Professional Documents
Culture Documents
20695C ENU TrainerHandbook
20695C ENU TrainerHandbook
20695C ENU TrainerHandbook
20695C
Deploying Windows Desktops and
Enterprise Applications
MCT USE ONLY. STUDENT USE PROHIBITED
ii Deploying Windows Desktops and Enterprise Applications
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
© 2016 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/trademarks are trademarks of the Microsoft
group of companies. All other trademarks are property of their respective owners.
Released: 04/2016
MCT USE ONLY. STUDENT USE PROHIBITED
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy
Program.
i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
MCT USE ONLY. STUDENT USE PROHIBITED
l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. “Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
MCT USE ONLY. STUDENT USE PROHIBITED
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
• access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
• alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
• modify or create a derivative work of any Licensed Content,
• publicly display, or make the Licensed Content available for others to access or use,
• copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
• work around any technical limitations in the Licensed Content, or
• reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie
expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre
pays si celles-ci ne le permettent pas.
Acknowledgments
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
David M. Franklyn, MCSE, MCITP, Microsoft MVP Windows and Devices for IT, is also an Eastern USA
Regional Lead MCT. Dave has been a Microsoft MVP since 2011, and a Senior Information Technology
Trainer and Consultant at Auburn University in Montgomery Alabama, since 1998. He is the owner of
DaveMCT, Inc. LLC, and is a training partner with Dunn Training. Working with computers since 1976,
Dave started out in the mainframe world and moved early into the networking arena. Before joining
Auburn University, Dave spent 22 years in the United States Air Force as an electronic communications
and computer systems specialist, retiring in 1998. Dave is president of the Montgomery Windows IT
Professional Group, and a guest speaker at many events involving Microsoft products.
Contents
Module 1: Assessing the network environment for supporting
operating system and application deployment
Module Overview 1-1
Lesson 1: Understanding tools and strategies you can use for operating system
deployment 2-3
Lesson 2: Using the High Touch with Retail Media deployment strategy 2-10
Lesson 3: Using the High Touch with a Standard Image deployment strategy 2-13
Lesson 4: Using a lite touch deployment strategy 2-16
Lab B: Building a reference image by using Windows SIM and Sysprep 6-30
Lesson 6: Distributing apps using the Windows Store for Business 12-35
Lab: Deploying Microsoft Office 2016 by using the Office Customization Tool 12-39
Module 9 Lab A: Preparing the site for operating system deployment L9-49
Course Description
This five-day course describes how to assess operating system and application deployment options,
determine the most appropriate deployment strategy, and then implement a deployment solution for
Windows devices and apps that meets your environment’s needs. Solutions that this course details include
operating system deployment scenarios ranging from high-touch solutions to zero-touch solutions. This
course also discusses the technologies that you use to implement these solutions, including the Microsoft
Deployment Toolkit (MDT) and Microsoft System Center Configuration Manager (Configuration
Manager).
Audience
This course is intended for is for IT professionals who deploy, manage, and maintain PCs, devices, and
apps across medium, large, and enterprise organizations. Typically, these IT professionals have a desktop-
support background, and have worked as Enterprise Desktop Administrators. A significant portion of this
audience uses or intends to use Configuration Manager to manage and deploy PCs, devices, and
enterprise applications. The Enterprise Desktop Administrator also might use several tools, including the
Windows Assessment and Deployment Toolkit (Windows ADK) and the MDT to support assessment,
operating system, and application deployment tasks. Additionally, this course is for individuals who are
interested in taking the MCSE exam 70-695: Deploying Windows Desktops and Enterprise Applications.
Student Prerequisites
This course requires that you meet the following prerequisites:
• System administrator–level working knowledge of networking fundamentals, including common
networking protocols, topologies, hardware, media, routing, switching, and addressing
• System administrator–level working knowledge of Active Directory Domain Services (AD DS)
principles, and fundamentals of AD DS management
Course Objectives
After completing this course, students will be able to:
• Assess the network environment to support operating system and application deployment tasks.
• Identify the most appropriate operating system deployment strategy based upon organizational
requirements.
• Assess application compatibility issues and identify mitigation solutions to ensure that applications
function successfully after an operating system deployment.
• Describe and configure strategies to migrate user state during operating system deployments.
MCT USE ONLY. STUDENT USE PROHIBITED
xx About This Course
• Determine the most appropriate image management strategy to support operating system and
application deployments.
• Describe and use the tools provided in the Windows ADK to prepare for and support automated
deployment strategies.
• Identify solutions to support Pre-Boot EXecution Environment (PXE)–initiated and multicast solutions
when performing operating system deployment tasks.
• Implement volume license activation and configuration settings for client computers.
