none
MDT 2012- Starting a new i mage

    Question

  • It's time to build a better image to deploy to my clients. The image created prior to me was never captured, so I've basically been deploying a base image, via Litetouch and added apps to it... then going back and adding updates, altering settings etc.  Still took too long, and still too many variables for differences between them. Thing is, outside of a lab, I haven't done it either, not properly anyway.

    I've created a test image, and now I'm adding updates and settings but not adding applications (like Office, Adobe, etc. I have packages already, can they stay?)

    How do I capture this image and make it my base image, but more importantly, I'm concerned about the following items:

    Workstation name. (We have a naming convention based on serial number)

    MAK key, I've never gotten this to work, so I'm prompted during the setup, and again when I first use the device.....

    3 different laptops, so 3 different images with 3 sets of drivers, correct? (Not an issue, I mean I can, but just want to be sure this is how it's done.)

    M$ updates. I always do updates, so does this mean that if I capture the image with all updates and drivers up to today (April 15, today), that I only need to worry about future updates to the device (this alone would save me a  bundle of time..)

    Am I missing any important factors here?

    INFO: Win Serv 2008 R2, Sp1 , MDT 2012, Workbench 6.02, Mgmt Console 3.0, version 6.1 Sp1

    Monday, April 15, 2013 3:53 PM

Answers

  • Your Golden Image (or Reference) is just described as "Thin", then.  It's the original OS, with some configuration and all your updates, but few (or no) apps.  No issue with that at all if it meets your requirements!  Creating and capturing this Reference Image from a VM ensures that it doesn't have any drivers, but will give you a totally patched captured Image (except for patches to apps you install during Deploy) for then using another Task Sequence to Deploy (with your selecting of applications) to actual physical workstations.

    So what you really want is two Standard Client Task Sequences... one that does "Capture" (ie installs the original OS, does your config, and runs patching, then gets saved as a WIM) and one that does "Deploy" (ie uses the capture WIM, adds your software based on choice, maybe runs patching again, and injects drivers based on WMI calls).  The trick is to use the Capture TS, take the created WIM and import, then go into your Deploy TS and point to the "new" OS you just imported from the Capture TS.  Once you have it all working, you can customize CustomSettings.ini to only show the wizards you want on the correct machines (like [Default] for your Deployment usage and set Capture setting on something based on the MAC of your VM, for example).  You can see an example of some of this in my article about automating your builds with VMs, Hyper-V, and a touch of PowerShell.

    And thank you for reading my blog, put a big smile on my face when I read that earlier today knowing that my articles are at least helping someone! : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    • Marked as answer by BWB Rob Base Monday, May 20, 2013 12:33 PM
    Wednesday, April 17, 2013 5:02 AM

All replies

  • Hi,

    If you have your base image ready you can create a "Sysprep & Capture" Tasksequence that wil sysprep it capture it and put it on the deploymentshare.

    This can be launched by accessing  your deploymentshare and lauching the wizard and selecting the TS this can be done via  \\<MDTMACHINE>\Deploymentshare$\scripts\LiteTouch.vbs.

    As for the number of images it depends...if you are deploying newer versions of windows  like Vista, 7 , 8 ...you no longer need different images for different hardware.

    The drivers can be injected during the deployment tasksequence by automatically detecting them or just the drivers for that model based on a WMI query.

    For the number of images less is better and easier to manage in the long term.

    For the updates you are right.

    Kind regards

    Kurt


    MCSE: Private Cloud MCITP: Enterprise Administrator 2008 MCITP: Virtualization Administrator 2008 R2 MCSA: Server 2008 MCTS: Configuration Manager 2007, Configuration



    • Edited by Kurt Depre Monday, April 15, 2013 5:02 PM
    Monday, April 15, 2013 5:00 PM
  • Kurt, thanks for the quick reply.   All machines will be Win 7 Pro/64 bit.  And all from the same manufacturer, Lenovo; so even a few drivers match.

    So: Since I've been deploying this image, I can just finish doing my updates and such, and pickup from sysprep/capture already?

    Even noting my MAK issue and my Machine Name issue?

    Monday, April 15, 2013 5:22 PM
  • For consistency, I prefer using a standard client Task Sequence to image a machine with the original media, install what I need to (apps / config), then capture it.  Then import that custom WIM and use it in another standard client Task Sequence for deployment and add drivers to that one.  I dislike using the Sysprep / Capture Task Sequence.  Also, if possible, you should be doing your original capture in a VM to keep it clean of drivers.

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Monday, April 15, 2013 5:29 PM
  • Hi,

    I would build my base image on a VM so there are no unneeded drivers in there and then have the drivers injected as part of the deployment.

    Sysprep will remove GUIDs & machine names and you will be able to specifiy new ones.

    I'm not very familiar with MAK(usually I do KMS), but normally you can specifiy it as part of the deployment tasksequence (the ProductKey TS variable).

    Kurt


    MCSE: Private Cloud MCITP: Enterprise Administrator 2008 MCITP: Virtualization Administrator 2008 R2 MCSA: Server 2008 MCTS: Configuration Manager 2007, Configuration

    Monday, April 15, 2013 5:31 PM
  • I admit you lost me a little fella's. 

    1) I don't like installing apps in the image due to frequent upgrades.. like Notes, Office, Adobe etc.  I'd rather just continue using the tick box so I can choose what app I want to install on each machine. (Granted I only have ~10 packages, but it really helps).

    2) So I'll run my VM test, install all my drivers, do M$ updates, and configure the desktop how I want.... and then... capture/Sysprep?   Just a little nudge in the right direction would help me greatly...

    Again I thank you both... and David, I'm "one of the six who read your blog" ...cool to put a face and name together. lol.

    Tuesday, April 16, 2013 2:14 PM
  • Rob,

    I'm thinking you are missing the point and power of MDT. With MDT you can build an hardware agknostic image, because drivers do not need to be applied into the WIM or reference image but are being deployed/serviced afterwards while setuping up you're operating system.

