Fully automate your Build and Capture using MDT
I recently gave a few presentation on how to automate your build and capture process. Here is the outline on how to complete this yourself, as well as a few gotcha’s to watch out for along the way. This will mostly be presented for deploying Windows 7 x64, but completely applies to any OS. Just change the patches to the correct version for that OS, etc.
Credit for most of this goes to Michael Nystrom (AKA DeploymentBunny).
Some considerations before we start. Just use any old desktop/laptop/etc. Requirements are it has windows on it with the HyperV role feature installed (can be client or server version of windows, it doesn’t matter). Currently, the scripts are all setup for a single host to do everything. I’m working on making it a little more robust and handling farming out the HyperV creation to a server or a different box. When I am done, I will post it up for everyone.
Things Needed:
Windows 10 ADK 1511: https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx
MDT 2013 Update 2: http://www.microsoft.com/en-us/download/details.aspx?id=50407
Windows WDK: https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx
Image Factory Scripts: http://deploymentbunny.com/2014/01/06/powershell-is-king-building-a-reference-image-factory/
Custom customsettings.ini and bootstrap.ini: https://onedrive.live.com/redir?resid=54D271E467CD6DB7!103876&authkey=!ADRjqAICrTX7IB8&ithint=file%2czip
c:\windows\system32\vmguest.iso from Server 2012 or Windows 8 system with Hyper-V role installed
Extra stuff to download if you are going to build/capture Windows 7/Server 2012/R2:
Clean up the installed updates (this applies to all OS’s, but since we only install 1 update for Win10, its not as crucial): http://deploymentbunny.com/2014/06/05/nice-to-know-get-rid-of-all-junk-before-sysprep-and-capture-when-creating-a-reference-image-in-mdt/
Update for high cpu/memory usage on WU scan in Win7: https://support.microsoft.com/en-us/kb/3102810
Bonus for Win10: http://www.scconfigmgr.com/2016/03/01/remove-built-in-apps-when-creating-a-windows-10-reference-image/
Now we will start the actual process.
Install the ADK choosing Imaging Tools and WinPE.
Install the WDK.
Install MDT.
Open the MDT console, and go to Deployment Shares. Right click and choose “New Deployment Share.” Run through the wizard and accept all the defaults. If you want to change the share location or share name, go ahead. Everything in here will reference them as default, but its easy to change it for something else.
By default, only admins have access to the deployment share. You can choose your security, but I suggest a regular user for the process. Create a normal user on the machine. Then right click on c:\deploymentshare (in windows explorer) and go to properties. Give your use Full Access to the directory. On the sharing tab, click advanced sharing, then permissions, then give your user full access there. Click OK all the way out. I will give a small note here. If you started from an earlier version of MDT, create a new share. In earlier versions, the deployment share was open to the world. If you used credentials in your sequences (and you probably did), anyone could view them.
Now extract the Image Factory Scripts to the Deployment Share. The stuff under DeploymentShareFolder gets put at the root of the deployment share (ie c:\deploymentshare\Extra). I like to put the ImageFactoryV2Scripts in the root also so I know where they are, but you can put them anywhere. Go to c:\deploymentshare\extra\KVP and view the readme.txt. You need to copy devcon.exe out of the WDK (C:\Program Files (x86)\Windows Kits\10\Tools\x86). After you copy it out, you can uninstall the WDK if you want to save some space. Get the other files from the vmguest.iso. They will be in “support\x86\Windows6.x-HyperVIntegrationServices-x86.cab”
Open up c:\deploymentshare\extra\deploy\scripts and edit the LoadKVPinPE.vbs file. On line 9, remove the /r from this line: oUtility.RunWithConsoleLogging “\KVP\devcon.exe /r install \KVP\wvmic.inf vmbus\{242ff919-07db-4180-9c2e-b86cb68c8c55}” It should end up as oUtility.RunWithConsoleLogging “\KVP\devcon.exe install \KVP\wvmic.inf vmbus\{242ff919-07db-4180-9c2e-b86cb68c8c55}” Save the file.
Open up c:\deploymentshare\control. Copy in the bootstrap.ini and customsettings.ini files. Edit them to fit your environment (username/password of the standard user you created, image name if you want to change it, share location, etc).
Now go back to the MDT console. Right click on your deployment share and choose properties. Go to the Windows PE tab, and next to “Extra directory to add” enter C:\DeploymentShare\Extra. Click OK.
- Add your applications. This would be the WU cleanup script, Office 2016, etc.
- Add your operating system/s.
- Under Packages, create a new folder called Windows 7 x64 and add the cleanup tool hotfix and the high memory usage hotfixes under that. Remember that when you import your packages, it will copy them to the correct place in your deployment share, so dont try to be too sneaky and put them there in advance.
- Expand Advanced Configuration, then go to Selection Profiles. Create a new selection profile, we will name it Windows 7 x64, then choose the Windows 7 x64 package folder . Click next until done.
Almost done! Right click on your deployment share in MDT and choose “Update Deployment Share.” Select “completely regenerate the boot images,” and go through. It will take a while to build your WinPE environment, then create and ISO.
When that is finished, go to Task Sequences, and create a new folder called REF. Inside that folder, create a new task sequence. Give it a task sequence id that is semi-meaningful. For example, WIN7BUILD. This value will be the VM name and the image name if you kept the defaults. Task sequence name should be meaningful to you. Click Next. Standard client task sequence. Next all the way through. If you set the admin password in customsettings.ini, you can say that on that step.
Open the task sequence:
- Under PreInstall, go to the Apply Patches step. Choose Windows 7 x64.
- Under StateRestore, go to the Windows Update (Pre-Application Installation) step. On the options tab, uncheck the disable box.
- With the previous step still selected, go to Add -> General ->Restart Computer
- Choose the Install Applications step right after the restart computer you just added. Choose install a single application, then browse to your office install.
- Select the Windows Update (Post-Application Installation) step. On the options tab, uncheck the disable box.
- With the previous step still selected, go to Add -> General ->Restart Computer.
- Right click on Windows Update (Post-Application Installation) and choose copy. Right click on the previously added restart computer and choose paste.
- Add another reboot after the last windows update step.
- Click on Apply Local GPO package. Click on Add -> New Group. Select the new folder created and rename it Cleanup Before Sysprep.
- Go to Add-> General -> Restart Computer
- Select the Restart Computer we just added, then Click Add -> General -> Install Application
- Select the Install Application step, choose single application and then select the cleanup windows application.
- Go to Add -> General -> Restart Computer
We are done with the setup! Go into c:\deploymentshare\imagefactoryv2scripts (or wherever you put those files) and edit the xml file to fit your setup. The network switch name comes directly from the hyperv switch name.
Open up a powershell prompt, cd to c:\deploymentshare\imagefactoryv2scripts, then run import-module ImageFactoryV2.psm1. Next we will run New-AutoGenRefImages. This will start the build and capture process! It will take a LONG time to run with Win7 as there are a ton of updates. The last time I ran it, it took 16 hours to finish on Win7x64 and Office 2016. After it finishes, you can then enter Remove-AutoGenRefImages and it will delete the VM and VM files.
To take this to the next level, create a scheduled task that runs these commands. If you wanted, you could also have them auto-import the image you capture into SCCM.