                  0          Listen

Verify that EventService=http://PROD-MDT.lab.aventislab.com:9800 is added in CustomSettings.ini

Access to http://192.168.1.232:9801/MDTMonitorData/ to confirm that the page below is displayed

You can monitor the deployment progress in MDT Console now