Problem: You need to deploy an OS to a computer that isn’t connected to your network.

Solution: Use MDT to create a bootable image for a DVD or external drive.

 WHAT YOU NEED: Microsoft Deployment Toolkit 2010, steps from last month’s Solutions Plus

SOLUTION STEPS:

Step 1: Create selection profiles.

Step 2: Create your media.

Step 3: Update your media.

Step 4: Prepare your media.

Step 5: Use your media on the client machine.

Optional: Customize or automate your media.

DIFFICULTY: Three out of five

 

 The Microsoft Deployment Toolkit 2010s “Media” feature lets you deploy a complete OS, including applications, drivers, and packages from a DVD (size permitting), external hard drive, or universal flash device (UFD—a USB storage device with flash memory) without any network connectivity at all. You could mail the media to Meghan, the manager of the branch office who is also (in her spare time) the resident IT person. All she has to do is boot from the media, answer a few questions (which can be automated), and voila OS deployment completed in accordance with your corporate standards.

In this article, I’ll show you how to create a Lite Touch bootable ISO image that contains the Microsoft Deployment Toolkit (MDT) components needed for an OS deployment. I’ll begin by showing you how to create a selection profile, Media, and finally how to automate the clients deployment wizard.

This article assumes you’ve performed steps one through five from April’s article, “XP to Windows 7 Migration with Microsoft Deployment Toolkit 2010,” InstantDoc ID 103607. If you’ve completed these steps, you should have the following:

  • A deployment share created by accepting all defaults (F:\DeploymentShare)
  • An imported Windows 7 x64 full set of source files (accepting default settings)
  • Created the following folder structure in the deployment workbench:
    Operating Systems / W7 / x86
    Operating Systems / W7 / x64 (Windows 7 full set of source files reside here)
    Task Sequences / Standard Client TS
  • Created a task sequence in the Task Sequences / Standard Client TS folder
  • Task sequence
    Name=Windows 7 64-bit (accept defaults except you should provide an Admin password)
  • Updated the Deployment Share (F:\DeploymentShare)

Step 1: Create Selection Profiles

Creating media requires the use of a selection profile. A selection profile lets you group MDT components (OS, applications, drivers, packages, and task sequences) into a single container. That selection profile is specified in the media, identifying which MDT components should be included. To create a selection profile from within the MDT’s deployment workbench, follow these steps:

  1. Expand the Advanced Configuration node.
  2. Right-click Selection Profiles and choose New Selection Profile.
  3. On the General Settings page, give the selection profile a name. (I named mine SAM—short for Stand Alone Media.) Input your comments to document what’s included in this selection profile, then click Next.
  4. On the Folders page, expand Operating Systems, then W7, and choose the x64 folder. Then expand the Task Sequences node and choose the Standard Client TS folder and click Next. The Folders page should look like Figure 1.

  5. Figure 1: Selecting the MDT components for your Selection Profile

    Figure 1: Selecting the MDT components for your Selection Profile


  6. The Summary page lets you review your settings (make any changes necessary by clicking the Previous button). When you’re done, click Next. The Progress page flashes by and then the Confirmation page appears. Click Finish on the Confirmation page.

 

Step 2: Create Media

Once you have a selection profile, you can create your new media. To create media from within MDT 2010’s deployment workbench, follow these steps:

  1. From the Advanced Configuration node, right-click Media and choose New Media.
  2. The New Media Wizard opens to the General Settings page. In the Media path field, type the folder name where you’d like to store the new media (the folder must already exist—MDT won’t create it for you) or click Browse and navigate to a folder. I navigated to the F:\ drive, where I created a new folder named SAM. (The selection profile name and media name don’t have to match, but I’ve found that after you have a few of each, it’s easier to track if they do.) Click OK then input your comments and choose the “SAM” selection profile you created earlier from the drop down list, as seen in Figure 2.
  3. Figure 2: New Media General Settings Page

    Figure 2: New Media General Settings Page


  4. Review your settings on the Summary page. If all looks good click Next. The Progress page shows the steps performed to create the new media and when completed disappears. The Confirmation page appears. Click Finish to end the New Media Wizard.
  5. The new media will be displayed in the details pane of the deployment workbench named MEDIA001. (You can rename MEDIA001 just like you rename a file in Windows Explorer.)