    Check this thread for some more explanation: Windows 7 Golden image creation prerequites and steps to create

    There is one image to rule them all. You can create an fully unattended image without any human interference entirely based on the information in your customsettings.ini, check this blog for more info: MDT 2012 Settings for fully automated LTI deployment, Part II: Customsettings.ini or you can build your image, manually adjust it, do customizations and sysprep and capture it with the 'sysprep and capture' template task sequence which is available by default on MDT 2010 and 2012.

    Next I suggest, you don't put any company customization like serial numbers and company info in your reference image, because these settings will all be overwritten when the image is being deployed during your deployment task sequence.

    In my opinion best practice is to build your reference/build/golden image (so many names and interpretations available for this step) on a virtual machine, regulate your WSUS updates via customsettings.ini or WSUS itself, and capture the result to make it usefull for deployment to physical hardware.

    And finally, I think there is still some reading to do for you to get yourself familiar with the MDT principles. Good luck!!!


    If this post is helpful please click "Mark for answer", thanks! Kind regards

    Tuesday, April 16, 2013 3:25 PM
  • Rens.. thanks for the info. I've successfully deployed about 50 PC's to date, but I'm looking to speed up the process.  I don't want 10 chef's on this one bowl of soup so I'm trying to follow one or two users advice and make sure I don't error too much along the way.

    true, I am a rookie. But with Technets help, I've built many software packages, repaired a few, and created a few on my own.  But now I'm starting over and it's taking a bit of effort to convince myself to do this, I admit.

    I will build a VM laptop today. I want as many of the MSoft updates on it as possible, without apps like Office, or IBM Notes or Adobe on it just yet. I'm noting "Drivers" seems to be the question. I'm only running 3 or 4 laptops now, so I'll keep the base image I have for those, and continue to build the specific machines separately. This seems to go against the Golden Image you reccomend though.. so I'm proceeding with caution anyway...  Baby steps indeed.

    Tuesday, April 16, 2013 4:20 PM
  • Your Golden Image (or Reference) is just described as "Thin", then.  It's the original OS, with some configuration and all your updates, but few (or no) apps.  No issue with that at all if it meets your requirements!  Creating and capturing this Reference Image from a VM ensures that it doesn't have any drivers, but will give you a totally patched captured Image (except for patches to apps you install during Deploy) for then using another Task Sequence to Deploy (with your selecting of applications) to actual physical workstations.

    So what you really want is two Standard Client Task Sequences... one that does "Capture" (ie installs the original OS, does your config, and runs patching, then gets saved as a WIM) and one that does "Deploy" (ie uses the capture WIM, adds your software based on choice, maybe runs patching again, and injects drivers based on WMI calls).  The trick is to use the Capture TS, take the created WIM and import, then go into your Deploy TS and point to the "new" OS you just imported from the Capture TS.  Once you have it all working, you can customize CustomSettings.ini to only show the wizards you want on the correct machines (like [Default] for your Deployment usage and set Capture setting on something based on the MAC of your VM, for example).  You can see an example of some of this in my article about automating your builds with VMs, Hyper-V, and a touch of PowerShell.

    And thank you for reading my blog, put a big smile on my face when I read that earlier today knowing that my articles are at least helping someone! : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    • Marked as answer by BWB Rob Base Monday, May 20, 2013 12:33 PM
    Wednesday, April 17, 2013 5:02 AM
  • Ok David.. Sorry for the delayed response......I thought I was OK so far, but reading your second paragraph I'm no longer as sure.

    First: My reference PC has been built in VM now, all the updates (and just default video and NIC drivers etc), and bare minimum of apps are installed and Windows is patched. All the settings we want (favs, desktop, icons, etc) are on this image and configured.  I am ready to...CAPTURE this image?  I've never used the task sequence options before so this is virgin territory for me. 

    2 things concern me. 

    1) I already have a successful image being deployed so I don't want to blow that up until I know this new one works...

    2) Will I need to reinstall all my application packages from scratch? Like Office, Adobe, VPN etc?

    Thursday, May 02, 2013 2:37 PM
  • If you built the VM, apps and config by hand, then use, you are ready to Capture (and Sysprep) that image.  Once you've captured it, import the new WIM into your Workbench, and create a new Task Sequence that uses it and test it on a simple machine.  If it lays down the image correctly, try updating your Deployment Task Sequence with the new WIM (just change the Install Operating System step to use this WIM) and try it to validate it works.  If it fails, you can always switch back to the old WIM.

    1)  Understood.  You can import many different WIM files and have different Task Sequences for testing.  Many people like taking it a step further and doing their Captures and testing in one Workbench, then copy their stuff over to a "Production" Workbench for Deploys when ready to reduce risk of breaking something.

    2)  If the applications are part of your newly captured WIM, then you should not.  You've created a "thick" image and it should have all your Apps+Config baked right in, which can speed up deployment time.

    Once you've become comfortable with this, you can look at automating your Capture in the VM so that you don't install or config anything by hand.  Then, your builds are truly "automated" and are significantly easier to maintain.  Then you would just run the Build and Capture, validate the new WIM, and move it to Production (or your Production TS) for Deployment.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 02, 2013 3:20 PM
  • Welp, I thought I was OK.. I mean I'm not totally dead here...I'll share what i did.

    "VIKI" is where MDT is running (Yes, "I Robot"), she is my stand alone, MDT only server... She digs me. Next:

    "SteveFromHedge"  is where the virtual PC was pre-built that I wanted to capture. (built ahead of time=bad?)  HEDGE was fully built to what I'll call my personal Golden Image, I left out drivers, and the bulk of our bigger apps, like Office'13, or Lotus Notes etc but I did include our VOIP software, and some really basic tools, like CCleaner, and finally ran all the current Microsoft updates.  HEDGE was ready..

    So I followed a SYSPREP video from gootube (mistake #1 I think), I created the new task sequence, "WIN7WithUpdates" and attempted to capture it, I got the Cmd line, typed sysprep etc, and off it went....  but then............. it over wrote my STEVEFROMHEDGE image with itself... So, for example, the Wkstn name and passwords were all prompts I saw, so I followed along, and I now have this image.  My apps are in place, but it's a different profile now, so some of the settings I work off of are now under the other profile..