Course Outline
The course outline is as follows:
Module 1, “Assessing the network environment for supporting operating system and application
deployment” examines how you can create a deployment strategy by using life-cycle information,
deployment tools and technologies, and licensing and activation information. It also explains how to plan
and effectively perform preparation tasks for deploying Windows 10 client operating systems.
Module 2, “Determining operating system deployment strategies” describes the tools and strategies that
are available to help you perform a successful operating system deployment. It also explains how to
identify the most appropriate operating system deployment strategy for your environment, based upon
organizational requirements.
Module 3, “Assessing application compatibility” describes the process for addressing common application
compatibility issues that you might experience during a new operating system deployment. The module
also explains how to use the Application Compatibility Toolkit (ACT) to help inventory, analyze, and
mitigate application compatibility issues.
Module 4, “Planning and implementing user state migration” introduces user state migration, and the
tools and methods that are useful in the planning and implementation of a user state migration in the
Windows software environment.
Module 5, “Determining an image management strategy” provides the information that you need to
manage images to support operating system and application deployments. Specifically, the module
describes the image formats and strategies for managing images.
Module 6, “Preparing for deployments by using the Windows ADK” describes how Windows Setup installs
the Windows operating system. It explains how to use the tools in the Windows ADK to prepare for and
support automated deployment strategies. It also explains how to use the Windows Preinstallation
Environment (Windows PE) to prepare boot images.
Module 7, “Supporting PXE-initiated and multicast operating system deployments” introduces the
architecture of network boot, PXE-initiated operating system deployments, multicasting operating system
delivery, and the Windows Deployment Services (Windows DS) functionality in Windows Server 2012 R2.
Module 8, “Implementing operating system deployment by using the MDT” describes the components of
the MDT, and how you can configure an operating system deployment strategy by using the MDT.
Module 10, “Integrating MDT and Configuration Manager for operating system deployment” explains
how to integrate the MDT with Configuration Manager to support operating system deployment
procedures. It also describes the benefits of integrating the MDT with Configuration Manager.
Module 11, “Activating clients and managing additional configuration settings” describes volume license
activation solutions. It also explains how to implement volume license activation and configuration
settings for client computers.
Module 12, “Deploying Office 2016” explains how to customize and deploy Microsoft Office 2016 to an
enterprise network environment. It also explains how to deploy Office 2016 by using Office 365, and
manage Office 2016 settings.
MCT USE ONLY. STUDENT USE PROHIBITED
xxii About This Course
Course Materials
The following materials are included with your kit:
• Course Handbook: a succinct classroom learning guide that provides the critical technical
information in a crisp, tightly focused format, which is essential for an effective in-class learning
experience.
o Lessons: guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
o Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
o Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge
and skills retention.
• Modules: include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.
• Resources: include well-categorized additional resources that give you immediate access to the most
current premium content on TechNet, MSDN, or Microsoft Press.
• Course evaluation: at the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
Note: At the end of each lab, you must revert the virtual machines to a snapshot. You can
find the instructions for this procedure at the end of each lab.
The following table shows the role of each virtual machine that is used in this course:
Software Configuration
The following software is installed in the course virtual machines:
• Configuration Manager
Classroom Setup
Each classroom computer will have the same lab virtual machines configured in the same way.
You might be accessing those virtual machines either in a local on-premises classroom, or through
Microsoft Labs Online.
• On-premises classroom. If you are working on a local machine, at the end of each lab you might need
to revert the virtual machines to a snapshot. The lab will include the steps to do this.
• Microsoft Labs Online. If you are working in the hosted environment there might be some variations
in configuration or lab steps in your student manual. Any differences will be called out in the Lab
Notes document on the hosted lab platform.
Your Microsoft Certified Trainer will provide more details about your specific lab environment.
Hardware Level 7
• Processor: 64 bit Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD - V) processor
(2.8 gigahertz (GHz) dual core or better recommended)
• Hard Disk: Dual 500-gigabyte (GB) hard disks 7200 RPM Serial ATA (SATA) labeled C drive and D drive
• Random access memory (RAM): 16 GB or higher
• Network adapter
• Monitor: Dual SVGA monitors 17” or larger supporting 1440x900 minimum resolution
Additionally, the instructor computer must be connected to a projection display device that supports
SVGA 1024x768 pixels, 16-bit colors.
MCT USE ONLY. STUDENT USE PROHIBITED
1-1
Module 1
Assessing the network environment for supporting
operating system and application deployment
Contents:
Module Overview 1-1
Lab: Assessing the network environment for supporting operating system and
application deployment 1-25
Module Review and Takeaways 1-28
Module Overview
Assessing an enterprise’s deployment requirements begins with understanding its hardware, software, and
infrastructure environment, and determining whether that hardware can support Windows 10. You can use
several tools to conduct an inventory of an environment and evaluate the computers in that environment.
