Depending on the type of computer in the environment and the hardware it contains, you require software from the hardware vendors to make computers in the production environment fully functional. Some of this software may be provided on a CD-ROM or DVD-ROM by the hardware manufacturer; other software must be downloaded from the vendor's Web site .

• However, sometimes (especially with Windows 10) injecting drivers through WDS doesn’t work. If that’s the case, you’ll need to manually inject drivers into the Boot.wim file to allow PXE client computers to recognize their network card. This is also true for any other types of drivers that you need to add to the image as well.
• Overview of Adding a Driver to a WIM file. Download and Install the latest Windows Assessment and Deployment Kit (ADK) to your PC. This can be installed on the WDS server however its not normally recommended, especially if the server is a domain controller. As of 13/4/17, the latest ADK is 1703 for Windows 10 (the Windows 8.1 Update ADK is here).

Deployment Workbench makes adding device drivers to the deployment share an easy process . You simply specify a folder containing one or more device drivers, and Deployment Workbench copies them to the deployment share and organizes them into folders as appropriate. However, you must make sure that you've extracted device drivers from any compressed files containing them. In other words, Deployment Workbench looks for each device driver's .inf file and any related files.

In MDT 2008 you could create driver groups to group together device drivers . You could then associate a driver group with a task sequence. In MDT 2010, you can no longer create driver groups . Instead, you can now create subfolders under the Out-Of-Box Drivers folder in your distribution share . You can import different drivers into different subfolders and then associate each subfolder with a task sequence .

NOTE Windows Deployment Services in Windows Server 2008 R2 also includes new features that make it simpler to ensure that the appropriate drivers are available during a deployment. You can add driver packages to a Windows Deployment Services server and deploy these driver packages to different client computers based on filtering criteria. You can also add boot-critical driver packages to boot images (supported for Windows 7 and Windows Server 2008 R2 images only). For more information on this topic, see Chapter 10.

To add device drivers to the deployment share, perform the following steps:

1. In Deployment Workbench, right-click the Out-Of-Box Drivers folder (or a subfolder you created under this folder) in your deployment share and select Import Drivers to start the Import Driver Wizard.

2. On the Specify Directory page, type the path containing the device drivers you want to add to the deployment share or click Browse to open it .

3. If you want, select the Import Drivers Even If They Are Duplicates Of An Existing Driver check box. Choosing this option allows Deployment Workbench to import duplicate drivers, if they exist, but Microsoft recommends against this .

In Server Manager, click Manage. Click Add roles and features. Select Role-based or feature-based installation and choose the server to deploy WDS. On the Select server roles page select the Windows Deployment Services check box. Click Next and follow the wizard to completion. I already installed it. Let’s create a boot image.

4. Finish the wizard. Deployment Workbench adds all the device drivers it finds in the folder and its subfolders .

After you add a device driver to the deployment share, it appears in the details pane when the Out-Of-Box Drivers folder (or a subfolder of this folder) is selected in the console tree . It also appears in the deployment share in Out-Of-Box Driverssubfolder[subfolder], where subfolder[subfolder] is the destination specified when adding the driver.

To disable a device driver, perform the following steps:

1. In the Deployment Workbench console tree, click Out-Of-Box Drivers (or a subfolder) in your deployment share

2. In the details pane, right-click the device driver you want to disable and then click Properties.

3. Click the General tab, clear the Enable This Driver check box, and then click OK .

To remove a device driver from the deployment share, perform the following steps:

1. In the Deployment Workbench console tree, click Out-Of-Box Drivers (or a subfolder) in your deployment share

2. In the details pane, right-click the device driver you want to remove and then click Delete

When a device driver is deleted from Deployment Workbench, it is also removed from the Out-Of-Box Drivers folder in the deployment share. In other words, removing a device driver from Deployment Workbench also removes it from the file system.

Creating Task Sequences

A task sequence binds operating system source files with the steps necessary to install them. A task sequence is associated with the following:

■ Operating system Choose an operating system image to use for the build.

■ Unattended setup answer file (Unattend.xml) Create an answer file that describes how to install and configure the operating system on the destination computer. For example, the answer file can contain a product key, organization name, and information necessary to join the computer to a domain. Generally, allow MDT 2010 to control the settings in Unattend.xml and use the MDT 2010 database to configure destination computers.

NOTE This chapter assumes that you are configuring task sequences and deployment points for the purpose of capturing custom images. The settings you configure by using the instructions in this chapter are different than the settings you will configure when deploying images to production computers. For more information about those settings, see Chapter 12.

To create a task sequence for image capture, perform the following steps:

1. In the Deployment Workbench console tree, right-click the Task Sequences folder (or a subfolder you created under this folder) in your deployment share and select New Task Sequence to start the New Task Sequence Wizard.

2. On the General Settings page, provide the information described in Table 6-3 . table 6-3 The General Settings Page

IN THIS LOCATION PROVIDE THIS INFORMATION

Task Sequence	Unique ID for the task sequence . You cannot change this ID
ID box	later, so decide on a naming scheme for task sequence IDs in
advance
Task Sequence	Descriptive name for the task sequence . Users see this name
Name box	during LTI.
Task Sequence	Additional information about the task sequence . Users see
Comments box	this description during LTI. Describe the build and what it
installs in the image

3. On the Select Template page, choose a template task sequence to use as a starting point . You can customize the template later. For the purpose of building images, choose the Standard Client Task Sequence template.