    What have I done? Did I blow it up?


    Thursday, May 02, 2013 4:55 PM
  • Pre-built isn't bad, it just isn't automated and easily repeatable and ends up taking more time to recreate.  Starting here is fine... as you grow in MDT knowledge, you'll want to move more toward automated.

    Sounds like HEDGE is a "thin" image since it is OS+Updates+Small Apps.  And if you ran Sysprep and Capture, you may still be ok.  On your Deployment Share, do you have a folder called Captures with any WIM under it?  It sounds like you Sysprep'ed (and hopefully captured) HEDGE, and when you logged back into HEDGE it had been normalized (due to sysprep) so it didn't look exactly how you left it.  This is why many of us prefer Hyper-V (or vmware) so that we can snapshot it before running sysprep.

    Check the Captures folder first and lets see if you got a WIM, if you did, you might be ok.  Although without a snapshot of HEDGE, you probably have to manually recreate your VM (did I mention automation was better?). : )

    p.s.  Love that you named your MDT Server VIKI. :D


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 02, 2013 5:08 PM
  • Nope, no WIM's in my CAPTURES folder to speak of.. (story of my life,really), glad I looked though, I thought this would be visible via the Deployment Workbench..

    Maybe I'm missing the Automation concept more than I thought.  Aren't I capturing this HEDGE, and using it as my base image, then, booting the new machine, pointing to this image via PXE or CD, choosing/checking the apps I want, and then letting her fly?  I can get more automated than THAT?  I do need to name each Workstation, and for now, type in MAK keys individually. (Need to keep those older machines licenses around, ya know).

    So, should I reconfig HEDGE one more time, the apps and updates are there, only the actual profile stuff, a couple desktop settings, would need to be altered..

    This has to do with the default profile vs current, doesn't it? (shaking head)  By the way, I've gone ahead and downloaded all the needed drivers into the OutOfBox drivers for safe keeping.

    Thursday, May 02, 2013 5:38 PM
  • No, captured WIMs don't automatically show up in the Deployment Workbench, they just get saved out to that folder (or elsewhere, depending on settings in CustomSettings.ini).  Once you've completed a capture and have the WIM, then you import it into the Workbench as a new OS.  Although there was a PowerShell script on these forums by a user within the last few months who automated the import).

    Yes, you can automate the creation of HEDGE.  It sounds like right now you are manually installing the base image and installing apps and configuring (unless I read your note wrong).  You can use one Standard Client Task Sequence to create your "reference" image and another Standard Client Task Sequence to deploy it (once you've imported it).  The Deploy one is where you choose/check the apps you want, enter MAK, etc.

    It does sound like HEDGE needs to be recreated in order to capture it, but instead of doing it manually... I'd try and do it all within a Task Sequence so it's automated and repeatable, but you don't have to.  MDT is super flexible. : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 02, 2013 5:47 PM
  • OK then....   I'm now diving into automated/Task Sequence.  MDT may be flexible, but to a rookie, it's like making concrete souffle. :)  

    So I created the folder, and will now create the T/S, I'm choosing Win7 64bit Pro since that's what we have/licensed for. It created a really basic Task Sequence but I'm not sure how to continue to get to the build, make my alterations then caprute...  Sorry to go play-by-play here, but I don't want to have to re-re-redo this if I can help it.

    Thanks for your tremendous help thus far David.  (bowing in your general direction..I think)

    Thursday, May 02, 2013 6:44 PM
  • But once the concrete souffle is done, you'll have a solid foundation! : )

    The default Standard Client Task Sequence has a segment under State Restore called "Custom Tasks".  For the most part, you just want to add your Application installs and running any config scripts here.  I'd also disable "Apply Local GPO Package" (last step in State Restore) because if you don't expect it or plan for it, it can change things you didn't want changed.  If you have SkipCapture=YES in your CustomSettings.ini, you'll need to undo that so you can select to do the capture from the Wizard (or add DoCapture=YES to CS.ini).  This way, it'll run the OS install, install your apps+config, patch, and capture.

    And always glad to help... : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 02, 2013 8:40 PM
  • David, I feel like I'm stuck in a loop here. Just a nudge in the right direction once more?

    1) Created the folder for my new image (leaving old one intact for safe keeping)

    2) Ran NEW TASK SEQUENCE, ID, name, comments done. SYSPREP?CAPTURE would not be what I want now since the .WIM wasn't created before, and the profile doesn't appear to be the right one, Sysprep should be skipped...right?  I feel like I'm spinning in circles heres becuase I can't wrap my head around this order I think.....  Am I going straight to CUSTOM TASK SEQUENCE?

    Thanks again sir!

    Monday, May 06, 2013 5:14 PM
  • I'm not 100% sure based on your descriptions which step your on.  If you look at the thread Rens helpfully posted (and wrote) here (http://social.technet.microsoft.com/Forums/en-US/mdt/thread/ad27e8a1-da80-44da-afd9-a7ee005cc9b2), in the graphic, which step # are you on?

