Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: Building the Task Sequence

We’ll continue this series by creating a Build and Capture Task Sequence in this post and then adding the steps in our task sequence to add our applications, packages and scripts to customize the reference image.

(In the previous post we populated our MDT deployment share with our applications, packages, scripts and the Windows 10 1703 image we’re going to need for this post.)

Open up the Deployment Workbench and let’s go ahead and build our task sequence.

Create the Build and Capture Task Sequence

Right-click on the Task Sequence node and select “New Task Sequence”. Go through the Wizard and enter/choose the following options:

  • Task Sequence Id: buildw10-1703
  • Task sequence name: Build and Capture Windows 10 Reference Image (1703)
  • Template: Standard Client Task Sequence
  • Select OS: choose the Windows 10 1703 OS you imported in the previous post
  • Specify Product Key: Do not specify a product key at this time
  • Full Name: Naz (change to your liking)
  • Organization: Me, Myself and IT (change to your liking)
  • Internet Explorer home page: (change to your liking)
  • Enter an Administrator password

What we have now is a pretty bare-bones task sequence which will only install Windows and nothing else. We need to edit it to add steps which will turn this Windows installation into a reference image.

Customize the Task Sequence

1) Right-click on the task sequence you created and choose “Properties”. On the “OS Info” tab click on “Edit Unattend.xml” which will Windows System Image Manager.

Expand Components > 7 oobeSystem > amd64_Microsoft-Windows-Shell-Setup__neutral > select OOBE. Enter “3” (without quotes) next to “ProtectYourPC” in the Properties pane (on the right).

Close the Windows System Image Manager window.

2) Back on the properties of the task sequence click on the “Task Sequence” tab. Here you will edit the task sequence to add the applications and packages to install and the scripts to customize our reference image.

Expand the Pre-install group and select the “Apply Patches” step. From the selection profile choose the profile you created which includes the language packs and cumulative update for Windows 10 1703 (this was covered in Step 4 in the previous post).

3) Expand the “State Restore” group and note that all your applications, packages and customisation steps should be added AFTER the “Tattoo” step.

I’ve got a before and after screenshot to show what you should currently have and what it should look like after adding our steps to the Task Sequence to customise our reference image. Use this screenshot and the notes that follow to add your steps.

Here’s the before and after screenshots (sorry it’s a bit :

Before adding customisations After adding customisations
image Picture2

Notes on Editing the Task Sequence

It may be easier to keep the above screenshots in sight while going through the following notes so you have both side by side for reference. Continue reading

Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: Populating the MDT Deployment Share

I wanted to start off this series with populating our MDT Deployment Share with the various bits and pieces we need before building our Task Sequence. Having said that, I assume you already have Microsoft Deployment Toolkit (MDT) installed and know your way around the Deployment Workbench.

I’ve had to break norm and chose not to provide step-by-step instructions with screenshots here due to the length of this post. Also I won’t be going into how to organise the Deployment Workbench to house your scripts, applications and packages, etc. Needless to say, you should organise it in such way to make life easier for yourself and those around you for the long run.

Fire up the Deployment Workbench and let’s get started.

1) Create a Deployment Share

The very first thing you have to do is set up your deployment share. This is essentially a shared folder which will house all your scripts, packages, images, etc.

Right-click on the Deployment Share node in the Deployment Workbench and select “New Deployment Share”. In the wizard, choose or create a folder on your local disk to use as your deployment share. Give your deployment share a name (best not to remove the $ at the end) and finish the wizard with the default values.

Now, browse to the deployment share folder on your local disk and give yourself full security and share permissions, along with any domain user/groups if required.

2) Import Windows 10 1703 into MDT

First things first, use something like 7-zip to extract the contents of the ISO into a folder of your choice. Right-click on Operating Systems in the MDT Deployment Workbench and then import this into MDT, choose full set of source files, point to the extracted ISO folder and give your Windows image a name.

3) Add cumulative updates to install

The latest cumulative update for Windows 10 1703 is KB4016251 at the time of writing. Download the cumulative update from the Microsoft Update Catalog.

