Chapter 9
Operating System Deployment

Most IT administrators want to automate as many functions as possible in order to reproduce the same outcome consistently and quickly to as many devices as possible. Setting up a basic computer build is no exception.

In Configuration Manager 2007, the Operating System Deployment (OSD) feature became one of the most important features. With Configuration Manager you can install Windows operating systems without any user intervention. This is known as Zero-Touch deployment. When a Windows deployment is finished, the user is able to log in to the network and start working with the new operating systems and the available applications. The OSD feature is highly dependent on the Windows Assessment and Deployment Kit (ADK) for Windows 10. The Windows ADK is a prerequisite of Configuration Manager Current Branch.

In Configuration Manager Current Branch the OSD feature has matured and includes added features such as Windows 10 Servicing and the Windows 10 Upgrade task sequence. We will walk you through several Windows deployment scenarios without and with the use of the Microsoft Deployment Toolkit (MDT) 2013.

In this chapter, you will learn to

• Specify a Network Access account
• Enable PXE support
• Update the driver catalog package
• Update an image from the console
• Support Windows 10

What’s New in Operating System Deployment

The OSD feature has not been significantly changed from Configuration Manager 2012. Some parts are enhanced, changed, or new to the feature. The following list shows the changes since Configuration Manager 2012:

• Support for Windows 10 upgrade packages
• Support for Windows 10 upgrade task sequences
• Support for Windows 10 servicing

Planning for OSD with Configuration Manager

Before you configure the feature, you should plan your deployment, since you can deploy different kinds of operating systems in numerous ways. To deploy your operating systems in an effective and cost-efficient way, you need to address the following items when planning your deployment:

• Deployment scenarios
• The kind of images to deploy
• The kind of components to use

Deployment Scenarios

You can deploy the operating system in different ways. In Configuration Manager you can deploy an operating system in three kinds of scenarios:

Bare-Metal Scenario Installing an operating system to a new out-of-the-box client computer.

Refresh Computer Scenario Deploying an image to an existing Windows installation to perform an upgrade or reinstall while migrating the user state to the new Windows installation.

Upgrade Scenario Especially for Windows 10, an upgrade scenario/task sequence has been added.

The Kind of Images to Deploy

Configuration Manager Current Branch supports, as did the previous version of Configuration Manager, the deployment of two kinds of operating system installations. You can install images, based on the Windows Imaging (WIM) format, or just install operating systems by using the source of an operating system installation. Using the source of an operating system is an unattended installation and is normally used to create a WIM image with a build-and-capture task sequence. The source can be a copy of the DVD of Windows 10, Windows 8.x, Windows 7, Windows Vista, Windows Server 2008 (R2), Windows Server 2012 (R2), or Windows Server 2016.

Operating System Images Operating images are often custom images that are built with the build-and-capture task sequence; the default install.wim file can also be used. This task sequence allows you to install and create an image of a customized reference operating system image. Also, the operating system images are used when you want to build and capture a custom image of a Windows 7 or higher or a Windows Server 2008 or higher operating system.

Operating System Upgrade Packages An upgrade package is used to upgrade older Windows versions to Windows 10 operating systems or while upgrading to the latest version of Windows 10 if you have Windows 10 already.

OSD Components

The OSD feature uses different kinds of components within Configuration Manager Current Branch. We’ll look at each of them.

BOOT IMAGES

Configuration Manager comes with two default boot images. These images are available for all sites in the hierarchy. There is no need to create and deploy boot images for each Configuration Manager site in the hierarchy.

When you access a standard boot image, you can configure several settings in various tabs. To access the boot image, browse to the Software Library workspace and choose Overview ➢ Operating Systems ➢ Boot Images. The tabs shown in Figure 9.1 are available.

FIGURE 9.1 Boot Image Properties

General On the General tab, you can enter or change the name, version, or comments of the boot image that’s already available in Configuration Manager.

Images The Images tab provides information about the boot image. If you changed the image properties with an external tool, you can reload the original properties.

Drivers The Drivers tab provides an overview of the drivers that are injected into the boot image. You can also add drivers from the driver store to the boot image. Common drivers to add to boot images are network and SATA/SCSI drivers and any other critical drivers.

Customization If you want to customize the selected boot image, you can find some options on the Customization tab. When you’re in the plan and build phases of your project and you want to test the deployment of images, you can enable command support in the Windows Preinstallation Environment (WinPE) phase of your deployment. Pressing F8 opens a command prompt that allows you to access the filesystem and log files that are located in the _SMSTaskSequence\Logs\Smstslog directory. There is also an option to change the background that is shown during the WinPE phase.

If you want to add a prestart command hook and supporting files, you can add the command line here.

Data Source The Data Source tab supplies the path to the boot WIM image that is used for the boot image package. The Data Source tab is also the place to enable or disable the ability to boot the image from PXE and deploy it to a PXE-enabled distribution point.

Data Access With settings in the Data Access tab, you can configure how the package is stored on the distribution points.

Distribution Settings Here you can define how the boot image package is distributed to the distribution points and set the priority.

Content Locations On the Content Locations tab, you can see on which distribution points or distribution point groups the image package is available. Selecting a distribution point or distribution point group allows you to validate the copy on the location, redistribute the boot image package to the location, or remove the boot image package from the location.

Optional Components In earlier versions, an administrator had to use MDT to create custom boot images to incorporate components such as an HTML Application (HTA). Or the administrator had to add the components to an SCCM boot image manually using Deployment Image Servicing and Management (DISM). Configuration Manager includes the ability to add optional components to the WinPE images from the Configuration Manager console.

Security The Security tab shows you the users who have administrative permissions to the boot image object.

---

DECIDING WHEN TO USE WHICH BOOT IMAGE

There are two different versions of boot images that support two kinds of platforms: an x86 version and an x64 version.

You can use the x86 boot image version to deploy the following:

• 32-bit operating system image
• 64-bit operating system image
• 32-bit operating system upgrade package

You can use the x64 boot image version to deploy the following:

• 64-bit operating system image
• 64-bit operating system upgrade package

You can define per task sequence which boot image to use.

---

STATE MIGRATION POINT

The state migration point stores the user data that is gathered by the User State Migration Tool (USMT) when a computer is being refreshed by a new Windows operating system. The component can be configured to store user data on different storage folders, depending on the deletion policy.

DISTRIBUTION POINTS

The distribution point is used to store the content that is related to the OSD. Since Configuration Manager 2012, two very important features have been moved to the distribution point: PXE and multicast.

When configuring a distribution point for OSD, you can adjust the following settings:

PXE Tab As mentioned earlier, the PXE feature has been moved to the distribution point. The PXE tab allows you to enable or disable support for PXE, but a Windows Deployment Services (WDS) service must be present. As in earlier versions, you can configure PXE to respond to incoming PXE requests and unknown computer support. Configuration Manager Current Branch introduces the ability to enable Primary User Assignment, which is discussed later in this chapter. If you want to secure PXE with a password, you can configure one. When you enable a boot image for PXE and the boot image is available on the distribution point, the boot image is also copied into the RemoteInstall\SMSBoot folder of WDS. Enabling the PXE feature will also install the WDS feature if it is not yet available.

Multicast Tab The Multicast feature has also been moved to the distribution point via PXE. You configure the options per distribution point. With multicasting, you can deploy an image to more than one workstation simultaneously. For instance, a normal deployment of operating systems in an environment with Configuration Manager for a 2 GB image to 30 devices would result in about 60 GB of network utilization. However, when you take the same deployment and use multicasting, you now see as little as about 2 GB of network utilization to deploy the same 30 devices.

Talk to your network administrator while implementing multicasting in your network.

OPERATING SYSTEM IMAGES

The operating system images are the WIM images that can be deployed to workstations or servers. An operating system image can be a captured operating system. When you access the image, you can configure several settings in various tabs. To access an operating system image, go to the Software Library workspace and choose Overview ➢ Operating Systems ➢ Operating System Image.

General The General tab is used to supply information about the operating system image, like name, version, and comments.

Images The Images tab gives you information about the WIM image. Information like OS version, architecture, creation date, and more is shared. If you changed the image properties using an external tool, you can reload the information from the WIM image.

Data Source The Data Source tab supplies the UNC path to the WIM image that is used for the operating system image package.

Data Access Tab With settings in the Data Access tab, you can configure how the package is stored on the distribution points.

Distribution Settings Here you can define how the operating system image package is distributed to the distribution points and set the priority. You can also specify whether to allow this operating system image to be transferred using multicasting via WinPE.

Servicing On the Servicing tab you are able to see or change the offline servicing schedule if offline servicing for an image is scheduled.

Installed Updates The installed updates tab gives you a list with installed updates that have been installed with offline servicing.

Content Locations On the Content Locations tab, you can see on which distribution points or distribution point groups the operating system image package is available. Selecting a distribution point or distribution point group allows you to validate the copy on the location, redistribute the operating system image package to the location, or remove the operating system image package from the location.

Security The Security tab shows you the users who have administrative permissions to the operating system image object.

OPERATING SYSTEM UPGRADE PACKAGES

The operating system upgrade packages are the install source of a Windows 10 operating system. With this source you are able to install or upgrade an operating system unattended. Operating system upgrade packages can also be used, for instance, while building and capturing an operating system image. When you access the package, you can configure several settings. To access an operating system upgrade package, go to the Software Library workspace and choose Overview ➢ Operating Systems ➢ Operating System Upgrade Packages. Operating system upgrade packages for Configuration Manager Current Branch are supported only for Windows 10.

General The General tab is used to supply information about the operating system installer, like name, version, and comments.

Editions The Editions tab allows you to see information about the selected edition in the installation source. For instance, a Windows 10 install source has more editions available; editions can be Professional or Enterprise.

Data Source The Data Source tab supplies the UNC path to the install source of the operating system installer that is used for the operating system installer package.

Data Access With settings in the Data Access tab, you can configure how the package is stored on the distribution points.

Distribution Settings Here you can define how the operating system installer package is distributed to the distribution points and also set the priority.

Servicing On the Servicing tab you are able to see or change the offline servicing schedule if offline servicing for an image is scheduled.

Installed Updates The Installed Updates tab gives you a list of installed updates that have been installed with offline servicing.

Content Locations On the Content Locations tab, you can see on which distribution points or distribution point groups the operating system installer package is available. Selecting a distribution point or distribution point group allows you to validate the copy on the location, redistribute the operating system installer package to the location, or remove the operating system installer package from the location.

Security The Security tab shows you the users who have administrative permissions to the operating system installer object.

TASK SEQUENCES

Task sequences provide a mechanism to perform a series of tasks on a client computer without any user intervention. Using task sequences, you can deploy operating systems but also distribute software, configure client settings, update drivers, edit user states, and perform other tasks in support of operating system deployment. Task sequences are global data and are available for all Configuration Manager sites in the hierarchy.

You can create four different kinds of task sequences:

Install An Existing Image Package This task sequence will install an existing WIM image to a computer via the normal distribution method, PXE, or media. This option uses a predefined sequence of steps. The steps will take care of wiping or formatting the disk, installing the operating system, installing software updates, installing applications, and setting the user state.

Build And Capture A Reference Operating System Image This task sequence will build and capture a Windows operating system in a new WIM image. You can use this WIM image to deploy to the client computers. This option uses a predefined sequence of steps.

Install An Existing Image Package To A Virtual Hard Drive This task sequence will install an existing image package and shut down the computer. This task sequence is used with the Create Virtual Hard Drive Wizard. The wizard creates a temporary virtual machine, creates the virtual hard disk (VHD), installs task sequence, and saves the virtual hard drive to a defined location. The Create Virtual Hard Drive Wizard is discussed later in this chapter in detail.

Upgrade An Operating System From An Upgrade Package This task sequence will upgrade your current operating system to the one provided in the operating system upgrade package.

Create A New Custom Task Sequence A custom task sequence is an empty task sequence for which you define your own steps.

A task sequence consists of tasks or steps grouped into the following categories:

General In the General category, the following tasks can be configured for the task sequence:

• Run Command Line
• Run PowerShell Script
• Set Dynamic Variables
• Join Domain Or Workgroup
• Connect To Network Folder
• Restart Computer
• Set Task Sequence Variable
• Check Readiness

Software In the Software category, the following tasks can be configured for the task sequence:

• Install Application
• Install Package
• Install Software Updates
• Download Package Content

Disks In the Disks category, the following tasks can be configured for the task sequence:

• Format And Partition Disk
• Convert Disk To Dynamic
• Enable BitLocker
• Disable BitLocker
• Pre-provision BitLocker

User State In the User State category, the following tasks can be configured for the task sequence:

• Request State Store
• Capture User State
• Restore User State
• Release State Store

Images In the Images category, the following tasks can be configured for the task sequence:

• Apply Operating System Image
• Apply Data Image
• Setup Windows And Configuration Manager
• Upgrade Operating System
• Install Deployment Tools
• Prepare Configuration Manager Client For Capture
• Prepare Windows For Capture
• Capture Operating System Image

Drivers In the Drivers category, the following tasks can be configured for the task sequence:

• Auto Apply Drivers
• Apply Driver Package

Settings In the Settings category, the following tasks can be configured for the task sequence:

• Capture Network Settings
• Capture Windows Settings
• Apply Network Settings
• Apply Windows Settings

TASK SEQUENCE MEDIA

When you use task sequence media, you can create a CD, DVD, or USB containing the files required for deploying or capturing an operating system with Configuration Manager. You can select the following kinds of media:

Standalone Media Use this type of media to deploy an operating system without network access.

Bootable Media Use this type of media to access the Configuration Manager infrastructure to deploy an operating system across the network.

Capture Media Use this type of media to capture a WIM image of an operating system on a reference computer.

Prestaged Media Use this type of media to create a file for operating system deployment that contains an operating system image and bootable media that can be prestaged on a hard disk.

DRIVER CATALOG

The driver catalog is the place to store device drivers that need to be added during a Windows deployment or to a boot image. Normally not all the device drivers need to be added, because Windows 10 supports many hardware platforms and devices. When you deploy an operating system, you can include a driver package or let WinPE discover the drivers through WMI.

You can organize your driver structure by adding the drivers for each make and model to folders or categories. This way, you can clean up old drivers in the future.

DRIVER PACKAGES

The driver packages are used to keep the drivers grouped per brand, model, operating system, and/or platform and contain the source of the drivers. These driver packages need to be distributed to the distribution point (groups) in your Configuration Manager hierarchy and can be used in the task sequences.

User Device Affinity

User device affinity helps you create relationships between users and devices. You create relationships by either adding primary devices to users or adding primary users to devices. When you deploy a new operating system to a device, Configuration Manager will check the user’s collection memberships and pre-deploy the user-targeted applications. The user’s primary device will attempt to install the application that is targeted to the user whether or not the user is logged on as part of the OSD process. When a user logs on for the first time after the installation of the new operating system is finished, all user-targeted apps are available and the user is able to work with the device instantly.

Configuration Manager allows you to create the following relationships:

• Single primary user to primary device
• Multiple primary devices per user
• Multiple primary users per device

Deployment Process

When you deploy a Windows operating system using the task sequences of Configuration Manager, you need to follow certain steps to be sure that the deployment will succeed. Generally speaking, deploying an operating system involves three major steps: prepare, build and capture, and deploy.

Prepare for OSD

The first step is preparing the Configuration Manager environment so that you can deploy the operating system. Gather the information that you need to create an image of an operating system and deploy it to client computers. Essential information includes the makes and models of the computers and the devices that need drivers. You also need to specify whether you want to add applications to the image.

Build and Capture an Operating System

After your design for the operating system is finished, you need to translate the design into a task sequence that will build and capture your operating system.

The build-and-capture task sequence creates a fully unattended installation of a Windows operating system. Depending on your design, the task sequence can take care of installing the available software updates and, if you like, applications that are part of the common operating environment. Incorporating applications into your WIM image is not a best practice, but there are situations where you’ll want to add some applications to your image.

Another option is to use a reference computer and capture the reference operating system, which is created manually, using a capture media task sequence.

---

FAT VS. THIN IMAGES

When you deploy Windows images in your environment, think about how to deploy your common operating environment, operating system, and standard applications. You can choose to deploy your operating system and applications in an image (fat image) or just the operating system in an image (thin image) and the applications during the deployment process. A thin image is easier to maintain because you don’t have to recapture your image when an application needs to be updated. However, a fat image may be quicker to deploy.

---

Deploy an Operating System

After capturing an operating system image, you can deploy it to one or more computers in your environment. The task sequence that you create can be used for bare-metal deployment or to refresh or upgrade a computer that is a member of an existing Configuration Manager environment. After creating a task sequence to deploy your Windows image, you can change and add tasks to suit your needs. You can also add or change the software updates, installation of applications, disk layout, domain, network settings, and much more.

---

MAINTAINING IMAGES

Configuration Manager supports maintaining your Windows images with software updates from the console. You can schedule offline servicing of the Windows image by adding the latest software updates and redeploying the images to your distribution points periodically. This is described in the section “Servicing Your Operating System Images and VHDs Offline” later in this chapter. We recommend that you re-create your image every quarter; this way, you will keep your images up to date and the deployment process fast and smooth.

---

Preparing Configuration Manager for OSD

You need to configure Configuration Manager Current Branch for deploying an operating system image. The first step in preparing for OSD is to configure the Network Access account. Then you need to install and configure the state migration point role and enable the PXE feature on the distribution points. In earlier versions, you had to manually create packages for the Configuration Manager Client and USMT; now, those packages are available by default after the installation of Configuration Manager Current Branch.

Configuring the Network Access Account

The first step is to set up an Active Directory user as the Network Access account. As mentioned in Chapter 7, “Application Deployment,” you are able to create more than one Network Access account to support, for instance, multiple forests. A general rule for those accounts is to give them an easily identifiable name. For example, a domain administrator would create an account called svc-sccm-na (or whatever fits your environment’s naming conventions).

Next, you will need to configure Configuration Manager to use the Network Access account. Take the following steps:

1. Open the Configuration Manager console, choose the Administration workspace, and expand Overview ➢ Site Configuration ➢ Sites.
2. Select one of the sites for which you want to configure the Network Access account, and click Configure Site Components in the settings section on the Home tab of the ribbon.
3. Select Software Distribution.
4. Select the Network Access Account tab, and set the Network Access account to the account created earlier, as shown in Figure 9.2.
5. Click OK.

FIGURE 9.2 Software Distribution Component Properties dialog box

The Network Access account must have access to the computer that is deployed and to the content on the distribution points. Normally a Network Access account has permission if it’s a member of the Domain Users Active Directory group.

Configuring the State Migration Point Role

The next step in preparing Configuration Manager for OSD is to set up a state migration point. The state migration point is used to store user-migrated settings and data during the operating system image deployment. This state migration point is a site system role within Configuration Manager, and it will need to be assigned to a server. Follow these few steps to set up the state migration point role:

1. Open the Configuration Manager console, select the Administration workspace, and expand Overview ➢ Site Configuration ➢ Servers And Site System Roles.
2. Select the site server for which you want to install and configure the state migration point, and click Add Site System Roles on the Home tab of the ribbon.
3. On the Add Site System Roles Wizard’s General page, click Next twice.
4. You will be presented with the System Role Selection page. Select State Migration Point, as shown in Figure 9.3, and click Next.
5. On the State Migration Point page, click the starburst icon to create a new storage folder.
6. Create a new storage folder in the Storage Folder Settings dialog, shown in Figure 9.4.

   

   FIGURE 9.3 Add Site System Roles Wizard—State Migration Point page

   

   FIGURE 9.4 Designating a storage folder

   This allows you to enter the path to use when storing state migration data.

7. Under the storage folder you also have to configure the maximum number of clients that are allowed to store the data and the minimum required free space on the disk.

   A way to determine the size for your state migration point is to identify the number of deployments that must take place, the average size of the user state, and how long the user state must be stored. Be sure to keep your drive from running out of free space by configuring a minimum free space for the disk where the storage folder is located.