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, May 07, 2013 1:28 PM
  • OK, so I found the list, and found myself now stuck even further up, step 2 threw me a bit... [my comments in (BOLD)]

    1.    Reference image to be built in virtual machine to keep it as clean as possible from drivers and other programs. (So I'm rebuilding now in VM)
    2.    Divide your sequence in to steps to keep things organized, for example: Step 1. Initialization, Step 2. Preparation, Step 3. Pre installation etc. (What? Does he mean separate Task Sequences?)
    3.    Create a layering model for your applications, divide these in to categories: Layer 1 > OS Supported Applications, Layer 2 > Office Applications, Layer 3 > General business applications, Layer 4 etc. (Do I have to recreate my apps? I love the way they work now allowing me to pick and choose what I want to install) UPDATE/EDIT: My golden image will hold no apps, too many licensing issues)

    (I'll stop here for now as not to overwhelm you/me/any other poor soul reading this)

    4.    Decide if you want to embed things like language packs into your reference build, copying blunt data is much faster than installation time
    5.    Define the prerequisites and requirements you want to apply in your build
    6.    Apply updates
    7.    Apply customizations, registry modifications if necessary
    8.    Sysprep & Capture


    Wednesday, May 08, 2013 3:43 PM
  • 1.  Good, VM is best!  When you say you are rebuilding in VM, are you building your image by hand, or using a Task Sequence to build it?
    2.  No, they mean the Folder Groups.  The default Standard Client Task Sequence already comes grouped up this way.
    3.  No, you don't have to recreate them.  Layers is more a concept.  Layer 1 (OS), Layer 2 (Generic Apps), Layer 3 (BU Apps), Layer 4 (Policy).  Your reference image WIM could be any combo of 1 (Thin), 1+2 (Thick), or 1+2+3 (Really Thick AND requires multiple images to support each BU).  Layer 4 is normally handled outside the WIM with Group Policy or a 3rd party tool like AppSense Environment Manager.

    Ready for more! : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Wednesday, May 08, 2013 4:01 PM
  • 2. and 3.  Ok, thanks for the clarification. 

    1. I am using the 'old' image to deploy in VM.  Should I run it via Task Sequence instead? This was part of my question before actually where I wasn't sure of what "choice" I needed to make.

    I created a new folder under Task Sequences.  Then within it I launched a NEW Task Sequence, but go stuck since I had not used this before.... I created the ID, Named it and hit NEXT, there, I am presented with 9 choices, none of which I'm familiar with at this time.  Since I (think) you'll recommend using TASK SEQUENCE for my VM build, my question is, what do I choose? Std Client Task Sequence? Custom Task Sequence? Lite touch OEM?

    I'll pause my VM build now pending the reply... 

    Thank you sir! Tremendous help!

    Wednesday, May 08, 2013 4:23 PM
  • Yes, it's best to use a Task Sequence to build your reference image and to do it in the VM.  Then you don't have to manually install the OS and everything, it will do it for you.  Both your "Capture" and your "Deploy" Task Sequence should each be "Standard Client Task Sequence".  If you choose to manually build the VM by hand, then you'd use the "Sysprep and Capture" Task Sequence to create the WIM, but I'd suggest automating it as much as possible.

    Also, I'd Snapshot your VM before you install anything (clean VHD).  This way, once you are done with the Task Sequence and have a WIM, you can just revert it and run it again as if it was clean.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Wednesday, May 08, 2013 4:37 PM
  • Ok the first TS is done.  Win 7 Pro 64 bit. Then I went into it and disabled "Apply local GPO".  Anything else we should uncheck or check? 

    So this is a base image? But without any changes by me. I see the Initialization/Validation/ etc (can't believe I didn't catch that earlier, I practically lived in there during the old image build) but what does the "Divide your sequence in to steps" mean?  Am I to disable the items below and create a separate TS for each? In other words.

    Base image is TS1

    Initialization is TS2? Validation is TS3?  Nooooo.... right?

    I believe my biggest confusion (to date anyway) is that doing it this way seems out of order to me. 

    Wednesday, May 08, 2013 6:47 PM
  • Hi Rob,

    DC has taken you through roughly all the MDT basics, also with help from a previous post I did, with "Divide your sequence in to steps" I can only mean, that it would be useless to test 1 run command line to rename the administrator account for instance, with a whole deployment. That would be crazy, testing a configuration step what would take no more then a few seconds, and then do an entire deployment of Windows 7 to test only that one step.


    So basically especially for people who are new to MDT it is a great help if you chop things up. Test 1 step, then test another, if both steps are working, park them for later use in a task sequence called "This stuf works 4show!!!" :) By chopping things up, you can troubleshoot adequately and efficient. Ahhh those days... I can remember my first baby deployment steps, you will find yourself pretty soon in a tunnel of deployment stuff and sometimes it is good people can pull you out of that tunnel and give you a fresh perspective on the whole thing. That is only what I meant with "Divide your sequence in to steps"


    So what you have got now is:


    One task sequence to build your 'golden' or so called reference image with. I always like to call that task sequence "OSBuild001" and task sequence ID would be OSB001 then. Now you need to have a new task sequence where you are going to deploy the result of your OSB001 to targetted machines, so I would like to call that OSDeploy001 and task sequence ID would be OSD001 then.


    It's nothing more then splitting your entire computer deployment up in two parts:


    1. (OSB001) Building the golden/reference/general image (Windows 7 incl. updates and middleware components and perhaps Office 2010)


    2. (OSD001) the deployment of that golden/reference/general image to target computers with some additional components you didn't want to put into your golden/reference/general image like applications that are sensitive to unique identifiers (SID) like Virusscanners, Agents and all that kind of stuf


    And by creating that result (OSD001) you would want to chop up working stuf from the stuf that isn't working, because you haven't figured it out yet. For example, can you install Adobe Acrobat Reader first time right? Do you know the install command? Since these things are all trial and error, you would want to separate the working stuff from the stuff that still needs some more trial and error.


    In the end, you will copy/paste all the working steps in your OSD001 task sequence under "Custom Actions" for example and do a full entire deployment.


    Capiche Compadre!?!




    If this post is helpful please click "Mark for answer", thanks! Kind regards


    Wednesday, May 08, 2013 7:09 PM
  • Rens, thanks for the info... si', ho capito. Sort of.

    I understand splitting up the building of the image into bite-size, workable and editable chunks.  But right now, I can't see how to get past this first TS creation. What's next? Deploy it via VM, add the updates, and "save" it? How? Another Task Sequence?

    Sorry for the 20 questions guys, but I have to make this process more efficient...


    Wednesday, May 08, 2013 8:37 PM
  • "Hellooo, is this thing on?" Rens, did you scare off David? Lol..

    Ok guys... so I built the new image in VM, adjusted the settings I wanted etc. Now I need to CAPTURE this, correct? Last time I tried to the .WIM file failed to create, so I was stuck.

