MDT 2013 – Win 8.1 Reference Image automation

Using MDT 2013 I wanted a sequence that automatically installs, sysprep’s and captures my reference image.

For ease of management, I choose to have a dedicated MDT Deployment Share for my reference build process and use Powershell wherever possible.

A more detailed process using the GUI can be found here

Steps:

1. Install ADK 8.1
2. Install MDT 2013
3. Install and configure WSUS
4. Build the reference build share
5. Configure build sequence
6. Execute sequence in a VM

Downloads required:

• MDT 2013: Available here
• ADK 8.1: Available here
• Windows 8.1 ISO (or required OS you want to build)

Infrastructure required: (I am running this on a 2012R2 Hyper-V Cluster but any 2 VM’s will do)

• VM1 has Windows Server 2012 R2 Standard.
• VM2 will be used for deployment/capture
• A user in Active Directory mdt_user

 

Install ADK 8.1

via Powershell using default install directory:

.\adksetup.exe /features OptionId.DeploymentTools OptionId.UserStateMigrationTool OptionId.WindowsPreinstallationEnvironment /installpath “C:\Program Files (x86)\Windows Kits\8.1\” /forcerestart /log ADK_install.log /ceip off

 

Install MDT 2013

msiexec.exe /i MicrosoftDeploymentToolkit2013_x64.msi /silent

 

Install and configure WSUS

via powershell

Add-WindowsFeature “UpdateServices”,”UpdateServices-WidDB”,”UpdateServices-RSAT”,”UpdateServices-API”,”UpdateServices-UI”

$WSUSContentFolder = “D:\WSUS”
$WSUSUtil = “$Env:ProgramFiles\Update Services\Tools\WsusUtil.exe”
$WSUSUtilArgs = “POSTINSTALL CONTENT_DIR=$WSUSContentFolder”
Start-Process -FilePath $WSUSUtil -ArgumentList $WSUSUtilArgs -NoNewWindow -Wait

 

Open the Windows Server Update Services Console

Rapid fire ‘next’ until you get to Choose Products page. Untick all then tick Windows 8.1

On the Choose Classifications page, select Critical Updates, Definition Updates & Security Updates

Next pages choose Synchronize automatically and I schedule to once daily (choose what suits you).

Begin initial synchronization > Finish

Reopen WSUS Console > Options > Automatic Approvals

Configure the rule to include whatever you selected in the choose classifications page and hit Run Rule

You’re now done with WSUS.

 

Note: In my environment I have access to a SCCM SUP so I pointed my WSUS server to use the SUP as the upstream server.

This also means the reference image will only have updates which we’ve approved in our SCCM policy.

“Two birds” as it were…. anyway…

 

Build the reference build share

My settings:

• Location – D:\ReferenceShare
• Share – ReferenceShare$
• Name – MDT Reference Share

 

Import-Module “C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1”

new-PSDrive -Name “DS002” -PSProvider “MDTProvider” -Root “D:\ReferenceShare” -Description “MDT Reference Share” -NetworkPath “\\%servername%\ReferenceShare$” -Verbose | add-MDTPersistentDrive -Verbose

mkdir d:\ReferenceShare\Captures\RefBuild81

Right-click on the new MDT Reference Share > Properties > General tab

By default, I will untick x86 in ‘platforms supported’. All this does is disables the creation of the x86 boot images (ISO & WIM)

 

Windows PE tab

Change Scratch space size for both x86 and x64 platforms to 128 (I use the x64 boot image only but always make the same changes to the both platforms in the event a client needs to use a x86 WinPE)

Add .NET Framework and Window sPowershell to the Features of both boot images.

Note: I haven’t had a requirement for this yet or at least not that I’m aware of, but I still use Nickolaj’s (again his post is here) recommendations to add .NET  to the WinPE boot image.

 

On the Rules tab, I use the following:

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
DeploymentType=NEWCOMPUTER
UserID=mdt_user
UserDomain=<domain>
UserPassword=<password>

_SMSTSOrgName=Rebuilding the Win8.1 Ref Image

SkipBDDWelcome=YES
SkipDeploymentType=YES
SkipDomainMembership=YES
SkipApplications=YES
SkipSummary=YES
SkipUserData=YES
SkipComputerName=YES
SkipTaskSequence=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipAppsOnUpgrade=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipCapture=YES
SkipFinalSummary=YES
ComputerName=Win81Ref
SystemLocale=en-AU
UILanguage=en-AU
UserLocale=en-AU
KeyboardLocale=0409:00000409
TimeZoneName=AUS Eastern Standard Time
TaskSequenceID=REF8.1_001
WSUSServer=http://<MDTServerFQDN>:8530
DoCapture=YES
ComputerBackupLocation=NETWORK
BackupShare=\\<MDTServer>\ReferenceShare$\Captures
BackupDir=RefBuild81
BackupFile=Win81EntRefImage.wim
FinishAction=SHUTDOWN

Now modify the bootstrap.ini

[Settings]
Priority=Default

[Default]
DeployRoot=\\<MDTServer>\ReferenceShare$

SkipBDDWelcome=Yes
UserID=mdt_user
UserDomain=<domain>
UserPassword=<password>

 