8. Click OK to return to the State Migration Point page.

   You can change the Deletion Policy setting if you think one day is too long or not long enough until the user data is removed from the state migration point.

   Enabling the Restore-Only Mode option will result in the state migration point responding only to restore requests.

9. Click Next to configure boundary groups for the site system.
10. Click Next, and you will be taken to the Summary page.
11. Click Next to allow Configuration Manager to create the new site role.

    This brings up the Wizard Completed page.

12. Click Close.

---

DON’T CONFIGURE THE DELETION POLICY TO DELETE USER STATE IMMEDIATELY

A best practice from Microsoft is not to set the deletion policy to delete a user state immediately after it is marked for deletion. If an attacker is able to retrieve the user state before a valid computer does, the user state would be deleted before that time. Set the deletion interval to long enough to verify the successful restore of the user state data.

---

Configuring PXE on Distribution Points

To allow Configuration Manager to use OSD for deploying to bare-metal devices, you must configure PXE on the distribution points for which you will need to set up the Network Access account (we showed you how earlier in this chapter). You will also need to ensure that the Configuration Manager client upgrade package has been configured and is ready for deployment, as you also did earlier in this chapter. Finally, ensure that the boot image is set up as a package.

To be able to use PXE on a distribution point site server, you also have to install WDS on that server.

---

INSTALLING WINDOWS DEPLOYMENT SERVICES

You can install WDS through Add Or Remove Programs on Windows Server 2008 SP2 or higher machines. If you do not install the WDS feature within Windows, Configuration Manager will automatically install this feature when enabling the PXE feature on the distribution point.

---

The next stage in preparing Configuration Manager for OSD is to set up PXE support. Configuration Manager no longer has a PXE service point; the PXE feature is embedded in the distribution point role. You need to enable and configure the PXE feature per distribution point.

Follow these few steps to set up the PXE feature:

1. Open the Configuration Manager console, select the Administration workspace, and expand Overview ➢ Distribution Points.
2. Select the site server on which the distribution point resides, and click Properties on the Site Role tab of the ribbon.
3. Select the PXE tab and click Enable PXE Support For Clients.

   When you enable the feature, you will see a Review Required Ports For PXE dialog, as shown in Figure 9.5. This dialog informs you that Configuration Manager must have some UDP ports opened on the server.

4. Click Yes to continue enabling PXE support for clients.
5. After enabling the feature, you can configure how Configuration Manager will allow incoming PXE requests, as shown in Figure 9.6. Click OK when you’ve finished.

FIGURE 9.5 Review Required Ports For PXE dialog

FIGURE 9.6 PXE settings page

It will take some time for the PXE feature to successfully install on the system. You can monitor the progress of the installation by checking the distmgr.log and smspxe.log files. WDS will be installed if it is not already present on this system.

---

DHCP AND PXE ON THE SAME SERVER

You’ll need to set up some DHCP options for PXE to boot properly. Specifically, you’ll have to specify options 60, 66, and 67 when the DHCP server is on the same server as your Windows deployment server. Option 60 needs to be set to PXEClient, which is only used in this scenario. Option 66 is the FQDN of the Configuration Manager server, and option 67 should be the path to SMSBoot\<platform>\pxeboot.com.

---

Distributing the Boot Image Package

The next part of preparing Configuration Manager for OSD is to distribute the boot image package to a distribution point. This boot image is used to start the computer in WinPE for capturing, prior to deploying the operating system image. This procedure, because of the size of the images, will take some time to complete:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Boot Images.

   You will notice two boot images for various platforms: one for x64—Boot Image (x64)—and the other for x86 devices—Boot Image (x86). For the purpose of this book, we will concentrate on the x86 boot image, but there is basically no difference in configuring one or the other. The images are configured during the installation of Configuration Manager. However, no distribution points are assigned for either of the boot images. You need to add both boot image packages to the distribution points.

2. To configure a distribution point, select Boot Images ➢ Boot Image (x86), and click Distribute Content on the Home tab of the ribbon.
3. This opens the Distribute Content Wizard’s Welcome page; click Next to continue.
4. Select the distribution point you want to use on the Specify The Content Destination page by clicking Add ➢ Distribution Point.
5. Select the distribution points you want to deploy the boot image to, and click OK.
6. Click Next to review the summary.
7. After reviewing the summary, click Next. Then on the Wizard Completed page, click Close.

   It will take some time to copy the boot image package to the distribution point. Do the same for the boot image called Boot Image (x64). Every time you change the boot image, it will be re-created and distributed to the different distribution points.

Enabling Boot Images for PXE

The last part of preparing Configuration Manager for OSD is enabling both of the boot images to be available for PXE:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Boot Images.
2. Select the boot image for which you want to enable PXE support, and click Properties on the Home tab of the ribbon.
3. Click the Data Source tab, and enable the Deploy This Boot Image From The PXE-Enabled Distribution Point option, as shown in Figure 9.7; this is enabled by default for the default boot images.
4. Click OK.

FIGURE 9.7 Enable the boot image to boot via PXE.

Configuration Manager will process the change and configure the WDS server to use the boot image from Configuration Manager. Configuration Manager will place the boot image in the <drive>\RemoteInstall\SMSImages folder.

Let’s review the steps briefly for configuring Configuration Manager for OSD:

1. First, you configure the Network Access account, and then you create the client install package.
2. Second, you set up the state migration point and PXE support for Configuration Manager.
3. Finally, you deploy the boot images to the distribution points and PXE-enabled distribution points.

Adding Operating System Source

The next step after preparing Configuration Manager for OSD is to add the source content of the default operating systems.

Adding the Default Operating System Image

Adding a source of an operating system that you can use for the build-and-capture process can be done as follows:

Adding a Default install.wim image as an Operating System Image Adding the default image can be done by adding the default install.wim as an operating system image to Configuration Manager. The install.wim file can found in the source of the DVD or ISO that holds the operating system. The Build And Capture Task Sequence Wizard, for instance, lets you select the operating system image directly.

You can add an install.wim file from an operating system source by following these steps:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Operating System Images.
2. Click Add Operating System Image, and browse to the root UNC location of the install source on your package source share. From there, browse to Sources and select the install.wim file, as shown in Figure 9.8.
3. Click Next and supply the operating system image with a name, version, and comments if necessary, and click Next again.
4. Review the summary, and click Next.
5. When finished, click Close.

FIGURE 9.8 Add an install.wim file as an operating system image.

After creating the operating system image package, distribute the package to the distribution points in your hierarchy. By using this method, you can build and capture the following operating systems:

• Windows 7 SP1
• Windows 8
• Windows 8.1
• Windows 10
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016

Adding an Operating System Upgrade Package

The operating system upgrade packages can be used to upgrade operating systems that you can deploy with Configuration Manager by using the unattended setup. With Configuration Manager and the default boot images, only Windows 10 operating system installers are supported. This operating system upgrade package cannot be used for build-and-capture task sequences.

You can add an operating system upgrade package by following these steps:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Operating System Upgrade Package.
2. Click Add Operating System Upgrade Package on the Home tab of the ribbon, and fill in the UNC path to the install source of the operating system, as shown in Figure 9.9.

   

   FIGURE 9.9 Creating an operating system upgrade package

3. Click Next.
4. Supply the operating system upgrade package with a name, version, and comments, and click Next.
5. Review the summary, and click Next.
6. When finished, click Close.

Developing a Task Sequence for Creating a Capture Image

Now we will show how to create a task sequence that will be used to capture an image of a workstation. A task sequence is a way for Configuration Manager to perform one or more steps or tasks on a client computer without requiring user intervention—a process known as Zero-Touch deployment. A task sequence can consist of a single step or multiple tasks grouped together to perform functions. The tasks can depend on other tasks to complete successfully or be independent of each other.

There are two options for creating task sequences for OSD:

• Task sequences used with PXE boot
• Task sequences used with boot media

Task Sequences Used with PXE Boot

When you enable PXE on the distribution points, you can simply create a build-and-capture task sequence that will take care of the build-and-capture process. Take the following steps to create a task sequence for creating an image:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Click Create Task Sequence on the Home tab of the ribbon, and select the Build And Capture A Reference System Image option.
3. Give the task sequence a name (for instance, Build And Capture Windows 10 Enterprise), select a boot image that will support your operating system version and platform, and click Next.
4. Select the operating system image package, and supply a local administrator password that you will remember if you need to troubleshoot.

   The local administrator account will be disabled if you do not supply a password. Do not supply a product key if you are building and capturing Windows 7, Windows 8.x, Windows 10, Windows Server 2008, Windows Server 2012, or Windows Server 2016 images, as shown in Figure 9.10. Supplying a product key while building and capturing will cause the process to fail with exit error 31.

   

   FIGURE 9.10 Define which Windows operating system will be captured.

5. Click Next to move to the next page of the wizard.
6. Supply a name for the workgroup that you want to join while you are building and capturing your operating system.

   Be sure to join a workgroup so that no Group Policies are applied while you are building and capturing your reference image.

7. Click Next after supplying the name of the workgroup.
8. Select the Configuration Manager client package, and supply the SMSMP=<siteservername> installation properties, as shown in Figure 9.11.

   

   FIGURE 9.11 Install the Configuration Manager client task.

   Supplying the installation properties allows you to install approved software updates via the Software Updates feature while the operating system is part of a workgroup.

9. Click Next.
10. Decide whether you want to install software updates during the build-and-capture process.

    Best practice is that you install all software updates that are approved in the Software Updates feature in Configuration Manager.

11. Click Next to be able to select the application that you want to install while building and capturing your reference operating system image, and click Next again.
12. Depending on the source of your operating system, you may need to supply a system preparation tool; click Next.

    When deploying, for instance, Windows XP SP3 Embedded (which is still supported), you need to use Sysprep to seal the operating system and make it anonymous before capturing. Windows 7, Windows Server 2008, and higher operating systems have a built-in system preparation tool.

