Following on from my post last year Building a Clean Windows 10 Reference Image – MDT 2013 U1 this entry will go rehash over some of the same steps that were discussed there as well as additional steps to deploy Windows 10 1607.
For this build i am using:
Windows 10 1607 – https://blogs.windows.com/windowsexperience/2016/08/02/how-to-get-the-windows-10-anniversary-update/
MDT 2013 Update 2 – https://blogs.technet.microsoft.com/msdeployment/2015/12/22/mdt-2013-update-2-now-available/
Reference Image:
From here i will assume you have all of the above running however you do not need to be on the latest SCCM version (1606) for these, you will however want to have the ADK and MDT up to date.
1. To build your reference image please follow the steps in this post. However do not update your deployment share (one of the last steps)
http://deploymentresearch.com/Research/Post/540/Building-a-Windows-10-v1607-reference-image-using-MDT-2013-Update-2
2. Watch this video from the 8:00 till 13:20 to learn how to tweak CMTrace.exe and SMSTS.ini to bolster your OSD experience. https://youtu.be/HtvDHs5NCPw?t=481 , once you have done this go back and update your deployment share and continue with Johans Post.
Boot Wim:
1. Check out my post here on how you can leverage DART for dynamic remote control for your OSD builds.
Prepare OSD Scripts and Logs:
Logs:
On your SCCM Site server create a share to store log files eg :\\configmgr\logs$ , insure your staff have access to this path. The final steps in your task sequence should be to copy logs if successful or not to this share (will outline how later). Within this logs folder make two folders named:
OSD_Success
OSD_NotSuccess
There is a reason i am not using a folder named “OSD_Failure” – each time CmTrace detects the word “fail” in your SMSTS.log file you will see an “error” which in this case is just the name of the step, so to make your logs nicer to read, avoid using the word “failure” wherever possible.
Scripts:
The following scripts are used throughout my task sequence:
UI++ (Nice UI to allow you to set variables to kick start your TS) – http://blog.configmgrftw.com/uiplusplus/
adcompdesc.vbs (Sets AD computer description during OSD ) – See scripts share
adgroup.vbs (Sets AD computer group membership during OSD ) – See scripts share
DefaultAppAssoc.xml (Sets defaults for application association – Acrobat in example is set ) – See scripts share
DumpVar.vbs (Dumps SMSTS variables to file for testing) – See scripts share
SetDefaultsW10.cmd (Sets various OSD settings, speech etc ) – See scripts share
StartLayout1607.xml (Sets start menu and taskbar layout ) – See scripts share
Place these files (tweaked to your liking) in a share in SCCM sources folder and create a package (with no program) . This package will be called upon multiple times during your task sequence.
Create Unattended.XML
Log onto your SCCM box and open Windows System Image Manager. From here you can modify your unattended as much as you like, here is mine.. with some info redacted.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<unattend xmlns="urn:schemas-microsoft-com:unattend"> | |
<servicing> | |
<package action="configure"> | |
<assemblyIdentity name="Microsoft-Windows-LanguageFeatures-Basic-en-gb-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="" /> | |
</package> | |
<package action="configure"> | |
<assemblyIdentity name="Microsoft-Windows-LanguageFeatures-Handwriting-en-gb-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="" /> | |
</package> | |
<package action="configure"> | |
<assemblyIdentity name="Microsoft-Windows-LanguageFeatures-OCR-en-gb-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="" /> | |
</package> | |
<package action="configure"> | |
<assemblyIdentity name="Microsoft-Windows-LanguageFeatures-Speech-en-gb-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="" /> | |
</package> | |
<package action="configure"> | |
<assemblyIdentity name="Microsoft-Windows-LanguageFeatures-TextToSpeech-en-gb-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="" /> | |
</package> | |
<package action="configure"> | |
<assemblyIdentity name="Microsoft-Windows-NetFx3-OnDemand-Package" version="10.0.10240.16384" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="" /> | |
</package> | |
</servicing> | |
<settings pass="oobeSystem"> | |
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
<SystemLocale>en-GB</SystemLocale> | |
<UILanguage>en-GB</UILanguage> | |
<UILanguageFallback>en-GB</UILanguageFallback> | |
<UserLocale>en-GB</UserLocale> | |
<InputLocale>0809:00000809</InputLocale> | |
</component> | |
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
<OEMInformation> | |
<Manufacturer>Company</Manufacturer> | |
<Logo>c:\windows\media\COMPANYLOGO.bmp</Logo> | |
<SupportAppURL></SupportAppURL> | |
<SupportURL>http://company.com</SupportURL> | |
<SupportPhone>xxxxx-7022</SupportPhone> | |
<SupportHours>xxxxx-1800</SupportHours> | |
</OEMInformation> | |
<OOBE> | |
<HideEULAPage>true</HideEULAPage> | |
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> | |
</OOBE> | |
</component> | |
</settings> | |
</unattend> |
Note: <Logo>c:\windows\media\COMPANYLOGO.bmp</Logo> . This file is being copied to my WIM during my reference image creation.This will allow you to show your logo and in windows “system” page.