    Can you please assist?

    Monday, May 13, 2013 4:13 PM
  • Sorry, I missed your last question, I'm still here. : )

    Yes, if you've manually built your reference (or gold) image, then the next step is to capture it.  Create a new "Sysprep and Capture" (unless you already have one).  Then from your reference image, take a snapshot first (so you can easily get back here if something goes wrong or for new changes later).  Then browse to your MDT share and run LiteTouch.vbs, select your "Sysprep and Capture", and watch it reboot to WinPE and start the backup.  If you get an error capturing the WIM, then revert the VM (so it's pre-capture), and we can look at the error you have and debug that step.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Monday, May 13, 2013 4:19 PM
  • Ok. I completed my personal 'golden image'.

    This image was created from the standard blank Win Pro 7 image I created via Task manager. 

    I just made a SNAPSHOT of it for safe keeping before I run SYSPREP.... now I'll run S&C.. but when it reboots, won't it just deploy like it did last time? (perhaps this is where I error each time..hmm).

    Monday, May 13, 2013 6:58 PM
  • If you do a sysprep and capture and look at the task sequence properties of that task sequence, It cannot do anything more or less then sysprep and capture. There are no deploy tasks present! So go ahead and give it a try :)

    If this post is helpful please click "Mark for answer", thanks! Kind regards

    Monday, May 13, 2013 7:01 PM
  • When I just chose SYSPREP and CAPTURE and I was brought back to the factory .WIM files, I chose WIN 7 Pro 64 bit since that's what we're using.... But where would I point to my current VM copy to capture this updated GOLDEN image ?  Herein lies my continuous problem I think....


    Monday, May 13, 2013 7:31 PM
  • When you create a "Sysprep and Capture" Task Sequence, it will ask you for an Operating System because that's part of the default wizard.  However, if you look at the Task Sequence, the template comments it out.  So what you select for OS really doesn't matter on a "Sysprep and Capture".  Once you've created the Task Sequence, you need to go to your VM (reference machine) and browse to the MDT share under \Scripts and run LiteTouch.vbs.  From this screen, select the "Sysprep and Capture" Task Sequence you created and it will reboot to WinPE and then capture the machine you are running this from as a WIM, thus creating your image.

    So, you run the capture ON your Golden Image, but the Task Sequence could be used on any machine you want to capture.  The OS you pick when creating that Task Sequence doesn't matter (as opposed to a Deploy task sequence).


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Monday, May 13, 2013 8:27 PM
  • Genuinely can't say thanks enough..

    I was able to run S&C ... it took barely 2 minutes, maybe less as I went to check status and it was completed (with no errors).    BUT..... shouldn't I see the new .WIM file with the other .WIM's in "Operating Systems" folder in the Deployment Workbench or somewhere else?    

    I literally named the Sysprep Task Sequence "Step 2- Win 7 Pro (64 bit)."  So...my Golden Image has been captured, and now I can see if my original apps are a choice for this new image?

    Or is this new STEP 2 my golden image going forward now?


    Also, My 'Out Of Box Drivers' folder now has all the drivers I need to build any one of the 4 laptops at my disposal... this is good right?  ;)
    Tuesday, May 14, 2013 3:35 PM
  • The WIM should get placed into your capture folder.  If it only ran for 2 minutes, I'd be a little suspicious that it completed properly.  Did you see it boot to Windows PE?  It should take ~ 20 minutes to capture the WIM depending on how many apps you have installed in it.  You may need to add these to your CustomSettings.ini:

    SkipCapture=NO
    DoCapture=YES
    ComputerBackupLocation=%DeployRoot%\Captures

    The WIM, once captured, will be in your Capture folder under your Deployment Share.  You'll still need to Import it as a New Operation System to start using it from within MDT.  Let's validate you have a WIM file before moving to the next step.

    And good on the Out of Box drivers!  It's a step in the right direction. : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, May 14, 2013 3:48 PM
  • Capture folder was indeed empty.  Is the Customsettings.ini created by default?  (A full search reveals nothing....)
    Watched "Processing bootstrap etc" and then nothing... I should be seeing some sort of progress, right? Where as earlier it prompted for all sorts of info, my admin credentials, domain etc and says it completed without error.. I'm rebooting my VM and trying again...

    Just an FYI: "My" golden image only contains easy things like a CCleaner tool, defrag and some desktop settings. The real apps are for later.


    EDIT::
    'Houston: We have a problem'  The LiteTouch.vbs ran after entering my credentials, for all of 5 seconds, BUT encountered no errors or warnings... when it was done.
    • Edited by BWB Rob Base Tuesday, May 14, 2013 6:52 PM Houston
    Tuesday, May 14, 2013 6:43 PM
  • You get to your CustomSettings.ini from inside the Workbench.  Right click on your Share --> Properties --> Rules Tab.  Under [Default], try adding those three lines I gave you a post back.  On the same screen, click 'Edit Bootstrap.ini' in the lower right and make sure it has at least this:

    [Settings]
    Priority=Default
    
    [Default]
    DeployRoot=\\<your-mdt-server>\<your-mdt-share>$

    And now you understand why that Snapshot is SOO valuable! : )

    That's fine, everyone's reference image is specific to their needs.  With few apps, it's just considered "thin". : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, May 14, 2013 6:51 PM
  • [Settings]
    Priority=Default
    Properties=MyCustomProperty

    [Default]
    OSInstall=Y
    SkipCapture=YES
    SkipAdminPassword=YES
    SkipProductKey=YES
    SkipComputerBackup=YES
    SkipBitLocker=YES
    EventService=http://(myserver and a port were here.... ??)

    SkipCapture had to be adjusted.

    DoCapture had to be added.

    ComputerBackupLocation had to be added.

    Bootstrap.ini was good/accurate.

    Trying again...

    Tuesday, May 14, 2013 9:02 PM
  • Woohoo!  CAPTURE IMAGE window has never appeared before... and reading carefully now..

