Introduction
Summary: This document shows the needed steps for creating a Microsoft Windows 7 Enterprise x64 SP1 reference image to be captured by Microsoft Deployment Toolkit 2010, 2012, and 2013. The hardware this is intended for are laptops and desktops.
For more info on Windows 8 reference image creation see link below:
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B346#fbid=
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B346#fbid=
Who this document applies to: Novice and Intermediate IT Pros needing to deploy Windows via Microsoft Technologies.
Material Needed:
Windows 7 Enterprise x64 SP1 Media (.ISO) (Volume License Software Assurance)
Windows 7 Enterprise x64 SP1 Media (.ISO) (Volume License Software Assurance)
Virtual Machine Hyper-V, VMware Workstation/Vsphere, or other VM solution.
Office 2010 Installation Media (Optional) (Dont forget the latest service pack)
Microsoft .NET Framework 4.6.1
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2012 Redistributable Package (x86)
Microsoft Visual C++ 2012 Redistributable Package (x64)
Microsoft Visual C++ 2013 Redistributable Package (x86)
Microsoft Visual C++ 2013 Redistributable Package (x64)
Microsoft Visual C++ 2015 Redistributable Package (x86)
Microsoft Visual C++ 2015 Redistributable Package (x64)
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2012 Redistributable Package (x86)
Microsoft Visual C++ 2012 Redistributable Package (x64)
Microsoft Visual C++ 2013 Redistributable Package (x86)
Microsoft Visual C++ 2013 Redistributable Package (x64)
Microsoft Visual C++ 2015 Redistributable Package (x86)
Microsoft Visual C++ 2015 Redistributable Package (x64)
Dell CCTK (Optional)
7Zip (Optional)
CutePDF (Optional)
7Zip (Optional)
CutePDF (Optional)
NOTE: Even though we are going to make this reference image in a VM we will not need to install VMware Remote Tools which include drivers. We will be ok using the default Intel nic driver that vmware provides us when we add a network card to our VM.
Edited 2-17-2016
Steps (6 total)
Best Practice: Reference Images should never be added to the domain for any reason at all. No reference image should be made on a real computer. VM only.
Settings of the reference VM:
1. One CPU or Two.
2. Two to four gig of memory (the more the better).
3. A cd-rom drive that will boot the Windows 7 Ent SP1 DVD media.
4. No USB, No sound, No floppy.
5. One network card that is bridged so it can see the internet.
6. One video card.
7. One hard drive 80 to 127 gig.
Settings of the reference VM:
1. One CPU or Two.
2. Two to four gig of memory (the more the better).
3. A cd-rom drive that will boot the Windows 7 Ent SP1 DVD media.
4. No USB, No sound, No floppy.
5. One network card that is bridged so it can see the internet.
6. One video card.
7. One hard drive 80 to 127 gig.
NOTE: Two processors in your VM will cut down the capture time by 15 mins.
1. Power on your VM with it set to boot from the ISO file you provided.
2. Select your language, time, and keyboard and click next.
3. Click Install Now.
4. Check the box to agree to the license agreement. Click Next.
5. Choose Custom for the install type.
6. Click Drive Options (Advanced).
7. Highlight each partition and choose Delete until there is only one partition left. (Unallocated Space)
8. Click New. Click Apply. Accept the amount of hard drive space by clicking Apply.
9. Notice the message that pops up. What will happen is two partitions will get created. System Reserved 100mb will be partition 1 and the OS partition will be 2. Click OK.
10. Highlight the partition 2 and click Format. A pop up box occurs describing what is affected by a format (all data loss and the NTFS file system is applied). Click OK.
11. Format should take about 10 seconds. Click Next to proceed.
12. The installation will expand files/folders and a reboot will occur twice.
***Important***
13. At the prompt of typing in a User ID to create an account you will need to ONLY do the following:
Press CTRL+SHIFT+F3 to enter Audit Mode.
