Suppose your task is to deploy your customized Windows image to multiple user desktop computers. You can manually install and configure Windows on each computer. However, this can be very time-consuming. You can use the Microsoft Deployment Toolkit (MDT) to capture an installed Windows image from a reference computer and then use it for automated deployment of the OS over the network (with PXE) using WDS (Windows Deployment Services). In this article, we will show you how to capture a Windows 10 or 11 reference (golden) image using the Microsoft Deployment Toolkit (version 8456).
Create a Windows 10 Reference Computer
Your first task is to install Windows on a typical desktop computer or laptop. You will then need to install the necessary drivers, applications, the latest Windows security updates and perform the necessary system configuration. We will then capture this Windows image with all settings using MDT.
Let’s take a look at the basic steps to follow when configuring a Windows 10/11 reference computer.
- Install Windows 10/11 Pro or Enterprise edition on a reference computer. Use the latest available Windows build to create a reference computer. Currently, it is 22H2;
- Install device drivers;
- Use Windows Update to download and install the latest security fixes;
- Remove unnecessary built-in Microsoft Store apps. See the SysPrep guide for more information about removing built-in Microsoft Store applications (if you have installed third-party UWP apps, Sysprep may fail with the error Sysprep was unable to validate your Windows installation);
- Install Visual C++ Redist, Office apps, and other tools that your users use;
- Customize Windows Start Menu and Taskbar pinned apps and copy your settings to new user profiles with the PowerShell script:
$Path = "C:\PS\StartLayout.xml" Export-StartLayout -path $Path Copy-Item $Path -Destination “C:\Users\Default\AppData\Local\Microsoft\Windows\Shell”
- Disable MSFT Consumer Experience, First Logon Animation and Microsoft Defender (if third party antivirus solution is used). Use the following PowerShell commands:
# Disable the Microsoft Consumer Experience New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\ -Name CloudContent New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent' -name 'DisableWindowsConsumerFeatures' -PropertyType DWORD -Value '1' # Disable First logon Animation New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableFirstLogonAnimation' -PropertyType DWORD -Value '0' #Disable Windows Defender Set-MpPreference -DisableRealtimeMonitoring $TRUE New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD
- Clean up your Windows image using DISM. The following commands will cleanup the WinSXS component store folder on a Windows 10 or 11 computer:
dism /Online /Cleanup-Image /AnalyzeComponentStore dism /online /Cleanup-Image /StartComponentCleanup
- Run Disk Cleanup for system drive C:, delete temporary files, delete the Windows Update cache (C:\Windows\SoftwareDistribution\download folder).
Creating Capture Task Sequence on Microsoft Deployment Toolkit
Suppose you’ve already installed MDT on your Windows Server host (https://www.microsoft.com/en-us/download/details.aspx?id=54259). Download and install the latest version of the Windows Assessment and Deployment Kit (ADK) for the Windows 10/11 image you want to capture. This example requires downloading and installing ADK for Windows 11, version 22H2.
The first step is to create a new Task Sequence, that will control the image capturing process.
- Open the Deployment Workbench console and expand the Deployment Shares > MDT Deployment Share;
- Right click on Task Sequence and select New Task Sequence from the menu;
- This starts the Task Sequence Wizard. Enter Task Sequence ID (Win10Capture) and Task Sequence Name (Capture Windows 10 Image);
- Select Sysprep and Capture from list of predefined task sequence templates and click Next;
- Choose an operating system that matches the version of OS installed on a reference computer. In this case, it is Windows 10 Pro x64 install.wim (the operating system must be pre-imported into MDT);
- Choose Don’t specify a product key at this time and press Next;
- Fill the fields Full Name and Organization and click Next;
- Select Don’t specify an Administrator password at this time;
- On Summary page click Next > Next > Finish;
Important! Before proceeding, check that the MDT server configuration allows the OS image to be captured.. To do this, open MDT Deployment Share properties and go to the Rules tab. SkipCapture option must be set to NO.
And add the option:OSCapture=YES
Set the x64 platform by default in the Windows PE tab:
In the Deployment Workbench console, right-click on your deployment share and select ‘Update deployment share’ (this will regenerate boot media with the WinPE environment).
