The nice thing about MDT is you don’t need a lot of hardware, and you can’t screw it up so badly it’ll take down your production environment ☺. I run mine from VM’s. In my main office, it’s a standalone VM. The advantage of this is you can restart it at any time without affecting anyone, because you’re the only one who’s going to use it. In my smaller satellite office, it’s on a VM that is also the print server, but I usually make my changes on the main server than copy them over to the satellite server. The main things to avoid: Don’t install on a DC, and don’t install on a server that already provides DHCP services. Unneeded complications come from that.

Install MDT The first thing you should do is make sure you have the latest MDT and ADK. They have recently released a new version that supports the latest flavours of Windows 10. This is a good guide to get you started: https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt

Deployment Share Once you have it installed, you’ll want to create a deployment share and add an OS. https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image For the section labelled “Add the setup files”, what you’ll need is the contents of a Windows 10 ISO (it doesn’t have to be Windows Enterprise – Pro works just fine). You need to have volume licensing to do this legally; what I typically do is download the ISO from Microsoft’s Volume Licensing Service Center (https://www.microsoft.com/Licensing/servicecenter/default.aspx) then extract the contents using 7Zip. Use subfolders to keep yourself organized.

Add Drivers Once you have your base OS imported, you’ll need to add drivers to support your various builds. Use the command prompt and WMIC to get the various Manufacturers and Models for which you want to deploy. Use these names to create subfolders (the names MUST match exactly, I’ll show you why in a bit).

WMIC ComputerSystem GET Manufacturer,Model

You can query remote computers (if you have rights to do so—try it from a server, not your workstation) by using the /NODE switch. Wrap the computername in quotes so it knows how to deal with special characters like hyphens. WMIC /NODE:”computername” ComputerSystem GET Manufacturer,Model

Start with the OS first, then manufacturer, then model, like this:

Also add a WinPE 10 x64 folder (or WinPE 10 x86 if you are doing 32-bit deployments) for storage and network drivers needed during deployment:

Many manufacturers provide driver packs that make it easy to collect the various WinPE drivers and the OS drivers: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-command-deploy-driver-packs-for-enterprise-client-os-deployment http://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html

Add Applications Any application that you can install without requiring user interaction can be deployed via MDT. Again, use folders to keep yourself organized.

IT Ninja is a pretty good website for helping you discover the “silent” switches for installs. http://www.itninja.com/blog/view/the-complete-guide-to-msi-switches-for-silent-software-installation

Anything that is an MSI file can be installed with this sequence: MSIEXEC /i filename.msi /qn REBOOT=ReallySuppress /norestart

The important thing here is you MUST prevent the application from doing a reboot on its own. This will throw MDT into a tailspin because it wasn’t expecting the reboot. If the application must be rebooted to install properly, there’s a checkbox within the application properties that will request MDT to reboot after installation.

I’ve created several scripts that are OS tweaks that I add to the installation task sequences. I also use MDT to update computers without doing a complete OS reinstall, so I’ve put these into their own application subfolders named _Tasks and _Updates.

Application Bundles Once you have all your applications added, do yourself a favour and create application bundles for each “type” of user you have. This makes it much easier to select all the applications you need to install, and ensure you don’t miss something. When new software comes out, you just need to create a new application then revise the bundle.

Task Sequences Finally, you’re ready to put it all together. Start with the Standard Client Task Sequence, then tweak it to your needs. I’ve created my own custom task sequence template based upon this one with all the steps I regularly add. http://www.danielclasson.com/guide-how-to-create-an-mdt-2013-task-sequence-template/

When I first started using MDT, I would just blanket deploy all drivers for all computers, which was not only unnecessary, but sometimes the drivers would conflict and cause deployment failures. In order to change this, you want to make two changes to the default task sequence.

1. Add a step named Set Driver Group right before the Inject Drivers step in the Preinstall section. It should be of type General | Set Task Sequence Variable. It assigns a value to DriverGroup001. The Value should match the folder structure you created in the Out-of-box Drivers section.

