MDT – How I build my reference images (User Question)

Based on my last post: “MDT – Post me your MDT Questions” I’ve received a question from mr. “Jones” who reached out to me with the following comment:

Hi,

Great that Microsoft at last put an understandable Technet article on “Create a Windows 8.1 Reference Image”. Great comments by you aswell on clearing the event logs. I think Microsoft should put that as default in MDT.

Maybe there are some other small “tips” that you ALWAYS perform at every MDT installation you do that you can share with us?

So to put my words in action, this is how I build my reference images.

!Note: this post focusses on building a Windows 8.1 Enterprise image, but with some adjustments can well be used for a Windows 7 Enterprise deployment.

1. Use the ConfigureDeploymentShare script.

To get a headstart with configuring MDT, you can save a lot of time by using my powershell script. It will create and configure everything in your deploymentshare, based on a logical structure I’ve designed.

You can find the script and post about it, here: “MDT2013 – Powershell ‘BESERK’ mode, configure everything with Powershell!!!

2. Create a build task sequence

Within MDT there are several templates available which set you up with a task sequence from where you should be able to do a deployment.

Now understand that there is no difference between a so called ‘build task sequence’ and a ‘deploy task sequence’, the differences are made by the person that’s responsible for the MDT environment.

To get started, I assume you have already imported the following sources:

  • Operating System source (like from a Microsoft ISO file)
  • Applications (like visual C++ redistributables, Office 2013 etc.)
  • Possible VMware drivers (if you are building your image on a VMware platform)
  • Packages containing Windows 8.1 update files
  • Language packs

Under the task sequences node, select the Build folder, which represents task sequences that are used for creating reference images:

figure 2.1: Task Sequence Node

build001

and on the right side pane, click “New Task Sequence”

figure 2.2: New Task Sequence

build002

From there a wizard will start, asking some basic information. This information is used to generate the unattended.xml which is used to deploy the operating system unattended with the information specified in the xml file.

figure 2.3: Task Sequence Wizard – General Settings

build003

In the general settings, I always like to specify a build task sequence with OSB (derived from Operating System Build) followed with a unique number. If this is the first task sequence, call it OSB001

figure 2.4: Task Sequence Wizard – Select Template

build004

 

Select the standard client task sequence if you want to deploy a client, select the standard server task sequence, if you want to deploy a server

figure 2.5: Task Sequence Wizard – Select OS

build005

Select the base operating system image source

figure 2.6: Task Sequence Wizard – Specify Product Key

build006

Normally for any deployment task sequence, you need to specify a product key. Since we are building an image here, this is not necessary. Presumably by the time you have reached the 180 day grace-period, your image must have been built 😉

figure 2.7: Task Sequence Wizard – OS Settings

build007

The same goes for the OS Settings, why specify the company name during the build already, when the company information is only relevant during deployment. Using generic information, does not cloud your image with irrelevant information, and enables you the use the images for more then one company for instance.

figure 2.8 : Task Sequence Wizard – Admin Password

build008

I always work with a specified admin password, nothing more to add here

figure 2.9: Task Sequence Wizard – Summary

build009

 

The summary displays the information we have provided before the task sequence is created.

figure 2.10: Task Sequence Wizard – Confirmation

build010

And lastly, the task sequence is created. And for the powershell fanatics among us, a script to perform these steps is provided:

Now that’s out of the way. Lets have a closer look at the Task Sequence properties.

3. Task Sequence Properties

Open up your task sequence, to modify the following settings:

!Note I will only describe the changes I’ve made to the default “standard client task sequence”

First: create the following Task Sequence Variables, stored in a group called Task Sequence Variables, prior to the “Initialize” step:

  • TSVAR: WindowsSource
  • VALUE: %DeployRoot%\Operating Systems\Windows_8.1_Enterprise_x64\sources\sxs
  • TSVAR: DoCapture
  • VALUE: YES
  • TSVAR: ComputerBackupLocation
  • VALUE: %DEPLOYROOT%\Captures
  • TSVAR: BackupFile
  • Value: W81ENTx64.wim
  • TSVAR: FinishAction
  • VALUE: SHUTDOWN

These Task Sequence Variables are set with the task sequence, and define the following actions:

WindowsSource, points to the sources\sxs folder which is needed in some cases when you want to install the .NET FX role with your Windows 8.1 installation
DoCapture, sets the flag to yes, so that at the end of your deployment the machine will be captured to a wim file
ComputerBackupLocation, determines the location where the wim file will be stored
BackupFile, specifies the name of the wim file, which sometimes may differ from what you normally want to call it, due to testing purposes
FinishAction, specifies that when the machine is finished capturing the wim file it will shutdown automatically.