For many organizations, one key decision is whether to deploy a new operating system. Doing so can offer
many benefits. However, many organizations consider it complicated and expensive to deploy a new
environment-wide operating system. Additionally, a migration’s complexity and cost can make it difficult
for users to recognize a new operating system’s benefits quickly.
Migrating and deploying a new operation system also can post additional challenges, including:
Application incompatibilities.
This module examines how to use life-cycle information, deployment tools and technologies, and licensing
and activation information to create a deployment strategy. You will learn how to plan and perform
effective preparation tasks for deploying Windows 10 client operating systems.
Objectives
After completing this module, you will be able to:
Assess readiness for a desktop deployment by using Microsoft System Center Configuration Manager
(Configuration Manager).
Assess deployment readiness by using the Microsoft Assessment and Planning Toolkit (MAP).
MCT USE ONLY. STUDENT USE PROHIBITED
1-2 Assessing the network environment for supporting operating system and application deployment
Lesson 1
Overview of the enterprise desktop life cycle
The enterprise desktop life cycle encompasses more than just deploying and removing computers. During
the first phase of the enterprise desktop life cycle, you must carefully plan for hardware that meets your
needs, and you should develop a purchasing strategy to avoid unnecessary spending. After you complete
the first phase, you can determine the best way to deploy the systems purchased. Application deployment
planning and user support are critical phases in the enterprise desktop life cycle. The key to these two
phases is providing users with the training and skills they need to operate their systems efficiently, which
can reduce issues. Eventually, all systems reach a point when technological advancements render them
obsolete. Upgrading or disposing of those systems ends that portion of their life cycle.
Lesson Objectives
After completing this lesson, you will be able to:
Organizations constantly manage the different phases of the enterprise desktop life cycle, which includes
planning, purchasing systems, deploying operating systems and software, and then managing users and
systems in production. The cycle begins and ends when you replace or retire older operating systems.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-3
The first phase of a client system’s life cycle, planning and purchasing, is a process that begins with
preparing and processing requisitions, and then obtaining approval of invoices for payment. The second
phase is deployment, which involves installing an operating system on a user’s computer. Application
deployment planning, the third phase, involves deploying software applications to client systems.
Operation and support is the fourth phase. In this phase, you ensure that the end users learn how to use
their systems and applications, and receive the support they need. The final phase of the life cycle is
upgrading and retirement, in which computers receive new software or you retire them from use and
recycle them.
Computer selection. This process involves choosing hardware, software, and peripherals. Additionally, it
includes design configuration and application compatibility testing.
Deployment methods. Each deployment method includes inherent costs to support that method.
Often, multiple deployment methods are used to accommodate different scenarios.
Demand forecasting. This is the attempt to predict an organization’s future need for computing
resources, to determine the quantities that you should purchase.
Design configuration. This process concentrates on deciding which new features you will use and how
you will incorporate them into the overall plan. The new tools, resources, and settings available can
help simplify configuration processes dramatically.
Purchasing is the process of obtaining personnel, material, services, or property from a vendor by
authorized means. It is the action or process of acquiring items at the operational level. The purchasing
process includes negotiation, contracts, vendor management, shipping, and disposal of packaging
materials.
During the purchasing stage, there are several decision points that will affect the overall cost of the
deployment:
Hardware typically represents approximately half of all the costs in the purchase-phase of the
computer life cycle.
Software costs include productivity applications, antivirus software, messaging tools, and groupware.
MCT USE ONLY. STUDENT USE PROHIBITED
1-4 Assessing the network environment for supporting operating system and application deployment
The chosen deployment method will directly impact overall deployment cost. Additional costs can
include storage requirements of file servers and hard disk drives, universal serial bus (USB) flash drives,
blank DVDs, and providing for greater bandwidth for pushing large images and user data across a
network.
Accessories include a wide range of computer-related supplies, such as cables, power supplies,
keyboards, mice, laptop bags, docking stations, and secure-access cards.
Finally, after the systems arrive, you need to prepare them for deployment. You must securely store,
unpack, inspect, and inventory the systems properly. You should set aside the necessary space for this
before the systems arrive.
Desktop deployment
Deployment consists of the activities that make a
software system available for use. The general
deployment process consists of several interrelated
activities with possible transitions between the
build and deployment phases.
Building
The building phase provides the opportunity to improve efficiency, and its key steps include:
Streamlining the deployment process. This step includes developing automated solutions and
procedures that you can use for deployment.
Developing and testing the deployment process for the baseline operating system image (or images).
Without a test system, you might fail to identify and correct errors, and you might subsequently
duplicate these errors to all of your environment’s computers during the actual deployment.
Configuration. This step includes developing an automation solution, testing and configuring
standardized images, accounting for IT labor to configure computers, and planning for network access
configuration.
Managing the logistics. This step includes storing computers, deploying and setting up physical
hardware, and communicating to end users.
Deploying
After you complete thorough building and testing, you can begin deploying the operating system. The
deployment phase is the period during which the team implements the solution and ensures that it is stable
and usable. A typical deployment takes place in phases throughout the networking environment. The
deployment team stabilizes each phase before progressing to performing upgrades or installations.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-5
When you use software image deployment, you load a standard image and potentially replace preinstalled
original equipment manufacturer (OEM) software. You typically standardize these images on the basis of
organizational or departmental needs, such as sales or finance, or on the type of user who receives the
system, such as a manager, a home or office user, or a graphic designer. The next lesson will cover several
methods that you can use to deploy software images.
The deployment stage also includes migration of data, user state, and unimaged applications. Many users
think that having access to the data that was on their previous computers is an absolute requirement. You
can use many approaches to migrate data between client computers, such as by using file shares, Microsoft
SharePoint Server 2013, or Microsoft cloud services. However, some user data always remains on computers.
You should consider the storage space requirements for performing data transfers.
Note: You should focus on creating the minimum number of baseline images based
exclusively on operating system version and editions, and perform app deployment based on user
needs by using a deployment solution, such as Configuration Manager.
Application compatibility
Application compatibility can have a far-reaching
impact on your organization, but you can reduce
that impact significantly by planning your
application compatibility project properly. Your
migration to Windows 10 is an opportunity to
analyze your applications carefully and to
understand their strategic importance in your
environment.
Gathering an application inventory is the first step in understanding the effect of application compatibility
changes in your environment. Microsoft offers several tools to perform asset inventories, including the MAP
and the Microsoft Application Compatibility Toolkit (ACT). For larger enterprise environments, Microsoft
includes asset inventory functionality in Configuration Manager.
The ACT is a Microsoft tool suite that you can use to test and understand application compatibility in your
environment, and it is available as part of the Windows Assessment and Deployment Kit (ADK). ACT enables
software developers, independent software vendors, and IT professionals in an enterprise environment to
determine whether their applications are compatible with a new version of the Windows operating system.
ACT also enables these individuals to determine how updates will affect their applications.
The Microsoft Desktop Optimization Pack (MDOP) is a suite of six products sold as an add-in subscription
license to Microsoft Software Assurance (SA) customers. You can use two of the six products in the Desktop
Optimization Pack to mitigate application compatibility issues. You can use Microsoft Enterprise Desktop
Virtualization to mitigate application-to-operating-system incompatibilities (Windows 7 only), and you can
use Microsoft Application Virtualization (App-V) to mitigate application-to-application incompatibilities or
conflicts.
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Assessing the network environment for supporting operating system and application deployment
For environments that have thousands of managed applications, you can undertake an application
compatibility project as an opportunity to reduce the number of applications in the environment, thereby
reducing the costs associated with application proliferation. An easy, immediate way to reduce the number
of applications within an environment is to standardize the application versions in use across an
organization.
Newer applications might supersede many older applications that provide similar functionality, thus
enabling you to remove older applications. Every time you remove an application, you eliminate
corresponding licensing and support costs. During your application compatibility project, you can analyze
application compatibility across your entire enterprise. Configuration Manager can manage superseded
applications and their removal.
Note: App-V will not mitigate an application that the operating system does not support.
However, it does provide a test environment that allows apps that are incompatible with each
other to run on the same computer.
Application packaging
Application packaging and automated installation generally involve using silent installation commands
from vendors. You can find these commands in installation guides, on Internet forums, or by launching the
setup application with the /help or /? command-line options.
For applications that you develop in-house, there might not be silent installation commands. You will need
to package those applications or repackage them if the installer package does not work. You can create
Windows Installer packages, if necessary. App-V provides a packaging mechanism with the application
sequencing that it uses to create virtual applications. App-V is integrated with Configuration Manager for
app deployment.
Two of the more recently developed methods for deploying applications include the Windows Store and
Windows Store for Business.