 

Import the install media:

1. Mount Win8.1 ISO (assuming F: for this process)
2. Create folder in Deployment Workbench > MDT Reference Build > Operating Systems > Windows Client

Import-Module “C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1”
New-PSDrive -Name “DS002” -PSProvider MDTProvider -Root “D:\ReferenceShare”
import-mdtoperatingsystem -path “DS002:\Operating Systems\Windows Client” -SourceFile “F:\sources\install.wim” -DestinationFolder “Windows 8.1 Enterprise x64” -Verbose

Configure build sequence:

Import-Module “C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1”
New-PSDrive -Name “DS002” -PSProvider MDTProvider -Root “D:\ReferenceShare”
import-mdttasksequence -path “DS002:\Task Sequences” -Name “Reference Build Windows 8.1 Ent x64” -Template “Client.xml” -Comments “” -ID “REF8.1_002” -Version “1.0” -OperatingSystemPath “DS002:\Operating Systems\Windows Client\Windows 8.1 Enterprise in Windows 8.1 Enterprise x64.wim” -FullName “Windows User” -OrgName “<company name>” -HomePage “about:blank” -AdminPassword “<password>” -Verbose

 

Right-click your new shiny task sequence and select properties > Task sequence tab

Enable the Windows Updates steps in State Restore section

Create new folder under state restore called custom tasks (keep in mind that some tasks we add may require to be place before or after other specific tasks)

Below is my lab sequence and you can see the custom tasks are before the Windows Update steps – for obvious reasons..

 

Optional:

 

Add a suspend sequence step

Depending on the client and the requirement, I will sometimes offer them or recommend an option to suspend the task sequence if there is something manual they want to do before capturing the new image

Add > General > Run command line

command line: cscript.exe “%SCRIPTROOT%\LTISuspend.wsf”

 

Install Windows Features (i.e. .NET Framework 3.5)

If you want the reference image to have windows features enabled. You’ll have a few options, but one that seems the most popular with my clients is this.

copy the contents of f:\sources\sxs to d:\referenceshare\Operating Systems\Windows 8.1 Enterprise x64\sources\sxs  (or your chosen location that is available to the VM during the build.

in the task sequence, add the following:

Add > General > Set Task Sequence Variable

Name: Set Windows Source
Task Sequence Variable: WindowsSource
Value: %deployroot%\Operating Systems\Windows 8.1 Enterprise x64\sources\sxs

Add > Roles > Install Roles and Features

Name it accordingly and select your desired features

 

Remove Appx Packages

I like to remove AppxPackages from my 8/8.1 reference images. Every client I’ve worked with this process  want’s the WinXP/7 experience when opening common file types.

Create a new powershell script to remove appx packages and save as d:\referenceshare\scripts\custom\RemoveAppxPackages.ps1

Get-AppxProvisionedPackage -online | Remove-AppxProvisionedPackage -online
Get-AppxPackage | Remove-AppxPackage
Get-AppxPackage -allusers | Remove-AppxPackage
Get-AppxPackage -users Administrator | Remove-AppxPackage

Add > General > Run command line

command line: powershell.exe “%SCRIPTROOT%\Custom\RemoveAppPackages.ps1″

 

Set Boot to desktop and remove the logon animation

To speed up deployment I remove the psychedelic  Windows 8/8.1 setup animation and make the image boot to desktop each time by adding some reg keys. There may be other methods of approaching this but this works for me.

Task Sequence > properties > OS Info tab > Edit Unattend.xml

Navigate to specialize tree under components and add the below ‘RunSynchronousCommand’ options.

 

reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System” /v EnableFirstLogonAnimation /t REG_DWORD /d “0” /f

reg add “HKLM\Software\Microsoft\Active Setup\Installed Components\BootToDesktop1” /v StubPath /t REG_SZ /d “reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage /v OpenAtLogon /t REG_DWORD /d 0 /f” /f

reg add “HKLM\Software\Microsoft\Active Setup\Installed Components\BootToDesktop2” /v StubPath /t REG_SZ /d “reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage /v DesktopFirst /t REG_DWORD /d 0 /f” /f

reg add “HKLM\Software\Microsoft\Active Setup\Installed Components\BootToDesktop3” /v StubPath /t REG_SZ /d “reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage /v MakeAllAppsDefault /t REG_DWORD /d 0 /f” /f

reg add “HKLM\Software\Microsoft\Active Setup\Installed Components\BootToDesktop4” /v StubPath /t REG_SZ /d “reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage /v MonitorOverride /t REG_DWORD /d 0 /f” /f

 

Once you’ve done with your customizing, update the deployment share.

Right-click MDT Reference Share > Update Deployment Share

First time this will take a little while to build the ISO & WIM’s.

 

Execute sequence in VM

If you’re doing this by WDS/PXE then import D:\ReferenceShare\Boot\LiteTouchPE_x64.wim to your WDS service.

For those using a VM with boot from CD/ISO, copy D:\ReferenceShare\Boot\LiteTouchPE_x64.iso to a location where you can attach to your VM and boot.

During the deployment, if you added a suspend step to begin it again just run the icon on the desktop.

 

Still adding more…. brb..