4. On the Select OS page, choose an operating system image to install with this task sequence. Only the operating system images previously added to your deployment point are visible

5. On the Specify Product Key page, select one of the following:

• Do Not Specify A Product Key At This Time.

• Specify A Multiple Activation Key (MAK Key) For Activating This Operating System, and then type the product key in the Product Key box.

• Specify The Product Key For This Operating System, and then type the product key in the Product Key box

For more information about volume activation and product keys in MDT 2010, see Chapter 11, 'Using Volume Activation .' Chapter 11 describes when a product key is necessary. Generally, customers deploying volume-licensed Windows 7 media to 25 or more computers should select the Do Not Use A Product Key When Installing option. Customers deploying volume-licensed Windows 7 media using Windows 7 Multiple Activation Keys (MAKs) should select the Specify A Multiple Activation Key (MAK Key) For Activating This Operating System option and then type a product key in the Product Key box. Customers deploying retail Windows 7 media should select the Specify The Product Key For This Operating System option and then type a product key in the Product Key box

6. On the OS Settings page, provide the information described in Table 6-4 and then click OK . The values you provide on this page are irrelevant because you are creating a build for image capture, and you will change these values during production deployment .

table 6-4 The OS Settings Page

IN THIS LOCATION PROVIDE THIS INFORMATION

table 6-4 The OS Settings Page

IN THIS LOCATION PROVIDE THIS INFORMATION

Full Name box	Owner name
Organization box	Name of the organization
Internet Explorer	Uniform Resource Locator (URL) of the default Windows
Home Page box	Internet Explorer home page, such as the URL of the organi-
zation's intranet home page

7. On the Admin Password page, select Do Not Specify An Administrator Password At This Time. Do not specify a local Administrator password for image task sequences so that you can specialize the password during deployment .

8. Finish the wizard.

After you create a task sequence in your deployment share, it appears in the details pane when the Task Sequences folder (or a subfolder of this folder) is selected in the console tree It also appears in the deployment share in Task Sequencessubfolder[subfolder], where sub-folder[subfolder] is the destination selected when creating the task sequence . Deployment Workbench stores metadata about each build in TaskSequences .xml, which is located in the deployment share's Control folder.

To disable a task sequence, perform the following steps:

1. In the Deployment Workbench console tree, click Task Sequences (or a subfolder) in your deployment share .

2. In the details pane, right-click the task sequence you want to disable and then click Properties

3. On the General tab, clear the Enable This Task Sequence check box and then click OK . Alternatively, you can hide the task sequence by selecting the Hide This Task Sequence In The Deployment Wizard check box.

NOTE Disabling a build prevents the Windows Deployment Wizard from displaying it in the list of builds from which a user can choose during an LTI deployment.

To remove a task sequence, perform the following steps:

1. In the Deployment Workbench console tree, click Task Sequences (or a subfolder) in your deployment share .

2. In the details pane, right-click the task sequence you want to remove and then click Delete

To edit the task sequence's answer file (Unattend.xml), perform the following steps:

1. In the Deployment Workbench console tree, click Task Sequences (or a subfolder) in your deployment share.

2. In the details pane, right-click the task sequence containing the answer file you want to edit, and then click Properties

3. On the OS Info tab, click Edit Unattend.xml to open the build's answer file in Windows SIM

For more information about using Windows SIM to edit Unattend.xml, see the topic 'Windows System Image Manager Technical Reference' in the Windows AIK .

DIRECT FROM THE SOURCE

Reducing Image Count

Doug Davis, Lead Architect

Management Operations & Deployment, Microsoft Consulting Services

We put the 2007 Office system and a virus scanner on every image. That way, the customer can be productive regardless of the method we use to deploy other applications. Also, a lot of things just make sense to put in the image so that the user doesn't have to download them later. I can't think of a single customer who doesn't have Adobe Acrobat Reader.

The virtual private network (VPN) and dialer installation programs are in the image, but we don't install them. When we deploy the image, the task sequence checks Windows Management Instrumentation (WMI) to see whether it's a mobile device. If it's a mobile device, we then install the VPN and dialer software; otherwise, we delete the installation programs.

We also never use a product key. Instead, we use the Key Management Service to simplify our images and reduce key loss. Chapter 11 describes the Key Management Service.

Having a single image to deploy is very handy and works well. We encourage people to change an image only when they need new software. Whenever a new update or device driver is required, we just replicate that information and then inject it into the image rather than making a new image every month and replicating the image. If this is the approach you plan to take, image versioning is very important to track.

Editing a Task Sequence

In MDT 2010, the task sequence is a list of tasks to run during deployment . However, it's not a linear list of tasks like a batch script . The task sequence is organized into groups and specifies conditions, or filters, that can prevent tasks and entire groups from running in certain situations .