By now you should have a task sequence which looks like this:

figure 3.1: Task Sequence Variables at the beginning of your task sequence

build011

this is also the moment to say: “I wish MDT Task Sequnces had a maximize button” – Which the MDT Team already came back to me explaining it’s a restriction of the current GUI / Console they are using 🙁

Next stop: Go to the Preinstall step, and select “Inject Drivers”. At this step, select the preconfigured selection profile: “Drivers_Virtual_VMware”

figure 3.2: Driver Selection Profile

build012

Selecting a driver profile for injecting drivers, makes sure incorrect drivers are not injected during this phase, which can cause a lot of trouble at later stages during the deployment

Next, under the “Inject Drivers” step, you will find the “Apply Patches” step. From the preconfigured selection profile, select: “Packages_Windows_8.1_x64”

figure 3.3: Packages Selection Profile

build013

Injecting packages upfront will shorten the time Windows Updates will run post-Operating System installation. This means that update files can be changed offline which is much faster then online update installation. Since there are no services running yet, no DLL’s registered, etc.

Next stop: “State Restore”, since the “Install” step only concerns applying the source wim file to the virtual machine and post install is setting up and configuring the machine for use. We can skip these steps and advance straightaway to the “State Restore” step.

Make sure to enable both “Windows Update” steps, if you want to service your image with the latest available updates! Besides this, remove the “Install Application step” and move the “Custom Tasks” step, inbetween the two Windows Update steps. Like this:

figure 3.4: State restore – Windows Updates and Custom Tasks

build014

Underneath the “Custom Tasks” step, I’ve created the following steps:

  • Install Roles and Services – Windows 8.1 – .NET Framework 3.5 and 4.5
  • Restart computer
  • Install application – Windows 8.1 Language Pack
  • New group, called: “Install Visual C++ Redistributables”
  • Install application – Visual C++ 2005 up to 2013
  • New group, called: “Install Office Suite”
  • Install application – Office 2013, incl. language packs
figure 3.5: Install Roles and Features

build015

figure 3.6: State Restore – Custom Tasks

build016

Of course these steps can be altered and can be focused on the requirements of your own organization. This is not a best practice, this is just my way of building a corporate ready reference image.

Next stop, is the end of the task sequence, right before the machine will be sysprepped and captured into a wim file, I perform a cleanup of several things:

  • Temp files and temp directories, such as logfiles that have been left over from the Visual C++ installation, the “Perflogs” and “temp” directory etc.
  • Clean up logfiles, this makes sure your logfiles are clean and empty before the machine is being captured. This makes sure that newly deployed machines don’t have a logfile full of entries back at the day the reference image was created.
figure 3.7: Cleanup phase

build017

The cleanup happens with a powershell script, which is located in the .\DeploymentShare\Scripts folder and called with a “PowerShell Script” step:

  • %ScriptRoot%\OSDCleanup.ps1

The contents of the script, are as following:

Log files can be easily cleaned by performing the following “Run Command Lines”:

  • – wevtutil cl application (for the application log)
  • – wevtutil cl security (for the security log)
  • – wevtutil cl system (for the system log)

And last but not least, before the sysprep and capture phase takes place, one final reboot of the machine to process system changes that otherwise may interfere with the sysprep process and may cause your entire task sequence to fail at this point.

figure 3.8: Reboot -just to be sure-

build018

And that is how I build my reference images mr. Jones 🙂

If there is any need to manually make changes before the machine is being captured, just insert the following “Run Command line” right after the Windows Updates (Post application installation) process: “cscript %ScriptRoot%\LTISuspend.wsf”

This will create a shortcut on the desktop, enabling you to make adjustments, restarting the computer and when finished making alterations, to continue the process of creating the reference image.

For more information about LTISuspend, please visit this great blog written by Michael Niehaus: “MDT 2010 New Feature #3: Suspend and resume a Lite Touch task sequence

This concludes my blog for this time. I felt I had to make it up to all of you, due to my absence the past couple of weeks 😀

I’ll leave you with the content for and from this blog, which contains the screenshots used in this blog. The scripts, and installation command’s of the applications used in this blog, like visual c++, Office 2013, language packs, and many more…

zip
ReferenceImageBlogContent.zip

Untill next time my padawan automaters 😉

 

15 thoughts on “MDT – How I build my reference images (User Question)

  1. Marc

    Hi again Rens,

    Question about the automatic Model selection at the beginning of Custom Settings. I’m building in VMware ESXi 4.1 and if I query wmic for model I get VMware Virtual Platform. This is exactly what you have configured in your Powershell BESERK mode script that’s run at the beginning of this how-to however when I boot a machine to build the reference image, it doesn’t select anything (or maybe it encounters an error? I can’t tell) the system just reboots into a loop. I had to comment out the TaskSequence setting for all VM and Default and set SkipTaskSequence to No so I could select the proper sequence however I’m not sure it’s doing it properly (still building) because the variables set for the custom model (VM’s) are different than Default (which I’m guessing is used for the Deploy, not Build).