13. Supply information about the image, such as creator, version, and description, and click Next.
14. Supply a UNC path and a filename for the captured operating system image, as shown in Figure 9.12, and click Next.

    

    FIGURE 9.12 Captured image path and filename

15. Supply an account with Write permission to the share where the image will be captured. Click Test Connection if you want to test whether the username and password are correct.
16. Click Next to see the summary.
17. After reviewing the summary, click Next to create the task sequence.
18. When finished, click Close.

Task Sequences Used with Media

If you do not want to enable PXE support on your distribution points or you want to capture a custom reference computer, you can also create a build-and-capture task sequence that runs from media. Follow these steps to create a task sequence, using media for creating a capture image:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. From the Home tab of the ribbon, click Create Task Sequence Media. This opens the Select Media Type page, shown in Figure 9.13.

   

   FIGURE 9.13 Create Task Sequence Media Wizard—Select Media Type page

3. On the Select Media Type page, select Capture Media, and then click Next.

   By selecting Capture Media, you will be creating the capture media that will be used to capture the operating system image.

   On the wizard’s Media Type page, shown in Figure 9.14, you can select the type of media to create.

   

   FIGURE 9.14 Create Task Sequence Media Wizard—Media Type page

4. For this example, select USB Flash Drive, select the available drive, and click Next. Click Yes at the dialog that warns you that the device will be formatted.
5. On the Boot Image page, shown in Figure 9.15, specify the boot image and distribution point you want to use. Click Browse, select the boot image, and click Browse to select the distribution point. Click Next to continue.

   

   FIGURE 9.15 Create Task Sequence Media Wizard—Boot Image page

6. Click Next on the Summary page, and Configuration Manager will begin creating the capture media on the USB stick.
7. Finally, you will be presented with the Wizard Completed page; click Close.

   When finished, you can use the USB stick to boot up the computers that you will be using to build your operating system image. If you have selected to create an ISO file, you can now burn that ISO file to a CD and use that CD to boot up the computers in which you will be building your operating system image.

Capturing an Operating System Image

Configuration Manager supports two different ways of capturing an operating system image. You can use the fully automatic way, by using the build-and-capture task sequence, or you can capture a custom reference computer, by using the capture media created earlier.

Building and Capturing Automatically

When building and capturing an operating system image with the specially designed build-and-capture task sequence, you can fully automate the build-and-capture process. This way, you know that the result of a task sequence is always the same, and no user intervention is necessary. To cause less overhead on drivers, building and capturing images is often done with virtual machines.

To be able to use the build-and-capture task sequence created earlier, you must make the task sequence available for deployment, as follows:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Select the build-and-capture task sequence, and click Deploy on the Home tab of the ribbon.
3. Specify the collection where the reference computer resides, and select the distribution point(s) where the content needs to be deployed to.

   Be sure that you create a special collection for building and capturing operating systems. So click OK, as shown in Figure 9.16, if you acknowledge that deploying a task sequence is a potential high-risk deployment and select the collection you want to deploy the build-and-capture task sequence to.

   

   FIGURE 9.16 High-risk deployment warning

4. Click Next to proceed in the wizard.

   Now you need to configure the deployment settings; for Purpose you can select either Available or Required. If you choose Available, you need to press F12 to enter the PXE boot procedure and select the task sequence in the WinPE environment. If you choose Required, the machine will boot into WinPE during the PXE boot procedure. You also need to configure in which scenario the deployment is available.

   Only Configuration Manager Clients A task sequence deployment can be made available for Configuration Manager clients only. This means that an operating system with a Configuration Manager client must be active to be able to receive and start the task sequence deployment. This option can be used best in refresh client scenarios.

   Configuration Manager Clients, Media And PXE If the task sequence that needs to be deployed must be available in all scenarios, you need to select this option.

   Only Media And PXE When a task sequence like the build-and-capture one needs to be available only for media and PXE, then you need to select this option. Another scenario is bare-metal deployment. This is the best option to use with build-and-capture task sequences.

   Only Media And PXE (Hidden) When a task sequence like the build-and-capture one needs to be available only for media and PXE, select this option. Another scenario is bare-metal deployment. This is often used for test purposes. To be able to use the hidden deployment, set the SMSTSPreferredAdvertID variable with the AdvertID of the Task Sequence as the value at the collection level where the task sequence is deployed.

   Click Next.

5. Select the option Only Media And PXE, as shown in Figure 9.17, and click Next to configure the deployment settings.

   

   FIGURE 9.17 Specify the deployment settings.

6. Configure the scheduling settings, and click Next.
7. Since you are configuring a deployment for a build-and-capture task sequence, no user experience options need to be configured, so click Next.
8. Configure Alerts options for failed deployments; you can set a threshold for alerts to be sent when the threshold is higher than a percentage of failed deployments. Click Next to proceed.
9. Configure the distribution point settings, and click Next to review the summary.
10. After reviewing the summary, click Next and then Close.

After making the build-and-capture task sequence available for deployment, you can go into action and build and capture the image. To begin, shut down your reference computer and be sure that you can boot from the network via PXE. To use the following procedure, be sure that your computer object in Configuration Manager is added to the collection where the task sequence is deployed.

1. Start your computer or virtual machine and boot into PXE.
2. At the Welcome To This Task Sequence screen, click Next.
3. Select the Build And Capture Windows 10 Enterprise task sequence, as shown in Figure 9.18, and click Next.

   

   FIGURE 9.18 Selecting the task sequence

After the build-and-capture process, described earlier, has finished, you will have your captured Windows image. The computer will restart in Windows.

The captured WIM image can be used for deployment to the computers in your environment. Be sure to always test your deployment in a test environment.

Capturing a Reference Computer

When creating an image of a reference computer, you need to be aware of a few requirements. First, ensure that the computer is a member of a workgroup instead of a member of the domain. This is a required step; if the reference computer is a member of the domain, you will be required to remove it from the domain to create the image of the operating system of the computer. Second, we recommend removing the Configuration Manager client from the machine. This is not a requirement, just a recommendation and best practice.

1. To begin creating an image of the reference computer, insert the CD that was created from the ISO file you created earlier.
2. Run LaunchMedia.cmd located in the root folder on the CD. This opens the Image Capture Wizard.
3. Click Next to open the Image Destination page, shown in Figure 9.19, which allows you to specify where to copy the image when the capture is completed.

   

   FIGURE 9.19 Image Capture Wizard—Image Destination page

4. Fill in the correct information, and click Next.

   As you can see, we copy the WIM file to our site server or any other server that is reachable.

   You will now be able to add some information about the image on the Image Information page. You can fill in the Created By, Version, and Description fields for the WIM file.

5. Fill in this information with as much detail as you can; then click Next.
6. On the Summary page, click Finish to begin the capture phase.

   An Installation Progress window appears, telling you that the Image Capture Wizard is working and running in the background. When the image capture is complete, a System Restart message will appear, and the system will reboot. When the system reboots, it will boot into WinPE and begin capturing the system. This process can be a lengthy one, so be patient while the operating system is being captured.

   Once the image capture is complete, you will see the Image Capture Wizard success message, shown in Figure 9.20.

7. Click OK to allow the machine to reboot and return to the operating system.

FIGURE 9.20 Image capture success message

Deploying an Image

Since you’ve now successfully captured an image, you need to add this operating system image to Configuration Manager. Then you have to deploy this image by creating a task sequence and deploy this task sequence to the computers in your environment. Always be sure to thoroughly test the image in a separate test environment before deploying it into production.

Adding a Captured Image

The WIM file that you just created must be added as an available operating system for Configuration Manager. To deploy this image, follow this procedure:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Operating System Images.
2. Click Add Operating System Image on the Home tab of the ribbon.

   This opens the Add Operating System Image Wizard’s Data Source page.

3. Ensure that the (UNC) Path field points to the location where the WIM file was created, and click Next.

   The General page allows you to customize the Name, Version, and Comments fields for the image file.

4. Fill in the appropriate information, and click Next.
5. The Summary page will be displayed; review the information and click Next.
6. Finally the Wizard Completed screen will appear. On this page, click Close.

Distributing and Deploying the Image

Next, you need to distribute the image to your distribution points.

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Operating System Images.
2. Select the image that you added, and click Distribute Content on the Home tab of the ribbon.
3. In the Distribute Content Wizard, click Next.
4. Click Add and select Distribution Point or Distribution Point Group.
5. In the Add Distribution Points or Add Distribution Point Groups dialog, select the distribution points or groups that you want to distribute the WIM image to, and click OK.
6. Click Next to review the summary.
7. After reviewing the summary, click Next and then Close.

Creating a Task Sequence for Deployment

Now you will need to create a task sequence for deploying the Windows operating system image. Creating a task sequence will give Configuration Manager a series of steps to perform on the new installation of the workstation:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Select Create Task Sequence on the Home tab of the ribbon.

   This will open the New Task Sequence Wizard’s Create A New Task Sequence page.

3. Because you have already built an image of a Windows client, select Install An Existing Image Package, and then click Next.

   This opens the New Task Sequence Wizard’s Task Sequence Information page.

4. Specify the task sequence name and a comment, and specify the boot image to use during the installation of the image. Click Next after supplying the information.

   The Install Windows page, shown in Figure 9.21, allows you to specify the Configuration Manager image package containing the operating system you want to install.

   

   FIGURE 9.21 Create Task Sequence Wizard—Install Windows page

5. Click the Browse button to find the image of the operating system you want to install, and click OK.
6. If you want to partition and format the target computer before installing the operating system, leave the Partition box selected, and format the target computer before installing the operating system.
7. Keep the Configure Task Sequence For Use With BitLocker option enabled if you want to enable BitLocker during the deployment of the Windows image.
8. Enter the licensing information for the version of Windows you are installing in the Product Key field, and click Next.
9. On the Configure Network page, select the domain or workgroup to join.

   If you select to join a domain, you can specify which organizational unit (OU) in which to put the computer once it joins the domain. If you select to join a domain, you will need to specify the account that has permission to join computers to a domain. Create a different account to join the computer to the domain; do not use the Network Access Account for this. You must delegate this access to the user account. Verify the account by testing the connection after configuring the account.

