How to capture a Windows 10 image like a boss with MDT!

In this guide we are going to create a brand new Windows 10 1709 reference image with MDT 8450.

Software Requirements

  • A server or a desktop/laptop computer (In this guide we will be using a Desktop)
  • Windows 10 Enterprise v1709 ISO
  • Windows ADK for Windows 10 v1709 (Download Here)
  • MDT 8450 (Download Here)
  • Hyper-V

Step 1 – Install Windows ADK for Windows 10 with the following features enabled:

  • Deployment Tools
  • Windows Preinstallation Environment (Windows PE)
  • Imaging and Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT)

Step 2 – Install MDT 8450.  (You can use all of the default settings)

Step 3 – Create a share that will be used to store your captured WIM.

$CaptureShare = "C:\CaptureShare"

New-Item -Path $CaptureShare -ItemType Directory
New-SMBShare –Name “CaptureShare” –Path $CaptureShare -FullAccess Everyone

Step 4 – Copy your Windows 10 Enterprise v1709 ISO to C:\ISO and rename the ISO to 1709.ISO

Step 5 – Setup MDT by running the following Powershell Script (Must run elevated):

If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` 
    [Security.Principal.WindowsBuiltInRole] "Administrator")) { 
    Write-Warning "Oops, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script." 
    Write-Warning "Aborting script..." 
    Break 
} 

$ISO = "C:\ISO\1709.ISO"

Add-PSSnapIn Microsoft.BDD.PSSnapIn -ErrorAction SilentlyContinue 

# Create Deployment Share
$DeploymentShare = "C:\Capture_DeploymentShare"

New-Item -Path $DeploymentShare -ItemType Directory 
New-PSDrive -Name "DS001" -PSProvider "MDTProvider" -Root "$DeploymentShare" -Description "Capture Deployment Share" -NetworkPath "\\$env:COMPUTERNAME\Capture_DeploymentShare$" | Add-MDTPersistentDrive 
New-SmbShare –Name MDTProduction$ –Path $DeploymentShare –ChangeAccess Everyone
New-Item -Path $DeploymentShare\Scripts\Custom -ItemType Directory

$DSName=(Get-MDTPersistentDrive)[0].Name 
$PhysicalPath=(Get-MDTPersistentDrive)[0].Path 
$Description=(Get-MDTPersistentDrive)[0].Description

# Mount ISO
Mount-DiskImage "$ISO"
$MountedDrive = (Get-DiskImage -ImagePath "$ISO"  | Get-Volume).DriveLetter + ":\"
$DSPath = $DSName + ":"

# Add the operating system
$OS = Import-MDTOperatingSystem -Path "$DSPath\Operating Systems" -SourcePath "$MountedDrive" -DestinationFolder "Windows 10 1709" -Verbose

# Dismount ISO
Dismount-DiskImage "$ISO"

Import-MDTTaskSequence -Path "$DSPath\Task Sequences" -Name "Windows 10 1709 Capture" -Template "Client.xml" -Comments "Build and Capture Windows 10" -ID "WIN10" -Version "1.0" -OperatingSystemPath "$DSPath\Operating Systems\$($OS.name[2])" -FullName "Windows 10 1709 Capture"

# Setup Media
New-Item -Path C:\MEDIA001 -ItemType Directory 
New-PSDrive -Name "DS002" -PSProvider MDTProvider -Root "$DeploymentShare" 
New-Item -Path "DS002:\Media" -Enable "True" -Name "MEDIA001" -Comments "" -Root "C:\MEDIA001" -SelectionProfile "Everything" -SupportX86 "False" -SupportX64 "True" -GenerateISO "False" -ISOName "LiteTouchMedia.iso" -Force -Verbose 
New-PSDrive -Name "MEDIA001" -PSProvider "MDTProvider" -Root "C:\MEDIA001\Content\Deploy" -Description "MDT Production Media" -Force -Verbose 

Step 6 – Add Applications (Optional)
In order to keep this guide as short possible, I decided to skip this part and provide the following link that explains how to add Microsoft Office to your MDT Deployment Share:
https://blogs.technet.microsoft.com/odsupport/2016/02/18/deploying-office-2016-2013-or-2010-using-the-microsoft-deployment-toolkit/

Step 7 – Customize Windows 10 1709
First we will need to navigate to your Task Sequence and goto Custom Tasks.