    Is there any way to troubleshoot the automatic task selection process?

    Reply
    1. Rens Hollanders

      Marc,
      If the script is executed completely, you will also find a logging location in your DeploymentShare, for each computer that you try to deploy a logfile called BDD.log is created in a folder that starts with “MININT-” in this folder you will find the log file. Please view the logfile with Trace64.exe or CMtrace.exe. When MDT promptly quits the deployment without notification most likely it’s because the desired task sequence can’t be found. As you can see I refer to a TaskSequenceID called “OSB001” in my script, which stands for OS BUILD 001. If you don’t have a Task Sequence in your MDT Environment which meets the exact same Task Sequence ID, mentioned behavior can occur.

      So create a Standard Client Task Sequence, give it the ID “OSB001” and name: Build Reference Image v1.0 (or something like that), select an operating system, and retest your deployment.

      Cheers! Rens

      Reply
      1. Marc

        Yeah it wasn’t completing so there was no log file (it wouldn’t detect the fact that system model = VMware). Got some more testing to do but there’s progress!

        Reply
        1. Marc

          Wait a sec, brain fart. I see my mistake! (OSB001 was being called by CustomSettings however Task Sequence ID was OSB0001)

          Reply
  2. AMK

    Hi,
    Excellent guide, it helped me start and setup my mdt environment. I am stuck with a scenario, where I want offline WIM file which can be used to deploy on different models of offline computers using a generic PE bootable usb. Any suggestions?

    Reply
  3. Rama

    I want to capture the image of windows 2008 R2 as reference image using standard client task sequence. I tried capturing image, it formats and installing the OS and then capturing the image. Please let me know is it possible to capture the image without deployment. -Thanks

    Reply
    1. Rens Hollanders

      Hi Rama,

      How do you capture an Image without deployment? I’m not sure what you mean. If you want to create a reference image, the original source files have to be installed as a running operating system, for you to make adjustments and changes, insert Windows updates and then capture that image into a so called reference image what you can use to deploy to targets. Be sure to do this on a virtual machine as a best practice to avoid driver pollution!

      Cheers! Rens

      Reply
  4. Rama

    Hi Rens,

    Thank you very much for quick response. Your are right! if it is bare metal server 1st we need to deploy the server then we can capture the image. My scenario is i have server with all application is installed. so i want take that server image as reference image from win pe boot image(not from sysprep and capture image). Because i need to login to the server to run the sysprep and capture task sequence- Thank you in advance.

    Reply
    1. Rens Hollanders

      So If I understand you correctly, you want to capture a computer which is already installed, but you don’t want to log in first. Then you should boot to WinPE and initiate the capture task sequence there and disable the sysprep step in MDT. I think that should be it.
      You’ll need to provide the following properties either in the customsettings.ini or in your task sequence as a task sequence variable (I would go for TS variables)
      SkipCapture=YES
      DoCaptures=YES
      BackupFile=”name of your file”.wim
      BackupLocation=%deployroot%\captures\%computername%

      Cheers! Rens

      Reply
  5. Rama

    Hi Rens,

    Thank you! For this which task sequence template would work for me? standard client task sequence or sysprep and capture task sequence??

    Thank you very much.

    Reply
    1. Rens Hollanders

      Rama,

      The sysprep and capture task sequence, but be sure to put your task sequence variables I have just supplied at the very front of the task sequence. Disable the sysprep step so only the capture step is executed, and make sure you can select the task sequence from within WinPE. So you’ll have to boot to WinPE first, and have SkipTaskSequence set to NO in your customsettings.ini.

      Cheers! Rens

      Reply
  6. Mario

    Rens – thanks for the writeup. I follow this method but add the language packs during the Apply Patches step. Is there a reason why you have them added as a different step? What KBs are you adding during the apply patches step to speed up the windows updates process?

    Reply
    1. Rens Hollanders

      Hi Mario,

      The reason why I embed my language packs as an application and not as a cab file in patches, is because I don’t have good experience with applying language cab files as updates. I guess I never got it to work, every time the language packs weren’t there. Somewhere back in the MDT2010 time, perhaps things have changed over time, but never really looked back into it. Now I just use something that works, DISM with an Application. The KB’s that I am adding are just the regular security and critical updates that are applicable. This way I’ll get a head start on all those updates that Windows Update needs to install.

      Cheers! Rens

      Reply
  7. Rama

    Dear Rens,
    Thanks for the help.I have tried as informed me. But capture has failed with 8 errors, like ZTI error, Litetouch deployment failed, failed to run the action etc. Please advise on this. Thank you in advance.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *