The reference image is a Sysprep-prepared build of a Windows installation that will be deployed to existing and new computers. There are a number of approaches to creating a reference image using the traditional Windows Sysprep and capture:
A Bare Operating System
A computer is prepared with just the operating system and nothing else. This is captured and deployed to all new computers. It requires patching and all software deployment, consuming more time during deployment. This will be done by Configuration Manager.
A Bare Operating System with Patches
An operating system is deployed to a reference computer. All available patches are deployed to the machine before a reference image is captured. All deployments of this image require all software to be deployed by Configuration Manager after the operating system image is installed.
Standard Computer Image
A common computer image is defined, typically consisting of the operating system, Microsoft Office, common utilities, management and security agents, and all patches. This definition is used to build a computer and this machine is captured as a reference image. The image is deployed and Configuration Manager deploys all other software that is assigned to the machine/user that is not contained within the image.
Specialized Computer Images
An image is built with all of the required software for serving a specific role. This image is not a generic one that can be deployed to everybody—it is appropriate where a large number of computers must be deployed with specialized software that might take a long time to deploy. The benefit of this solution is that the fully functional computer can be delivered in a short amount of time.
There are merits to the many approaches. The key to the decision-making process is finding a balance between the following:
Building and testing the image
Updating/replacing the image as updates to patches and software are released
The time it takes for a fully functional PC to be deployed
We are going to focus on the simpler process of creating an image that contains the operating system and the security updates. The ConfigMgr site server that has been built contains everything that is needed. The good news is that we can automate the entire operating system installation, patch installation, Sysprep, and capture process using a task sequence.
There are a number of prerequisite packages (a collection of files shared from a distribution point) that are used during a Configuration Manager task sequence to deploy or capture an operating system. You can create them by hand, but we are going to do this the quick way by letting the Create Microsoft Deployment Task Sequence Wizard do the work for us.
Start this wizard (Figure 1) by navigating into Operating System Deployment and then into Task Sequences, and then clicking on the link in the Actions pane.
On the Choose Template screen, choose from a number of task sequence templates. We will use the Client Task Sequence. If you expand the drop-down list box you will see there are more options, including the ability to work with servers. Operating system deployment isn't limited to PCs and laptops!
On the General screen, shown in Figure 2, you assign a name to and describe the task sequence. Choose something that is as descriptive as possible. You might end up with a large number of task sequences after a while and you should make it easy to find the one you want when doing some work. You might append version numbers to the names as you start to customize your task sequences.
On the Details screen, shown in Figure 3, leave the machine in Workgroup. Reference machines should not be joined to a domain. You should enter the product key (the one shown is not a real one); otherwise the installation will stop and wait for someone to enter one. That would not be very zero touch.
On the Capture Settings screen (Figure 4), tell ConfigMgr where to store the captured installation image and what to call it. You must enter the UNC path to the folder and the desired name of the WIM file that will be created. The path of \\deploysrv\image$\Windows 7 Pro x64.wim is used in this example. You must define a capture account. This example is using deploy\configmgrnw, but you can use any account that has modify rights on the image$ share.
You created a boot image earlier, and you want to add drivers to it. On the Boot Image screen, shown in Figure 5, select one. We are working with 64-bit hardware and we want to deploy a 64-bit copy of Windows 7, so we will use the 64-bit boot image that we created earlier and add drivers to it.
On the MDT Package screen (Figure 6), either use an existing or create an MDT package. The package will be used to temporarily download the content of MDT to a machine while the task sequence is running. This allows the task sequence to do many complicated tasks while it runs. We will choose to create an MDT package in the packages share at \\deploysrv\packages$\MDT\MDT 2010. The wizard will know where to find the MDT installation on this machine to create the package.
You should note how we are using a subfolder called MDT 2010. This will allow the single MDT folder to contain many future versions of MDT as they are released and will keep things easy to find.
Name the package as Microsoft Deployment Toolkit 2010 in the following MDT Details screen.
The OS Image screen (Figure 7) allows you to do a number of things. You can choose an existing captured image (OS image) that is managed by ConfigMgr, create a new OS image from a captured WIM file, choose an OS install package (containing the Windows installation media files), or create a new OS install package. For the purposes of this exercise, do the latter. The Windows 7 installation media is loaded or mounted (E:\) and the destination for the new package is \\deploysrv\packages$\Windows\Windows 7.
Name the OS Image Windows 7 in the Install Source screen.
On the next screen either select an existing package to install the Configuration Manager client or create a new package. We will select the Create A New ConfigMgr Client option.
The User State Migration Toolkit (USMT) will be used for capturing user states and restoring them. It won't be necessary to do this during the build of a reference image, but it won't hurt us to create the package now. Do that in the USMT Package screen (Figure 8). The default location of USMT is detected by ConfigMgr and entered for you. This is in the WAIK installation location in a subfolder called \too1s\USMT. The package should be created in \\dep1oysrv\packages$\USMT\USMT 4.0.
Name the package as User State Migration Toolkit 4.0 in the following USMT Details screen.
There are two files required for an MDT installation of Windows 7. Unattended installations require an answer file. It's the same XML file you might have created in WAIK, or used in WDS or MDT. MDT deployments also require some settings in the form of a file called CustomSettings.ini. We will supply these settings in a package. The package is created in the Settings Package screen (Figure 9). The files will be created in \\deploysrv\packages$\Settings\Build and Capture Settings. You will have to change the CustomSettings.ini file in a little while. You can optionally tweak the answer XML file to change the way that Windows 7 is installed.
The package name can be called Build and Capture MDT Settings in the following Settings Details screen.
The Sysprep screen is similar to the previous ones. Legacy operating systems such as Windows XP didn't come with Sysprep, so you would have to create a package if you were working with them. Sysprep has been included with Windows since the Vista release. This means we can choose the "No Sysprep package is required" option on the Sysprep Package screen.
You accomplished a lot of work. The good news is that once these packages are created, you can just select them for reuse later. You might choose to use different settings packages, or maybe use a captured WIM file later on, but those involve minor amounts of work.
The wizard will then start to create packages and the task sequence. This might take a while, thanks to the creation of the OS installation package, so it will be another of the many opportunities to check your email or to take a watercooler break.
We are using a MDT 2010 task sequence template for the tasks in this exercise. The template will contain a number of ordered individual tasks. You can choose to create a native ConfigMgr template. Alternatively, you can choose to create a custom template and add each task or step in by hand.
A couple of minor edits must be completed in the task sequence. You can find the task sequence in Computer Management\Software Distribution\Task Sequences. Launch the Task Sequence Editor (Figure 10) by right-clicking a task sequence and selecting Edit.
Navigate to the Apply Operating System Image task in the left navigation pane. Change the Edition in the right pane to the edition of Windows that you want to install, such as Windows 7 Professional. By default the Task Sequence Editor installs the Home Basic edition of Windows 7, which would be of no use in an enterprise network.
The Setup Windows and ConfigMgr task must also be edited. Click on this task in the left pane and change the entry in the Installation box to
SMSSLP=DEPLOYSRV
The operating system that this task sequence will build will be a workgroup member. Workgroup members cannot use Active Directory to figure out what their ConfigMgr site server should be. They must be told to use a Service Locator Point on a specific server. This ConfigMgr client installation parameter will tell them to use the site server role that was installed on DeploySrv.
You can use the Install Software action to install a software distribution package on the resulting machine. Doing so allows you to include ConfigMgr managed software in the reference image. You can add additional Install Software tasks to the task sequence.
Any desired software distribution package must have the "Allow this program to be installed from the Install Software task sequence without being advertised" option enabled in the required program. This setting is not enabled by default. You can find instructions for changing this setting in all of your packages at once at http://blogs.technet.com/b/mniehaus/archive/2008/10/02/allow-this-program-to-be-installed-from-the-install-software-task-sequence-without-being-advertised.aspx.
You need to return to the MDT settings package once the packages are created. This is your opportunity to change the unattended installation XML file. You should also change the CustomSettings.ini file.
Navigate to D:\Packages\Settings\Build and Capture Settings and open CustomSettings.ini using Notepad. You should change the contents to the following:
[Settings] Priority=Default [Default] DoCapture=YES _SMSTSORGNAME=Deploy Inc. IT Department
This will force MDT to capture the image and will change the default label of IT Organization on the task sequence progress bar to a label of your choosing, such as Deploy Inc. IT Organization.
Save the changes, and then it will be time to make the packages available to the network.