Step 3: Update Media

Now that you’ve created the media, you’ll need to update the media to generate a bootable ISO image containing your media. Before you update the media content, be sure you have enough hard drive space to store the new .ISO file. The Update Media Content Wizard doesn’t check for available hard drive space before it generates the Lite Touch bootable .ISO, so you can run into trouble if there isn’t enough space to store it. The size of the .ISO file is determined by which MDT components you’ve included in your selection profile. You should be safe with at least 10GB available. To update the new media from within the deployment workbench follow these steps:

  1. From the Advanced Configuration / Media node, right-click MEDIA001 (in the details pane) and choose Update Media Content.
  2. The Progress page displays the steps performed by the Update Media Content Wizard and when it’s done the Confirmation page appears.
  3. Click Finish on the Confirmation page.

Updating Media is a little different than updating a deployment share. When you update a deployment share, you see an Options page that lets you choose how you’d like to update the deployment share (update existing files or create all new). This page is lacking when you update media. I’ll show you later how to force a new .ISO to be created instead of updating the existing .ISO, which is helpful if you ever have a corrupt .ISO that needs to be rebuilt.

The Update Media Content Wizard generates a Lite Touch bootable ISO file named LiteTouchMedia.iso in the F:\SAM folder. Now that you have the LiteTouchMedia.iso, what can you do with it?

Step 4: Prepare Media

Burning the LiteTouchMedia.iso to a DVD is as easy as right-clicking the .ISO and choosing Burn disc image if the .ISO resides on a Windows 7 machine. Otherwise you need to find .iso burning software like CDBurn or DVDBurn (Resource Kit utilities). You can also put the media on a UFD or external hard drive, but the steps are a little different. Preparing the external device requires formatting the hard drive or UFD, so be sure there’s nothing on it that you want to keep. To put your LiteTouchMedia.iso on a UFD or external hard drive, perform these steps on a Windows Vista or later OS (you’ll need the DiskPart utility):

  1. Open an elevated command prompt (right-click the command prompt and choose Run as administrator), then type diskpart.
  2. At the DISKPART> prompt, type these commands:

 

List disk

      (Record the number of the external device in the Disk ### field. Mine is Disk 2, as shown in Figure 3.)

 

Figure 3: Results of DiskPart list disk command

Figure 3: Results of DiskPart list disk command

 

 

 

Select disk <N>

(<N> is the number of the disk from step one.)

clean<br>create partition primary<br>select partition 1<br>active<br>format fs=ntfs<br>assign<br>exit

 

Close the command prompt.

  1. Your external device is now ready to copy the required files from your media. Open Windows Explorer and navigate to your Media folder’s Content folder (mine was F:\SAM\Content). The Boot and Deploy subfolders need to be copied to the external device. But wait—you’ll also need to copy the protected system files autorun.inf and bootmgr, which are hidden by default. If you don’t see the protected system files in the F:\SAM\Content folder you’ll need to change the View Properties for the folder. Edit the View Properties by first going to the correct folder (F:\SAM\Content) then, from the Organize drop down list, choose Folder and search options.
  2. From the Folder Options, View tab, remove the check from the Hide protected operating system files (Recommended) advanced setting. When asked if you’re sure you want to display these files, click Yes and then OK.
  3. Copy the entire contents of the F:\SAM\Contents folder (Boot and Deploy folders, autorun.inf, and bootmgr) to your external drive or UFD.