MDT 2010 uses a Task Sequencer to run the task sequence . The Task Sequencer runs the task sequence from top to bottom in the order specified. Each task in the sequence is a step, and steps can be organized into groups and subgroups. When you create a task sequence in Deployment Workbench, you can choose a task sequence template. A key feature of the task sequence is that it stores state data, or variables, on the destination computer. These variables persist, even across reboots . The Task Sequencer can then use these variables to test conditions and possibly filter tasks or groups . The Task Sequencer also can restart the computer and gracefully continue the task sequence where it left off. These are important characteristics when driving a deployment process from beginning to end.

Task sequences contain the following types of items:

■ Steps Steps are commands that the Task Sequencer runs during the sequence, such as partitioning the disk, capturing user state, and installing the operating system. Within a task sequence, steps do the actual work. In the task sequence templates provided by MDT 2010, most steps are commands that run scripts.

■ Groups The task sequence steps can be organized into groups, which are folders that can contain subgroups and steps . Groups can be nested as necessary. For example, the default task sequence puts steps in groups by phase and deployment type.

You can filter both steps and groups, including the groups and steps that they contain, based on conditions that you specify. Groups are especially useful for filtering because you can run an entire collection of steps based on a condition, such as the deployment phase or type of deployment.

To edit a task sequence, perform the following steps:

1. In the Deployment Workbench console tree, click Task Sequences (or a subfolder) in your deployment share .

2. In the details pane, right-click the task sequence you want to edit and then click Properties

3. Click the Task Sequence tab, as shown here, edit the task sequence as described in Table 6-5, and then click OK . For more information about settings on the Properties and Options tabs, see the sections titled 'Configuring Group and Task Properties' and 'Configuring the Options Tab' later in this chapter.

table 6-5 Editing a Task Sequence

TO USE THESE STEPS

Add a group In the task sequence, select the item beneath which you want to create a new group, click Add, and then click New Group . Deployment Workbench creates and selects a new group called New Group

Add a step In the task sequence, select the item beneath which you want to create a new step and click Add. Then choose the type of step that you want to create by clicking General and then choosing one of the following (MDT 2010 supports more steps than those listed here, but they are already in the task sequence or are primarily for server deployment):

■ Run Command Line

■ Set Task Sequence Variable

■ Run Command Line As

Deployment Workbench creates and selects a new step with a name relating to the type of step you're creating.

Add a reboot In the task sequence, select the item beneath which you want to add a reboot, click Add, click General, and then click Restart Computer Deployment Workbench creates and selects a new task that restarts the destination computer

USE THESE STEPS

Add an application In the task sequence, select the item beneath which you want to add an application installation, click Add, click General, and then click Install Application Then select the Install Application step you just added, and on the Properties tab, click Install A Single Application. Choose the application you want to install from the Application To Install list.

IMPORTANT If you install antivirus software as part of the task sequence, be sure to carefully test how the antivirus software interacts with the deployment process before moving to a production environment. Antivirus software can prevent MDT 2010 from successfully deploying Windows 7 and applications. If necessary, you can always disable the antivirus software and then re-enable it at the end of the task sequence.

To edit an item in a task sequence, select the item you want to work with and then edit the settings in the right pane

NOTE MDT 2010 includes a variety of special steps, such as the Enable BitLocker task or Install Operating System step, that you can configure. You change settings for these steps by selecting the step in the left pane and then configuring the step on the Properties tab. In general, the most interesting steps to configure are Validate (under Validation and under PreinstallNew Computer Only), Format and Partition Disk (under PreinstallNew Computer Only), Install Operating System (under Install), Apply Network Settings (under State Restore), and Enable BitLocker (under State Restore).

To remove an item in a task sequence, select the item you want to work with and then click Remove. If a group is removed, Deployment Workbench removes the group and everything it contains, including subgroups and tasks

To reorder an item in a task sequence, select the item you want to work with and then click Up or Down to change its position within the task sequence . During deployment, the Windows Deployment Wizard runs the tasks from top to bottom in the order specified.

Continue reading here: Configuring Group and Task Properties

Was this article helpful?

-->

Applies to

• Windows 10

This topic will show you how to take your reference image for Windows 10 (that was just created), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).

We will prepare for this by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.

For the purposes of this topic, we will use four computers: DC01, MDT01, HV01 and PC0005.

• DC01 is a domain controller
• MDT01 is a domain member server
• HV01 is a Hyper-V server
• PC0005 is a blank device to which we will deploy Windows 10

MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation. HV01 used to test deployment of PC0005 in a virtual environment.

Note

For details about the setup for the procedures in this article, please see Prepare for deployment with MDT.

Step 1: Configure Active Directory permissions

These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.

On DC01:

1. Download the Set-OUPermissions.ps1 script and copy it to the C:SetupScripts directory on DC01. This script configures permissions to allow the MDT_JD account to manage computer accounts in the contoso > Computers organizational unit.

2. Create the MDT_JD service account by running the following command from an elevated Windows PowerShell prompt:

3. Next, run the Set-OuPermissions script to apply permissions to the MDT_JD service account, enabling it to manage computer accounts in the Contoso / Computers OU. Run the following commands from an elevated Windows PowerShell prompt:

   The following is a list of the permissions being granted:

   • Scope: This object and all descendant objects
   • Create Computer objects
   • Delete Computer objects
   • Scope: Descendant Computer objects
   • Read All Properties
   • Write All Properties
   • Read Permissions
   • Modify Permissions
   • Change Password
   • Reset Password
   • Validated write to DNS host name
   • Validated write to service principal name

Step 2: Set up the MDT production deployment share

Next, create a new MDT deployment share. You should not use the same deployment share that you used to create the reference image for a production deployment. Perform this procedure on the MDT01 server.