    First choice makes the most sense... Capture an image of this reference computer: I see the wim name, location etc.

    8 Errors: First one is obvious and I will fix it now... then see how the others fair.

    Tuesday, May 14, 2013 9:07 PM
  • You can leave those other settings, I just wanted to make sure the ones I gave you were configured.  The EventService is for the monitoring piece of MDT and would be pointed at your MDT Server.  You can read about the monitoring stuff here: http://blogs.technet.com/b/mniehaus/archive/2012/03/09/mdt-2012-new-feature-monitoring.aspx

    Fingers crossed for you! : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, May 14, 2013 9:07 PM
  • Ok, it's running after I resolved my issue (no joining domains beforehand, d'oh!)   And it's now Creating the WIM ... 25 minutes remaining

    EDIT: Success!  I see the new WIM in Captures folder....

    But should the VM, upon rebooting, have wanted to look like a new deployment now?  In other words it didn't reboot to my old image? This is right, right?

    Tuesday, May 14, 2013 9:28 PM
  • Ok, it's running after I resolved my issue (no joining domains beforehand, d'oh!)   And it's now Creating the WIM ... 25 minutes remaining

    EDIT: Success!  I see the new WIM in Captures folder....

    But should the VM, upon rebooting, have wanted to look like a new deployment now?  In other words it didn't reboot to my old image? This is right, right?


    Yes because it is a sysprepped image.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” How to ask a question that is fixable.


    Tuesday, May 14, 2013 10:19 PM
  • Yes, because you generalized it with Sysprep.  The next thing to do is import that WIM into the Deployment Workbench as a new Operating System.  Then, in your "Deploy" Task Sequence (if you have it already), change it to use the Operating System you just imported.  If everything else in the "Deploy" Task Sequence was already setup (your other apps, etc), then try deploying it to a machine (or another VM). : )

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, May 14, 2013 10:25 PM
  • Created the DEPLOY task sequence and deployed the newest image to VM... it was nearing completion when I was presented with the following error..

    "Windows could not parse or process unattend answer file [C:\Windows\Panther\unattend.xml] for pass [specialize]. A component or setting specified in the answer file does not exist."

    So I browsed on over to the path above and found: Nothing.. that is, no file named unattend.xml.  (Was it expecting one?)

    So next I browsed to my newly formed Task Sequence, checked settings for obvious signs of 'hiccups' where I found my old buddy, "Apply Local GPO", which I promptly disabled.... but no mention of anything that made me say "aha!!"

    I then went back to the error message and simply clicked "OK", where it immediately rebooted, and ... at the "Setup is starting services" window... a new error

    "The computer restarted unexpectedly or encountered an unexpected error. Windows Installation cannot proceed. To install Windows, click OK to restart ..." you know the rest, reboot and restart install....


    • Edited by BWB Rob Base Wednesday, May 15, 2013 4:29 PM edits
    Wednesday, May 15, 2013 4:28 PM
  • You'll have to re-image it again if it blew up during process of unattend.  Did you include Internet Explorer 10 in your image, by any chance?  

    IE 10 seems to have issues with IEWelcomeMsg value existing.  You can delete it by:

    • Modifying the Unattend.xml in \Control\<TS ID>\ directly and remove that line.
    • Modify it in WSIM, find the value for it, right click, disable "write image value".

    Edit:  If that's not the issue, then we'll need to look at your logs in %WINDIR%\Panther\Unattendgc


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek


    Wednesday, May 15, 2013 4:30 PM
  • Nice catch.. I did not want IE 10 but yes,  it's there.   I restored my snapshot, and need to uninstall it and snapshot again...  What do you think of uninstalling it instead of..(gasp) starting another Task Sequence and building the thin golden image again? I'm all about really clean setup's etc and found MS released more updates yesterday anyhow.....  And normally our machines are setup to block IE10 via GP.. but I forgot, this whole project is independent of all that...


    Wednesday, May 15, 2013 5:16 PM
  • It's up to you, that's the purpose of the Snapshot, to easily return and make changes and capture again.  But yes, it wouldn't be as clean as if it had never been there.  That's totally up to you.

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Wednesday, May 15, 2013 5:20 PM
  • Ok, so as a test, I uninstalled IE10, and did some cleanup. Re-Sysprepped, captured the new WIM, imported the WIM into the new O/S list, then created a new "Standard TS" (Win7 Pro-Step4).

    Upon deployment it had 9 errors total.. but in my efforts to copy it I closed the window (figures).

    I noted a few errors though that were baffling to me but I'll re-run my deploy shortly to get the details.

    1) It again mentioned no joining of domains, but the last time I got that was when I indeed tried to sysprep it when it was already on a domain, I confirmed the last capture was not part it, yet it mentioned it again.  When I deploy I do join the domain to save me a step, does it not like this now?

    2) It mentioned SYSPREP errors.  I'm not sysprepping now, I was test deploying, so I went to my Task Sequence (and confirmed it was a STANDARD not a SYSPREP) but at the bottom of the under IMAGING I see Prepare Only, Sysprep Only, and Capture Image.. all checked.  Should these be unchecked and saved?

    *** EDIT:  Not that I'm worried about a 500mb partition but...I see my VM's new deployed PC's C drive as 40 gig (set up for testing obviosuly), and a System drive E partition with 300 of 500 free MB. No concerns here, right?

    Thursday, May 16, 2013 1:20 PM
  • 1.  Yes, it's good to put the domain join into the "Deploy" Task Sequence.  If it has issues (not related to the script itself), we can see what happened when it attempted to join the domain by looking at the log here: C:\Windows\Debug\NetSetup.log

    2.  This might be because we put DoCapture=YES and SkipCapture=NO in your CustomSettings.  When you ran your "Deploy" TS, you should have gotten the Capture Wizard and selected the "Do not capture an image of this computer".  If you had left the default (set to Capture), then yes, it may have tried to sysprep and capture again after deployment finished.