Now you’re ready to test your new media. If you burned your LiteTouchMedia.iso to a DVD, place the DVD in the drive and boot the machine, being sure to press a key when prompted to boot from CD/DVD. Testing your media from an external hard drive or UFD device can be more complex. The machine you want to boot the external device from must be capable of booting from an external hard drive or UFD. You may have to edit the system’s BIOS to set it to boot from the external media. Editing the BIOS is different on various types of computers—on one computer you may have to press F2, while another may require pressing F1. However you access your boot options, make sure you’ve listed the external device as a boot option. Plug in the device and turn on the computer—it should boot directly from your media and offer you the following Media client experience.

 

Step 5: Use the Media on the Client

Whether booting from DVD, an external hard drive, or a UFD, the client experience is the same. Follow these steps to deploy your Windows 7 x64 OS image:

  1. The first screen presented is the boot menu. By default, all media supports 32- and 64-bit platforms, as shown in Figure 4.
  2. Figure 4: Media Boot Menu

    Figure 4: Media Boot Menu


  3. Select Litetouch Boot \\[MEDIA001\\] (x64) \\[EMS Enabled\\] and you’ll see the Welcome Windows Deployment Wizard. From the Welcome page, you can Exit to Command Prompt which comes in handy for troubleshooting failed deployments. If you receive network errors, you can run an ipconfig from the command prompt to ensure you have a valid IP address, subnet mask, and so on, or to review the logs generated by the MDT deployment process. The logs can be found in different places depending on how far the deployment has gotten. Prior to creating the C: volume and formatting it, the log files can be found in X:\MININT\SMSOSD\OSDLOGS. After the deployment process has created and formatted the C:\ volume, you’ll find the logs in C:\MININT\SMSOSD\OSDLOGS. Lite Touch deployment assumes you have a DHCP infrastructure. If not, or if you want to set static IP information, click the Configure with Static IP Address button. (If you configure your static settings and click OK, reopening that page will wipe everything clean, so no double-checking here.) You can force a reboot by clicking the Reboot button in the bottom left corner. The top selection is the one you want—click Run the Deployment Wizard to install a new Operating System to begin the deployment.
  4. The Select a task sequence to execute on this computer page lists the task sequences available based on the platform you chose from the boot menu (x86 or x64). If you selected Litetouch Boot \\[MEDIA001\\] (x86) \\[EMS Enabled\\], only task sequences that deploy 32-bit OSs and task sequences that don’t deploy an OS, such as the Sysprep and Capture task sequence are listed. (Sysprep and Capture task sequence syspreps a machine and creates a .wim image ready for deployment.) If you choose Litetouch Boot \\[MEDIA001\\] (x64) \\[EMS Enabled\\], the list of task sequences will include 32-bit and 64-bit task sequences along with task sequences that don’t deploy an OS. Choose the Windows 7 64-bit task sequence you created while following along with last month’s article and click Next.
  5. Give the computer a name on the Configure the computer name page and click Next.
  6. Join the machine to either a domain or a workgroup on the Join the computer to a domain or workgroup page and click Next. You’ll need to provide credentials if you’re joining the machine to a domain.
  7. If you’ve captured the user’s settings and data and stored them in a network location, you can specify that location on the Specify whether to restore user data page (provide the UNC path \\ServerName\SharedFolderName). If you didn’t capture the user’s settings and data, select Do not restore user data and settings.
  8. On the Language and other preferences page, select your language, time and currency formats, and keyboard layout from the drop down lists provided.
  9. Select your time zone on the Set the Time Zone page.
  10. Enter the password you would like for the local administrator password on the Administrator Password page.

10.  The Specify the BitLocker configuration page lets you enable or disable BitLocker and choose where to store the BitLocker recovery key. Choose your level of security and click Next.

11.  The Ready to begin page has a Details button that will show all the choices you made in the deployment wizard. If you’d like to make changes, click the blue circle with the back arrow in the bottom left corner to go back to the page you’d like to change. When you’re ready, click the Begin button to start the deployment process.

 

Once the deployment has completed successfully you’ll see the Operating system deployment completed successfully page. Mine took only 20 minutes, but your time may vary depending on the speed of your deployment server and target machine.

