Network installation with the Microsoft Deployment Toolkit – Part 4: Integration of the Base Image and the Windows Deployment Service

- Diesen Artikel auf Deutsch lesen. -
Advertisements

This is the last part of the article series. The series consists of Part 1 is “Network Installation with the Microsoft Deployment Toolkit – Part 1: Notes, Preparation and Setup“, Part 2 is “Network Installation with the Microsoft Deployment Toolkit – Part 2: Service Account, Drivers, Software, Base Image Considerations” and Part 3 is “Network Installation with the Microsoft Deployment Toolkit – Part 3: Task Sequences.

e59e884ab7de456e9b4688a0bee0c8e3 Network installation with the Microsoft Deployment Toolkit - Part 4: Integration of the Base Image and the Windows Deployment Service 1

Creating and integrating Base Images / Golden Images

Creating a Task Sequence for a Base Image

In the chapter “Considerations on Base Images / Golden Images” I have already written about the advantages and disadvantages. Here I show you how to create a base image as simply as possible.

In preparation, you need a virtual machine with:

  • 2 CPU cores, UEFI support (Hyper-V Gen. 2 or compare),
  • min 4GB Ram
  • Network card with static MAC address
  • CD-Rom drive with mounted boot ISO, if you have not yet set up the WDS

I use the static MAC address for the automatic assignment of the correct task sequence. I want to avoid unnecessary work. Before you start the first deployment, please make sure to take a snapshot or checkpoint. This way you can always return to a clean machine.

Create a new task sequence for the base image. I recommend creating a separate task sequence for each Windows release. The virtual machines can be reused when a release change is made

Name this task sequence appropriately.

Screenshot: Deployment Workbench - Erstellen des Base Images - General Settings

Again, select “Standard Client Task Sequence” as the template.

Screenshot: Deployment Workbench - Erstellen des Base Images - Select Template

Select the operating system you want to use in the base image. Never use an existing base image as a source. This causes problems due to internal mechanisms in Microsoft Windows.

Screenshot: Deployment Workbench - Erstellen des Base Images - Select OS

A serial number should not be assigned. This is unnecessary because a sysprep is carried out at the end and the serial number is removed again.

Screenshot: Deployment Workbench - Erstellen des Base Images - Specify Product Key

The operating system settings do not need any useful information, as these are also deleted by the sysprep.

Advertisements
Screenshot: Deployment Workbench - Erstellen des Base Images - OS Settings

Assign an administrator password of your choice.

Screenshot: Deployment Workbench - Erstellen des Base Images - Admin Password

A summary follows again.

Screenshot: Deployment Workbench - Erstellen des Base Images - Summary

And after the short process of creating the task sequence, a confirmation

Screenshot: Deployment Workbench - Erstellen des Base Images - Confirmation

Adjusting the Task Sequence

To prevent the task sequence from being displayed at every boot, select the checkbox “Hide this task sequence in the Deployment Wizard”. This prevents the task sequence for the base image from being used by mistake during the installation.

Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz

Add the required software to the task sequence and activate Windows Update. You can find the activation and deactivation of the steps under “Options” of the respective step.

Advertisements
Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz - Install Application

In addition to the software, you can also add roles and functions to the Base Image. To do this, click on the menu “Add” > “Roles” and then “Install Roles and Features”.

Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz - Install Rolles

One role I add most often is .Net 3.5, which is still needed for many applications. If you have older file servers that require SMB 1.0, you can also add this directly here.

Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz - Install .Net

In addition, I use a few PowerShell scripts. Among other things, I deactivate and reactivate the Windows restore points to save time and disk space. The scripts look like this:

Enable-ComputerRestore.ps1

Enable-ComputerRestore -Drive "C:\"

Disable-ComputerRestore.ps1

Disable-ComputerRestore -Drive "C:\"

These scripts must be stored in the “Scripts” directory of the deployment share.

The shutdown script should be before the Windows Update. For safety’s sake, the option “Continue on error” should be activated under “Options”.

Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz - Add PowerShell Script

The script for activating the restore points should be executed below the last Windows update. Unnecessary steps such as “Enable BitLocker” should also be deactivated

Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz - Enable-Computer-Restorepoint

Adjusting the rules of the deployment share for base image creation

So that the VM starts the correct task sequence directly, insert the following block, replacing 00:15:5D:B2:4A:44 with the MAC address of your virtual machine for image creation. Of course, you may also have to adjust the paths.

[00:15:5D:B2:4A:44
]
ComputerName=REF-W10-2004TaskSequenceID=REF-W10-2004SkipAdminPassword=YES

SkipProductKey=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=YES
SkipTimeZone=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipRoles=YES
SkipCapture=YES
SkipFinalSummary=YES
DoCapture=YESComputerBackupLocation=NETWORKBackupShare=\\WDS001H

.ad.infrastrukturhelden.de\DeploymentShare$BackupDir=CapturesBackupFile=%TaskSequenceID%_#month

(date) & "-" & day(date) & "-" & year(date)#.wimFinishAction=SHUTDOWNJoinDomain=
""
JoinWorkgroup=WORKGROUP




The network access data is not needed. This is due to the processing of the rules. First the “default” rules are taken and then overwritten by more specific ones. This is similar to what happens with group policies at different levels. Therefore, the parameter “JoinDomain=”” must also be set to overwrite the value from the default rules.

This should then look something like this:

Screenshot: Deployment Workbench - Anpassen der Base Image Regeln

Now update the deployment share as described in the chapter “Preparations for the first test”. Then start the VM from the MDT Iso. If everything is correct, the task sequence starts without prompting.

Screenshot: Deployment Workbench - Anpassen der Base Image Tasksequenz - Test mit einer VM

At the end, the created base image is in the Capture folder.

Screenshot: Windows Explorer mit Captured Image

Integrating the base image into the normal task sequence

To use the base image, import it as an operating system

Screenshot: Deployment Workbench - import des Base Image in MDT

This time, select “Custom image file” in the wizard.

Screenshot: Deployment Workbench - import des Base Image in MDT - OS Type

Now enter the path to the captured image. Personally, I always have the file moved to save storage space.

Screenshot: Deployment Workbench - import des Base Image in MDT - Image

Since we have captured a completed installation, the installation files are not necessary.

Screenshot: Deployment Workbench - import des Base Image in MDT - Setup

Assign a name that makes sense for you

Screenshot: Deployment Workbench - import des Base Image in MDT - Destination

Confirm the summary

Screenshot: Deployment Workbench - import des Base Image in MDT - Summary

Close the wizard when finished

Screenshot: Deployment Workbench - import des Base Image in MDT - Confirmation

The name that is displayed is somewhat awkward, but can be renamed.

Screenshot: Deployment Workbench - import des Base Image in MDT

To use the golden image now, open the properties of the task sequence again. And change the operating system in the “Install” section of the task sequence.

Screenshot: Deployment Workbench - import des Base Image in die Task Sequenz

Select the new image.

Screenshot: Deployment Workbench - import des Base Image in die Task Sequenz

Now test the task sequence for function.

Screenshot: Deployment Workbench - Test der Task Sequenz mit dem Golden Image

After the installation is complete, both the software from the golden image (e.g. C++ runtimes) and the software from the task sequence (e.g. LAPS) are installed.

Screenshot: Installierte Anwendungen aus dem Golden Image und der normalen Task Sequenz

Software installation with Microsoft Deployment Toolkit (MDT) via Windows Deployment Service (WDS)

Always having to have an ISO image or a USB stick is inconvenient. Why not boot over the network? This is relatively easy to do via the Windows Deployment Service. One important note in advance, if the computer is in a different subnet than the server WDS server, you need a DHCP helper or a DHCP server that you can configure accordingly. Most routers or routing switches can do this. The background is that PXE is a DHCP request that requires a response with some additional information.

I will describe the configuration for other DHCP servers in a later chapter.

