MDT & WDS setup for OS deployment

In this guide, I am going to outline the basics when setting up a WDS server. I am also going to outline the basics when configuring and deploying an image across the network.

Prerequisites:

– A server running Windows Server 2003 onwards (I am using 2016 standard)

– Sufficient space for the OS and applications you want to deploy (50GB minimum I would recommend if you are storing apps on the server)

– You must have an environment which employs AD

– You must have an environment in which there is a DHCP server

– An NTFS volume must be available to store the boot and installation image

1. Setup a Windows Server (in this case I am using Windows Server 2016 on a VM)
2. Name the server, set its static IP and DNS settings & join to domain
3. Download the Windows ADK and install it on the server
4. Launch Server Manager, select Add roles and features, go through the wizard until you get to Server Roles – locate and select Windows Deployment Services, click next and finish the wizard to install the role
5. Restart the server and you should see that the WDS role is now installed
6. Click start, locate and launch Deployment Workbench – this is the main application you will be using to design and configure the images you will be deploying over the network
7. Once it opens, right click on Deployment Shares and select the deployment share path, click next and select the UNC share path, click next and select the descriptive name if necessary
8. On the enxt page, tick the relevant boxes. In my case, I unticked every option as I wanted to create a process that is mostly automated without requiring user interaction (don’t be worried about these settings – we can set them later using custom rules or the bootstrap.ini file which MDT reads when deploying the image).
9. Click next through to the end of the wizard and allow the deployment share to be created
10. Upon creation, click next to exit the wizard and double click into the share that you have created. Within there you will see a number of subfolders.
11. Right click on Operating Systems and click on Import Operating System. From the wizard, click on the relevant type of OS to add – in this case, I am going to deploy a standard Windows image therefore it’d be the full set of source files I would select and then click on next
12. Select the source directory – in this case I just mounted the Windows 10 1709 iso file and pointed the directory to the mounted drive letter and click on next
13. Type the name of the destination directory and click on next, then click on next on the sumamry page to begin the import. Wait unil it’s finished and click on finish/exit when you’re on the confirmation page.
14. We now have the base image to deploy across the network. This will allow us to deploy a basic standard image of Windows 10 to the devices on the network, however I will need some applications also installing on the device and as such, I will employ the use of a repository called Chocolatey, which automates the installation and deployment of applications.

Please note – this step is optional however I am going to include it just as a guide on how to automate application installation after the OS has been deployed.

Within my organisation, the base applications we need for a user are:

– Google Chrome

– Foxit PDF Reader

– TeamViewer

– 7Zip

– Java Runtime

– MalwareBytes

– Microsoft Office

– Microsoft Teams

Using Chocolatey, I can deploy all of the above applications (apart from MS Office). Chocolatey employs the use of Powershell to call and install the applications above from its repository. The script is as follows:

@powershell -NoProfile -ExecutionPolicy unrestricted -Command “iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1‘))” && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

choco feature enable -n allowGlobalConfirmation

choco install googlechrome

choco install foxitreader

choco install teamviewer

choco install 7zip

choco install 7zip.install

choco install javaruntime

choco install dotnet4.7

choco install malwarebytes

choco install microsoft-teams

exit

Copy the above script into a notepad document (delete and amend applications as necessary, i.e. if you are using ODT or C2R apps for MS Office, you can create a separate application for this) and save it as a batch file. In my case I created a folder on the desktop called Chocolatey and saved the above script as Install.bat.

1. Within MDT, right click on Applications and click on new application, select Application with soure files and click next.
2. Enter the application name and click on next, then browse for the source directory. In my case, it was C:\Users\%username%\Desktop\Chocolatey then click on next, then click next after you have specified the name of the direcory you wish to create
3. On the next page, you are prompted to specify the installation command line. At this point, enter the name of the batch file you have created. In this case, it is Install.bat, then click next, then click next on the summary page to begin the process, then click finish once completed.

(If you wish to install more applications, you can import them in the same way – MSI files and EXE files can be launched via this method, and command line switches can also be used)

1. Now we have the OS files and the applications, we can begin to compule the relevant sequence in order to deploy the OS.
2. Right click on task sequences and click on new task sequence, give it an ID (in this case it was 001) and a name (in this case I named it Deploy Windows) then click on next.
3. Set the template to a standard client task sequence and click on next. On the next page, select the relevant OS you wish to deploy – in my case it was Windows 10 Pro x64.
4. On the next page, you can enter the relevant licence key or refuse to specify one. In my case, I selected not to provide a product key.
5. On the nex page, I entered the name as Administrator, set the organistion to the correct name and set the IE home page to the companies webpage.
6. On the next page, enter the local administrator password for the computer and click on next
7. On the next page, review the summary and click on Next, then click on Finish
8. Right click on the task sequence you just created and click on properties and navigate to the Task Sequence tab, expand the Postinstall folder
9. Click on Add, go to General and click on Install Application and move it down to underneath where it says Add Windows Recovery (WinRE).
10. Click on Install a single application, click on Browse and click on Chocolatey, click apply then click OK.