14. The VM will restart into audit mode and log into the desktop as the built in local administrator account each time. Also the sysprep box will appear each time the PC is restarted. This behavior will continue until Windows exists the Audit Mode. Always click cancel on the Syprep window as we will use MDT to handle out the sysprep and capture for us.
15. If prompted to Set Network Location choose "Cancel".
2. Select your language, time, and keyboard and click next.
3. Click Install Now.
4. Check the box to agree to the license agreement. Click Next.
5. Choose Custom for the install type.
6. Click Drive Options (Advanced).
7. Highlight each partition and choose Delete until there is only one partition left. (Unallocated Space)
8. Click New. Click Apply. Accept the amount of hard drive space by clicking Apply.
9. Notice the message that pops up. What will happen is two partitions will get created. System Reserved 100mb will be partition 1 and the OS partition will be 2. Click OK.
10. Highlight the partition 2 and click Format. A pop up box occurs describing what is affected by a format (all data loss and the NTFS file system is applied). Click OK.
11. Format should take about 10 seconds. Click Next to proceed.
12. The installation will expand files/folders and a reboot will occur twice.
***Important***
13. At the prompt of typing in a User ID to create an account you will need to ONLY do the following:
Press CTRL+SHIFT+F3 to enter Audit Mode.
14. The VM will restart into audit mode and log into the desktop as the built in local administrator account each time. Also the sysprep box will appear each time the PC is restarted. This behavior will continue until Windows exists the Audit Mode. Always click cancel on the Syprep window as we will use MDT to handle out the sysprep and capture for us.
15. If prompted to Set Network Location choose "Cancel".
Let's adjust some windows settings based on what you want your users need and what you know they do not need.
1. Disable System Restore - It is apparently best practice to disable the system restore point as this will just use drive space. We want this reference image to be "clean" as possible.
By navigating to Start > right click on System > Properties. On the left choose "System Protection". Click the Configure button. Turn off system restore (0%) and press the delete button. Press Continue. Press Close. Click OK. Click YES to turn off system restore.
By navigating to Start > right click on System > Properties. On the left choose "System Protection". Click the Configure button. Turn off system restore (0%) and press the delete button. Press Continue. Press Close. Click OK. Click YES to turn off system restore.
2. Windows Media Network Service - Chances are you do not want users sharing music and movies across the network eating up bandwidth so lets disable the WMNC service. Click Start and type in Services.msc. Find the service called Windows Media Network Service. Change the start up type to Disable and stop the service (if it is started).
3. Adjust Power Settings - I personally want the computer waiting on the user and not the other way around. Navigate to Start > Control Panel > System and Security > Power Options. Click "Show additional plans" and then select High Performance Plan. Click "Change Plan Settings". Set the monitor timeout to your liking. Click "Change Advanced Power Settings". Choose "Hard Disk" and set the adjustment as you wish.
4. Remote Desktop - Navigate to Start > right click on Computer > choose Properties. On the left click Remote Settings. Choose whether or not you want Remote Assistance and if you want Remote Desktops.
5. Windows Media Player Start Up - By default when you open WMP for the first time it will go through its End User License Agreement (EULA) and other settings. Lets bypass this stuff in the registry.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Preferences]
"AcceptedEULA"=dword:00000001
"FirstTime"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer]
"GroupPrivacyAcceptance"=dword:00000001
"AcceptedEULA"=dword:00000001
"FirstTime"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer]
"GroupPrivacyAcceptance"=dword:00000001
6. Windows Features - By default some features are installed that you users may not need. Navigate to Start > Control Panel > Programs > Uninstall a Program > Turn Windows Features on or off. Remove the items you do not want. Personally I remove the following:
Windows DVD Maker
Windows Media Center
Print and Document Services
Tablet PC Components
Windows Gadget Platform
XPS Services
Windows DVD Maker
Windows Media Center
Print and Document Services
Tablet PC Components
Windows Gadget Platform
XPS Services
7. Shortcuts on the desktop - If you would like a shortcut on the desktop for all users you will need to place that shortcut in the C:\users\public\desktop folder. The desktop folder is hidden but if you type it out in the address bar at the top it will show. I like to add Snipping Tool to the desktop for the users and an IE shortcut.
