MDT – requirements sheet

Hi my friends, very very long time no see. I sincerely apologize for my period of absence, however this is partially due to lack of new content to write, which is caused by a period of not working with deployment tools.

In previous blog posts, I’ve set out some default settings to configure MDT with, such as the CustomSettings.ini and Bootstrap.ini, and then there is this script which configures your MDT environment automatically with PowerShell.

This time I thought it would be useful to write about the requirements you need for implementing MDT on (a customers) site:

table 1.1 Server Details:
Server Details
Operating System Windows Server 2012R2
(v)CPU 2
(v)MEM 4 Gb
Disk 0 50 Gb
Disk 1 100 Gb

If you want to incorporate the MDT database integration, you’ll need a database on a SQL server, with service accounts with the following permissions:

table 1.2 Database Details:
Object Details
Database Microsoft SQL 2005 or higher
Database permissions MDT Database Service Accounts; dbo_owner
Database permissions MDT Administrators; db_datareader, db_datawriter

If you install Windows Deployment Services to transport your MDT boot image with PXE boot, you’ll need to configure certain scope options in DHCP, take notice that the DHCP option 60 is only needed to be configured when DHCP and WDS run on one and the same server:

table 1.3 DHCP Details:
Scope Option Option Value
60 Client identifier PXEClient
66 Boot Server Host Name
67 Bootfile Name \Boot\x64\

The IP helper address needs to be configured, when your DHCP and WDS server are not on the same subnet. This prevents the boot image from being loaded into and over the memory of the network device, but point’s directly to the WDS server.

table 1.4 Network Details:
IP Helper Address

Next up, service accounts, based on least privileges needed to function, and, for setting the OU permissions for the domain join account, there is this very neat little script from MDT guru Johan Arwidmark:

table 1.5 Service Account Details:
Account Name Permissions Object
SA-MDT NTFS: Read & execute, List folder contents, Read Share: Read Folder: DeploymentShare
SA-MDTDomainJoin Create Computer Objects; Delete Computer Objects; Read All Properties; Write All Properties; Read Permissions; Modify Permissions; Change Password; Reset Password; Validated write to DNS host name; Validated write to service principle name; Active Directory: Organizational Unit
SA-MDTDB dbo SQL Server: database user mapping

You can put accounts in groups and give permissions to groups if more people need the same permissions to work with MDT:

table 1.6 Domain Group Details:
Group Name Type Member of Members
DM-MDT Domain local - Security n.a. GM-MDT
GM-MDT Global - Security DM-MDT SA-MDTDB
DM-MDT-Admins Domain local - Security n.a. GM-MDT-Admins
GM-MDT-Admins Global - Security DM-MDT-Admins Individual Active Directory users

Lastly again folder permissions based on least privileges, and also the SQL Share for authentication of unknown users during Operating System Deployment – WinPE phase

table 1.7 Folder permission Details:
Folder Account / Group NTFS Permissions Share Permissions
DeploymentShare SA-MDT Read & execute, List folder contents, Read Read
DeploymentShare Authenticated Users n.a. Read
SQL Share Authenticated Users n.a. Read

So next time you’re going to implement MDT, keep in mind some (preferably all) of the mentioned requirements, and hopefully this will make life again much easier.

~Things not working, privileges wrong? Don’t hesitate to let me know!

Cheers! Rens

6 thoughts on “MDT – requirements sheet

  1. Rams

    Hello Rens,
    Thanks for the information..I wanted migrate windows 2008 server to windows 2012 R2 using MDT 2013. Could you please let me know how to do that?
    Thank you in advance

    1. Rams

      Hi Rens,

      Unfortunately, USMT does not work on Windows Server 2003 or 2008 to migrate Terminal servers. what is the best method we can use to migrate user profiles?- Thanks

  2. Bhupendra

    Hello Sir,

    I need a small help to configure MDT. It will be very helpful for me if you give me answer of my below question.

    I want to configure MDT with separate DHCP Server. I tried my best to search from Google and reading different blogs but not succeed .

    Would you please provide the exact steps to configure MDT with DHCP on different host.

    1. Rens Hollanders Post author

      Hello Bhupendra,

      I’ve been out of this material for some years now, however. If you have MDT running on a different server then the DHCP server you have to do nothing. It’s important that if WDS is running on the same server as DHCP that you supply additional instructions to the DHCP. However, if you have WDS running in your network and it is the only WDS instance that serves PXE booting, then no configuration of your DHCP is necessary.

      Good luck! Kind Regards.

  3. Yong Tong Shen

    Hi Rens,

    I’m curious as to whether MDT is cluster aware? Can I install MDT on a server cluster so it can failover to another node? My deployment share will be hosted on a HA HA clustered file server.


    1. Rens Hollanders Post author


      I think you need to have your share HA, either with the solution you state or replicated dfs.
      The mdt workbench software itself is not cluster aware, however you can install multiple workbench consoles on different servers as long as you keep your prereq software and mdt version on the same level across all workbench servers.


Leave a Reply

Your email address will not be published.