Create the MDT production deployment share

On MDT01:

The steps for creating the deployment share for production are the same as when you created the deployment share for creating the custom reference image:

1. Ensure you are signed on as: contosoadministrator.

2. In the Deployment Workbench console, right-click Deployment Shares and select New Deployment Share.

3. On the Path page, in the Deployment share path text box, type D:MDTProduction and click Next.

4. On the Share page, in the Share name text box, type MDTProduction$ and click Next.

5. On the Descriptive Name page, in the Deployment share description text box, type MDT Production and click Next.

6. On the Options page, accept the default settings and click Next twice, and then click Finish.

7. Using File Explorer, verify that you can access the MDT01MDTProduction$ share.

Configure permissions for the production deployment share

To read files in the deployment share, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT_BA) for the D:MDTProduction folder

On MDT01:

1. Ensure you are signed in as contosoadministrator.

2. Modify the NTFS permissions for the D:MDTProduction folder by running the following command in an elevated Windows PowerShell prompt:

Step 3: Add a custom image

The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores additional components in the SourcesSxS folder which is outside the image and may be required when installing components.

Add the Windows 10 Enterprise x64 RTM custom image

In these steps, we assume that you have completed the steps in the Create a Windows 10 reference image topic, so you have a Windows 10 reference image at D:MDTBuildLabCapturesREFW10X64-001.wim on MDT01.

1. Using the Deployment Workbench, expand the Deployment Shares node, and then expand MDT Production; select the Operating Systems node, and create a folder named Windows 10.

2. Right-click the Windows 10 folder and select Import Operating System.

3. On the OS Type page, select Custom image file and click Next.

4. On the Image page, in the Source file text box, browse to D:MDTBuildLabCapturesREFW10X64-001.wim and click Next.

5. On the Setup page, select the Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path option; in the Setup source directory text box, browse to D:MDTBuildLabOperating SystemsW10EX64RTM and click Next.

6. On the Destination page, in the Destination directory name text box, type W10EX64RTM, click Next twice, and then click Finish.

7. After adding the operating system, double-click the added operating system name in the Operating Systems / Windows 10 node and change the name to Windows 10 Enterprise x64 RTM Custom Image.

Note

The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.

Step 4: Add an application

When you configure your MDT Build Lab deployment share, you can also add applications to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the MDT Production deployment share using Adobe Reader as an example.

Create the install: Adobe Reader DC

On MDT01:

1. Download the Enterprise distribution version of Adobe Acrobat Reader DC (AcroRdrDC1902120058_en_US.exe) to D:setupadobe on MDT01.

2. Extract the .exe file that you downloaded to an .msi (ex: .AcroRdrDC1902120058_en_US.exe -sfx_o'd:setupadobeinstall' -sfx_ne).

3. In the Deployment Workbench, expand the MDT Production node and navigate to the Applications node.

4. Right-click the Applications node, and create a new folder named Adobe.

5. In the Applications node, right-click the Adobe folder and select New Application.

6. On the Application Type page, select the Application with source files option and click Next.

7. On the Details page, in the Application Name text box, type Install - Adobe Reader and click Next*.

8. On the Source page, in the Source Directory text box, browse to D:setupadobeinstall and click Next.

9. On the Destination page, in the Specify the name of the directory that should be created text box, type Install - Adobe Reader and click Next.

10. On the Command Details page, in the Command Line text box, type msiexec /i AcroRead.msi /q, click Next twice, and then click Finish.

    The Adobe Reader application added to the Deployment Workbench.

Step 5: Prepare the drivers repository

In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:

• Lenovo ThinkPad T420
• Dell Latitude 7390
• HP EliteBook 8560w
• Microsoft Surface Pro

For boot images, you need to have storage and network drivers; for the operating system, you need to have the full suite of drivers.

Note

You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.

Create the driver source structure in the file system

The key to successful management of drivers for MDT, as well as for any other deployment solution, is to have a really good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use.

On MDT01:

Important

In the steps below, it is critical that the folder names used for various computer makes and models exactly match the results of wmic computersystem get model,manufacturer on the target system.

1. Using File Explorer, create the D:drivers folder.
2. In the D:drivers folder, create the following folder structure:
   1. WinPE x86
   2. WinPE x64
   3. Windows 10 x64
3. In the new Windows 10 x64 folder, create the following folder structure:
   • Dell Inc.
     • Latitude E7450
   • Hewlett-Packard
     • HP EliteBook 8560w
   • Lenovo
     • ThinkStation P500 (30A6003TUS)
   • Microsoft Corporation
     • Surface Laptop

Note

Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.

Create the logical driver structure in MDT

When you import drivers to the MDT driver repository, MDT creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This is done by creating logical folders in the Deployment Workbench.