8. Internet Explorer (Gotcha!) - Be sure to install IE 9. If you prefer IE 10 or 11 I recommend using the link below to add it as a application in MDT. Reason is if you have IE 10 or 11 in your reference image and your using MDT 2010 or 2012 your deployment will fail. The fix was included in MDT 2013 so no worries there.
Adding IE 10 or 11 as an application in MDT:
http://www.deploymentresearch.com/Research/tabid/62/EntryId/124/Adding-Internet-Explorer-11-to-your-Windows-7-SP1-reference-image.aspx
Adding IE 10 or 11 as an application in MDT:
http://www.deploymentresearch.com/Research/tabid/62/EntryId/124/Adding-Internet-Explorer-11-to-your-Windows-7-SP1-reference-image.aspx
9. Games - A good idea to delete the Games folder from the start menu. Users might get the wrong impression. :)
10. Last Access - It is a good idea to enable the last access for .exe files just in case the user claims they use a certain program they swore they had to have and the boss looks at you asking when it was the last time the user opened the application!
Click Start and type CMD. Enter the command to enable last access
fsutil behavior set disablelastaccess 0
Click Start and type CMD. Enter the command to enable last access
fsutil behavior set disablelastaccess 0
11. Network Printer - By default when your in a domain and try to install printer from the printer server Windows will prompt the user for admin credentials to install the driver from the print server and add the printer. To bypass this prompt you can set the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint]
"Restricted"=dword:00000000
"TrustedServers"=dword:00000000
"InForest"=dword:00000000
"Restricted"=dword:00000000
"TrustedServers"=dword:00000000
"InForest"=dword:00000000
I prefer making an custom office installer package then apply that package to the reference image rather then install the defaults to reference image. Here are some reasons why:
1. We can adding in the license key.
2. Since our users have a Home Directory to save documents and spreadsheets we can specify that default open/save location.
3. Auto Activation.
4. Add in Service Packs to the install.
5. Specify which products we want to install.
2. Since our users have a Home Directory to save documents and spreadsheets we can specify that default open/save location.
3. Auto Activation.
4. Add in Service Packs to the install.
5. Specify which products we want to install.
Perform the following on your PC and not the reference image:
1. Have the Office (2010 for me) installation files in a folder. Example C:\Temp\Office.
2. Open a elevated CMD prompt and browse to C:\Temp\Office.
3. Run the command setup.exe /admin
4. The OCT opens. Choose Create a new Setup customization.
5. Type in your Organization Name.
6. Type in your license key and choose license type. Select I agree. Display level for a silent install with no progress bar choose None and Suppress Modal.
1. Have the Office (2010 for me) installation files in a folder. Example C:\Temp\Office.
2. Open a elevated CMD prompt and browse to C:\Temp\Office.
3. Run the command setup.exe /admin
4. The OCT opens. Choose Create a new Setup customization.
5. Type in your Organization Name.
6. Type in your license key and choose license type. Select I agree. Display level for a silent install with no progress bar choose None and Suppress Modal.
7. Adding in Service Packs. Once you download the .exe file service pack you will need to extract the contents and place them in the "updates" folder. The switch used to extract is /extract
8. Modify Setup Properties area you can setup a Never Reboot and Auto Active.
Click ADD. Name should be SETUP_REBOOT. Value is Never.
Click ADD. Name should be AUTO_ACTIVATE. Value is 1.
Click ADD. Name should be SETUP_REBOOT. Value is Never.
Click ADD. Name should be AUTO_ACTIVATE. Value is 1.
9. Features > Modify User Settings.
Choose Microsoft Excel 2010 > Excel Options > Save > Default File Location. I choose Enabled and enter U:\ for the location.
Choose Microsoft Powerpoint 2010 >Powerpoint options > Save > Default File Location. I choose Enabled and enter U:\ for location.
