Automate the Process of Building and Capturing a Windows 10 1703 Reference Image using MDT – Introduction

The release of Windows 10 1703, dubbed the Creators Update, is nearly upon us and I’ve been hard at work testing my OSD scripts and processes using the last couple of Insider Preview builds of the OS (since build 15048). I’ve also taken great strides in automating my build and capture process, which makes sense considering Microsoft is releasing new Windows 10 builds twice a year. This is the first introductory post in a 5-part series on automating the process of building and capturing Windows 10 reference images. 

The image I will build in this series will be what I think of as a “hybrid” reference image with a few things baked into the image to begin with. I’m going to use a Build and Capture task sequence to:

  • Install Windows 10 1703
  • Install the latest Windows 10 cumulative update
  • Disable Internet connectivity (to prevent Windows Store apps from being updated, which ends up breaking Sysprep)
  • Install Office 2016
  • Install .Net Framework 3.5 and 4.6.2
  • Install Visual C++ runtimes
  • Install English UK Language Packs
  • Install Windows, Office and security updates
  • Customize the Windows reference image like below:
    • Set Explorer to launch to This PC
    • Put the Computer icon on the Desktop
    • Create a local account and add it to the Administrators group
    • Create a “mni-utils” folder on the C: drive
    • Remove Windows features (Windows Media Player, XPS Viewer, XPS Services)
  • Run clean up to reduce the image size
  • Re-enable Internet access
  • And finally, Sysprep and capture the reference image, ready to be deployed using SCCM

Automating the above tasks as part of building our reference image requires a few things in place to tie everything together, which includes customsettings.ini, unattend.xml, registry edits and PowerShell.

Here are the posts I have planned for this series:

  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: Populating the MDT Deployment Share
  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: The Task Sequence (Customizing the Reference Image Before Capturing)
  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: The CustomSettings.ini Rules (Skipping the MDT Deployment Wizard)
  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: Automation Using PowerShell

I assume you already have Microsoft Deployment Toolkit up and running. If not then check out my post on Installing and Configuring MDT 2010 From Start To Finish. I know it’s a few years old but still works – just be sure to download and install MDT 8443 and give yourself security and share permissions on the Deployment Share. 

I’ll hold off publishing the next post until the Creators Update is officially released by Microsoft so I can do some final tests using the RTM build/ISO.

Advertisements

Adding Network (and Storage) Drivers to Boot Images in SCCM

Having written a post on Obtaining and Importing Drivers in SCCM for HP Client Devices it seems only fitting to follow it up with a post on adding drivers to boot images in SCCM. So here goes.

For this post I will add the driver for the StarTech USB-C to Gigabit Network Adapter (product id US1GC30B) to my boot image.

clip_image001

Although I have the drivers on a driver CD that came with the adapter I wanted to go ahead and look for a more up-to-date driver. I first had a look on the StarTech website for the drivers which told me a) the original chipset manufacturer (Realtek) and b) the chipset model (RTL8153). Armed with this information I then had a look on the Realtek website an immediately found a more up to date driver (10.13 vs 10.10). As I explained in my previous post, you almost always find the latest drivers from the original chipset manufacturer.

If you already have the driver imported in SCCM

Before going ahead with the step-by-step instructions, if you’ve already got the driver imported into SCCM then all you need to do is to go into the Properties of the boot image and add the drivers in the Drivers tab:

clip_image002

Continue reading

Configure your Task Sequence to Install Driver Packages for Client Devices

This is a continuation of  my post Obtaining and Importing Drivers in SCCM for HP Client Devices where we obtained drivers for our reference HP EliteBook 820 G3 laptop, imported them into the SCCM database, created a driver package and distributed the package to our Distribution Points.

Before carrying on with the instructions here please make sure you have the exact model name of your laptop as reported by WMI. We covered this under “Get the Correct Model Name of the Client Device” in the previous post. (Run “WMIC csproduct GET name” in a command prompt on your client device and make a note of the model name *exactly* as shown.)

As I explained in the previous post the idea is to configure our task task sequence to only install this driver package for this particular model. That’s where the model name comes into the picture. Any typos in the model name will cause the task sequence to skip this driver package from being installed during OSD.

Instructions for MDT Task Sequence

Locate the “Auto Apply Drivers” step under Post Install and disable it.

Add a group under Post Install called Install Drivers

Add a group under Install Drivers called HP

Under HP add an “Apply Driver Package” step, give it a name and choose the driver package you just created

Check “Do unattended installation of unsigned drivers on versions of Windows where this is allowed”

You should have something like this:

clip_image013

Select the HP group and add the following rules in the Options tab:

clip_image015

Select the HP EliteBook 820 G3 step and add the following rules in the Options tab:

clip_image017

This is where you’ll need the model name of the laptop which we obtained using a WMIC query earlier in the post (under Get the Correct Model Name of the Client Device).