1. On MDT01, using Deployment Workbench, select the Out-of-Box Drivers node.
2. In the Out-Of-Box Drivers node, create the following folder structure:
   1. WinPE x86
   2. WinPE x64
   3. Windows 10 x64
3. In the Windows 10 x64 folder, create the following folder structure:
   • Dell Inc.
     • Latitude E7450
   • Hewlett-Packard
     • HP EliteBook 8560w
   • Lenovo
     • 30A6003TUS
   • Microsoft Corporation
     • Surface Laptop

The preceding folder names should match the actual make and model values that MDT reads from devices during deployment. You can find out the model values for your machines by using the following command in Windows PowerShell:

Or, you can use this command in a normal command prompt:

If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post, entitled Using and Extending Model Aliases for Hardware Specific Application Installation.

The Out-of-Box Drivers structure in the Deployment Workbench.

Create the selection profiles for boot image drivers

By default, MDT adds any storage and network drivers that you import to the boot images. However, you should add only the drivers that are necessary to the boot image. You can control which drivers are added by using selection profiles.The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate Windows 10 drivers for your device, a Windows 7 or Windows 8.1 driver will most likely work, but Windows 10 drivers should be your first choice.

On MDT01:

1. In the Deployment Workbench, under the MDT Production node, expand the Advanced Configuration node, right-click the Selection Profiles node, and select New Selection Profile.

2. In the New Selection Profile Wizard, create a selection profile with the following settings:

   1. Selection Profile name: WinPE x86
   2. Folders: Select the WinPE x86 folder in Out-of-Box Drivers.
   3. Click Next, Next and Finish.

3. Right-click the Selection Profiles node again, and select New Selection Profile.

4. In the New Selection Profile Wizard, create a selection profile with the following settings:

   1. Selection Profile name: WinPE x64
   2. Folders: Select the WinPE x64 folder in Out-of-Box Drivers.
   3. Click Next, Next and Finish.

   Creating the WinPE x64 selection profile.

Extract and import drivers for the x64 boot image

Windows PE supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image.

On MDT01:

1. Download PROWinx64.exe from Intel.com (ex: PROWinx64.exe).
2. Extract PROWinx64.exe to a temporary folder - in this example to the C:TmpProWinx64 folder.a. Note: Extracting the .exe file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the %userprofile%AppDataLocalTempRarSFX0 directory. This directory is temporary and will be deleted when the .exe terminates.
3. Using File Explorer, create the D:DriversWinPE x64Intel PRO1000 folder.
4. Copy the content of the C:TmpPROWinx64PRO1000Winx64NDIS64 folder to the D:DriversWinPE x64Intel PRO1000 folder.
5. In the Deployment Workbench, expand the MDT Production > Out-of-Box Drivers node, right-click the WinPE x64 node, and select Import Drivers, and use the following Driver source directory to import drivers: D:DriversWinPE x64Intel PRO1000.

Download, extract, and import drivers

For the Lenovo ThinkStation P500

For the ThinkStation P500 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo ThinkStation P500 model has the 30A6003TUS model name, meaning the Machine Type is 30A6.

To get the updates, download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can also download the drivers by searching PC Support on the Lenovo website.

In this example, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever to the D:DriversLenovoThinkStation P500 (30A6003TUS) directory.

On MDT01:

1. In the Deployment Workbench, in the MDT Production > Out-Of-Box Drivers > Windows 10 x64 node, expand the Lenovo node.

2. Right-click the 30A6003TUS folder and select Import Drivers and use the following Driver source directory to import drivers:

   D:DriversWindows 10 x64LenovoThinkStation P500 (30A6003TUS)

   The folder you select and all sub-folders will be checked for drivers, expanding any .cab files that are present and searching for drivers.

For the Latitude E7450

For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the Dell TechCenter website.

In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the D:DriversDell Inc.Latitude E7450 folder.

On MDT01:

1. In the Deployment Workbench, in the MDT Production > Out-Of-Box Drivers > Windows 10 x64 node, expand the Dell Inc. node.

2. Right-click the Latitude E7450 folder and select Import Drivers and use the following Driver source directory to import drivers:

   D:DriversWindows 10 x64Dell Inc.Latitude E7450

For the HP EliteBook 8560w

For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the HP Support site.

In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the D:DriversWindows 10 x64Hewlett-PackardHP EliteBook 8560w folder.

On MDT01:

1. In the Deployment Workbench, in the MDT Production > Out-Of-Box Drivers > Windows 10 x64 node, expand the Hewlett-Packard node.

2. Right-click the HP EliteBook 8560w folder and select Import Drivers and use the following Driver source directory to import drivers:

   D:DriversWindows 10 x64Hewlett-PackardHP EliteBook 8560w

For the Microsoft Surface Laptop

For the Microsoft Surface Laptop model, you find the drivers on the Microsoft website. In these steps we assume you have downloaded and extracted the Surface Laptop drivers to the D:DriversWindows 10 x64MicrosoftSurface Laptop folder.

On MDT01:

1. In the Deployment Workbench, in the MDT Production > Out-Of-Box Drivers > Windows 10 x64 node, expand the Microsoft node.

2. Right-click the Surface Laptop folder and select Import Drivers; and use the following Driver source directory to import drivers:

   D:DriversWindows 10 x64MicrosoftSurface Laptop

Step 6: Create the deployment task sequence

This section will show you how to create the task sequence used to deploy your production Windows 10 reference image. You will then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.