Windows Store
The Windows Store supports both free and purchased apps, and developers can use it to advertise their
desktop apps. The Windows Store is a platform for distributing Windows applications, including both
Windows RT (Windows 8 on Advanced RISC Machine or ARM processors) and desktop applications. The
store supports only Windows 8 and newer operating systems. Users can download modern UI applications
directly from the Windows Store. Users can access the traditionally installed desktop applications by using
the links to the developers' websites that are advertised in the Windows Store. Users can choose to share
content from one app to another, and can optimize apps to their context, hardware, and preferences.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-7
Facilities. These include factors such as ensuring that the environment has continuous, regulated
electricity; that air conditioning and heating temperatures and humidity are within manufacturer’s
guidelines; and that the environment is clean, with dust and foreign objects kept away from the server
systems and storage. A building’s overall structural soundness also is a factor. The facility should meet
local codes; provide for safe, secure workspaces; and provide protection from outside elements such as
rain and humidity. Facilities also should meet basic office workspace ergonomics standards, including
keeping desktops safe from users tripping over cables, kicking cases, knocking over monitors, and
other potential accidents.
Computer security. This issue requires constant vigilance. Not only do computers require protection
from malware and external attacks, they also are valuable corporate resources that you must protect
from theft, misuse, and misappropriation. Important computer-security responsibilities include
deploying antimalware software; performing software, application, and operating system updates; and
monitoring the status and inventory of systems.
MCT USE ONLY. STUDENT USE PROHIBITED
1-8 Assessing the network environment for supporting operating system and application deployment
Software updates. This is another constant component of computer support. To help keep computers
that are running Windows operating systems stable and secure, you must update them regularly with
the latest security updates and fixes. Windows Update enables you to download and install important
and recommended updates automatically. You can update most Microsoft applications by using the
Windows Update functionality. Many software vendors also provide regular updates, and these
updates might require user interaction. Driver updates for various hardware component manufacturers
also are available through Windows Update. You can apply Windows Update to fix quickly most
security issues that manufacturers discover during a software product’s lifespan. However, certain
updates might cause functionality problems with some software. While this is rare, system failure can
occur. Therefore, testing updates is a part of this functionality. Many organizations require that
administrators use a formal process to test and deploy updates.
Data protection. This involves backing up user and configuration data, providing for disaster
recoverability, and providing stable, secure information repositories. You typically implement this
functionality at the systems administration level, on the various servers that host data. However, most
systems administrators also provide repositories where users can move their data. Systems
administrators often provide scripts or some other functionality that moves user data automatically, so
that you can protect that data. Note that laptop and tablet users typically do not receive this level of
support and might be required to back up their devices themselves. You should consider planning to
protect mobile data in addition to traditional onsite data. Cloud and datacenter solutions are available
to perform both functions.
IT administration. IT administration is the day-to-day resource that users rely on to help keep their
computers safe, to answer questions, and to resolve computing-related issues. IT administration
provides solutions to problems that users cannot fix. These solutions might involve going to a user's
computer physically to configure it or providing for a remote system that can do the same. Beyond
helping users, IT administration performs desktop-related functions, such as auditing and asset
management. Together, these activities form the core of IT administration.
The support phase of the life cycle includes providing training, IT support, and hardware servicing. Consider
the following factors when you provide for these activities:
Training. This is potentially the costliest and most time-consuming component of the support phase.
This activity includes both training the IT staff and providing the IT labor required to develop and
deliver end-user training. It also includes LOB apps and training for the software and hardware on a
typical computer. The cost of training for unfamiliar LOB apps can be substantial. A successful Windows
10 deployment requires additional training, even for users who are familiar with Windows computing,
so that they can learn the new interface and gain the efficiencies that Windows 10 can provide. Some
workers might have more experience dealing with devices such as smart phones and tablets, and you
should customize the training accordingly. Many enterprises overlook the training component of an
enterprise desktop life cycle, and often do not provide adequate time or resources for training.
Generally, organizations find that investing in training can enhance workers' efficiency greatly.
IT support. This support is integrated throughout the enterprise desktop life cycle. Most of the steps
described throughout this topic are part of IT support. This component includes help-desk and onsite
support. Most enterprises recognize that computer maintenance, including tasks such as disk
defragmentation, are end-user functions, but IT personnel still might monitor maintenance. Managing
reporting systems, including the ability to track issues and manage remedies, is another IT support
function. As workers join or leave an organization, supplying workers with new systems and reusing
older systems also are required.
Servicing hardware. This involves fixing desktop computers, replacing failed or faulty components, and
managing warranty issues. It also involves keeping and restocking adequate components and
replacement systems, and shipping and receiving warrantied items back and forth from vendors.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-9
Some organizations might have procedures on how to refurbish used equipment and how to test stock
items before deployment or after users return them. Additionally, new employees might need fully
equipped computers to perform their duties.