Update: Download Cumulative Update KB401620 (April 25 2017) instead as it fixes an issue with loss in network connectivity in virtual machines while provisioning IP addresses (this was causing an intermittent issue with Step 6 in this post).

Save it to a folder.

Create a folder called “CUs for Windows 10 1703” under the Packages node to house your CUs. Right-click on that folder, select Import OS Packages and browse to the folder you saved the CU.

Click Next twice and wait for the import to be finished.

4) Add Language Packs

Obtain the language packs from whichever source is convenient for you – WSUS, SCCM SUP, Microsoft, etc. Bear in mind that each Windows 10 build has its own language pack so make sure you have the correct language pack for your Windows 10 version (1703 in this case).

I’m going to install the UK English language packs in my image.

Copy the language packs into its own folder.

Create a folder under the Packages node and call it something like “EN-GB Language Packs for Windows 10 1703”.

Right-click on that folder, select Import OS Packages and browse to the folder you saved the CU.

Complete the wizard and wait for the import to be finished.

5) Create a Selection Profiles

Expand the Advanced Configuration node and right-click on Selection Profiles and select New Selection profile

Give it a name, click Next

Expand the Packages node, and check the two folders you created in step 2 and 3 which contains your language pack and cumulative update.

6) Add Script to Disable Internet Connectivity

As I explained in the post introducing this series, we need to disable Internet connectivity on our reference machine to prevent Windows Store apps from being updated, which ends up breaking Sysprep. In my lab all I have to do is set a static IP and DNS address using PowerShell without setting default gateway. The PowerShell is only two lines: Continue reading

Automate the Process of Building and Capturing a Windows 10 1703 Reference Image using MDT – Introduction

The release of Windows 10 1703, dubbed the Creators Update, is nearly upon us and I’ve been hard at work testing my OSD scripts and processes using the last couple of Insider Preview builds of the OS (since build 15048). I’ve also taken great strides in automating my build and capture process, which makes sense considering Microsoft is releasing new Windows 10 builds twice a year. This is the first introductory post in a 5-part series on automating the process of building and capturing Windows 10 reference images. 

The image I will build in this series will be what I think of as a “hybrid” reference image with a few things baked into the image to begin with. I’m going to use a Build and Capture task sequence to:

  • Install Windows 10 1703
  • Install the latest Windows 10 cumulative update
  • Disable Internet connectivity (to prevent Windows Store apps from being updated, which ends up breaking Sysprep)
  • Install Office 2016
  • Install .Net Framework 3.5 and 4.6.2
  • Install Visual C++ runtimes
  • Install English UK Language Packs
  • Install Windows, Office and security updates
  • Customize the Windows reference image like below:
    • Set Explorer to launch to This PC
    • Put the Computer icon on the Desktop
    • Create a local account and add it to the Administrators group
    • Create a “mni-utils” folder on the C: drive
    • Remove Windows features (Windows Media Player, XPS Viewer, XPS Services)
  • Run clean up to reduce the image size
  • Re-enable Internet access
  • And finally, Sysprep and capture the reference image, ready to be deployed using SCCM

Automating the above tasks as part of building our reference image requires a few things in place to tie everything together, which includes customsettings.ini, unattend.xml, registry edits and PowerShell.

Here are the posts I have planned for this series:

  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: Populating the MDT Deployment Share
  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: The Task Sequence (Customizing the Reference Image Before Capturing)
  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: The CustomSettings.ini Rules (Skipping the MDT Deployment Wizard)
  • Automate the Process of Building and Capturing a Windows 10 1703 Reference Image: Automation Using PowerShell

I assume you already have Microsoft Deployment Toolkit up and running. If not then check out my post on Installing and Configuring MDT 2010 From Start To Finish. I know it’s a few years old but still works – just be sure to download and install MDT 8443 and give yourself security and share permissions on the Deployment Share. 

I’ll hold off publishing the next post until the Creators Update is officially released by Microsoft so I can do some final tests using the RTM build/ISO.