Create a task sequence for Windows 10 Enterprise

On MDT01:

1. In the Deployment Workbench, under the MDT Production node, right-click Task Sequences, and create a folder named Windows 10.

2. Right-click the new Windows 10 folder and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:

   • Task sequence ID: W10-X64-001
   • Task sequence name: Windows 10 Enterprise x64 RTM Custom Image
   • Task sequence comments: Production Image
   • Template: Standard Client Task Sequence
   • Select OS: Windows 10 Enterprise x64 RTM Custom Image
   • Specify Product Key: Do not specify a product key at this time
   • Full Name: Contoso
   • Organization: Contoso
   • Internet Explorer home page: https://www.contoso.com
   • Admin Password: Do not specify an Administrator Password at this time

Edit the Windows 10 task sequence

1. Continuing from the previous procedure, right-click the Windows 10 Enterprise x64 RTM Custom Image task sequence, and select Properties.

2. On the Task Sequence tab, configure the Windows 10 Enterprise x64 RTM Custom Image task sequence with the following settings:

   1. Preinstall: After the Enable BitLocker (Offline) action, add a Set Task Sequence Variable action with the following settings:

      1. Name: Set DriverGroup001
      2. Task Sequence Variable: DriverGroup001
      3. Value: Windows 10 x64%Manufacturer%%Model%

   2. Configure the Inject Drivers action with the following settings:

      • Choose a selection profile: Nothing
      • Install all drivers from the selection profile

      Note

      The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the 'Choose a selection profile: Nothing' setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the 'Install all drivers from the selection profile' setting.

   3. State Restore. Enable the Windows Update (Pre-Application Installation) action.

   4. State Restore. Enable the Windows Update (Post-Application Installation) action.

3. Click OK.

   The task sequence for production deployment.

Step 7: Configure the MDT production deployment share

In this section, you will learn how to configure the MDT Build Lab deployment share with the rules required to create a simple and dynamic deployment process. This includes configuring commonly used rules and an explanation of how these rules work.

Configure the rules

Note

The following instructions assume the device is online. If you're offline you can remove SLShare variable.

On MDT01:

1. Right-click the MDT Production deployment share and select Properties.

2. Select the Rules tab and replace the existing rules with the following information (modify the domain name, WSUS server, and administrative credentials to match your environment):

3. Click Edit Bootstrap.ini and modify using the following information:

4. On the Windows PE tab, in the Platform drop-down list, make sure x86 is selected.

5. On the General sub tab (still under the main Windows PE tab), configure the following settings:

   In the Lite Touch Boot Image Settings area:

   • Image description: MDT Production x86
   • ISO file name: MDT Production x86.iso

   Note

   Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests.

6. On the Drivers and Patches sub tab, select the WinPE x86 selection profile and select the Include all drivers from the selection profile option.

7. On the Windows PE tab, in the Platform drop-down list, select x64.

8. On the General sub tab, configure the following settings:

   In the Lite Touch Boot Image Settings area:

   • Image description: MDT Production x64
   • ISO file name: MDT Production x64.iso

9. In the Drivers and Patches sub tab, select the WinPE x64 selection profile and select the Include all drivers from the selection profile option.

10. In the Monitoring tab, select the Enable monitoring for this deployment share check box.

11. Click OK.

    Note

    It will take a while for the Deployment Workbench to create the monitoring database and web service.

    The Windows PE tab for the x64 boot image.

The rules explained

The rules for the MDT Production deployment share are somewhat different from those for the MDT Build Lab deployment share. The biggest differences are that you deploy the machines into a domain instead of a workgroup.

You can optionally remove the UserID and UserPassword entries from Bootstrap.ini so that users performing PXE boot are prompted to provide credentials with permission to connect to the deployment share. Setting SkipBDDWelcome=NO enables the welcome screen that displays options to run the deployment wizard, run DaRT tools (if installed), exit to a Windows PE command prompt, set the keyboard layout, or configure a static IP address. In this example we are skipping the welcome screen and providing credentials.

The Bootstrap.ini file

This is the MDT Production Bootstrap.ini:

The CustomSettings.ini file

This is the CustomSettings.ini file with the new join domain information:

Some properties to use in the MDT Production rules file are as follows:

• JoinDomain. The domain to join.
• DomainAdmin. The account to use when joining the machine to the domain.
• DomainAdminDomain. The domain for the join domain account.
• DomainAdminPassword. The password for the join domain account.
• MachineObjectOU. The organizational unit (OU) to which to add the computer account.
• ScanStateArgs. Arguments for the User State Migration Tool (USMT) ScanState command.
• USMTMigFiles(*). List of USMT templates (controlling what to backup and restore).
• EventService. Activates logging information to the MDT monitoring web service.

Optional deployment share configuration

If your organization has a Microsoft Software Assurance agreement, you also can subscribe to the additional Microsoft Desktop Optimization Package (MDOP) license (at an additional cost). Included in MDOP is Microsoft Diagnostics and Recovery Toolkit (DaRT), which contains tools that can help you troubleshoot MDT deployments, as well as troubleshoot Windows itself.