The retirement phase is an issue that every organization must eventually face. The focus of the retirement
phase is successful removal of a system from production when it is no longer useful. As you retire legacy
systems and replace them with new systems, you must complete this effort efficiently, without interrupting
daily organizational business needs or end users' work. Eventually, all software systems become obsolete or
other systems supersede them. Generally, these systems go through upgrades, but sometimes you no
longer require them and should remove them. Other factors that you need to consider when you plan the
retirement phase include the following:
You should accomplish computer pickup in a way that causes the least interruption to users. Typically,
you can do this during nonbusiness hours by going to each department or room to retrieve computers.
Usually, computer pickup happens at the same time that new systems are distributed.
Similar to your refurbishing efforts, you should prepare computers for reselling. If systems will go to an
outside entity, you should ensure that sensitive information stored on hard drives and other magnetic
media does not travel outside your organization. Typically, as part of the retirement process, you clear
the information on drives. You can use numerous software tools to do this, and there are machines
than can erase drives in bulk, even if the drives are not operational.
Your organization might require administrative processing, which refers to the paperwork necessary to
inventory and account for all computer equipment removals and sales. You typically can accomplish
this with an existing inventory system.
You might need to perform packing and shipping. You also might need a loading-dock area for
pickups.
You need to consider residual value, which refers to the resale value of equipment. Laptops generally
get a higher price than desktops. Some organizations give old equipment to charity and use such
donations as part of their overall tax accommodation with government.
MCT USE ONLY. STUDENT USE PROHIBITED
1-10 Assessing the network environment for supporting operating system and application deployment
Which of the following is NOT part of the enterprise desktop deployment life cycle?
Demand forecasting
Imaging
Training
Categorize Activity
Categorize each item into the appropriate phase of enterprise desktop life cycle. Indicate your answer by
writing the category number to the right of each item.
Items
8 Virtualizing applications
9 Protecting data
10 Managing logistics
12 Providing IT support
13 Baselining images
Lesson 2
Assessing readiness for a desktop deployment by using
Configuration Manager
Many organizations recognize that an efficient and automated desktop deployment can confer
considerable cost savings. To realize this potential, you must identify your organization’s current computer
software, hardware, and network infrastructure. Knowing what you can and cannot upgrade is key to
planning a successful desktop deployment properly. This lesson provides information about some of the
tools that you can use to perform detailed assessments of existing deployments, and it describes some of
the challenges that you might face when you perform these necessary assessments.
Lesson Objectives
After completing this lesson, you will be able to:
Describe the tools that you can use to assess your current environment.
Describe the Configuration Manager features that you can use for infrastructure assessments.
Determine what hardware you can reuse as part of the new computer deployment and which types
you might need to retire. You must fully understand the hardware requirements for the new operating
system and how the system will work with existing peripheral devices.
Determine which applications you can redeploy on new desktop systems. Start a process for packaging
or scripting those applications, so that you can reinstall them quickly and consistently without user
intervention.
Define a strategy for addressing applications that the new platform cannot support. For example, you
might have a critical application that a new operating system does not support, but it might be a
candidate for virtualization technology such as Client Hyper-V in the Windows 10 operating system, or
by using RemoteApp in the Windows Server 2012 R2 server operating system.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-13
Reduce cost with Windows Server 2012 R2 Hyper-V, Remote Desktop Services, and the System Center
product line. These products enable you to virtualize your enterprise, which might provide an overall
cost savings when compared to a physical deployment.
Establish a process to capture user data, settings, and preferences on currently deployed systems and
to restore the data on newly deployed systems.
Provide a method for backing up all of the relevant data on currently deployed computers before
redeployment. You can do this as part of the user-data capture mentioned above.
Provide an end-to-end process for the actual desktop deployment. Several Microsoft automated
systems tools can do this, and the next lesson will cover these in more detail.
Create a plan for training users on the updated desktop systems. The new features and functionality of
Windows 10 will help to reduce troubleshooting issues significantly post-deployment.
The key to a successful desktop deployment is to obtain as much information about your existing desktop
environment as possible. Additionally, you should obtain guidance and best practices to assist you in each
phase of your desktop-deployment project. You can use the following tools to support the planning phase
and help ensure an effective desktop deployment:
Windows ADK
MAP
Configuration Manager
MCT USE ONLY. STUDENT USE PROHIBITED
1-14 Assessing the network environment for supporting operating system and application deployment
Note: Microsoft enhances and updates these tools continually. The version numbers
reflected in this course are not necessarily the version with which you will be working. For specific
guidance, please refer to the documentation that accompanies the specific versions that your
organization uses.
Windows ADK
Windows ADK is a collection of tools and documentation that you can use to customize, assess, and deploy
Windows operating systems to computers. Most tools that were previously available in the Windows OEM
Preinstallation Kit and Windows Automated Installation Kit (AIK) are now available in Windows ADK.
Note: If you want to access all Windows ADK features, please note that it is an exceptionally
large download of more than 7 gigabytes (GB) of data.