Choose Microsoft Word 2010 > Word Options > Advanced > File Locations > Default File Location. I choose Enabled and enter U:\ for location.
Choose Microsoft Office 2010 > File/Open Save Dialog Box > Places Bar Location should be enabled and set to 1.
Choose Microsoft Office 2010 > Miscellaneous > Suppress recommended settings dialog.
Choose Microsoft Excel 2010 > Excel Options > Save > Default File Location. I choose Enabled and enter U:\ for the location.
Choose Microsoft Powerpoint 2010 >Powerpoint options > Save > Default File Location. I choose Enabled and enter U:\ for location.
Choose Microsoft Word 2010 > Word Options > Advanced > File Locations > Default File Location. I choose Enabled and enter U:\ for location.
Choose Microsoft Office 2010 > File/Open Save Dialog Box > Places Bar Location should be enabled and set to 1.
Choose Microsoft Office 2010 > Miscellaneous > Suppress recommended settings dialog.
10. Set Feature Installation States. Select the apps you want installed.
11. Configure Shortcuts. I like to add a shortcut for Word, Excel, Powerpoint and Outlook to the desktop. To do this click ADD and choose a target application and choose a location (Desktop).
12. When finished and you have your service pack files in the updates folder click on File > Save As and name the package and save it to the Updates folder as FileName.msp.
13. You should not be able to run setup.exe for a custom silent install. You can copy the folder to your repository to safe keeps.
14. Test Package on another VM. Open Excel afterward and see if the settings are there. Office needs to see the internet in order to activate.
11. Configure Shortcuts. I like to add a shortcut for Word, Excel, Powerpoint and Outlook to the desktop. To do this click ADD and choose a target application and choose a location (Desktop).
12. When finished and you have your service pack files in the updates folder click on File > Save As and name the package and save it to the Updates folder as FileName.msp.
13. You should not be able to run setup.exe for a custom silent install. You can copy the folder to your repository to safe keeps.
14. Test Package on another VM. Open Excel afterward and see if the settings are there. Office needs to see the internet in order to activate.
NOTE: Sysprep will break the activation process so when deploying the reference image to a PC so be sure to add a step in your Task Sequence (Run command line) to tell office to attempt to active. To check the activation status from Excel click File > About.
The name of the step I call it Office 2010 MAK Activate.
In the blank command line field I type:
"%windir%\system32\cscript.exe" "C:\Program Files (X86)\Microsoft Office\Office14\ospp.vbs" /act
The name of the step I call it Office 2010 MAK Activate.
In the blank command line field I type:
"%windir%\system32\cscript.exe" "C:\Program Files (X86)\Microsoft Office\Office14\ospp.vbs" /act
How to get it into the reference image?
1. On the reference open a CMD and type in a path that you have the office package located. See pic. My test machine is called mdtpc and the folder that has the office 2010 install files is called Office2010.
This will install the office package into the reference PC.
1. On the reference open a CMD and type in a path that you have the office package located. See pic. My test machine is called mdtpc and the folder that has the office 2010 install files is called Office2010.
This will install the office package into the reference PC.
There are some applications that I consider an extension of the Windows 7 OS. An example would be the Visual C++ run times and .NET Framework.
Install the following applications.
Microsoft .NET Framework 4.5.2
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2012 Redistributable Package (x86)
Microsoft Visual C++ 2012 Redistributable Package (x64)
Microsoft .NET Framework 4.5.2
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)
Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)
Microsoft Visual C++ 2012 Redistributable Package (x86)
Microsoft Visual C++ 2012 Redistributable Package (x64)
CutePDF (or some other PDF maker) because I want all users to be able to do this.
Dell CCTK if you are using Dell Computers. This toolkit can help you make changes to the BIOS settings later if need be.
7Zip for packing and unpacking zip files.
What about Adobe Flash, Adobe Reader, Java, Anti-Virus,Silverlight, Itunes, etc?
I do not include these in my reference image because they update too often. Therefore I add the latest version of these apps into the MDT Applications list.