Optional Step 1: Customizing Your Media

Up to this point, I’ve shown you the default behavior for creating and deploying Media. But what if you want to deploy only 64-bit images, or you’d like some (or all) of the pages in the deployment wizard to be automated? In this section, I’ll show you how to customize the supported platforms (x86 & x64) and automate the deployment wizard.

As you’ve seen, the LiteTouchMedia.iso supports 32-bit and 64-bit OS deployments. This is done by providing two Windows Preinstallation Environments (WinPEs) in the LiteTouchMedia.iso. You can customize these WinPEs by choosing specific types of drivers (network, video, mass storage, etc.) and optional fonts (such as Chinese, Japanese, and Korean) to be included. You can also create a Lite Touch bootable .ISO image that contains only a 32-bit WinPE or a 64-bit WinPE. Providing support for only one platform reduces the size of the .ISO image, though not by much, and speeds up the boot process because when you only have one WinPE, there’s no boot menu—it simply boots into the only available WinPE.

To create a Lite Touch bootable ISO image that supports only 64-bit image deployments, you’ll need to edit the default properties of your media (MEDIA001). To edit the properties of MEDIA001 from within the deployment workbench, follow these steps:

  1. Expand the MDT Deployment Share / Advanced Configuration node and highlight Media.
  2. In the details pane, double-click MEDIA001 (or right-click and choose Properties). The Properties window of MEDIA001 has six tabs, as seen in Figure 5.
  3. Figure 5: Properties window of MEDIA001

    Figure 5: Properties window of MEDIA001


  4. The General tab shows Media identifier (media name), Comments, and Media path, all of which are read-only fields. Both platforms (x86 and x64) are selected by default. To create a 64-bit-only Lite Touch bootable ISO image, remove the checkmark from the Generate x86 boot image box. Give the new Lite Touch bootable ISO image a name (I named mine LTM64.iso) and click OK.
  5. Next you’ll need to update your media. In the details pane, right-click MEDIA001 and choose Update Media Content. When the Media is updated click Finish (this can take a few minutes).

Creating a 32-bit Lite Touch bootable ISO image is performed the same way, just de-select Generate x64 boot image, give it a new name, and update MEDIA001. I’m giving each Lite Touch bootable ISO image a new name because once you’ve generated a Lite Touch bootable ISO image, it can’t be modified to support different platforms. Therefore, it’s best to select your supported platform before you update MEDIA001. If you must make a change after you’ve updated MEDIA001, you can either create a new Lite Touch bootable ISO image by giving it a new name or delete the original LiteTouchMedia.iso from the F:\SAM folder. The new Lite Touch bootable ISO image file will be created in the F:\SAM folder.

You can modify your x86 and x64 WinPE settings, such as the drivers and language packages that are injected into your WinPE. If you chose to support only x86, the Windows PE x86 Settings and Windows PE x86 Components tabs are what you’ll want to configure. If you chose to support only x64, you’ll want to configure the Windows PE x64 Settings and Windows PE x64 Components tabs. The settings and components tabs for each platform are identical, they simply pertain to their specific platform. The settings tabs let you configure a custom background or size of the scratch space (scratch space is used as temporary storage space in RAM). The components tabs let you choose a specific selection profile that contains drivers and packages to inject into your WinPE. The default selection profile is All Drivers and Packages, but you can streamline this by selecting the types of drivers you want injected. The four types are network, mass storage, video, and system-class drivers, as Figure 6 shows.