Task Sequence

Next we are going to add the following customizations:

Install .Net Framework 3.5

    • Goto “Add” and navigate to General > Run Command Line
    • Name: Install NetFX3
    • Command Line:
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:"D:\Deploy\Operating Systems\Windows 10 1709\sources\sxs"

Configure the Default profile
In order to configure the default profile, you will need to create a batch file and use the script that I posted in my “How to automatically configure your default profile in Windows 10” post. You can find the post here.

    • Name the script configure_default_profile.bat
    • Copy the script to C:\Capture_DeploymentShare\Scripts\Custom
    • Open your task sequence
    • Goto “Add” and navigate to General > Run Command Line
    • Name: Configure Default Profile
    • Command Line:
cmd /c %SCRIPTROOT%\Custom\configure_default_profile.bat

Add custom wallpaper
In order to add a custom wallpaper, we will be using Jörgen Nilsson’s method which can be found here. Essentially, you will be replacing the wallpapers in “C:\windows\web\4k\Wallpaper\Windows” and “C:\windows\web\Wallpaper\Windows” with your own custom wallpaper. To make this work you will need 9 copies of your wallpaper with the following names:
img0.jpg, img0_1024x768.jpg, img0_1200x1920.jpg, img0_1366x768.jpg, img0_1600x2560.jpg, img0_2160x3840.jpg, img0_2560x1600.jpg, img0_3840x2160.jpg, img0_768x1024.jpg, img0_768x1366.jpg, and LockScreen.jpg (Wallpaper that will be used for the lockscreen)

Function Set-FilePermissions {
    param (
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]$File,
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]$User,
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]$Control,
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]$Access
    )
 
    $ACL = Get-ACL "$File"
    Set-Acl -Path "$File" -AclObject $ACL
    $Permission = New-Object  system.security.accesscontrol.filesystemaccessrule("$User","$Control","$Access")
    $Acl.SetAccessRule($Permission)
    Set-Acl -Path "$File" -AclObject $ACL
 
}
 
Function Set-FileOwnership {
    param (
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]$File,
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]$User
    )
 
    $ACL = Get-ACL "$File"
    $Group = New-Object System.Security.Principal.NTAccount("$User")
    $ACL.SetOwner($Group)
    Set-Acl -Path "$File" -AclObject $ACL
 
}

# Configure MDT Variables
$TSenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$ScriptRoot = $TSenv.Value("ScriptRoot")

# Update Standard Wallpaper
Set-FileOwnership -File "C:\windows\web\Wallpaper\Windows\img0.jpg" -User Administrators
Set-FilePermissions -File "C:\windows\web\Wallpaper\Windows\img0.jpg" -User Administrators -Control FullControl -Access Allow
Copy-Item "$ScriptRoot\Deploy\Scripts\Custom\Wallpaper\img0.jpg" -Destination "C:\windows\web\Wallpaper\Windows\img0.jpg"
Copy-Item "$ScriptRoot\Deploy\Scripts\Custom\Wallpaper\LockScreen.jpg" -Destination "C:\LockScreen.jpg"
# Update 4k Wallpapers
$Wallpapers = Get-ChildItem "C:\windows\web\4k\Wallpaper\Windows"
ForEach($Wallpaper in $Wallpapers) {
    Set-FileOwnership -File $Wallpaper.FullName -User Administrators
    Set-FilePermissions -File $Wallpaper.FullName -User Administrators -Control FullControl -Access Allow
 
    $FileName = $Wallpaper.Name
    $FilePath = $Wallpaper.FullName
 
    Copy-Item "$ScriptRoot\Deploy\Scripts\Custom\Wallpaper\$FileName" -Destination $Wallpaper.FullName -Force
}
  • Name the script update_wallpaper.ps1
  • Copy the script to C:\Capture_DeploymentShare\Scripts\Custom
  • Create the following folder: C:\Capture_DeploymentShare\Scripts\Custom\Wallpaper
  • Copy your wallpapers to C:\Capture_DeploymentShare\Scripts\Custom\Wallpaper
  • Open your task sequence
  • Goto “Add” and navigate to General > Run PowerShell Script
  • Name: Update Wallpaper
  • Powershell Script: %SCRIPTROOT%\Custom\Update_Wallpaper.ps1

Add a custom Start Menu and Taskbar
Please visit my earlier post “Customize a Windows 10 Start Layout” to learn how to export a start layout that can be used to customize your Start Menu. You can click here to visit the post.
For taskbar customizations, I would recommend visiting Microsoft’s official document that explains how to customize your taskbar, which you can find here.

    • Export your Start layout
    • Copy your exported start layout(LayoutModification.xml) to C:\Capture_DeploymentShare\Scripts\Custom
    • Open your task sequence
    • Goto “Add” and navigate to General > Run Command Line
    • Name: Update Start Layout
    • Command Line:
powershell.exe -executionpolicy bypass -command Import-StartLayout -LayoutPath "%SCRIPTROOT%\Custom\LayoutModification.xml" -MountPath $env:SystemDrive\

Remove Window Store Apps
The following script will leave Alarms & Clock, Calculator, Camera, Connect, Maps, Microsoft Store, Mixed Reality Portal(Cannot be removed), Paint 3D, Photos, Sticky Notes, Voice Recorder and Weather:

$AppsList = "Microsoft.3DBuilder","microsoft.windowscommunicationsapps","Microsoft.MicrosoftOfficeHub","Microsoft.SkypeApp","Microsoft.Getstarted","Microsoft.ZuneMusic","Microsoft.MicrosoftSolitaireCollection","Microsoft.ZuneVideo","Microsoft.Office.OneNote","Microsoft.People","Microsoft.XboxApp", "Microsoft.Messaging", "Microsoft.Microsoft3DViewer", "Microsoft.WindowsFeedbackHub", "Microsoft.GetHelp", "Microsoft.OneConnect"

ForEach ($App in $AppsList)
{
  $PackageFullName = (Get-AppxPackage $App).PackageFullName
  $ProPackageFullName = (Get-AppxProvisionedPackage -online | where {$_.Displayname -eq $App}).PackageName
  write-host $PackageFullName
  Write-Host $ProPackageFullName

  if ($PackageFullName)
  {
    Write-Host “Removing Package: $App”
    remove-AppxPackage -package $PackageFullName
  }
  else
  {
    Write-Host “Unable to find package: $App”
  }

  if ($ProPackageFullName)
  {
    Write-Host “Removing Provisioned Package: $ProPackageFullName”
    Remove-AppxProvisionedPackage -online -packagename $ProPackageFullName
  }
  else
  {
    Write-Host “Unable to find provisioned package: $App”
  }
}

  • Copy the script above and name the script remove_apps.ps1
  • Copy the script to C:\Capture_DeploymentShare\Scripts\Custom
  • Open your task sequence
  • Goto “Add” and navigate to General > Run PowerShell Script
  • Name: Remove Apps
  • Powershell Script: %SCRIPTROOT%\Custom\Remove_Apps.ps1

Configure computer settings
You can use the following script below to get you started with configuring your computer settings. Feel free to add or remove as needed:

# Disable Telemetry
Write-Host "Disabling Telemetry..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0

# Disable Wi-Fi Sense
Write-Host "Disabling Wi-Fi Sense..."
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) {
    New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0

# Disable Location Tracking
Write-Host "Disabling Location Tracking..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0

# Disable Cortana
Write-Host "Disabling Cortana..."
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) {
    New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0

# Restrict Windows Update P2P only to local network
Write-Host "Restricting Windows Update P2P only to local network..."
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1
If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) {
    New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null
}
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3

# Remove AutoLogger file and restrict directory
Write-Host "Removing AutoLogger file and restricting directory..."
$autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger"
If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") {
    Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl"
}
icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null

# Stop and disable Diagnostics Tracking Service
Write-Host "Stopping and disabling Diagnostics Tracking Service..."
Stop-Service "DiagTrack"
Set-Service "DiagTrack" -StartupType Disabled