On the Anti-Virus I found it best to create a silent installer and add it as an application to MDT rather than baking it in the base image for a couple of reasons.
1. This will cause the deployment process to fail during sysprep. I have seen it fail with certain AV solutions.
2. The deployment may finish properly but now there are duplicate instances in the AV database that need to be cleaned up.
I do not include these in my reference image because they update too often. Therefore I add the latest version of these apps into the MDT Applications list.
On the Anti-Virus I found it best to create a silent installer and add it as an application to MDT rather than baking it in the base image for a couple of reasons.
1. This will cause the deployment process to fail during sysprep. I have seen it fail with certain AV solutions.
2. The deployment may finish properly but now there are duplicate instances in the AV database that need to be cleaned up.
We have two ways of installing these updates. One way is if your company has a WSUS Server. The other way is by using the MS website for updates.
Using the WSUS Server to patch your reference image.
1. In the reference image at the desktop click Start and type GPEDIT.MSC. Navigate to Computer Configuration> Administrative Templates > Windows Components > Windows Update. Edit option labeled "Specify Intranet Microsoft Update Service Location". Choose Enabled and type in your WSUS Server as shown:
http://wsusservername in both locations.
1. In the reference image at the desktop click Start and type GPEDIT.MSC. Navigate to Computer Configuration> Administrative Templates > Windows Components > Windows Update. Edit option labeled "Specify Intranet Microsoft Update Service Location". Choose Enabled and type in your WSUS Server as shown:
http://wsusservername in both locations.
Close Gpedit and click Start > Windows Updates. The updates should now be pulling from your company intranet. If you get an error make sure the VM is bridged with your network. Also when done patching undo the change you made to GPEDIT.
2. Not using WSUS for updates? Simply click Start > Windows Updates and patch the VM. Notice if you do not want IE 10 or 11 you will need to not approve the update by right clicking it and choose Hide Update.
Now that we have configured windows, installed apps, and installed patches we need to clean up the VM some before making a "Golden" snapshot if you will.
1. Manually remove temp files from the following locations:
C:\Windows\Temp
C:\Users\Administrator\Appdata\Local\Temp
2. Run Disk Clean up. Choose the "Clean Up System Files" button if it is there. This should give you back one gig of space when completed.
3. Run Disk Defrag.
4. Ensure no old network drives are mapped. You can search the registry for the name of the drive you connected to earlier to get office installed or any other apps and remove that entry if you like.
1. Manually remove temp files from the following locations:
C:\Windows\Temp
C:\Users\Administrator\Appdata\Local\Temp
2. Run Disk Clean up. Choose the "Clean Up System Files" button if it is there. This should give you back one gig of space when completed.
3. Run Disk Defrag.
4. Ensure no old network drives are mapped. You can search the registry for the name of the drive you connected to earlier to get office installed or any other apps and remove that entry if you like.
Create a Snapshot.
1. Click Start > Shutdown and choose Shutdown. When the VM powers off you can create a snapshot. Give it a name like "Company Base Reference Image". It is a good thing to have timestamps in there and in the description type out all that is in the reference image.
1. Click Start > Shutdown and choose Shutdown. When the VM powers off you can create a snapshot. Give it a name like "Company Base Reference Image". It is a good thing to have timestamps in there and in the description type out all that is in the reference image.
At this point you are ready to go to the MDT server and setup a Sysprep and Capture task sequence for this reference image. You do not PXE boot this reference image and then capture. What you do is boot this VM to the desktop (still in audit mode) and use a CMD prompt to connect to the MDT deployment share. Switch to the Scripts folder and run the litetouch.wsf to begin your sysprep and capture.
link from : https://community.spiceworks.com/how_to/112596-setup-a-windows-7-sp1-ent-golden-reference-image-for-capture-simplified
link from : https://community.spiceworks.com/how_to/112596-setup-a-windows-7-sp1-ent-golden-reference-image-for-capture-simplified
No comments:
Post a Comment