    3.  The extra partition on your deployment is likely from "Format and Partition Disk" under "Preinstall" --> "New Computer only".  There is a checkbox named "Create extra 'Active' partition" and it's primarily for setting up a BitLocker or WinRE partition.  If you don't need it, you can uncheck that.  You can also get rid of it by changing CustomSettings.ini with DoNotCreateExtraPartition=YES.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 16, 2013 2:17 PM
  • I haven't seen any mention of using "CopyProfile" parameter. Also on your base build - did you run in Audit Mode? You absolutely want NO profile on your image - not you or a local account or an administrator account. Audit Mode uses a built in account that does not show up under users. This is where you want to configure your PC. Everything will keep on the image other than a few local settings (taskbar icons, IE acceptance, etc.). You use the sysprep file to activate the administrator account and set the PW.

    I do things slightly different - I build the reference PC, run sysprep and then boot with WinPE and capture the WIM. I then import it to MDT. Then use MDT to deploy the wim along with drivers, apps, etc.


    • Edited by Dairyland Thursday, May 16, 2013 6:02 PM
    Thursday, May 16, 2013 6:00 PM
  • Paused here..  I recall where the "Capture wizard" was and thought I checked carefully... So, I think I need to restore from SNAPSHOT one more time, and get another SYSPREP going as I probably cannot undo this.   I know I need all these other settings adjusted too... Like No-Local GPO, and no-Extra partition, make sure it doesn't join domain, any others?

    @Dairyland:: I need an admin account there, please explain.  Also audit mode and 'copyprofile' ... ?

    Thursday, May 16, 2013 7:46 PM
  • None of the 3 items I mentioned in my previous post would require you to re-capture your reference image, they are alterations to your "Deploy" Task Sequence.  There may be further customization you want to do, but let's not focus on that right now, let's focus on getting your reference image successfully put down onto a machine.  After that, we can tweak and clean up things as necessary, but I don't want to see you spending a bunch of time "customizing" yet when we haven't gotten it to work from end-to-end.

    And my personal suggestion (and others), is not to use copyprofile.  To quote Jason Sandys (http://social.technet.microsoft.com/Forums/en-US/mdt/thread/af68ae71-48e5-4021-a908-e84fcdcb052d/):

    <SoapBox>CopyProfile is an abomination (and always has been). It's well documented that what CopyProfile does is *not* documented and that it does not completely copy the profile. It's also against the spirit of automation of OSD. IMO, if you're clicking to configure something during any part of the OSD process including building the reference image, you're doing it wrong. OSD is about automating the process from start to finish.</Soapbox>

    You can read about CopyProfile here (http://technet.microsoft.com/en-us/library/cc748953(v=ws.10).aspx), but seriously, don't use it.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 16, 2013 7:54 PM
  • BWB - I think you stated in an earlier post that the profile looked different after you logged on than the one you set up and captured on the reference PC. My process is to install a clean image of Windows 7 and when it asks to create an account I use Ctrl+Shift +F3 to enter Audit Mode. I do all of the customizations there - making sure to not create any accounts or join a domain (it will log you on automatically with a hidden account with full local admin rights). Once the image is ready I run my sysprep file that I created in WAIK making sure I add the Copy Profile=True parameter. I alsos activate the local administrator account and set the PW with the sysprep file.

    Then after I capture and deploy the image - the profile looks just like I set it up - other than a few local customizations such as Taskbar icons.

    Thursday, May 16, 2013 8:31 PM
  • Agreed David, was hoping you'd say that.

    Already fixed #3 and dangit, I KNEW that one too, and I believe #1 should be OK provided I did error and accidentally chose Capture/Sysprep even though I think I did it right. (I can't post the log file here without some security-type editing, and can if I should)  The problem is now, It just tries to deploy normally, with no additional Wizards or prompts. [This is what's making me think I need to redo it, but hey, I'd be happy to be wrong :)  ]

    #2 is still an issue.

    .  This might be because we put DoCapture=YES and SkipCapture=NO in your CustomSettings.  When you ran your "Deploy" TS, you should have gotten the Capture Wizard and selected the "Do not capture an image of this computer".  If you had left the default (set to Capture), then yes, it may have tried to sysprep and capture again after deployment finished.

    I did go back and alter both the DoCapture(now NO) and SkipCapture(now YES) lines...

    Should I reimage now or are their other parameters I need to alter first?

    Thursday, May 16, 2013 8:31 PM
  • On the machine the Deploy failed on, assuming there is no data you want protected or captured, just boot to WinPE and run a command prompt and diskpart clean the local drive so that it's not a "dirty" environment.  Then yup, I'd go ahead and try again.  We can deal with any issue that might come up, but I think you are pretty close to having it work. : )

    p.s.  I don't remember if I asked in the proceeding 50 posts, but how are you booting for your Deploy, from the Boot Image off of USB?


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 16, 2013 8:39 PM
  • DC - your comment on CopyProfile is interesting and I understand where you are coming from. You can find many many comments from people who have had issues with it. I was in that group.

    But... once I changed my process and did a clean install of Win7 and used Audit Mode for configuration of the reference PC, it has worked like a charm. What is doesn't do well is to keep check of different profiles. If you log on locally or log on as administrator to set up the reference PC, or there are profiles in a Windows.old file, CopyProfile is exactly what you said it is.

    Thursday, May 16, 2013 8:39 PM
  • But... once I changed my process and did a clean install of Win7 and used Audit Mode for configuration of the reference PC, it has worked like a charm. What is doesn't do well is to keep check of different profiles. If you log on locally or log on as administrator to set up the reference PC, or there are profiles in a Windows.old file, CopyProfile is exactly what you said it is.