# Disable Windows Defender
Write-Host "Disabling Windows Defender..."
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Type DWord -Value 1

# Disable Windows Update automatic restart
Write-Host "Disabling Windows Update automatic restart..."
Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1

# Stop and disable Home Groups services
Write-Host "Stopping and disabling Home Groups services..."
Stop-Service "HomeGroupListener"
Set-Service "HomeGroupListener" -StartupType Disabled
Stop-Service "HomeGroupProvider"
Set-Service "HomeGroupProvider" -StartupType Disabled

# Disable Remote Assistance
Write-Host "Disabling Remote Assistance..."
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0

# Disable Lock screen
Write-Host "Disabling Lock screen..."
If (!(Test-Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization")) {
  New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" | Out-Null
}
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -Type DWord -Value 1

#Setup LockScreen
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name LockScreenImage -Type "String" -Value "C:\LockScreen.jpg"

# Set Photo Viewer as default for bmp, gif, jpg and png
Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..."
If (!(Test-Path "HKCR:")) {
    New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
}
ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) {
    New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null
    New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null
    Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043"
    Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
}

# Show Photo Viewer in "Open with..."
Write-Host "Showing Photo Viewer in `"Open with...`""
If (!(Test-Path "HKCR:")) {
    New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
}
New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null
New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null
Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043"
Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
 
# Disable Windows 10 Initial Login Splash
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name EnableFirstLogonAnimation -Type "dword" -Value "0"

#Disable Consumer Features
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows" -Name CloudContent
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name DisableWindowsConsumerFeatures -Type "dword" -Value "1"

#Disable Driver Updates
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching' -Name 'SearchOrderConfig' -Value '3'
  • Copy the script above and name the script machine_config.ps1
  • Copy the script to C:\Capture_DeploymentShare\Scripts\Custom
  • Open your task sequence
  • Goto “Add” and navigate to General > Run PowerShell Script
  • Name: Machine Config
  • Powershell Script: %SCRIPTROOT%\Custom\machine_config.ps1

Example of the complete task sequence:
Completed Task Sequence

Step 8 – Configure the deployment share rules
To configure the deployment share rules, you will need to modify the Bootstrap.ini and CustomSettings.ini. Since we are using an offline media, you will need to make the changes in Advanced Configuration > Media and then navigate to MEDIA001.

In the MEDIA001 Properties, click on the Rules tab and then click on the Edit BootStrap.ini button.
Copy the following into Bootstrap.ini and then save the file:
[Settings]
Priority=Default

[Default]
SkipBDDWelcome=YES

Now close the notepad window and copy the following into the rules field:
Note: In this example, my WSUS server is http://wsus01.joseespitia.com:8530. Please make sure to put in your own WSUS information!
[Settings]
Priority=Default

[Default]
_SMSTSORGNAME=Windows 10 1709 Capture
DoCapture=YES
OSInstall=Y
TimeZoneName=Eastern Standard Time
WSUSServer=http://wsus01.joseespitia.com:8530


SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTimeZone=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipRoles=YES
SkipCapture=NO
SkipFinalSummary=YES

Example:
CustomSettings

Step 9- Create the ISO
While you are in MEDIA001 Properties, you will need to navigate to the General tab.
In the General section, check Generate a Lite Touch Bootable ISO image and click OK.
Then right click MEDIA001 and select Update Media Content.

This will generate a stand alone MDT ISO that you can mount to Hyper-V and your end result should look something like this:

Windows 10 image

Windows 10 image

37 Comments

  1. Very nice post, thanks! 🙂
    Ps – think about adding Let’s encrypt to your site 😉

  2. Great post! Nice breakdown, but it didn’t even come close to working.

  3. You have some nice customization’s here. One thing, it looks like you are using a defined WSUS server for updates during the task sequence. If that server isn’t going to be the one that services your workstations post deployment you should clear it out from your image. You basically add a script at the end that stops the windows update service and you delete the following registry key.

    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

  4. Benjamin Guan

    Hi Jose,

    I found that your script command to remove Edge browser from taskbar is not working on Windows 10 1709, can you help on getting the right command to unpinned the Edge from task bar?