Installing Windows Deployment Service (WDS)

I install the WDS on the same server as the MDT, both can run together without problems. Installing the Windows Deployment Services Tools role is like installing any other role and can be done through Server Manager or PowerShell. Also install the appropriate Remote Server Administration Tools (RSAT) with the WDS.

Screenshot: Installation Windows Deployment Service

Select the role or feature installation.

Screenshot: Installation Windows Deployment Service - Install Role

Select your desired server

Screenshot: Installation Windows Deployment Service - Select Server

Select “Windows Deployment Services

Screenshot: Installation Windows Deployment Service - Select WDS

Confirm the installation of the appropriate Remote Server Administration Tools (RSAT)

Screenshot: Installation Windows Deployment Service - Install RSAT

Click on Next for the next step

Screenshot: Installation Windows Deployment Service

You can skip the prompt for additional features

Screenshot: Installation Windows Deployment Service - Feature Selection

Read the information about the WDS and click Next to continue.

Screenshot: Installation Windows Deployment Service - WDS

For the WDS roles, both roles are required. This should be the pre-selection.

Screenshot: Installation Windows Deployment Service - WDS Rolles

Confirm the summary with “Install”.

Screenshot: Installation Windows Deployment Service - Confirmation

While the system is working in the background, you can close the wizard.

Screenshot: Installation Windows Deployment Service - Installation Process

In the Server Manager you will see when the installation is complete

Screenshot: Installation Windows Deployment Service - Server Manager

Setting up the WDS

Now start the “Windows Deployment Services” console

Screenshot: Konfiguration des Windows Deployment Service

To configure the server, right-click on the server and select “Configure Server”

Screenshot: Konfiguration des Windows Deployment Service - Configure Server

Check the requirements for WDS

Screenshot: Konfiguration des Windows Deployment Service - Assistence

I almost always recommend an Active Directory Integrated Server, there are only a few scenarios where a stand alone server makes sense.

Screenshot: Konfiguration des Windows Deployment Service - Install Options

I deliberately do not link the MDT folder to the WDS. I prefer to have a manual intermediate step when the boot image changes.

Screenshot: Konfiguration des Windows Deployment Service - Remote Installation Folder Location

Since I want to keep it simple, the MDT should always respond to requests. This may not be the right decision for your environment.

Screenshot: Konfiguration des Windows Deployment Service - PXE Server Initial Settings

After the short configuration, the wizard is ready and you can directly mount the installation and boot images. Since we only have one boot image for the MDT, remove the checkbox “Add images to the server now”. If you want to install other Windows OS via the network without CD and task sequence, leave the checkbox “Add images to the server now” selected. Then you can mount these media directly with the wizard. Before you do this with a server image, why not create a task sequence for servers? I would do it.

Screenshot: Konfiguration des Windows Deployment Service - Finish

To add the MDT image, select the “Boot Images” branch and, after right-clicking, select “Add Boot Image”

Screenshot: Konfiguration des Windows Deployment Service - Add Boot Image

As image, please select your corresponding WIM image, which can be found in the deployment share in the “Boot” folder.

Screenshot: Konfiguration des Windows Deployment Service - Select MDT WIM

Assign a suitable name, which will be displayed during the PXE boot.

Screenshot: Konfiguration des Windows Deployment Service

A summary follows again.

Screenshot: Konfiguration des Windows Deployment Service

And the image is added. The image is copied into the WDS folder. When this is done, the wizard can be closed.

Screenshot: Konfiguration des Windows Deployment Service

No further configuration is necessary in the WDS.

Setting up DCHP

In order for WDS to work across network boundaries or with non-Microsoft DCHP servers, a few settings must be made in the corresponding segments. To do this, you must set the following DHCP options:

066: Hostname of the start server: [IP of the WDS]
067: Startup file name: smsboot\x64\wdsmgfw.efi

Collection of articles mentioned in the article series


Note to this article

This article was automatically translated from German from our German partner blog InfrastrukturHelden.de.

Leave a comment