10. Click Next to continue.

    Now all the work you did earlier will finally be put to use.

11. On the Install Configuration Manager Client page, specify any additional installation properties. Click Browse if you do not want to use the default Configuration Manager client package.
12. Click Next to continue.

    The Create Task Sequence Wizard page that appears is State Migration, shown in Figure 9.22, which allows you to configure the user state migration capture.

    

    FIGURE 9.22 Create Task Sequence Wizard—State Migration page

13. Select or deselect whether you want to capture network and Microsoft Windows settings.
14. Click Browse, if you do not want to use the default User State Migration Tool package, and then click Next.

    After you’ve configured the state migration, the Include Updates page will appear, which allows you to specify whether the client will get mandatory, all, or no software updates after the image has been installed.

15. Configure the installation of software updates, and click Next.

    Now you have the option to install additional applications by adding the configured applications to the task sequence. This is extremely useful if you have a large number of applications you want installed on each system after the operating system has been installed. Figure 9.23 shows the Install Applications page, where you can specify the additional applications.

    

    FIGURE 9.23 Create Task Sequence Wizard—Install Applications page

16. Select the option If An Application Installation Fails, Continue Installing Other Applications In The List if you want to let the task sequence proceed with its tasks.
17. Click Next once you have the additional applications specified.
18. Click Next on the Summary page, and Configuration Manager will complete the Create Task Sequence Wizard.
19. Click Close.

---

PRESERVE THE DRIVE LETTER IN YOUR IMAGE, OR NOT

A disadvantage of deploying the default INSTALL.WIM files is that Microsoft created the INSTALL.WIM image by installing the Windows 7 version to the D: drive. For this reason the Windows operating system is installed by default to the D: drive. Windows 10 installs the operating system by default to the X: drive.

You can disable this default behavior by setting a task sequence variable at the top of the task sequence.

Adding the task sequence variable OSDPreserveDriveLetter = False to the task sequence allows you to install the default INSTALL.WIM image to drive C: instead of drive D: or X:.

As from Windows 10 version 1607, the OSDPreserveDriveLetter task sequence variable is not supported anymore. Just select the drive in the task sequence to which Windows 10 needs to be installed.

---

Deploying the Task Sequence

You have now successfully created a new task sequence to install a new operating system on a machine, join the system to the domain, and install the Configuration Manager client on the machine once it comes online. However, the task sequence won’t do you any good unless you deploy it to a collection. Take the following steps to create a task sequence for the refresh scenario:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Select the task sequence you want to deploy, and click Deploy on the Home tab of the ribbon.
3. Click Deploy to open the General page of the Deploy Software Wizard.
4. Click Browse to find the collection where you want to install this operating system package, and then click Next to continue.

   The next wizard page is Deployment Settings, shown in Figure 9.24.

   

   FIGURE 9.24 Deploy Software Wizard—Deployment Settings page

5. Supply the purpose of the deployment.
   • If you want to let your users choose to reinstall their operating system, choose the Available option.
   • If you want the installation to start automatically, choose the Required option.

     Choosing the Required option enables you to send wake-up packets to the computers in the collection. Of course, you need to first configure Wake On LAN support in Configuration Manager. The task sequence you are creating is used to refresh your Windows installation, so you will be making the deployment available only for Configuration Manager clients.

6. Click Next to continue.

   The next step is to configure the scheduling options for the deployment.

7. Configure the availability of the deployment and when the deployment will expire—this availability step is optional; if you want the deployment to be available directly, you do not need to configure this.
8. Define the assignment schedule, and be sure to set the rerun behavior to Rerun if the previous attempt failed.

   If you do not set this option, the deployment will rerun as soon the deployment is finished, thereby creating a deployment loop.

9. Click Next to proceed.
10. On the User Experience page, specify how users are notified about the deployment and how they interact with the deployment.

    We prefer to show the task sequence progress to let the end user know that the computer is being reloaded.

11. Click Next to proceed, and configure the Alerts options for this deployment.
12. Click Next, configure how to run the content for this deployment on the Distribution Points page, and click Next again.
13. Review the summary, click Next, and click Close when the wizard has finished processing the deployment.

Now you have created the deployment for the operating system deployment, and any system in the collection you specified will get the new deployment during the next policy refresh. Once the policy refresh takes place, the workstation will receive the Assigned Program About To Run notification. Once the installation begins, you will see the progress message box in Windows, as shown in Figure 9.25.

FIGURE 9.25 Installation progress message box

The system will automatically reboot and then begin the boot to WinPE, as shown in Figure 9.26.

FIGURE 9.26 Booting to WinPE

The installation will take some time to complete. During this install, Configuration Manager is gathering the user state and saving the date in the USMT folder on the site server, which you configured earlier in this chapter. You can monitor the <drive>:\USMTData folder on the site server to see the user state migration data being copied to the server.

Configuration Manager will push the new operating system down to the new machine and then join it to the domain, install the Configuration Manager client, and finally copy back all the user data on the client.

You can monitor the progress of the operating system deployment in the Deployment Status window, shown in Figure 9.27.

FIGURE 9.27 Monitoring the OSD deployment status

1. From the Configuration Manager console, choose the Monitoring workspace, expand Overview ➢ Deployments, and select the deployment that you want to monitor.
2. After selecting the deployment, click Run Summarization on the Home tab of the ribbon.
3. After the summarization is updated, click View Status on the Home tab of the ribbon to see the status of the deployment, as shown in Figure 9.27.
4. While viewing the status, you can refresh the status by clicking Run Summarization or Refresh. If a deployment is in progress, or fails as shown in Figure 9.27, you are able to identify which machines have which status.
5. While monitoring the OSD deployment status, you are able to review the completed tasks by selecting More Details and selecting the Status tab of the Asset Message dialog, as shown in Figure 9.28.

FIGURE 9.28 Review the task sequence steps in the Asset Message dialog screen.

Upgrading Operating System to Windows 10

With the introduction of Windows 10, a new task sequence has been introduced to streamline the upgrade process from older operating systems to Windows 10. So when do you need this upgrade task sequence?

• If you want to keep all of the applications and its settings
• If you do not need to switch between BIOS and the Unified Extensible Firmware Interface (UEFI)
• If you do not want to refresh or completely reinstall the operating system
• If you do not need to switch between 32-bit and 64-bit operating systems
• If you want to upgrade one Windows 10 build to a newer build and you do not want to use the new servicing model

---

STILL ON BIOS? SWITCH TO UEFI AS SOON AS POSSIBLE!

If you are still using BIOS on your workstations, you definitely need to think of switching to UEFI to be able to use all of the Windows 10 security features such as Secure Boot, Device Guard, and Credential Guard. Switching from BIOS to UEFI can be automated within the task sequences. Be sure to read the following blog posts from some great OSD folks in the community!

• Johan Arwidmark (MVP): https://ref.ms/JohanArwidmarkUEFIBlogs
• Nickolaj Andersen (MVP): https://ref.ms/NickolajAndersenUEFIBlog
• Mike Terrill: https://ref.ms/MikeTerrillUEFIBlogs

---

Perform the following tasks to prepare the Upgrade Task Sequence for Windows 10:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Click Create Task Sequence on the Home tab of the ribbon, select Upgrade An Operating System From Upgrade Package, and click Next.
3. Supply the task sequence name and the description, and click Next.
4. Click Browse on the Upgrade The Windows Operating System page, as shown in Figure 9.29, and select the upgrade package you want to install. Click OK.

   

   FIGURE 9.29 Select an operating system upgrade package.

5. Choose the edition and supply the product key; then click Next.
6. Configure the installation of software updates, and click Next.

   Now you have the option to install additional applications by adding the configured applications to the task sequence. This is extremely useful if you have a large number of applications you want installed on each system after the operating system has been installed.

7. Select the option If An Application Installation Fails, Continue Installing Other Applications In The List if you want to let the task sequence proceed with its tasks.
8. Click Next once you have the additional applications specified.
9. Click Next on the Summary page, and Configuration Manager will complete the Create Task Sequence Wizard.
10. Click Close.
11. Deploy the task sequence to a device collection as described earlier in this chapter.

Deploying the Operating System on Bare Metal

After deploying an operating system in a refresh scenario, you also need to create a task sequence and deployment to be able to deploy an operating system to bare-metal computers. Bare-metal computers are computers without any operating system present.

To deploy an operating system to a bare-metal computer, you can use a CD or DVD to boot into WinPE, but you can also boot into PXE to start the WinPE image from the network. Let’s see how this works with PXE. To be able to deploy an operating system to a bare-metal computer, you need to perform the following tasks:

• Import information about a computer.
• Create a task sequence.
• Deploy the task sequence.

Importing Computer Information

Now you are ready to set up a computer association so that Configuration Manager can identify the bare-metal machines that will receive a fresh install. You can also use the unknown computer support, which is discussed later in this chapter. To specify the computer association, open the Configuration Manager console and proceed as follows:

1. From the Configuration Manager console, choose the Assets And Compliance workspace and expand Overview ➢ Devices.
2. Click Import Computer Information on the Home tab of the ribbon.

   This will allow you to import a single computer or import many systems from a comma-separated values (CSV) file.

3. Select the option Import Single Computer, and click Next.

   This will bring up the Single Computer page, as shown in Figure 9.30.

   

   FIGURE 9.30 Import Computer Information Wizard—Single Computer page

   You must enter the computer name along with either the MAC address or the System Management BIOS (SMBIOS) GUID. The computer name is just how the machine will appear in the collections, not what the actual computer will be named.

4. Fill in the appropriate information, and then click Next.
5. This sends you to the Data Preview page; check the information and click Next.

   You’ll then see the Choose Target Collection page.

6. Specify which collection you want to add to this new machine.

   It is extremely important to put all the bare-metal installs into the same collection, used only for bare-metal deployment.

7. Click Next.
8. After specifying the collection, you will see the Summary page. Click Next, and then click Close on the Finish page.

