Network installation with the Microsoft Deployment Toolkit – Part 1: Guidelines, preparation and setup
For many smaller companies and organizations, operating system deployment is always a small to medium problem. Some use the pre-installed operating system, some install by hand, others clone the hard drives and a few use other tools. There are many methods and reasons. I compare the different methods and a few tools in the article “Possibilities of computer installations for companies“.
One reason against tools and professional programs are mostly the costs. In this series of articles, I show you a free tool, but it requires a certain type of operating system licensing. More about this later.
Why do I do this? I often get requests from schools or non-profit organizations, as well as smaller companies that have this problem. Considering the situation of many of these organizations or companies, I would like to do something to help with know-how transfer.
This is part 1 of 3 of the series of articles on “Network Installation with the Microsoft Deployment Toolkit”.
What is the Microsoft Deployment Toolkit (MDT)?
The Microsoft Deployment Toolkit, MDT for short, is a free tool from Microsoft. It provides the basis for the operating system installation of Microsoft System Center Configuration Manager (SCCM) and other third-party tools for operating system installation. The Microsoft Deployment Toolkit (MDT) can be used if the re-imaging rights have been acquired with the operating system. See the next chapter for more information. The Microsoft Deployment Toolkit (MDT) can be used to create so-called task sequences. Within these task sequences different tasks can be performed, more than with a customized Unattendent.xml.
Some examples of tasks / settings that can be done in a task sequence:
- Hard disk partitioning (by querying also with different layout, depending on BIOS or UEFI usage)
- Installation of the operating system (server operating system and client operating system)
- Injection of Driver Packages (Automatic or based on Windows Management Instrumentation (WMI) queries
- Encrypt the hard disk with BitLocker
- Installing Microsoft Updates
- Import of license information
- Installation of software
- Joining to a Windows domain
- Run BIOS, firmware or TPM modules upgrades, if supported by the vendor
- Execution of programs and PowerShell scripts
Actually there is almost nothing that cannot be solved in a task sequence.
If the task sequence has been created correctly, it can be used on the computers using various methods:
- Installation via network boot
- Installation via boot media and network download (ISO or USB)
- Installation via an offline medium (ISO or USB)
In most cases I prefer the network start via a Windows Deployment Server, but more about that later.
Remark to Re-imaging rights
Depending on the Windows licenses purchased, the right of “re-imaging” is missing. This is necessary for most installations in this comparison. Please check if you are authorized to use these methods. I can’t give any license advice at this point because this subject area is constantly changing. Microsoft has also published a “Licensing brief” on this topic, which deals with the topic in more detail. If in doubt, please ask your license distributor.
Limitations of Microsoft Deployment Toolkit (MDT)
As stated in the name of the Microsoft Deployment Toolkit (MDT), it is about the distribution of an operating system image, not about its maintenance. So, if the operating system and possibly other software has been distributed, MDT can no longer maintain those deployed images and software it. This is one of the big differences between Microsoft SCCM or other third-party tools.
Many applications today come with their own update capabilities, such as Adobe Acrobat Reader, Google Chrome and Mozilla Firefox. With these, the update can be controlled via Group Policy extensions, for example. But also, many OpenSource applications now have their own update routines.
Another limitation is that only Intel-based (X86 and X64) Microsoft operating systems can be distributed with the Microsoft Deployment Toolkit (MDT). Linux or ARM64 versions of Microsoft Windows are not supported.
Scenario in this article series
For this series of articles, I assume a smaller environment with Active Directory. All systems get their updates directly from the internet, there is no separate Windows Server Update Service (WSUS). The installation of the distribution system and all necessary components is done on a dedicated server. My environment consists of 4 virtual machines: A domain controller ADC001H, the WDS/MDT server WDS001H, and 2 VMs for the clients. I use one of them to create your base image, more about this later. The WDS server has 2CPU cores and 4GB memory and is installed on Windows Server 2019. The server WDS001H is a member of the domain.
Planning the Microsoft Deployment Toolkit (MDT) Server
To use the Microsoft Deployment Toolkit (MDT), the Windows Assessment and Deployment Kit (Windows ADK) is required. This can be downloaded for free from Microsoft.