ACT
Deployment tools
Windows ADK tools specifically used for assessing the readiness for an operating system deployment
include ACT, Windows Performance Toolkit, and Windows Assessment Services.
ACT
To help ensure that applications do not fail when you deploy a new operating system, you must plan for the
integration carefully by taking an inventory of all the applications in the environment, identifying critical
apps to be tested, testing them thoroughly, and addressing mitigation requirements, as necessary. ACT
enables you to evaluate and mitigate application compatibility issues before you deploy a new version of
the Windows operating system or a new version of Internet Explorer. ACT includes:
Application Compatibility Manager, which is the functional centerpiece of ACT. Using Application
Compatibility Manager, you can complete the following five compatibility testing phases:
o Analyze results. Assess the status of applications and determine what requires fixing.
o Mitigate. Understand compatibility problems and work to address them.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-15
Compatibility Administrator, including both 32-bit and 64-bit versions, contains many known fixes to
help resolve issues prior to deploying a new version of Windows. The Compatibility Administrator
database includes the following tables:
o Applications. This table includes many applications with known issues and the fixes that can be
applied to allow the applications to run.
o Compatibility Fixes. This table includes many preconfigured fixes (small pieces of code that
intercept certain API calls) that allow an application to run the same way it did on a previous
operating system. You can create custom compatibility fixes for applications, as necessary.
o Compatibility Modes. This table includes many preconfigured groups of compatibility fixes. You
can create your own compatibility modes, as necessary.
Note: Large organizations might have hundreds or thousands of apps in use. Although
compatibility testing is a necessary step in any upgrade project, you will not be able to test every
single app thoroughly because of the sheer amount of time that would require. In such
environments, you must identify the most critical apps for compatibility testing, and assume the
risk of using apps that have not been tested for compatibility.
Windows Performance Recorder. You can use this to record events for analysis by using the Event
Tracing for Windows (ETW) functionality.
Windows Performance Analyzer. You can use this to analyze the data collected by the Windows
Performance Recorder.
Xperf. This is a command-line tool for collecting Event Tracing for Windows (ETW) events for analysis,
and it is included for legacy support.
The Windows Assessment Services server. The server component provides a test framework that you
can use to automate the running assessments on multiple computers in a lab environment.
Windows Assessment Services – Client (Windows ASC). This is the graphical user interface that you can
use to interact with Windows Assessment Services.
Assess the performance aspects of a single computer by using the Windows Assessment Console.
Assess the performance aspects of multiple computers in a networked or lab environment by using
Windows Assessment Services.
MCT USE ONLY. STUDENT USE PROHIBITED
1-16 Assessing the network environment for supporting operating system and application deployment
Assessments consist of workloads that measure performance for specific scenarios. You create a custom
assessment job from the available assessments. You also can use the preconfigured templates. Each
assessment job consists of one or more workloads that measure specific processes. You can create custom
jobs from assessments such as:
o Measures boot and shutdown times when using Fast Startup, and identifies components that
might cause delays.
Driver Verification
o Measures the duration of common file functions, such as copy, move, delete, and zip.
Memory footprint
o Measures overall system memory usage, focusing on driver allocations and dynamic allocations.
The preconfigured job templates include at least one assessment by default and allow you to customize the
job by adding additional assessments related to the template. The available templates include:
o Includes a single assessment, idle energy efficiency, which simulates idle time on the computer
while measuring the energy efficiency of the computer.
Browsing experience
MAP
MAP is an agentless inventory, assessment, and reporting tool that can securely assess the IT environments
for various platform migrations, including Windows 10, Microsoft Office 2016, Microsoft Office 365,
Windows Server 2012, Windows Server 2012 R2, SQL Server 2014, Microsoft Hyper-V, Microsoft Private
Cloud Fast Track, and Microsoft Azure.
Configuration Manager
You can use Configuration Manager to maintain corporate compliance and control, while providing
employees access to the devices and applications they need to be productive. Configuration Manager
provides key management capabilities in application delivery, desktop virtualization, device management,
and security. This enables continued productivity even when devices proliferate, and might help in reducing
costs.
Configuration Manager collects information in a Microsoft SQL Server database, allowing queries and
reports to consolidate information throughout the organization. Configuration Manager can manage a
wide range of Windows operating systems, including client and server platforms, and mobile devices.
You are the IT manager for A. Datum Corporation. Your organization consists of multiple locations
connected to each other through a Multiprotocol Label Switching (MPLS) network. Over the
previous decade, the company has made several different computer purchases, and the application
portfolio has grown to include commercial and in-house developed applications. The chief
information officer (CIO) has decided that it is time for a hardware update. You have been asked to
develop a cost-effective plan to upgrade or replace all the client systems so that every user will be
using Windows 10. Which tools can help you develop this plan?