Creating a Task Sequence for the Bare-Metal OSD

When you deploy a bare-metal machine, it is wise to create a dedicated task sequence for this purpose. Once you create this special task sequence, you need to deploy it to a special collection in which you can place the bare-metal computers.

Creating a task sequence for deploying an image to a new machine is straightforward:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. From there, click New Task Sequence on the Home tab of the ribbon of the Configuration Manager console.

   This opens the Create New Task Sequence page of the New Task Sequence Wizard.

3. Select the Install An Existing Image Package option, and click Next.
4. On the Task Sequence Information page, fill in the name, optionally add a comment, and select the boot image you want to use for the operating system deployment; then click Next.
5. On the Install The Windows Operating System page, select the image package by browsing to the correct image.
6. Because this example is deploying Windows to a bare-metal machine, enable the option to partition and format the target computer.

   The next options you can configure are the network settings.

7. On the Configure The Network page, specify whether you want to join the new machine to the domain or join a workgroup. Click Next after configuring the network settings.

   A Configuration Manager task sequence will allow you to install the Configuration Manager client during an operating system deployment.

8. On the Install The Configuration Manager Client page, add installation properties if you need to and click Next.
9. Since you are deploying Windows to a bare-metal machine, on the State Migration page, shown in Figure 9.31, deselect all the options because you do not need to worry about capturing any data from these machines. Click Next to configure the installation of software updates.

   

   FIGURE 9.31 Create Task Sequence Wizard—State Migration page

   On the Include Updates page, you can now allow Configuration Manager to include software updates during the install.

10. Make the selections you desire, and click Next.

    On the Install Applications page, you can add applications, such as Microsoft Office, that you want to install on the machine after the operating system has been deployed.

11. Click Next to view the Summary page.
12. After viewing the summary, click Next and then Close to complete the wizard.

Deploying the Bare-Metal Task Sequence

After creating the task sequence for bare-metal deployment, you need to deploy this task sequence, as discussed earlier. Be sure to select that the task sequence is available to only media and PXE.

---

USING THE UNKNOWN COMPUTER COLLECTION

You can enable support for unknown computers. Unknown computer support is a feature in Configuration Manager that allows unmanaged systems to be managed with Configuration Manager during an OSD. To do so, open the Configuration Manager console, select the Administration workspace, and expand Overview ➢ Site Configuration ➢ Servers And Site System Roles. Select the server with the distribution point where PXE is enabled, and click Role Properties in the Site Role section of the ribbon. Browse to the PXE tab in the Distribution Point Properties dialog, shown here, and select the box Enable Unknown Computer Support.

When you enable this option, you will be prompted with the caution message shown next. Assuming you are ready to proceed, click OK.

To create a task sequence for bootable media, open the Configuration Manager console, choose the Software Library workspace, and expand Overview ➢ Operating System ➢ Task Sequences. Click Create Task Sequence Media on the Home tab of the ribbon. This opens the Create Task Sequence Media Wizard’s Select Media Type page.

Select Bootable Media, and click Next. Choose Dynamic Media When The Media Contacts A Management Point, which redirects the client to a different management point based on the client location in the site boundaries, or choose Site-Based Media when you want to specify a management point. Click Next to configure the media type. On the Media Type page, select the type of media you will be using, either a USB flash drive or a CD/DVD set, and then click Next. The Security page offers the Enable Unknown Computer Support option. Selecting this will allow you to target the unknown computer collection with the operating system deployment.

The next step, after configuring unknown computer support, is configuring the boot image, distribution point, associated management points, and customizations.

After creating the boot media, you can create a deployment to this collection for the OSD task sequence, and Configuration Manager will process the task sequence for the unknown computers. Be sure to enable your deployment to be accessible for boot media and PXE.

---

Installing Device Drivers into OSD

Now you have configured one package to perform Windows upgrades and another package to install that same Windows install package onto a bare-metal system. But what happens if you get a new system with a completely new setup, including device drivers that are not installed within the current package, so that when the machine comes online it will not be able to attach to the network?

Microsoft has provided the ability to import device drivers into Configuration Manager and add them to the boot images or driver packages so they can be installed as part of the operating system deployment task. To import Windows device drivers, take the following steps:

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Drivers.
2. Click Import Driver on the Home tab of the ribbon of the Configuration Manager console.

   This opens the Locate Driver page, shown in Figure 9.32.

   

   FIGURE 9.32 Import New Driver Wizard—Locate Driver page

3. 1You can specify whether you want to import all drivers or just a single device driver. When importing drivers, you could run into the fact that there are duplicate drivers, so you should configure the import behavior when duplicate drivers are detected. You can configure the following options:
   • Import The Driver And Append A New Category To The Existing Categories
   • Import The Driver And Keep The Existing Categories
   • Import The Driver And Overwrite The Existing Categories
   • Do Not Import The Driver
4. Click Next after picking the correct driver(s), and then you will be presented with the Driver Details page. Next you should assign the driver(s) to one or more categories.

---

WORKING WITH CATEGORIES ENABLES YOU TO MANAGE DRIVERS

If you add categories to drivers, you can manage your drivers in the store more easily. By adding the category to the search criteria, you can easily select the drivers and delete them by clicking Delete on the Home tab of the ribbon in the Configuration Manager console.

---

5. On the Add Driver To Packages page, shown in Figure 9.33, specify the package(s) you want to add this driver to, or specify a new package. If you need to create a new driver package, do the following.

   

   FIGURE 9.33 Import New Driver Wizard—Add Driver To Packages page

   1. Click New Package.
   2. Supply a name and a UNC path for the source of the package.
   3. Click OK.
   4. If desired, select Update Distribution Points When Finished so the driver will be available as soon as possible to your site.
6. Click Next to continue.
7. Next, select which boot images you want to add the driver to, as shown in Figure 9.34. When selecting drivers in bulk—for instance, all drivers from one model—do not add these to the boot images. Add them in a later stage, since, for instance, we do not want video, sound, and other drivers in our boot image. It is a best practice to add only the missing NIC drivers and drivers related to storage (controllers) to the boot images.

   

   FIGURE 9.34 Adding drivers to boot images

8. Click Next to open the Summary page. Review the configuration, click Next, and then click Close.

   Now Configuration Manager will inject that driver package into the packages and boot images you selected. This could take some time to process.

Using User Device Affinity

As discussed earlier, user device affinity enables you to deploy user-targeted applications during the operating system deployment process. There are several ways to configure user device affinity. Let’s look at the following options:

• Manually configure a primary user for a device.
• Manually configure a primary device for a user.
• Configure a site to automatically create user device affinities.
• Import user device affinities.
• Enable users to configure their primary device.

Manually Configure a Primary User for a Device

To manually configure a primary user for a device, follow this procedure:

1. From the Configuration Manager console, choose the Assets And Compliance workspace, expand Overview, and select Devices.
2. Select a device, and click Edit Primary Users on the Home tab of the ribbon. Search for the user, as shown in Figure 9.35, select the user, and click Add and then OK to set the primary user for the device.

FIGURE 9.35 Searching for and selecting the primary user

Manually Configure a Primary Device for a User

To manually configure a primary device for a user, follow these steps:

1. From the Configuration Manager console, select the Assets And Compliance workspace, expand Overview, and select Users.
2. Select a user, and click Edit Primary Devices on the Home tab of the ribbon. Search for the device, select the device, and click Add and then OK to set the primary device for the user.

Configure a Site to Automatically Create User Device Affinities

With Configuration Manager you can also create the user device affinity automatically. Creating the affinity automatically is based on thresholds configured in the client settings. You can also configure the collecting of audit account logon and audit logon events on the client by, for instance, implementing a GPO. (See https://technet.microsoft.com/en-us/library/mt629338.aspx for more information.) Configuring the client settings to create user device affinities is described here:

1. From the Configuration Manager console, choose the Administration workspace, expand Overview, and select Client Settings.
2. Select the default client settings package or create a new client device agent settings package, and click Properties on the Home tab of the ribbon.
3. Select User And Device Affinity, as shown in Figure 9.36, and configure the following options.

FIGURE 9.36 Configuring client device settings

User Device Affinity Usage Threshold (Minutes) Configure the number of minutes of usage by a user before a user device affinity is created.

User Device Affinity Usage Threshold (Days) Configure the number of days Configuration Manager will measure the usage of the device. For example, if User Device Affinity Usage Threshold (Minutes) is configured with a value of 120 minutes and User Device Affinity Usage Threshold (Days) is set to 14 days, the user must use the device for 120 minutes over a period of 14 days before the user device affinity is created.

Automatically Configure User Device Affinity From Usage Data Enable the feature by setting the value to Yes, or disable the feature by setting the value to No.

Import User Device Affinities

If you have the information from your client computers and primary users in a CSV file, you can import the user device affinity information to Configuration Manager.

1. From the Configuration Manager console, select the Assets And Compliance workspace, expand Overview, and select Devices or Users.
2. On the Home tab of the ribbon, select Import User Device Affinity.
3. Browse and select the CSV file containing the information that you want to import, and click Open. The format of the CSV file must be <Domain\username>,<Device NetBIOS name>. Select the option This File Has Column Headings For Reference Purposes if you have the following as the first line of the CSV file: users,devices.
4. Check in the File Preview section of the Choose Mapping page of the wizard to see if the column mapping is configured correctly, as shown in Figure 9.37, and click Next twice. Click Close after reviewing the results.

FIGURE 9.37 Checking the column mapping

Enable Users to Configure Their Primary Device

Another option is to configure the Configuration Manager site to let the users define their own user device affinities. This is done as follows:

1. From the Configuration Manager console, select the Administration workspace, expand Overview, and select Client Settings.
2. Select the default client settings package or create a new client device user settings package. Then click Properties on the Home tab of the ribbon.
3. Select User And Device Affinity, and set the option Allow Users To Define Their Primary Devices to Yes. Setting the option to No will disable the feature.

From now on, the users can configure their user device affinity by selecting the I Regularly Use This Computer To Do My Work option in the My Devices tab of the Application Catalog website.