How to Capture Windows Reference Image with MDT?
You are now ready to capture the installed Windows image on a client computer. Turn on your PC and boot Windows 10 as usual. Check that the necessary applications, updates, and language packs are installed on Windows, time zone is configured, and other Windows settings are correct.
- Open File Explorer and specify the network path to the DeploymentShare on MDT server. In our case, the path looks like this: \\192.168.13.22\deploymentshare$. You may need to enter domain user credentials to access shared network folder on the MDT server;
- Navigate to the Script folder, find, and run (by double click) the script file LiteTouch.vbs;
Wait until Windows deployment Wizard starts;
- Select Capture Windows 10 Image (we created it earlier) from the task sequence list;
- Enter the current local Administrator password, which will be used to logon Windows after reboot;
- Select Capture an image of this reference computer and verify the UNC path to the folder on MDT server, which will be used to save Windows 10 WIM image file (in our case \\192.168.13.22\deploymentshare$\Captures). You should have read/write NTFS permissions on this folder. After that specify the new .wim file name;
- On the next screen, enter the domain credentials to access the shared folder on the MDT server;
- Wait for some time to start Task Sequence;
- When the preparations are complete, the Sysprep task will start. Then the computer will reboot into the WinPE environment and begin capturing the system image. During the image creation process, the Windows will switch to the OOBE (Out-Of-Box Experience) sysprep mode, and the Windows 10 image will be captured using the DISM tool); Note. Your Windows reference computer will boot from the LiteTouchPE_x64.iso boot image (contains WindowsPE environment) located in the Boot folder in the Deployment Share on the WDS server.
- The process of capturing the Windows image takes quite a long time. Once the capture is complete, a WIM file containing the Windows 10 image will appear in the Captures folder on the deployment share.
Tip. If you want to make changes to the local administrator’s profile before capturing the reference image, you need to use the MDT parameter – CopyProfile=TRUE. This applies your changes to the user’s profile when you deploy a Windows image to the target computer. They are then transferred to a .wim file during image capture and can be applied to the default user profile on deployed machines. Otherwise, any changes made to the user’s profile won’t be saved (such as wallpaper, desktop icons, Windows theme setting, etc.).
Later, you can import this WIM file directly into SCCM, WDS, or MDT and use it to deploy Windows 10 to the workstations.
Later you can directly import this WIM file directly to System Center Configuration Manager, Windows Deployment Services or MDT, and use it to deploy a pre-configured Windows 10 image to the workstations. This will save you a lot of time when you need to deploy Windows to multiple computers.
Note. You can also use MDT to deploy other software. See how the Microsoft Deployment Toolkit can be used to deploy MS Office.
Anyone figure this out? I’m working with Windows 10 version 21H2 and when I get to the Sysprep option and the unit reboots, I get an error that the DeploymentShare$ can’t be contacted, possibly invalid credentials. I can ping the server but the server cannot ping the machine from the server at this point. Once it fails, it changes the name of the donor computer and I have to start all over.
I re-did the task sequence and took out the sysprep and the reboot unit sequences but my capture is only about 4,000Kb not near enough for the machine I’m working on.
I can deploy 21H2 out to machines, but I cannot capture an image of a finished and prepped unit for cloning others on the network. My sanity is fading fast on this, and I’m about ready to build a FOG server and go back to what I know.
I have version MDT 6.3.8456.1000 and both ADK’s are version 10.1.22000.1
I had this headache Brian then realised I needed to change all references of “WDSSERVER1” to the IP address in any UNC path. so Right click your deploymentshare folder in MDT, select properties and change the path in the “General” tab and then make sure the Bootstrap.ini matches it. (\\192.168.0.1\DeploymentShare$)
Then regenerate the images etc.
This worked for me after going round in circles for ages.
It’s better practice to write Name of server not IP as for path. because IP can change often the Name does
example; \\wds-server-mc1\deploymnetshare$ . better then 192.168.10.220\deploymentshare$
New-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
does not work on ps.
you need to put ‘Windows Defender’ between ‘ ‘ instead.
Thanks, corrected it.