Automated Imaging using MDT and WDS

Mostly because I’m lazy, I’m not going to do a detailed step-by-step on the installation of Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).  The installation is pretty simple, just select the options that work for your environment.  Do note that you will need to install the Windows Assessment and Deployment Kit (ADK) on the box that you host MDT and WDS on.  You do not need MDT and WDS on the same box (though it makes life easier), but you do need Windows ADK on the same box as MDT.  I do suggest installing Windows ADK and MDT on a separate partition than your Windows installation to avoid Windows Update issues (because that never happens right?).  Finally, at the time of writing this, I have set this up with Windows ADK 1703 and MDT 8443.

Okay, now on to the good stuff.  I have automated the imaging process down to just requiring the Help Desk technician to select a task sequence (more on those later) and input a computer name.  If you name your machines by serial number (I wish we did) you can skip the latter step and make it a two click operation for them after PXE boot.  Also note that I am not doing any captures, just boot images.  If I were needing to image machines on scale daily, I would definitely take this a step farther and set up a custom install.wim via capture.

Phew, alright now we’ll actually get to the good stuff.  Once you have your MDT Deployment Share set up, you will see a load of options.  Start by right clicking your Deployment Share and selecting Properties.

Select the Rules tab at the top, and then the Edit Bootstrap.ini on the bottom right.  Make the file look similar to what is below, adjusting for your environment.

The DeployRoot option, as one might imagine, just informs where all the resources for the deployment are.  The UserDomain,UserID, and UserPassword options will prevent the technician from needing to enter credentials to access the deployment share at the time of imaging.  Note: This account needs full access to the deployment share.  Make sure you give this account full access at both the share level and NTFS.  The SkipBDDWelcome option skips the welcome screen where it prompts for credentials, not necessary as we put them in the bootstrap.  Once you’re done save and close the file.

Next we’re back no our Rules tab, and you should see some configuration options that you can edit in the window (FYI file is custom.ini).  This is where we really automate things down so the technician doesn’t need to do anything.  I’ll preface by saying that there are a TON of options that you can do here.  This link and this link are good places to start, but you can find all sorts of options.  Below is how I set it up for my organization, but this config will surely vary from environment to environment.

Alright, that’s a lot of stuff.  I’m only going to go through a few of the options, most are self explanatory.  All of the “Skip” options are set so that it skips the on screen prompt during the imaging process.  I am able to do this because I either define them above the “Skip” section if you will, or I define them in the Task Sequence (don’t worry that part is coming up I promise).

For example, I define the time zone at the top of the config so it will pre-populate in the selection menu during imaging therefore I can skip the menu altogether.

Another example is how I skip the domain membership.  This is specific to my environment, as I use this same deployment share for multiple domains.  You can configure a service account here in the custom.ini to join the machine to a specified domain, but you are then limited to that single domain.  Instead, in the task sequence (seriously it’s coming), I have it run a PowerShell script to accomplish the same thing and then have a task sequence for each domain I need.

Cool, now we’re pretty automated.  One thing I like to do, mostly because I like to make things pretty, is customize the background image that is shown during the deployment itself.  To do this, select the Windows PE tab (Windows Pre-installation Environment) and input the path to your image under the Custom background bitmap file.  Apply everything and click OK.

Next we need to import the Operating System that we wish to deploy.  Expand out your deployment share and select operating systems.  I create folders, but you do not have to.  Right click on Operating Systems and select Import Operating System.  Go through the wizard to add the OS files, it’s pretty simple.  This is also where you would import a custom image if you captured one.

At this point,  if you wish to add applications (ex. Office, Adobe Reader, etc.) during your imaging process now is the time to do it.  Right click Applications and select New Application.  I am not going to go into detail on this in this post, but there are plenty of online resources.  See this post about prepping Adobe Acrobat Reader DC for customized deployment.

We have finally reached the point where we talk about Task Sequences!  Let’s just dig in.  Right click Task Sequences and select New Task Sequence.  Set a Task sequence ID and name (comments if you like) and select Next.  Note that these need to be unique to across the deployment share,  no repeats.  Leave the default Standard Client Task Sequence selected and select Next.  Select the OS you imported earlier and select Next.  Enter your product key to activate Windows and select Next.  You can also choose not to specify here and specify in the custom.ini file.  Fill in user information and select Next.  Specify your Admin password or skip and select Next.  Hit Next a few more times and you’ll have a brand new shiny Task Sequence.  Whoot!

Open up the Properties of your new Task Sequence and select the Task Sequence tab.  You can lose yourself in the task sequence options (trust me), but you can also do pretty much anything you can think of.  This is where the true customization in you can come out.  I like things simple, so I just install .Net3 and what not but you can do so so so much more.  The design is pretty intuitive, so just play with it a bit and you’ll have it figured out in no time.  Below is an example of one of mine (remember, I like simple).

Now we need to update our deployment share with all those new goodies that we just configured.  Right click your deployment share and select Update Deployment Share.  I always select the Completely regenerate the boot images option just for the warm and fuzzy feeling.  Select Next a couple times and it will begin.  This will take a while, but once it is done you will have a wonderful new LiteTouchPE_x64.wim file that we can PXE boot to.  Almost there!

Once you have that all done, you’re pretty much done!  If you haven’t already, install the WDS server role.  Basically we’re just using this for the PXE server, so set your DHCP options to point to your WDS box.  Configure the WDS server options as prompted with what works for your environment and then make your way over to the Boot Images folder.  Right click the boot images folder and select the Add Boot Image… option.  Browse to \\YourDeploymentShare\Boot and select the LiteTouchPE_x64.wim file we created a bit ago.  Select Next a few times and give it a name if you want.  I then like to restart the WDS services, again for that warm and fuzzy feeling.

Assuming you configured everything right you’re now good to go!  PXE boot a box and see how it goes.  Happy Imaging!