Create Task Sequence
- Name: SMSTSPostaction
- Value: shutdown /r /t 5
- Why: Forces the machine to reboot at the very end of the TS, this helps with post TS cleanup tasks and gpo application
- Name: SMSTSRebootDelay
- Value: 0
- Why: Will force reboot instantly after each step to 0 seconds. Improves TS time.
- Name: SMSTSErrorDialogTimeout
- Value: 86400
- Why: Sets the error delay to 86400 seconds , which will let you know that there has been an error until you interact with it (default is too fast)
Value: cmd /c xcopy x:\sms\bin\x64\CMTrace.exe %OSDTargetSystemDrive%\windows\system32 /E /H /C /I /Q /Y
Value: wscript.exe adgroup.vbs “ADGROUP”
Value: cscript.exe adcompdesc.vbs “[%VALUE%] – [%VALUE%] – [%VALUE%]”
Value: cmd /c SetDefaultsW10.cmd
Value: cmd.exe /c reg add HKLM\SOFTWARE\COMPANY/v COMPANYOSD-Name /d “[%_SMSTSPackageName%]” & reg add HKLM\SOFTWARE\COMPANY/v COMPANYOSD-Time /d “[%date%]-[%time%]” /t REG_SZ & reg add HKLM\SOFTWARE\COMPANY /v COMPANYOSD-ImagedBy /d “[%XAuthenticatedUser%]” /t REG_SZ
Value: powershell.exe -executionpolicy bypass import-startlayout -layoutpath .\StartLayout1607.xml -mountpath C:\
Value: %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file .\RemoveApps2.ps1
Edit: Use this link for script : https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/remove-default-apps.ps1
Name: Block New W10 Apps (run command line)Value: reg add HKLM\Software\Policies\Microsoft\Windows\CloudContent /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f
then????? 😛
LikeLike
Nice. BTW removeapps2.ps1 is not in your OneDrive
LikeLike
Any chance you will be uploading the removeapps2.ps1 ? Great guide nevertheless!
LikeLike
What does the tattoo step actually do? Needed for?
LikeLike
It's used for future targeting. If I need to target a date range of images machines for any reason I can use the tattoo . Also can see who images a machine if they mess something up 🙂
LikeLike
The script mentioned for removing apps isn't in the Scripts Share OneDrive – can you publish that?
LikeLike
Use this one – https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/remove-default-apps.ps1
LikeLike
see here: https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/remove-default-apps.ps1
LikeLike
Hi, see here https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/remove-default-apps.ps1
LikeLike
Add step to Tattoo the registry………..
Task Sequence failed to run these command lines. If I run it single one by one command line then it does create the registry key though. Anyone successfully run multiple command lines by inserting & ?
LikeLike
cmd.exe /c reg add HKLM\SOFTWARE\COMPANY /v COMPANYOSD-Name /d “[%_SMSTSPackageName%]” & reg add HKLM\SOFTWARE\COMPANY /v COMPANYOSD-Time /d “[%date%]-[%time%]” /t REG_SZ & reg add HKLM\SOFTWARE\COMPANY /v COMPANYOSD-ImagedBy /d “[%XAuthenticatedUser%]” /t REG_SZ
thats an exact copy of mine (Company name changed) – this works without issue, try it again ?
LikeLike
All of the variables listed must exist.
[%_SMSTSPackageName%] -DEFAULT
[%date%] -DEFAULT
[%time%] -DEFAULT
[%XAuthenticatedUser%] -VARIABLE SET BY UI++
LikeLike
Dan,
Thanks for replying. I've tried again but still failed. I have SCCM 2012 R2 SP1 with MDT Integration in my company and not sure if that causes the issue. Adding single command line and it works though.
LikeLike