Windows 10 “Creators Update”

As a true fan of Windows 10 and an avid Windows Insider watching the Windows 10 Event was super exciting for me – as an enthusiast I hugely enjoy watching new technology and hardware being unveiled live. Microsoft announced some great things in the event but my focus was all on the Windows 10 Creators Update and I definitely liked what I saw was coming. You can watch the event on demand right here.

Watch the video below titled “Introducing the Windows 10 Creators Update” and keep a close watch for some of the features coming in the update, due in early 2017:

Here’s a look at some of my favourite among the many features coming in the Windows 10 Creators Update.

Paint 3D

We’ve been wondering all these years what Paint is STILL doing in Windows but now Microsoft decided to rewrite the app from the ground app. I first heard of this form Paul Thurrott on his website, but the video above shows what an awesome job Microsoft has done with Paint 3D.

Microsoft has made this as simple as taking a photograph, take a look at this GIF from the event below:


You can see an actual sand castle is being scanned using a smart phone which is then instantly converted into a full 3D model.  Continue reading

Windows 10, Delivery Optimisation and BranchCache

Delivery Optimisation is a Windows 10 feature which, when enabled, essentially creates a peer-to-peer ‘network’ of sorts where each peer can cache downloaded Windows 10 updates locally on their hard drive. The idea is to conserve bandwidth by allowing Windows 10 devices to send and receive updates from one another on the same network without having to download it from WSUS or Windows Update. This, of course, is especially useful in slow network or metered environments.

The introduction of this feature doesn’t affect you if you’re using SCCM Software Update Point (SUP) for patch management and Windows 10 servicing. Delivery Optimisation only kicks in when the Windows Update agent contacts Windows Update (via Internet) or WSUS. By contrast, with SUP the updates are downloaded to the SUP server and then delivered to the PC which is where the Windows Update agent installs them from.

Delivery Optimisation is enabled by default on 1511 and 1607 though it’s configured differently depending on the Windows 10 edition. Enterprise, Enterprise LTSB and Education editions are configured to only use PCs on the corporate network as peers (LAN mode). Pro and Home editions default to using peers from the Internet (Internet mode).

There’s a Group Policy setting called “Download Mode” (in Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization) which you use to configure Delivery Optimisation “modes” (referred to in the above paragraph). Here is a table showing you what download modes are available to you and the functionality it provides when set:  Continue reading

SCCM: Preparing for the Windows 10 Anniversary Update

You’ll find there’s a little bit of pre-preparation work that needs to be done to get SCCM Current Branch ready for the Windows 10 Anniversary Update. I spent the weekend doing this myself on my SCCM 1602 lab and thought somebody might find it helpful to have it documented here.

To be clear, this isn’t a how-to post but more of an informational one. What follows is a set of tasks that need to be carried out on SCCM 1602 along with links to downloads and further information for each task.

1) First things first, upgrade SCCM CB to 1606. (Upgrading from 1511 to 1606 pretty much works exactly the same as upgrading from 1602 as described by Prajwal Desai in his blog).

2) After upgrading you need to install hotfix KB3184153 from the Updates and Servicing node to fix an issue with compliance policy rules in version 1606. If you switched to the fast ring to upgrade to 1606 you’ll also have KB3180992 to install.

3) Install KB3159706 on your SCCM 1606 SUP Servers to “enable the provisioning of decryption keys in WSUS for Windows Server 2012 and 2012 R2. This update is necessary for WSUS to be able to natively decrypt the encrypted Windows 10 Anniversary Update packages, and any subsequent Windows 10 feature upgrades”. Don’t forget to carry out the manual steps described on the support page.

Continue reading

Disabling the Windows 10 First Log-in Animation using Group Policy

If you’re not a fan of the first log-in animation on Windows 10 computers then you can disable this very easily using Group Policy. I decided to test this in my lab as I was curious to see what the first log-in experience would be like after having the animation disabled.

Here’s a quick rundown on how to do this:

  • Create/Open your GPO and browse to Computer Configuration > Policies > Administrative Templates > System > Logon
  • Double-click on Show first sign-in animation and select “Disabled”


If, like me, you’re curious what the first-login experience is like after disabling the animation then I’ve got a before and an after video below for you to check out. Continue reading