Instructions for SCCM Task Sequence

For your SCCM task sequence locate the “Apply Device Drivers” step and disable it.

Add a group under Post Install called Install Drivers

Add a group under Install Drivers called HP

Under HP add an “Apply Driver Package” step, give it a name and choose the driver package you just created

Check “Do unattended installation of unsigned drivers on versions of Windows where this is allowed”

You should have something like this:

clip_image019

Select the HP group and add the following rules in the Options tab:

Add an If statement and choose Any

Add the following WMI Queries

SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “HP”
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “Hewlett Packard%”

Select the HP EliteBook 820 G3 step and add the following rules in the Options tab:

SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “HP EliteBook 820 G3”

Test your Task Sequence

At this point you’ve got everything set up. Go head and test your task sequence. Hopefully you won’t have any  exclamation marks in Device Manager.

 

Obtaining and Importing Drivers in SCCM for HP Client Devices

I quickly found while using the HP Client Integration Kit that, though the tool makes it easy to download and import drivers, the size of the resulting drivers and packages is excessively big. Using the HP EliteBook 820 G3 as an example device, when using the HP CIK the resulting size of the drivers is 2.3GB for this laptop compared to 823MB using the method I’ll describe in this post.

In this post we will:

  • Obtain the drivers for our device
  • Import the drivers into SCCM and create a driver package
  • Configure a task sequence to install the driver package
  • Set rules in the task sequence to only install this driver package on HP EliteBook 820 G3 laptops

I will assume you already have a Task Sequence created to build your Windows computer.

Obtaining the Drivers

I use the 820 G3 as an example here but you can adapt this for any make and model. This is a hands-on method of obtaining drivers which does take a little time but I’ve found this gives me the best result during OSD and less driver bloat.

1) Install HP Support Assistant and install any driver updates on your client device

2) Install Intel Driver Update Utility and install any updated drivers, if available

3) (Optional) Install drivers from third party manufacturers.

This step is more manual so will take some time which is why I’ve marked it as optional. This is preferable if you want to make sure you want to start off with the latest drivers for your devices in your SCCM database.

Open up Device Manager and identify devices from third party manufacturers like Broadcom, AMD, Realtek, etc. Go to each of their website and check if there’s a more recent driver available and install them.

4) Backup your installed drivers using Double Driver.

Double Driver basically scans your current system, identifies your device drivers and backs them up for you which you can then use with SCCM. I’ve been using Double Driver for a few years now but didn’t think of using this with SCCM until very recently.

Download the portable tool and run it on your client device. Click on Backup > Scan Current System and wait for the tool to identify your device drivers.

Here is a screenshot of the drivers identified on the HP EliteBook 820 G3:

clip_image004

Click on “Backup Now” and choose a destination to store your drivers. Make sure you leave the “Structured folder (default)” selected. Click on OK

clip_image005

Keep the resulting backup drivers handy to be imported into your SCCM database

Get the Correct Model Name of the Client Device

Further along in this post we’ll create a driver package for our drivers which we’ll then use in our task sequence. We’ll need to create a rule in our task sequence to only install this driver package for this particular computer model. For this reason we’ll need to extract the correct model name of this device at this stage using the following WMI query in an elevated command prompt:

WMIC csproduct GET name

clip_image007

Make a note of the result exactly as shown and keep it safe. We’ll need it further along in the post.

Create Source Folders for your Device Drivers and Driver Package

Note that before importing the drivers you need a source folder for your device drivers and a separate folder for your driver package. I always stress the importance of organising the SCCM software repository with a clear and easily identifiable folder structure to better manage your packages (or drivers in this case). Create a folder structure for your client device driver management similar to below:

Source folder for device drivers:

\\sccmserver\Source\OSD\Drivers\Device Drivers\HP\Windows 10 x64\EliteBook 820 G3

Source folder for driver packages:

\\sccmserver\Source\OSD\Drivers\Driver Packages HP\Windows 10 x64\EliteBook 820 G3

2) Copy the drivers you backed up using Double Driver into the source folder for device drivers similar to above.

Import the Drivers in SCCM and Create a Driver Package

1) Open up the SCCM console and select the Software Library workspace. Expand Operating Systems and select Drivers. Click on “Import Driver” in the ribbon

2) In the Import New Driver Wizard leave the first option selected and enter or browse to the UNC path where you copied your device drivers. In my case it’s \\sccmserver\Source\OSD\Drivers\Device Drivers\HP\Windows 10 x64\EliteBook 820 G3

Under “Specify the option for duplicate drivers” choose

clip_image009

3) Driver Details page:

Uncheck “Hide drivers that are not in a storage or network class (for boot images)”

Uncheck “Hide drivers that are not digitally signed”

Check “Enable these drivers and allow computers to install them”

Click on Categories and either select an existing category to add these drivers to or create a new category.

clip_image011

4) In the Add Drivers to Packages step we’ll create a new driver package HP EliteBook 820 G3

For the name of the package I suggest you enter a name which identifies the model of the computer and the OS and architecture the driver package is intended for.