    Thanks,
    Ben

  5. This works really well, and almost perfect. But the default profile process will cause Onedrive to no longer run per user account. Its still technically there on the system but won’t run by default or show up anywhere on the user’s profile. Is there any way of getting this fixed? I do appreciate all the information you have provided in this article.

    • Jose Espitia

      June 11, 2018 at 3:17 pm

      Mike,
      You are going to want to remove the following line from configure_default_profile.bat.
      reg delete “HKLM\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v OneDriveSetup /F

      My environment does not allow Onedrive so this is why I remove it.

      • Thank you very much :). That was an easy fix. Your help is much appreciated. you will be posting one for the version 1803 when is deployment ready.

        • Jose Espitia

          June 13, 2018 at 7:59 pm

          Thanks, I appreciate the feedback MikeA! I have been using this exact process since 1607 so this it should work for 1803 as well. All you would have to do is update your ADK and Windows 10 ISO.

  6. Great post. I had a question about the tiles in windows 10.. lets say I’ve got 2 users and I want each to have their menus & tiles in their respective languages. I can get the menus to change by making the change in region but the tiles (from the Microsoft store) is an issue. I have to disable the windows store in my build so I’m wondering how I can get the windows store app MUIs installed so when a French use logs on.. the tiles etc are in French… thanks

    • Jose Espitia

      June 26, 2018 at 1:52 pm

      Why do you have to disable the Store? Personally I prefer to leave the store intact so it doesn’t affect any of the apps that I keep on the image. I then use Applocker to create a whitelist of approved apps so user’s can’t just run any apps that they would like.

  7. Very bad practice to completely remove AppX packages. They should be hidden or you will face issues when you come to upgrade.

    • Jose Espitia

      July 24, 2018 at 5:54 pm

      I haven’t run into any issues after upgrading our 1607 computers to 1709. How would you recommend removing the Appx packages?

  8. Hi, I have just read this so thanks for sharing. When I get to work I shall try this method out.
    I have a question with the default user profile. On my current image it seems to get rather large post sysprep. (I believe this is affecting the logon time for first time logons.) Besides your script is there anything else I can do to reduce the size of it before I sysprep the VM?

  9. Can’t really get this to work, what did you do after the iso was created, which options do I use?

  10. This process has worked perfect. I’m now building a 1803 image using this process and everything still works great. Just one minor challenge, I am running into. Xbox app will not go away. Is there a way to remove this for all users and future users? Thank you for your help.

    • Jose Espitia

      Glad to hear it MikeA. The process so far has been solid with most builds that I have tested. As for the Xbox app.. Can you try running (Get-AppxPackage).Name to get the name of the Xbox app? It used be Microsoft.XboxApp.

      • These are the apps related to Xbox.
        Microsoft.Xbox.TCUI
        Microsoft.XboxApp
        Microsoft.XboxGameOverlay
        Microsoft.XboxIdentityProvider
        Microsoft.XboxGamingOverlay
        Microsoft.XboxGameCallableUI

  11. Jose,
    I get to step 9 – Create the ISO
    While you are in MEDIA001 Properties, you will need to navigate to the General tab.
    In the General section, check Generate a Lite Touch Bootable ISO image and click OK.
    Then right click MEDIA001 and select Update Media Content. It finishes with the following error and I do not see the ISO generated anywhere. Any advice. Love the scripts BTW.

    Copied: DS001:\Packages
    Copied: DS001:\Task Sequences
    Copied: DS001:\Selection Profiles
    Copied: DS001:\Applications with Replace option
    Copied: DS001:\Operating Systems with Replace option
    Copied: DS001:\Out-of-Box Drivers with Replace option
    Copied: DS001:\Packages with Replace option
    Copied: DS001:\Task Sequences with Replace option
    Copied: DS001:\Selection Profiles with Replace option
    Copied standard folders.

