Imaging process

Once your image is baked, you can take it and deploy it with SCCM or MDT or even give it to an Original Equipment Manufacturer (OEM) to have placed on your computers purchased from them before you receive them. The process for baking an image is generally this:

  • An environment is created that is off the production network. This is usually a virtualized environment and can even be all on a single host. Standalone Dynamic Host Configuration Protocol (DHCP) and artificial subnet with a NAT rule for the MDT host is preferred.
  • A virtual machine is created that hosts the MDT server, 4 GB of RAM and a few processors is typically sufficient for image-creation purposes. A server OS is preferred for MDT but it can run on a client OS in a pinch.
  • A virtual machine is created for Windows Server Update Services (WSUS) to pull down appropriate patches and their approval/gatekeeping.
  • Another virtual machine is created that will be your reference image container. It should be set up with 4 GB RAM and two processors, which is generally sufficient for this purpose. This machine just needs to connect to the WSUS and MDT hosts and mount an ISO produced from the MDT server process.
  • MDT is used to build a reference image from the ISO of Windows 10 Enterprise, and a boot ISO is used to boot the virtual machine reference container and run the task sequence to capture the completed WIM for later deployment.

Later deployment can be through any generally available deployment mechanism. MDT and System Center Configuration Manager (SCCM) (via OSD) or even Windows Deployment Server (WDS) are all possible. It's notable that two of these options are free (MDT is a solution accelerator that is free to customers, and WDS is a role in Windows Server).

There are some considerations to this process that need to be reviewed:

  • How often are you going to patch/capture your image? If you don't, eventually the image will be in a state where it deploys to hardware, then runs Windows updates for over 30 minutes before the system is usable for the end user. Generally, organizations image to speed deployment, and if you don't service the golden image with frequent updates, you'll end up not meeting your original goal.
  • Are you going to do Zero-Touch or Light-Touch deployment?
    • Zero-Touch is done via SCCM OSD or a third-party product and involves (usually) MAC address reservation for a specific image, or perhaps a user runs through a script that determines the appropriate image to lay down on hardware.
    • Light-Touch is done when some prodding is needed to spur the deployment on. This is not as automated but works for most use cases. It is achieved with SCCM OSD/MDT/WDS or any of the other third-party tools available commercially.