Something like HP EliteBook 820 G3 – Windows 10 x64

Under “Path” enter or browse to the source folder you created for the driver package. In my case it’s \\sccmserver\Source\OSD\Drivers\Driver Packages HP\Windows 10 x64\EliteBook 820 G3

Finish the rest of the wizard without making any changes to the defaults (do not add any drivers to any boot images when asked).

Distribute the Driver Package to your Distribution Points

Go ahead and distribute the driver package to your DPs.

You may also want to create a folder structure in your SCCM console under Driver Packages and move your package to it. Something like Driver Packages\Windows 10 x64

Configure your Task Sequence to Install the Driver Package

I noticed this post is quite long so I’ve split it into two and moved this section into it’s own post titled Configure your Task Sequence to Install the Driver Package. You can continue with the rest of the instructions over there.

 

Windows 10 “Creators Update”

As a true fan of Windows 10 and an avid Windows Insider watching the Windows 10 Event was super exciting for me – as an enthusiast I hugely enjoy watching new technology and hardware being unveiled live. Microsoft announced some great things in the event but my focus was all on the Windows 10 Creators Update and I definitely liked what I saw was coming. You can watch the event on demand right here.

Watch the video below titled “Introducing the Windows 10 Creators Update” and keep a close watch for some of the features coming in the update, due in early 2017:

Here’s a look at some of my favourite among the many features coming in the Windows 10 Creators Update.

Paint 3D

We’ve been wondering all these years what Paint is STILL doing in Windows but now Microsoft decided to rewrite the app from the ground app. I first heard of this form Paul Thurrott on his website, but the video above shows what an awesome job Microsoft has done with Paint 3D.

Microsoft has made this as simple as taking a photograph, take a look at this GIF from the event below:

castlegif

You can see an actual sand castle is being scanned using a smart phone which is then instantly converted into a full 3D model.  Continue reading

Windows 10, Delivery Optimisation and BranchCache

Delivery Optimisation is a Windows 10 feature which, when enabled, essentially creates a peer-to-peer ‘network’ of sorts where each peer can cache downloaded Windows 10 updates locally on their hard drive. The idea is to conserve bandwidth by allowing Windows 10 devices to send and receive updates from one another on the same network without having to download it from WSUS or Windows Update. This, of course, is especially useful in slow network or metered environments.

The introduction of this feature doesn’t affect you if you’re using SCCM Software Update Point (SUP) for patch management and Windows 10 servicing. Delivery Optimisation only kicks in when the Windows Update agent contacts Windows Update (via Internet) or WSUS. By contrast, with SUP the updates are downloaded to the SUP server and then delivered to the PC which is where the Windows Update agent installs them from.

Delivery Optimisation is enabled by default on 1511 and 1607 though it’s configured differently depending on the Windows 10 edition. Enterprise, Enterprise LTSB and Education editions are configured to only use PCs on the corporate network as peers (LAN mode). Pro and Home editions default to using peers from the Internet (Internet mode).

There’s a Group Policy setting called “Download Mode” (in Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization) which you use to configure Delivery Optimisation “modes” (referred to in the above paragraph). Here is a table showing you what download modes are available to you and the functionality it provides when set:  Continue reading

SCCM: Preparing for the Windows 10 Anniversary Update

You’ll find there’s a little bit of pre-preparation work that needs to be done to get SCCM Current Branch ready for the Windows 10 Anniversary Update. I spent the weekend doing this myself on my SCCM 1602 lab and thought somebody might find it helpful to have it documented here.

To be clear, this isn’t a how-to post but more of an informational one. What follows is a set of tasks that need to be carried out on SCCM 1602 along with links to downloads and further information for each task.

1) First things first, upgrade SCCM CB to 1606. (Upgrading from 1511 to 1606 pretty much works exactly the same as upgrading from 1602 as described by Prajwal Desai in his blog).

2) After upgrading you need to install hotfix KB3184153 from the Updates and Servicing node to fix an issue with compliance policy rules in version 1606. If you switched to the fast ring to upgrade to 1606 you’ll also have KB3180992 to install.

3) Install KB3159706 on your SCCM 1606 SUP Servers to “enable the provisioning of decryption keys in WSUS for Windows Server 2012 and 2012 R2. This update is necessary for WSUS to be able to natively decrypt the encrypted Windows 10 Anniversary Update packages, and any subsequent Windows 10 feature upgrades”. Don’t forget to carry out the manual steps described on the support page.

Continue reading