    System.Management.Automation.CmdletInvocationException: Unable to open the specified WIM file. —> System.Exception: Unable to open the specified WIM file. —> System.ComponentModel.Win32Exception: The system cannot find the path specified
    — End of inner exception stack trace —
    at Microsoft.BDD.Core.BDDWimFile..ctor(String wimPath, Boolean forUpdate)
    at Microsoft.BDD.PSSnapIn.UpdateDeploymentPoint.UpdateBootImage(String template, String platform, String dpPath, Boolean createISO, String isoName)
    at Microsoft.BDD.PSSnapIn.UpdateDeploymentPoint.ProcessRecord()
    at System.Management.Automation.CommandProcessor.ProcessRecord()
    — End of inner exception stack trace —
    at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
    at Microsoft.BDD.Wizards.GenerateMediaProgress.WizardProcessing()
    at Microsoft.BDD.Wizards.WizardProgress.InitiateWizardProcessing()

    • Jose Espitia

      Hi Andre,

      Is the WIM in the correct folder? I would first verify that the path that you are referencing in the task sequence exists.

  12. How were you able to unpin the Microsoft Edge icon from the Taskbar?!?!?!

  13. I was building an email in VMware and then using MDT to capture and deploy. Normally i was running sysprep on the vmware machine then running sysrep with an autounattend.xml file after that i would bout into MDT PE and run a capture. My question is what about the unattend.xml files in the Capture Task Sequence and then the unattend.xml file in the Deploy task sequence on MDT. These unattend files will overwrite mine wont they? what is the best way to go about this? thanks

    • Jose Espitia

      March 8, 2019 at 7:41 pm

      Joe, you won’t need the XML file that you created if you are using MDT to automate your build and capture.

  14. Will this work for windows 10 1809?

    • Jose Espitia

      March 8, 2019 at 6:25 pm

      Yes it will Charles. I’m actually using it for my current 1809 build and have used it for 1607 and 1709.

  15. Hi,

    I made reference image and the modern application (Photo, calc) after Windows 10 installation via MDT does not work. I see them but not open.

    How I made reference image.
    Installed Windows 10 1703 on HP laptop, then I run “Windows10Upgrade9252.exe” to update to 1803 version.
    Then I captured (some registry updates, ) it with sysprep.

    How to get the modern apps as Calc and Photo work?

    Registry updates:
    HKEY_LOCAL_MACHINE\System\Setup\Status\SysprepStatus\CleanupState – value to 2
    HKEY_LOCAL_MACHINE\System\Setup\Status\SysprepStatus\GeneralizationState – value to 7

    Thanks for help.

    • Jose Espitia

      May 16, 2019 at 6:07 pm

      Mirek, you should not be upgrading your Windows 10 build when building a new reference image. You will need to download the Windows 10 1803 ISO from VLSC and then import it into your task sequence.

  16. Jose , this is a awesome guide you put together .. One question did you install Hyper-V on the desktop to capture everything? I’m assuming you installed MDT all on the same box to achieve your gold image correct?

    • Jose Espitia

      June 14, 2019 at 3:28 pm

      Thanks Eli. Yes I do install Hyper-V on a Windows 10 desktop and use that desktop to capture the image. MDT doesn’t need to be installed on the same PC because you can just use a standalone media and load the ISO that MDT creates into Hyper-V.

  17. Kris Williams

    Hi There,

    Thanks for this excellent article. I followed it a few times and the image works as expected after following some of the other comments. I do have one issue though. I have an MDT server already installed with other deployment shares, and when run your script to setup the new share etc that works fine, but after I do that my other deployment share and all my task sequences from it disappear and I can’t get them back. Even if I load the litetouch.vbs from my original deployment share it still only shows me the task sequence from your script. even if I boot an ISO from another deployment share….still get only the one task sequence from your script. any ideas?

    Thanks,
    Kris

  18. Hi I am Getting the following when running your 1st script

    VERBOSE: Performing the operation “import” on target “Operating system”.
    Import-MDTOperatingSystem : Index (zero based) must be greater than or equal to zero and less than the size of the argument list.
    At line:30 char:7
    + $OS = Import-MDTOperatingSystem -Path “$DSPath\Operating Systems” -So …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Import-MDTOperatingSystem], FormatException
    + FullyQualifiedErrorId : System.FormatException,Microsoft.BDD.PSSnapIn.ImportOperatingSystem

    Any ideas on this?

    Thanks

    James

Leave a Reply