Figure 6: Components that may be injected into your WinPE

Figure 6: Components that may be injected into your WinPE

 

 

The Rules tab contains a list of settings that dictate which pages of the deployment wizard appear and which don’t during the deployment process. The settings in this tab are stored in the file F:\SAM\Content\Deploy\Control\CustomSettings.ini. The default settings are:

<p>\\[Settings\\]</p><br><p>Priority=Default</p><br><p>Properties=MyCustomProperty</p><br><p> </p><br><p>\\[Default\\]</p><br><p>OSInstall=Y</p><br><p>SkipAppsOnUpgrade=YES</p><br><p>SkipCapture=YES</p><br><p>SkipAdminPassword=NO</p><br><p>SkipProductKey=YES</p><br><p> </p>

The Rules tab also has an Edit Bootstrap.ini button in the bottom right corner. Clicking this button displays the following:

 

<p>\\[Settings\\]</p><br><p>Priority=Default</p><br><p>\\[Default\\]</p><br><p> </p>

This file is read by the MDT deployment wizard to locate the root of a deployment share—but you’re not using a deployment share, right? I’ll show you how we can use the BootStrap.ini file (F:\SAM\Contents\Deploy\Control\Bootstrap.ini file) to help in automating your Media.

Optional Step 2: Automating Your Media

Automating your Media lets you decide which pages of the deployment wizard are displayed and which are not. You automate Media by editing the Rules tab (or the CustomSettings.ini and Bootstrap.ini files). To fully automate your deployment so someone need only boot from the DVD or other media, follow these steps from within the deployment workbench:

  1. Expand the MDT Deployment Share / Advanced Configuration node and highlight Media.
  2. In the details pane, double-click MEDIA001 or right-click and choose Properties.
  3.  Click the Bootstrap.ini button and add the new line SkipBDDWelcome=YES like this:

 

<p>\\[Settings\\]</p><br><p>Priority=Default</p><br><p>\\[Default\\]</p><br><p>SkipBDDWelcome=YES</p><br><p> </p>

Close Bootstrap.ini saving your new settings. To completely automate the deployment wizard, change the Rules tab to look like this:

<p>\\[Settings\\]<br>Priority=Default<br>Properties=MyWonderfulDeployment<br><br>\\[Default\\]<br>OSInstall=Y<br>SkipTaskSequence=YES<br>TaskSequenceID=W7x64<br>SkipComputerName=YES<br>ComputerName=Marketing1<br>SkipDomainMembership=YES<br>SkipUserData=YES<br>SkipProductKey=YES<br>SkipCapture=YES<br>SkipLocaleSelection=YES<br>KeyboardLocale=En-US<br>UserLocale=En-US<br>UILanguage=En-US<br>SkipTimeZone=YES<br>TimeZoneName="Eastern Standard Time"<br>SkipAdminPassword=YES<br>AdminPassword=P@ssw0rd<br>SkipBitLocker=YES<br>SkipSummary=YES</p>

 

There’s a lot more you can do with automated settings, such as joining your target machine to a domain. To join a machine to the Deploy.com domain using the Rhonda user account (which only has permissions to join machines to the domain and create computer objects—it’s not a domain admin account) with a password of P@ssw0rd and storing the newly created computer object in the Workstations OU (that you created), you would add the following settings:

 

<p>SkipDomainMembership=YES</p><br><p>JoinDomain=Deploy</p><br><p>DomainAdmin=Deploy\Rhonda</p><br><p>DomainAdminPassword=P@ssw0rd</p><br><p>MachineObjectOU=OU=Workstations,DC=Deploy,DC=Com</p><br><p> </p>

For a complete listing of all settings that can be automated, refer to the MDT 2010 documentation’s “Microsoft Deployment Toolkit Reference - Providing Properties for Skipped Windows Deployment Wizard Pages,” which is accessible by clicking Help in MDT. As you become more familiar with MDT 2010, you’ll probably be creating and deleting a lot. I’d like to make one more point on deleting media. Deleting media only removes them from the deployment workbench. The complete folder structure (along with the Lite Touch bootable ISO image created) doesn’t get deleted. So if you delete a media and wish you hadn’t, just right-click the Media node and choose New Media. In the Media path field, click the Browse button and navigate to the old folder. Then choose the selection profile from the drop down list, click Next twice, and Finish on the Confirmation page. You’ll be ready to go again in no time.

I hope this article helps you get a little more familiar with the Media function provided in the MDT 2010.