Pre-deploy User Applications

After configuring user device affinity for a client computer, the applications that are targeted to the primary user are pre-deployed automatically during deployment of the OS. While deploying the application to a user, set Purpose to Required, as shown in Figure 9.38. You will find more information about deploying applications in Chapter 5, “Client Installation.”

FIGURE 9.38 Configuring deployment settings

Microsoft Deployment Toolkit 2013

The Microsoft Deployment Toolkit 2013 is a solution accelerator that can be integrated with Configuration Manager. The integration gives you the ability to smooth your deployment process with the scripts that come with the MDT. Let’s configure the MDT integration and see what it offers us when deploying operating systems.

The MDT includes extra deployment scenarios that are built with the Task Sequence Wizard:

Client Replace Scenario (Client Replace Task Sequence) This scenario enables you to capture the user state from an old client computer and place it on the new client computer while deploying the new operating system.

Server Deployment Scenario (Server Task Sequence) This scenario allows you to deploy Windows-based servers and their roles.

User-Driven Installation Scenario (User Driven Installation Replace Task Sequence) This scenario allows your users to use the simple User Driven Installation (UDI) Wizard to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.

The MDT Task Sequence wizard allows you to use the built-in MDT task sequence templates within SCCM. Using the wizard, you are also allowed to create supporting packages from MDT to use in your task MDT task sequences (and SCCM task sequences) such as MDT boot images, the MDT Toolkit package, the MDT Settings package, and the User State Migration package. This section describes the client replace scenario.

Installing Microsoft Deployment Toolkit 2013

The MDT is a free tool that you can download from the Microsoft Download site. Install the MicrosoftDeploymentToolkit2013_x64.msi or MicrosoftDeploymentToolkit2013_x86.msi file on your site system. It’s a straightforward Next, Accept License Agreement, Next, Next, Next, Install, Finish installation. You need to install the MDT on every site server that you want to integrate with. Part of the integration is installing the extensions to the consoles.

Integrating the MDT

To be able to use the deployment intelligence of the MDT in Configuration Manager, you need to integrate the MDT with Configuration Manager. This is done by following these steps:

1. After installing the Microsoft Deployment Toolkit 2013 on your site system, go to the Start screen.
2. Click Configure ConfigMgr Integration to start the integration tool.
3. Configure the integration as shown in Figure 9.39. Select Install The MDT Console Extensions For Configuration Manager and Add The MDT Task Sequence Actions To A System Center Configuration Manager Server. Next, configure the Site Server Name and Site Code fields, and click Next.
4. Review the summary, and click Finish.

FIGURE 9.39 Configuring the integration

Creating a New Boot Image

This is an optional step since more and more extras of the MDT are moving to native Configuration Manager features. Follow the next steps to re-create the MDT boot images. You can also create a boot image with the MDT integration features while creating a new MDT task sequence. Create a boot image for both x86 and x64 platforms.

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Boot Images.
2. Click Create Boot Image Using MDT on the Home tab of the ribbon, and supply the UNC path to the location where you want to store the boot image; click Next.
3. Supply a name, version, and comments, and click Next.
4. Select the platform for which you are creating the boot image, select the Scratch Space value from the drop-down list, as shown in Figure 9.40, and click Next. Scratch Space is a RAM drive that is used during OSD.

   

   FIGURE 9.40 Configure the platform and scratch space.

5. Configure the optional languages and components like Microsoft Data Access Components (MDAC) support and support for Point To Point Protocol over Ethernet (PPPoE) support and click Next.
6. Configure the customizations, such as the pre-execution hook, custom background image, and command support.
7. Click Next to review the summary.
8. Click Next after reviewing the summary, and click Finish after creating the custom boot image; this process can take a while.
9. Be sure to enable the boot image for PXE support and the deployment of the boot image to the distribution points.

Creating an MDT Task Sequence

After creating the optional MDT boot images, you need to create a task sequence that you can use to deploy the operating system. In this example we will use the client replace scenario, which consists of two task sequences: the Client Replace task sequence and one based on the new computer scenario. The new computer scenario is like the bare-metal scenario, but we also use the User State Migration Toolkit to bring back the user state.

1. From the Configuration Manager console, choose the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Click Create MDT Task Sequence on the Home tab of the ribbon, and select the Client Replace Task Sequence option. Then click Next.
3. Give the task sequence a name, supply comments, and click Next.
4. Select an existing boot image, or create a new boot image using the Create A New Boot Image Package option. Click Next.

   The first time you create an MDT task sequence, you will need to create a Microsoft Deployment Toolkit Files package.

5. Select this option and supply a package source folder, as shown in Figure 9.41.

   

   FIGURE 9.41 Create a new Microsoft Deployment Toolkit Files package.

   The next time you create an MDT task sequence, you can select the MDT package. This package holds a lot of useful scripts that allows you to create a Zero-Touch OSD experience.

6. Click Next.
7. Now you need to supply information about the package. Fill in the name, version language, and manufacturer, and click Next to proceed.
8. Select the User State Migration Tool package, and click Next.
9. Select Create A New Settings Package For This Operating System Deployment, supply the UNC path, and click Next. The settings package holds the customsettings.ini file. With this file you can tweak and tune the deployment of the operating system. Read more about the customsettings.ini file here: https://ref.ms/customsettings.
10. Supply information about the package. Fill in the name, version language, and manufacturer, and click Next to proceed.
11. Review the summary and click Next. Click Finish after you’ve finished creating the packages and the task sequence.

After creating the Client Replace task sequence, you will need to create a task sequence based on the new computer scenario.

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Click Create MDT Task Sequence on the Home tab of the ribbon, and select the Client Task Sequence option. Then click Next.
3. Give the task sequence a name, supply comments, and click Next.
4. Supply the domain information, the account that has permissions to join the domain, and the Windows settings, and then click Next.
5. Select This Task Sequence Will Never Be Used To Capture An Image, and click Next.
6. Select an existing boot image, or create a new boot image using the Create A New Boot Image Package option. Click Next.
7. Select the MDT package that you created earlier, and click Next.
8. Select the operating system image you want to deploy, as shown in Figure 9.42, and click Next.

   

   FIGURE 9.42 Select or create the operating system image you want to deploy.

9. Select Perform A “Zero Touch Installation” OS Deployment, With No User Interaction, and click Next.
10. Select the Configuration Manager Client package, and click Next.
11. Select the User State Migration Tool package, and click Next.
12. Select Create A New Settings Package For This Operating System Deployment, supply the UNC path, and click Next.
13. Supply information about the package. Fill in the name, version language, and manufacturer, and click Next to proceed.
14. Select No Sysprep Package Is Required, and click Next.
15. Review the summary, and click Next.
16. After the task sequence has been created, click Finish.

Using a Replace Scenario

The next step in creating a replace scenario for a computer is creating a computer association. This way, the USMT knows where to place the user state after installing the new computer.

1. From the Configuration Manager console, select the Assets And Compliance workspace, and expand Overview ➢ Devices.
2. Click Import Computer Information on the Home tab of the ribbon.

   This will allow you to enter a single computer or import many systems from a comma-separated values (CSV) file.

3. Select the option Import Single Computer and click Next. This will bring up the Single Computer page.

   You must enter the computer name along with either the MAC address or the SMBIOS GUID. The computer name is just how the machine will appear in the collections, not what the actual computer will be named.

4. Fill in the appropriate information, and select the source computer.

   This creates an association with the old computer, and the USMT knows where to get the user state.

5. After configuring, click Next.
6. On the Data Preview page, check the information and click Next.
7. Next, you’ll see the Choose Target Collection page. Here, specify which collection you want to add to this new machine.

   It is extremely valuable to put all the new computer installs into the same collection, which is used exclusively for new computer deployment.

8. Click Next.
9. After specifying the collection, you will see the Summary page. Review the information, click Next, and then click Close on the Finish page.

Next, you need to deploy the task sequences you just have created. The Client Replace task sequence must be deployed to a collection that is especially created for the old client computers. Then you need to deploy the New Computer task sequence to the collection that was specially created for the new computers. The deployment must support booting from PXE, as you learned in the “Deploying the Task Sequence” section earlier in this chapter.

Deploying a Virtual Hard Drive

With Configuration Manager, you can deploy your images to a virtual hard drive (VHD) that can be maintained by Configuration Manager and uploaded to a System Center 2012 R2 Virtual Machine Manager library. This is another example of the fact that Configuration Manager can be used to service the datacenter.

Deploying a VHD is done in two steps:

1. Create a VHD task sequence.
2. Create a virtual hard drive.

Creating a VHD Task Sequence

To be able to install an existing reference operation system image to a VHD, you need to create a special task sequence:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Task Sequences.
2. Click Create Task Sequence on the Home tab of the ribbon, and select the option Install An Existing Image Package To A Virtual Hard Drive in the Create Task Sequence Wizard. Click Next.
3. Supply a name and description for the task sequence, and select a boot image that will support the operating system that you want to deploy. Click Next.
4. On the Install The Windows Operating System page, select the image package by browsing to the correct image. Supply a product key and be sure to enter a local administrator password.
5. On the Configure Network page, select the domain or workgroup to join.

   If you select to join a domain, you can specify which OU to put the computer in once it joins the domain. You also will need to specify the account that has permission to join computers to a domain. The Configuration Manager Network Access account is often used to join the computer to the domain. You need to delegate this access to the user account. Verify the account by testing the connection after configuring the account.

6. Click Next to continue. On the Install Configuration Manager Client page, specify any additional installation properties. Click Browse if you do not want to use the default Configuration Manager client package.
7. Click Next to add applications to the task sequence. Click Next to review the summary.
8. After reviewing the summary, click Next and then Close to complete the creation of the task sequence. As always, be sure that all the related content is distributed to your distribution point (groups).

Creating a Virtual Hard Drive

The next step is creating the actual VHD. To do this, you need to run the Create Virtual Hard Drive Wizard from the Configuration Manager console on a machine with the Hyper-V Role and Management console installed.

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Virtual Hard Drive.
2. Click Create Virtual Hard Drive on the Home tab of the ribbon. If this option is grayed out, you do not have the Hyper-V role or administrative tools installed.
3. Supply a name, version, comments, and a path to the VHD file, as shown in Figure 9.43; then click Next.