Add DaRT 10 to the boot images

If you have licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you do not have DaRT licensing, or don't want to use it, simply skip to the next section, Update the Deployment Share. To enable the remote connection feature in MDT, you need to do the following:

Note

DaRT 10 is part of MDOP 2015.

MDOP might be available as a download from your Visual Studio subscription. When searching, be sure to look for Desktop Optimization Pack.

On MDT01:

1. Download MDOP 2015 and copy the DaRT 10 installer file to the D:SetupDaRT 10 folder on MDT01 (DaRTDaRT 10Installers<lang>x64MSDaRT100.msi).

2. Install DaRT 10 (MSDaRT10.msi) using the default settings.

3. Copy the two tools CAB files from C:Program FilesMicrosoft DaRTv10 (Toolsx86.cab and Toolsx64.cab) to the production deployment share at D:MDTProductionToolsx86 and D:MDTProductionToolsx64, respectively.

4. In the Deployment Workbench, right-click the MDT Production deployment share and select Properties.

5. On the Windows PE tab, in the Platform drop-down list, make sure x86 is selected.

6. On the Features sub tab, select the Microsoft Diagnostics and Recovery Toolkit (DaRT) checkbox.

   Selecting the DaRT 10 feature in the deployment share.

7. In the Windows PE tab, in the Platform drop-down list, select x64.

8. In the Features sub tab, in addition to the default selected feature pack, select the Microsoft Diagnostics and Recovery Toolkit (DaRT) check box.

9. Click OK.

Update the deployment share

Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.

1. Right-click the MDT Production deployment share and select Update Deployment Share.

2. Use the default options for the Update Deployment Share Wizard.

Step 8: Deploy the Windows 10 client image

These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.

Configure Windows Deployment Services

You need to add the MDT Production Lite Touch x64 Boot image to WDS in preparation for the deployment. In this procedure, we assume that WDS is already installed and initialized on MDT01 as described in the Prepare for Windows deployment article.

On MDT01:

1. Open the Windows Deployment Services console, expand the Servers node and then expand MDT01.contoso.com.

2. Right-click Boot Images and select Add Boot Image.

3. Browse to the D:MDTProductionBootLiteTouchPE_x64.wim file and add the image with the default settings.

   The boot image added to the WDS console.

Deploy the Windows 10 client

At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you are confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. This helps rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:

On HV01:

1. Create a virtual machine with the following settings:

   • Name: PC0005
   • Store the virtual machine in a different location: C:VM
   • Generation: 2
   • Memory: 2048 MB
   • Network: Must be able to connect to MDT01MDTProduction$
   • Hard disk: 60 GB (dynamic disk)
   • Installation Options: Install an operating system from a network-based installation server

2. Start the PC0005 virtual machine, and press Enter to start the PXE boot. The VM will now load the Windows PE boot image from the WDS server.

   The initial PXE boot process of PC0005.

3. After Windows PE has booted, complete the Windows Deployment Wizard using the following setting:

   • Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
   • Computer Name: PC0005
   • Applications: Select the Install - Adobe Reader checkbox.

4. Setup now begins and does the following:

   • Installs the Windows 10 Enterprise operating system.
   • Installs the added application.
   • Updates the operating system via your local Windows Server Update Services (WSUS) server.

Application installation

Following OS installation, Microsoft Office 365 Pro Plus - x64 is installed automatically.

Use the MDT monitoring feature

Since you have enabled the monitoring on the MDT Production deployment share, you can follow your deployment of PC0005 via the monitoring node.

On MDT01:

1. In the Deployment Workbench, expand the MDT Production deployment share folder.

2. Select the Monitoring node, and wait until you see PC0005.

3. Double-click PC0005, and review the information.

   The Monitoring node, showing the deployment progress of PC0005.

Use information in the Event Viewer

When monitoring is enabled, MDT also writes information to the event viewer on MDT01. This information can be used to trigger notifications via scheduled tasks when deployment is completed. For example, you can configure scheduled tasks to send an email when a certain event is created in the event log.

The Event Viewer showing a successful deployment of PC0005.

Multicast deployments

Multicast deployment allows for image deployment with reduced network load during simultaneous deployments. Multicast is a useful operating system deployment feature in MDT deployments, however it is important to ensure that your network supports it and is designed for it. If you have a limited number of simultaneous deployments, you probably do not need to enable multicast.

Requirements

Multicast requires that Windows Deployment Services (WDS) is running on Windows Server 2008 or later. In addition to the core MDT setup for multicast, the network needs to be configured to support multicast. In general, this means involving the organization networking team to make sure thatInternet Group Management Protocol (IGMP) snooping is turned on and that the network is designed for multicast traffic. The multicast solution uses IGMPv3.

Set up MDT for multicast

Setting up MDT for multicast is straightforward. You enable multicast on the deployment share, and MDT takes care of the rest.

On MDT01:

1. In the Deployment Workbench, right-click the MDT Production deployment share folder and select Properties.

2. On the General tab, select the Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services) check box, and click OK.

3. Right-click the MDT Production deployment share folder and select Update Deployment Share.

4. After updating the deployment share, use the Windows Deployment Services console to, verify that the multicast namespace was created.