NB – I also created a task within the sequence to add the device onto the domain once the OS has deployed. I did this by creating a batch script which calls Powershell as an administrator, which uses specific credentials with the sole permissions of adding a device onto the network.

Batch script:

@echo off

PowerShell -NoProfile -ExecutionPolicy Bypass -Command “& {Start-Process PowerShell -ArgumentList ‘-NoProfile -ExecutionPolicy Bypass -File “”\\Kacoo-WDS\DeploymentShare$\Applications\Join Domain\joindomain.ps1″”‘ -Verb RunAs}”

exit

This script calls the PS1 file to run as administrator. The file it calls is displayed below.

Powershell script:

Set-ExecutionPolicy -ExecutionPolicy Bypass

$domain = “Domain.local”

$password = “P4$$w0RD” | ConvertTo-SecureString -asPlainText -Force

$username = “$domain\joindomain”

$credential = New-Object System.Management.Automation.PSCredential($username,$password)

Add-Computer -DomainName $domain -Credential $credential

This script causes the user to join the domain after restarting.

Now we have got the deployment share configured to deploy and image and applications within a single task sequence, the next stage is to automate the deployment process as much as possble.

1. From the MDT page, right click on the deployment share you created and click on properties. Click on the Rules tab – from here we can configure the deployment share to deploy the imge automatically. The set of rules that I employ are listed below. You can change and amend these to match your organisation requirements:

[Settings]

Priority=Default

Properties=MyCustomProperty

[Default]

_SMSTSOrgName=Business Name

OSInstall=Y

SkipAdminPassword=YES

AdminPassword=P4$$w0RD.

UserID=Deployment

UserDomain=domain.local

UserPassword=P4$$w0RD.

SkipApplications=YES

SkipAppsOnUpgrade=YES

SkipBDDWelcome=YES

SkipBitLocker=YES

SkipCapture=YES

SkipComputerName=NO

SkipComputerBackup=YES

SkipDeploymentType=YES

DeploymentType=NEWCOMPUTER

SkipDomainMembership=YES

JoinWorkgroup=WORKGROUP

SkipFinalSummary=YES

SkipLocaleSelection=YES

SkipUserData=YES

KeyboardLocale=en-GB

UserLocale=en-GB

UILanguage=en-GB

SkipPackageDisplay=YES

SkipProductKey=YES

SkipSummary=YES

SkipTaskSequence=NO

SkipTimeZone=YES

TimeZone=85

TimeZoneName=GMT Standard Time

SkipUserData=YES

EventService=http://Domain-WDS:9800

In the above rules, you can change the time zones, domains, passwords and local settings if necessary.

These rules automatically apply settings to the OS as it is deployed (i.e. it is set to the UK keyboard and time zone settings, it automatically sets the admin password etc).

1. Once you have set the rules, click on Apply then click on Edit Boostrap.ini – this is also an important config file that allows you to configure rules to automate the deployment process.
2. A notepad document will load with settings which look similar to the rules that you have deployed. Below are the settings that I have saved within this file:

[Settings]

Priority=Default

[Default]

DeployRoot=\\Servername\DeploymentShare$

UserID=Deployment

UserDomain=domain.local

UserPassword=P4$$w0RD.

KeyboardLocale=en-GB

SkipBDDWelcome=YES

1. Save the settings and close the notepad document, then click OK on the properties page to close it
2. Right click on the Deployment Share and click on update deployment share, click optimize the boot image updating process and click on next, then click next again to commence the update
3. Go make yourself a coffee and have a 10 minute rest, you’ve got pretty far – you deserve it
4. Click start, locate and open Windows Deployment Services, expand servers, right click on the server name and click on configure server
5. Click next and select integrated with AD, click next and specify the remote installation folder (you can keep this as default)
6. Click next and select respond to all client computers (known and unknown) and click on next
7. Untick the box that states Add images to the server and click Finish
8. From within WDS, expand your server and expand boot images and right click on any blank space and click on add boot image
9. The add wizard image will open – select browse and navigate to your deployment share > Boot > LiteTouchPE_x64.wim and click next
10. Name the image and give it a description if you wish (I named them both Deploy Windows) and click next, then click next again at the summary stage, wait for the image to be imported and click finish

On the client machine:

1. Start the PC and boot into network
2. Select Deploy Windows
3. Enter the computer name when required
4. Click on deploy

Windows should install on the client machine and once installed, deploy the relevant applications.