Microsoft Deployment Toolkit (MDT) Image Bakery
Updating the disk images used by MDT
I’ve been working on a project to set up an Amazon Web Services AMI bakery and thought its time to update the disk images used by Microsoft Deployment Toolkit too. The time to install patches during deployment was getting crazy. The process to update MDT images is:
- (PXE) Boot WinPE (from WDS server or some other TFTP source)
- Format and partition disk
- install OS
- install core software to be included in image (eg Office or SNMP),
- install updates (for OS and Microsoft apps)
- SysPrep
- Boot into WinPE & Capture image (WIM)
- Shutdown
Start with a regular client/server template and add a capture stage to the end of the task sequence. Clear the JoinDomain variable to prevent joining the domain during deployment. Start with a virtual hardware config that doesn’t require extra drivers and has multiple cores:
- 2 CPUs
- LSI Logic SAS (doesn’t require VMware drivers)
- E1000 NIC (doesn’t require VMware drivers)
- Latest VM virtual hardware version
Run your task sequence. Import the captured WIM image into MDT or whatever deployment system you use. Use that for quicker OS deployments in future. If MDT has all it’s variables pre-configured you can run it zero touch. Your virtualisation system (VMware, HyperV) and also MDT Deployment Workbench can be automated with PowerShell. You can make a VM template containing MDT WinPE that boots straight into MDT. So you can automate the end to end process of recreating disk images every month after patch Tuesdays. Your controlling script would kick off the process, wait for the VM to shutdown at the end. Then import the resulting WIM into your deployment tooling. So you get a continuous deployment of monthly disk images containing all the patches.
Gotchas
If you use WSUS target groups (eg test,staging,prod) MDT doesn’t support target groups out of the box. Update CustomSettings.ini and ZTIWindowsUpdate.wsf.
This post gives an overview (though the code is munged up from the blogging software, you’ll have to fix it up) https://itmicah.wordpress.com/2014/01/16/add-wsus-target-group-option-to-mdt-deployments/
If you use disk imaging you need to be aware of any uniqueness that isn’t removed by SysPrep. One of these is a unique ID for WSUS agent. Remove this before imaging by adding a cleanup step to your task sequence. https://gallery.technet.microsoft.com/Remove-WSUS-configuration-86d3f21c
It may require multiple restarts to apply all the updates. So add extra steps to restart computer and re-run the updates step in the task sequences.
Find more IT Infrastructure tips at blog.alexmags.com