   The newly created multicast namespace.

Use offline media to deploy Windows 10

In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can very easily generate an offline version of your deployment share - either the full deployment share or a subset of it - through the use of selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.

Offline media are useful not only when you do not have network connectivity to the deployment share, but also when you have limited connection to the deployment share and do not want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.

Create the offline media selection profile

To filter what is being added to the media, you create a selection profile. When creating selection profiles, you quickly realize the benefits of having created a good logical folder structure in the Deployment Workbench.

On MDT01:

1. In the Deployment Workbench, under the MDT Production / Advanced Configuration node, right-click Selection Profiles, and select New Selection Profile.

2. Use the following settings for the New Selection Profile Wizard:

   • General Settings

     • Selection profile name: Windows 10 Offline Media

   • Folders

     • Applications / Adobe
     • Operating Systems / Windows 10
     • Out-Of-Box Drivers / WinPE x64
     • Out-Of-Box Drivers / Windows 10 x64
     • Task Sequences / Windows 10

Create the offline media

In these steps, you generate offline media from the MDT Production deployment share. To filter what is being added to the media, you use the previously created selection profile.

1. On MDT01, using File Explorer, create the D:MDTOfflineMedia folder.

   Note

   When creating offline media, you need to create the target folder first. It is crucial that you do not create a subfolder inside the deployment share folder because it will break the offline media.

2. In the Deployment Workbench, under the MDT Production / Advanced Configuration node, right-click the Media node, and select New Media.

3. Use the following settings for the New Media Wizard:

   • General Settings
     • Media path: D:MDTOfflineMedia
     • Selection profile: Windows 10 Offline Media

Configure the offline media

Offline media has its own rules, its own Bootstrap.ini and CustomSettings.ini files. These files are stored in the Control folder of the offline media; they also can be accessed via properties of the offline media in the Deployment Workbench.

On MDT01:

1. Copy the CustomSettings.ini file from the D:MDTProductionControl folder to D:MDTOfflineMediaContentDeployControl. Overwrite the existing files.

2. In the Deployment Workbench, under the MDT Production / Advanced Configuration / Media node, right-click the MEDIA001 media, and select Properties.

3. In the General tab, configure the following:

   • Clear the Generate x86 boot image check box.
   • ISO file name: Windows 10 Offline Media.iso

4. On the Windows PE tab, in the Platform drop-down list, select x64.

5. On the General sub tab, configure the following settings:

   • In the Lite Touch Boot Image Settings area:
     • Image description: MDT Production x64
   • In the Windows PE Customizations area, set the Scratch space size to 128.

6. On the Drivers and Patches sub tab, select the WinPE x64 selection profile and select the Include all drivers from the selection profile option.

7. Click OK.

Add Network Driver To Windows Deployment Services Download

Generate the offline media

You have now configured the offline media deployment share, however the share has not yet been populated with the files required for deployment. Now everything is ready you populate the deployment share content folder and generate the offline media ISO.

On MDT01:

1. In the Deployment Workbench, navigate to the MDT Production / Advanced Configuration / Media node.

2. Right-click the MEDIA001 media, and select Update Media Content. The Update Media Content process now generates the offline media in the D:MDTOfflineMediaContent folder. The process might require several minutes.

Create a bootable USB stick

The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.)

Tip

Add Network Driver To Windows Deployment Services Download

In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. You can place the image on a different drive (ex: E:DeployOperating SystemsW10EX64RTMREFW10X64-001.swm) and then modify E:DeployControlOperatingSystems.xml to point to it. Alternatively to keep using the USB you must split the .wim file, which can be done using DISM:
Dism /Split-Image /ImageFile:D:MDTOfflinemediaContentDeployOperating SystemsW10EX64RTMREFW10X64-001.wim /SWMFile:E:sourcesinstall.swm /FileSize:3800.
Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:MDTProductionControlSettings.xml) must have the SkipWimSplit value set to False. By default this value is set to True (<SkipWimSplit>True</SkipWimSplit>), so this must be changed and the offline media content updated.

Follow these steps to create a bootable USB stick from the offline media content:

1. On a physical machine running Windows 7 or later, insert the USB stick you want to use.

2. Copy the content of the MDTOfflineMediaContent folder to the root of the USB stick.

3. Start an elevated command prompt (run as Administrator), and start the Diskpart utility by typing Diskpart and pressing Enter.

4. In the Diskpart utility, you can type list volume (or the shorter list vol) to list the volumes, but you really only need to remember the drive letter of the USB stick to which you copied the content. In our example, the USB stick had the drive letter F.

5. In the Diskpart utility, type select volume F (replace F with your USB stick drive letter).

6. In the Diskpart utility, type active, and then type exit.

Unified Extensible Firmware Interface (UEFI)-based deployments

As referenced in Windows 10 deployment scenarios and tools, Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UEFI.

The partitions when deploying an UEFI-based machine.

Related topics

Add Network Driver To Windows Deployment Services 2016

Get started with the Microsoft Deployment Toolkit (MDT)
Create a Windows 10 reference image
Build a distributed environment for Windows 10 deployment
Refresh a Windows 7 computer with Windows 10
Replace a Windows 7 computer with a Windows 10 computer
Configure MDT settings