   

   FIGURE 9.43 Specifying general information for the VHD

4. Select the task sequence created in the previous section and click Next.
5. Select the distribution point where all packages are available and click Add. Click Next to continue.
6. Add customizations for the task sequence if necessary and click Next.
7. Review the summary and click Next to start the VDH creation process, as shown in Figure 9.44.

   

   FIGURE 9.44 VHD creation process

   In the backend, a virtual machine with the VHD is created in Hyper-V and the task sequence is started in this virtual machine (VM). The VM that it creates has a random name, as shown in Figure 9.45.

   

   FIGURE 9.45 The created virtual machine in Hyper-V

   After the task sequence is finished, the VM will be deleted and the VHD file will be stored in the share that you have defined.

8. Click Close once the VHD is created.

Managing the Virtual Hard Drive

Now that you have a deployed VHD in your Configuration Manager environment, you want to do something with it. There are several options; you can use it as an existing VHD in Hyper-V when creating a virtual machine manually or upload it in the System Center 2012 R2 Virtual Machine Manager library. Uploading the VHD is done as follows:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Virtual Hard Drive.
2. Select the created VHD and click Upload To Virtual Machine Manager in the Home tab of the ribbon. You need to install the Virtual Machine Manager (VMM) console to be able to upload the VHD.
3. Supply the VMM server name, select the VMM library share, and click Next. Review the summary, click Next, and click Close after completing the upload.

You can also modify the VHD from the Configuration Manager console. For instance, here you can change the task sequence:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Virtual Hard Drive.
2. Select the created VHD and click Modify Virtual Hard Disk. This kicks off the same wizard for creating the VHD, but you cannot change the path and name of the VHD, as shown in Figure 9.46.

FIGURE 9.46 Modifying the VHD

Servicing Your Operating System Images and VHDs Offline

In Configuration Manager 2007 you needed a tool called Deployment Image Servicing and Management (DISM)—a command-line tool used to maintain and update your images offline. Since Configuration Manager 2012 you have the ability to update your operating system images from the console. This feature uses the software update point and software update deployments that you configured earlier. Follow these steps if you want to update a WIM image:

1. From the Configuration Manager console, select the Software Library workspace, expand Overview ➢ Operating Systems, and select Operating System Images.
2. Select the operating system you want to update, and click Schedule Updates on the Home tab of the ribbon.
3. Select the updates that you want to install in the Windows image, as shown in Figure 9.47, and click Next.

   

   FIGURE 9.47 Select the updates that you want to install.

4. Select the schedule (as soon as possible or a custom schedule) for the update process, and click Next.
5. Review the summary, and click Next. Click Close when the process of scheduling the updates is finished.

The process of updating the Windows image can take a while; you can view the status of the process in the Scheduled Update Status column in the Configuration Manager console. Once the update is finished, you can see the installed updates in the console, as shown in Figure 9.48.

FIGURE 9.48 View the installed updates in the Windows image.

Besides installing software updates offline to operating system images, you can also schedule the installation of updates to VHDs. The Schedule Updates wizard will walk you through the process. Only updates that are deployed and downloaded can be used to service the image.

---

MONITORING AND TROUBLESHOOTING OFFLINE SERVICING

You can use the OfflineServicingMgr.log file in the logs folder of the Configuration Manager installation folder to monitor or troubleshoot while servicing your images offline.

You are also able to monitor the offline servicing by accessing the properties of the WIM image and viewing the Servicing tab, as shown in the following image. In addition, you can change the schedule if you have scheduled offline servicing.

---

Maintaining the User State

When you browse to the User State Migration node in the Assets And Compliance workspace, as shown in Figure 9.49, you can manage computer associations. In this workspace you can create new computer associations, as mentioned earlier; see recovery information; find information about the user state migration; or specify the user accounts.

FIGURE 9.49 Managing the user state

Specifying the user accounts is done as follows:

1. From the Configuration Manager console, choose the Assets And Compliance workspace and expand Overview ➢ User State Migration.
2. Select the User State Migration item, and click Specify User Accounts to add user accounts for which data needs to be migrated.
3. Click the starburst icon, and on the Add User Account screen click Browse. Search for the user and click OK twice.
4. Click OK to set the user account to migrate.

From this view you can also create computer associations when, for instance, migrating user state data from one computer to an existing computer that is being reinstalled.

---

ASSIGNING MANY COMPUTERS TO THE BARE-METAL DEPLOYMENT

George T. Management sends an email to the help desk stating that his department just ordered 10 new machines with no operating system and that he wants them all configured by the end of the day with the same image that was used on his machine. The list of 10 machines was included in the email.

You meet with your Configuration Manager team and decide that the best way to do this is to use Configuration Manager to push the image out using the PXE-enabled distribution point that has already been used in the environment.

So, you open the Configuration Manager console, choose the Assets And Compliance workspace, expand Overview ➢ Devices, and click Import Computer Information on the Home tab of the ribbon. On the Import Computer Information page, you select Import Computers Using A File, and click Next. On the Choose Mappings page, you click Browse to browse the CSV file that Mr. Management sent you containing the list of computers on which you need to deploy the new operating system.

After you import the file and assign the data mappings, you click Next. Then you verify that the data is correct on the Data Preview page and add these systems into the bare-metal collection you created earlier with the Windows 10 build already assigned. Finally, you click Finish to add the members to the collection. Configuration Manager will then deploy the new operating system when the machines are powered on and booted up in PXE boot.

---

Windows 10 as a Service

The release model of Windows 10 has been altered to continuously deliver upgrades and features instead of a major new version every 4 years. Microsoft is planning to release a major update more than once a year. To be able to cope with the rapid release cycle of Windows 10, Configuration Manager supports the new Windows 10 Servicing model. Read more about the Windows as a Service (WAAS) model here: https://ref.ms/waas.

The new Windows 10 Servicing node of the Software Library workspace in the Configuration Manager console consists of a dashboard, the All Windows 10 Updates node, and a Servicing Plan node. The dashboard shows the state of your Windows 10 versions in your environment. Figure 9.50 shows part of the dashboard. On this screen you’ll find these sections:

FIGURE 9.50 Windows 10 Servicing dashboard, part 1

Windows 10 Usage Shows a pie chart with the Windows 10 versions that are used and the number of devices that have those versions.

Windows 10 Rings Shows a pie chart with the active Windows 10 Servicing Rings. The rings can be the following branches: Release Ready (Current Branch), Business Ready (Current Branch for Business), and Long-Term Servicing Branch. Read more about the branches here: https://ref.ms/waas.

Alerts Shows alerts related to Windows 10 servicing.

Expired This shows the percentage of expired Windows 10 versions that are still active in your environment.

Expire Soon This shows the percentage of Windows 10 versions that are going to be expiring soon that are still active in your environment.

The second part of the dashboard, shown in Figure 9.51, shows the support cycle of the versions that are known and the period in which the Windows 10 versions are still supported.

FIGURE 9.51 Windows 10 Servicing Dashboard, part 2

In the middle of the dashboard you can see the servicing plans that have been created. Servicing plans are automatic deployment rules that are used with the Software Updates feature, discussed in Chapter 8, “Software Updates.”

Servicing Plans

The servicing plans can be used to upgrade your Windows 10 devices to the latest branch. You can create a schedule and manage the process through maintenance windows, just as you would software updates. To create a servicing plan, follow these steps:

1. From the Configuration Manager console, choose the Software Library workspace and expand Overview ➢ Windows 10 Servicing.
2. Select Servicing Plans and click Create Servicing Plan to start the Create Servicing Plan wizard.
3. Supply a name and description and click Next.
4. On the Servicing Plan page, browse to the target collection with the devices that need to be serviced. Click Next.
5. On the Deployment Ring page, specify the Windows readiness state to which the servicing plan should apply, as shown in Figure 9.52. Choose Release Ready (Current Branch) if you want to deploy the latest release of Windows 10, or choose Business Ready (Current Branch For Business) if you want to deploy a release that has been available for at least four months as the current branch.

   

   FIGURE 9.52 Specifying the deployment ring

   After selecting the readiness state, configure the days that need to be waited until Configuration Manager is going to deploy the released version. Click Next.

6. Configure the property filters and search criteria for this servicing plan, as shown in Figure 9.53. This way, not all versions of Windows 10 (gigabytes of data!) will be downloaded. Optionally, click Preview to see the versions that will be downloaded and deployed.

   

   FIGURE 9.53 Selecting the property filters and search criteria

7. Click Next to configure the deployment schedule and click Next to configure the user experience.
8. Select or create a new deployment package for the servicing plan and click Next. If creating a new deployment package, assign the distribution points before specifying the download location by clicking Next.
9. Click Next to select the languages of the operating systems that need to be downloaded and click Next to review the summary.
10. Click Next to create the servicing plan and click Close to finish.

    The servicing plan will now run on the configured schedule.

Windows 10 Updates

In addition to the Software Updates node, an All Windows 10 Updates node has been added under the Windows 10 Servicing node. From here you can deploy individual feature updates for Windows 10 to device collections, as described in Chapter 8.

The Bottom Line

Specify a Network Access account. The Network Access account is the account Configuration Manager will use to access the system while running WinPE.

Master It How do you specify the Network Access account?

Enable PXE support. PXE support in Configuration Manager is used to begin the operating system deployment process. The PXE feature responds to Configuration Manager clients making PXE boot requests.

Master It How do you set up PXE support?

Update the driver catalog package. The driver catalog allows you to add drivers to the already created packages and images you have within your organization so you are not constantly re-creating your images when you get a new machine in your environment.

Master It How do you update the driver catalog package?

Update an image from the console. In the past it was a big issue to keep your images up to date; no easy procedure existed. Configuration Manager now includes a feature called Schedule Updates that updates your Windows images.

Master It How do you easily update your Windows images?

Support Windows 10. You can support Windows 10 by using the traditional way of OSD or by using the new Windows 10 Servicing features.

Master It How can you support Windows 10?