Requirements for Microsoft Deployment Toolkit (MDT)
Microsoft recommends using the PowerShell version 5.1, minimum requirement is version 3.0. The Microsoft PowerShell version 5.1 is already included in Windows Server 2016 / 2019. These are also the server operating systems on which I would install the MDT, since both are based on Windows 10.
Another requirement is an installed Microsoft .Net Framework in version 4.0 or higher.
The MDT also needs the “Windows Assessment and Deployment Kit” (Windows ADK) and the appropriate “Windows Preinstallation Environment” (PE). The Windows ADK and the appropriate Windows Preinstallation Environment (WinPE) is available for every version of Windows. So, this should also be updated for a new Windows release.
Installation of the WADK
After starting the installation program, the target path must be selected. Here you also have the possibility to download the installation files for later or offline use.
Those who choose to support Microsoft may submit anonymous usage data to Microsoft for product improvement.
The next step are the license terms
The following function selection requires the “Deployment Tools” and the “Configuration Designer”. To migrate user data, the “User State Migration Toolkit (USMT)” should also be installed.
Now is time for a coffee…
After that the installation is complete
Installation of the WADK PE
After the “Windows Assessment and Deployment Kit” (Windows ADK / WADK) is installed, the “Win PE” extension is required. Win PE stands for “Windows Preinstallation Environment”, the installation environment before the actual Windows is started. The installation is as simple as the installation of the WADK. Again, the installer offers the possibility to install the software directly or just download it.
As with the WADK, you also have the possibility to provide Microsoft with the usage data.
To continue you must accept the license agreement
There is only one feature of the Windows Preinstallation Environment extension.
The speed depends on the download speed but takes some time even with a 100Mbit internet connection.
After the installation is complete, you can continue with the next step.
Installation of the Microsoft Deployment Toolkit (MDT)
The actual installation of the Microsoft Deployment Toolkit (MDT) is also kept simple.
To continue you must agree to the license terms.
You do not need to change anything when selecting the functions.
You can again join the Customer Experience Improvement Program
Now the actual installation takes place.
This does not take long
The installation is now complete
Setting up the Microsoft Deployment Toolkit (MDT)
The Microsoft Deployment Toolkit (MDT) works with so-called “Deployment Shares”. All MDT parts are stored in the Deployment Share. For example: Task sequences, driver packages, Windows images, applications, configurations and everything else that belongs to the MDT. Multiple Deployment Shares can be managed per installation.
Start the “Deployment Workbench”, this is the main MDT console.
The deployment shares can be managed in this console.
Since the MDT has been reinstalled, a new deployment share must be created.
In a productive environment I would put the deployment share on a separate disk partition. Due to updates and forgotten clean-up the shares might tend to grow a lot if you are not careful.
It is best to release the share as hidden share.
Then the share needs a suitable name.
I leave the settings for now, they can be changed later if necessary.
A summary follows before the share is created.
Then some patience is needed.
When the deployment share is created, the dialog can be closed with “Finish”.
Adding operating systems
MDT supports different versions of Microsoft Windows Client and Windows Server. Please note new version of Windows 10 or Windows Server may require newer versions of MDT to work properly. So, if you want to integrate a new version or release of Windows, check if you need to update the MDT as well.
Please also consider which edition of Windows 10 you would like to use, see the article “Choosing the right Windows 10 edition” for help.
For the next step, the operating system must be added. To do this select the action “Import Operating System” in the navigation branch “Operating Systems”.
I always recommend the ISOs from Microsoft’s Volume Licensing Portal for use with MDT.
To import the image into the WDS, mount the ISO or unpack it into a directory.
Specify a location in the dialog box. Please note that depending on the permissions, problems may occur when accessing via UNC paths.
In the next step you must define a target name for the image to be imported. This should clearly describe the source to avoid confusion.
Now follows a summary once again.
And then the actual import process takes place.
Then a final output is made. Here you can see that all editions have been imported. Why did I name the source Enterprise during import?
Quite simple, I will delete the rest to make it more manageable. I always recommend using a maximum of one edition of Windows 10 to make things easier.
I delete the not needed editions because of the better overview.
As in almost every dialog in MDT I get a summary of the process.
And again, the appropriate summary
Already it looks a bit more organized again.
The article continues: “Network Installation with the Microsoft Deployment Toolkit – Part 2: Service Account, Drivers, Software, Base Image Considerations”