    Well, the point of automation is not to have manual steps to do, which is what it sounds like you are doing in order to "configure" a profile and use CopyProfile.  It's significantly better to setup the Default Profile space, run reg files, or use Group Policy (or GPO Packs) to automate this configuration for you.  There is very little in terms of configuration that you can't automate and that should be the goal. : )

    This is where MDT can help.  You can have a "Build and Capture" Task Sequence that installs the original OS (from media), patches, installs apps (if desired), does your custom configuration, then runs sysprep and capture a WIM.  Then you can use a "Deploy" Task Sequence to push that WIM out to endpoints... and it's all been automated!  Need an updated image... just run your "Build and Capture" again and it will run the whole thing from scratch, no manual intervention needed, and a clean and updated WIM built, ready for use.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 16, 2013 8:47 PM
  • OK gang- park that thread kidnap elsewhere!  LOL!

    David, remember, this is still a VM I'm deploying to as a test... so Diskpart makes no sense to me here, I'm still formatting even if it's a VM.  Since I'm only testing I don't need to save anything at this time.

    I know I know...50+ posts..so appreciated you have no idea.  Remind me to send you cookies, or wine, or bacon, we make THE BEST bacon anywhere! I'm eventually naming the final TS "DCtheGeek-FINALWIN7Pro" if it makes you feel any better? or maybe my second born....?

    Thursday, May 16, 2013 9:05 PM
  • LOL.  No thread kidnapping here, just trying to help everyone. : )

    Perfect, VMs are good for testing the Deployment, too.  I'd create a Snapshot of it with a fresh (newly created) VHD/VHDX so that you can just revert and try the install again while doing your testing.  Sometimes some funky stuff can happen with a failed deploy, so it's an easy way to make sure you are testing "clean".  Since it's a VM, I'll assume you are mounting the MDT ISO, so that's good.

    And no problem, glad to help.  Hopefully we can get you over the finish line!  Plus, for anyone else following in your footsteps, there is a lot of information to be gleaned from a good conversation like this. : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, May 16, 2013 9:23 PM
  • Ok, we are down to only ONE error!

    Failure (5206) The Deployment Wizard was cancelled or did not complete successfully. The deployment will not proceed. 

    Googling it reveals a few possible issues so per previous chats, I checked this log: C:\Windows\Debug\NetSetup.log  and found most of the errors related to the backup domain controller again, I chatted with my network admin and not totally convinced this is the issue,   I can't post the entire log without removing some important info, but perhaps there is a few specific lines of errors you are looking for?  I can copy and tweak a few for security's sake.....

    More info: This particular round I elected to skip the LISC KEY entry step and not attempt to ACTIVATE ONLINE....


    Friday, May 17, 2013 2:32 PM
  • For the domain join, the last line normally tells you most of the story:

    10/01/2012 20:28:36:730 NetpDoDomainJoin: status: 0x0 <---- That's the code you are looking for.  This is success.

    The other thing you can try is change most of your steps after Apply OS Image to "Continue on Error" so that it will try and finish the whole thing even if it hits an error.  That can let you find and deal with issues easier sometimes.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Friday, May 17, 2013 3:04 PM
  • It was the final line of the log..

    NetpDomainJoin: status: 0x0   - So success then... ok.. Will try again with continue on errors.

    EDIT:: Opened the whole TS, nothing called "Apply OS Image", did I miss something here?
    • Edited by BWB Rob Base Friday, May 17, 2013 3:38 PM Say whu?
    Friday, May 17, 2013 3:30 PM
  • Sorry, it's "Install Operating System".  Basically, swap everything in the "State Restore" group to Continue on Error (since that's all the stuff after you put the reference WIM down).

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Friday, May 17, 2013 3:48 PM
  • Install= Install O/S and Next Phase, both now read- Continue on error.

    Postinstall is next, not State Restore, that's after....  So, to clarify, INSTALL, POSTINSTALL and STATE RESTORE should all be in the C/O/E tickbox?. I'm wondering if you want to skip the POSTINSTALL group simply to isolate the issue?

    Next under STATE RESTORE, I only ticked the items that were ALREADY ticked (just FYI)... gather local only, Post-Apply Cleanup, Recover from Domain, tattoo(already was) Install Applications and that's it... 

    Might not be able to run this due to meetings the rest of the day...ah Fridays, so once again, thankyou x 100 sir!  I also hope we've helped somebody along the way here too, or, they saw my issues and we've scared them away permanently, either way, we are nearing completion! ;)

    Friday, May 17, 2013 6:40 PM
  • Yeah, I meant to change everything IN the "State Restore" group to Continue on Error.  It really is just to help figure out if something is killing the deploy, but that everything else works.  More than anything, it's for "Install Applications" and any custom installs or config you've done.  Most default stuff will work just fine, but even it can have issues.  Just another isolation debugging method. : )

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Friday, May 17, 2013 6:44 PM
  • Success, and zero errors! While I'm sure it's not a good idea to leave these "Continue on error", it didn't error this time.

    Again I elected to join domain, but then declined to enter a MAK and unchecked ACTIVATE WHEN ONLINE, but other than that, it was base deploy.

    Friday, May 17, 2013 8:16 PM
  • Congrats!  I'd suggest playing with and building upon what you have working as you expand your knowledge, but you have a good foundation now to go forth with building and deploying your images.  I'd suggest for other issues you may encounter (hopefully not many), starting a new thread(s) and closing this out by marking answer(s) that you felt fixed your issue(s) and got you to this point.

    Congrats again, enjoy your weekend! : )


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Friday, May 17, 2013 8:30 PM
  • Going to be tough choosing one answer... I'm going to test it on a real machine this morning and cross my fingers... Regardless though, learned a boatload here. Next stop is drivers.  All the NIC drivers are present and I downloaded a bunch of other needed ones last week/weekend, so we'll see how it goes.

    Thank you thank you and thank you Sir! I will continue to be "one of six" readers!  :lol:

    Sincerely,

    Moi'

    Monday, May 20, 2013 12:31 PM
  • Going to be tough choosing one answer... 

    fyi... doesn't have to be just one.  In any long thread (and specially a really long one like this), there are likely to be more than one post that is "an answer" or "helpful" (using the upvote) since multiple questions were asked.  Marking each one of them helps identify to others who may view this post later as to which people and posts helped you (and marked answers don't have to be from the same poster).

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Monday, May 20, 2013 1:05 PM