2. Change the Inject Drivers step (just the one under Preinstall—there is another one further down that doesn’t need to be changed) to choose a selection profile of Nothing (seems counter-intuitive to me, but this step is necessary otherwise it will override what you did in Step 1):

Here’s a bunch of those OS tweaks I was talking about. It’s a good idea to put those into the OS install instead of trying to apply the afterwards. Same thing for .NET Frameworks, or C++ libraries that many applications require.

This guy has lots of helpful info about OS tweaks: https://garytown.com/category/windows-10 You can even get MDT to do BIOS updates (if your manufacturer provides Windows-based, silent installs). If you get to this step, I can send you the script that I use to accomplish this.

Once you really get going, you can create a custom task that uses BGINFO to change the wallpaper of the computer so it reports status throughout the build. All those “Update Status” tasks throughout my task sequence are just updating the wallpaper. MDT provides a built-in script for doing this:

Advanced Configuration My end goal was to get these deployments to run with as little interaction as possible. To that end, I created a database with every computer listed, and several roles. https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information

With these extra steps, I can get MDT to name the computer based on my requirements, set the screen resolution, pick the correct task sequence, etc.

By providing the serial number, MDT can detect which computer it’s working on then apply the correct settings:

Set the OSDComputerName to whatever name you want for the computer:

Install applications from the bundles you created:

Set common settings and select the correct task sequence:

Standard Settings provides details about the Display Settings, provides the account used to join my domain, and provides the domain name to join. A lot of those settings can also be controlled from your deployment share rules (customsettings.ini). Windows 10 Professional x64 assigns the computer to the correct OU in Active Directory:

the MAK product key, and the correct Task Sequence:

In order to make the deployment near-silent, you need to customize the Rules for your deployment share. These are well documented in the MDT help, but here’s some of my settings: [Default]

OSInstall=YES

SkipAdminPassword=YES

AdminPassword=password

SkipApplications=YES

SkipBitLocker=YES

SkipCapture=YES

SkipComputerBackup=YES

SkipComputerName=YES

SkipDeploymentType=YES

DeploymentType=NEWCOMPUTER

SkipDestinationDisk=YES

SkipDomainMembership=YES

SkipRoles=YES

JoinDomain=domain

DomainAdmin=admin

DomainAdminDomain=domain

DomainAdminPassword=password

SkipFinalSummary=YES

FinishAction=REBOOT

SkipLocaleSelection=YES

KeboardLocale=en-US

UserLocale=en-CA

UILanguage=en-US

SkipPackageDisplay=YES

SkipProductKey=YES

SkipSummary=YES

SkipTaskSequence=YES

SkipTimeZone=YES

TimeZone=010

TimeZoneName=Mountain Standard Time

SkipUserData=YES

UserDomain=domain

UserID=admin

UserPassword=password

OrgName=your company name

FullName=name to show for computer owner

WsusServer=your local WSUS server’s address for applying Windows

Updates

_SMSTSOrgName=Company name shown during deployment

Monitoring Once you have everything else working, you can turn on monitoring so MDT will track the progress of all computer installs. I’ve written a little program that tracks the creating of events in Event Viewer and emails me the status as well.

Final Steps Once you have everything completed, right-click on your deployment share and choose Properties. On the Windows PE tab, select your platform then check off the appropriate options on the General tab:

Note you can also create bootable ISO’s you can put on USB sticks so you don’t have to rely on your network, but that’s another discussion. Click OK, then right-click on the deployment share again and select Update Deployment Share. MDT will create a Lite Touch WIM file that you can then load into WDS under Boot Images. Once you have this all setup, boot your computer into PXE (for most computers, you do this by pressing F12 at boot), select the Lite Touch image you created, and sit back while MDT does everything for you. I have it configured now so I need to spend about 30 seconds per computer, then MDT runs on its own for 3-4 hours doing all the remaining steps.