MAP
Endpoint Protection
MDOP
MCT USE ONLY. STUDENT USE PROHIBITED
1-18 Assessing the network environment for supporting operating system and application deployment
Asset Intelligence, which allows you to use the Asset Intelligence catalog to retrieve inventory data and
identify software-license usage throughout your enterprise.
Asset Intelligence license management reports, which you can use to obtain data about licenses in use.
The license ledger report lists installed Microsoft applications in a format that is congruent with a
Microsoft License Statement. This provides a convenient method for matching purchased licenses with
used licenses.
Discovery, which you can use to identify computer and user resources that you can manage by using
Configuration Manager.
Hardware Inventory, which you can use to collect detailed information about the hardware of your
enterprise’s client devices. After you enable Configuration Manager hardware inventory, and the client
runs a hardware inventory cycle, the client sends the collected inventory information to the site
database. Configuration Manager hardware inventory runs on clients according to a schedule that you
specify in client settings.
Software Inventory, which you can use to collect and report information about the files stored on client
computers in your organization.
Software metering, which you can use to monitor and collect software usage data from clients.
Demonstration Steps
3. Go to Properties, expand the Hardware Inventory item, and then view the options available.
4. On a client system, go to Control Panel, click System and Security, click Configuration Manager, and
then run a Hardware Inventory Cycle.
2. View the Hardware 08A – Hardware that is not ready for a software upgrade report.
Question: You are the IT manager for the Adatum company. Your organization consists of
multiple locations connected through an MPLS network. Over the previous decade, the
company has made several different computer purchases, and the application portfolio has
grown to include commercial and in-house developed applications. The chief information
officer (CIO) has decided that it is time for a hardware update. You have been asked to
develop a cost-effective plan to upgrade or replace all the client systems so that every user will
be using Windows 10. While looking through the data you previously collected, you decide
that you want to use Configuration Manager to assist with the assessment of your
environment. Which features of Configuration Manager do you think would be most helpful
with your assessment?
MCT USE ONLY. STUDENT USE PROHIBITED
1-20 Assessing the network environment for supporting operating system and application deployment
Lesson 3
Assessing deployment readiness by using MAP
When organizations upgrade operating systems, two of the biggest challenges that they face are the ability
to use existing applications on the new system, and the need to provide new applications. Additionally,
hardware specifications and minimum hardware requirements change over time and with operating system
versions. Simply upgrading might not be an option due to hardware issues, or simply installing or
reinstalling older applications on new systems in production might fail. Before you deploy any new systems,
you should assess and plan application and hardware compatibility carefully with the new operating
system. Microsoft created MAP as a free, comprehensive tool for migration planning, capacity planning,
and software and hardware tracking. This lesson covers the enhancements to this tool with the release of
Windows 10.
Lesson Objectives
At the end of this lesson, you will be able to:
Explain the various phases involved in assessing the infrastructure by using MAP.
Microsoft Azure.
You can use MAP to scan and assess your organization’s readiness for Windows 10 and other upgrades.
MAP uses several agentless methods to connect to your network’s computers, assess their hardware and
device compatibility with Windows 10, and then create comprehensive Microsoft Word and Microsoft Excel
reports.
You need to consider very carefully how you will plan and conduct your deployment process. MAP is a tool
that can help you manage deployment, but you should consider its use carefully to get the best value from
it. You should tie your MAP use to a phased approach as part of your overall deployment strategy. There
are six distinct MAP deployment phases for you to consider, and the key to a successful MAP experience is
to complete each of the six phases sequentially. The following sections describe these phases.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-21
Inventory and Assessment Wizard. The Inventory and Assessment Wizard is the starting point for all
MAP scenarios. Using the information gathered in the first three phases the step-by-step wizard will
prompt you to:
o Provide the credentials required so that you can connect and inventory the target machines
successfully (phases 2 and 3).
MCT USE ONLY. STUDENT USE PROHIBITED
1-22 Assessing the network environment for supporting operating system and application deployment
Performance Metrics Wizard. The Performance Metrics Wizard collects specific performance-related
information such as CPU, memory, network, and disk utilization for Windows servers and clients, and
LINUX–based servers. The information that this collection mechanism gathers supports the capacity-
planning features for server consolidation, desktop virtualization, Microsoft Private Cloud Fast Track,
and Microsoft Azure application migration.
MAP includes several deployment assessment scenarios including assessments for Cloud, Desktop, Server,
and Desktop Virtualization. When you select an assessment scenario, several readiness scenarios that are
related to that assessment scenario are presented. This topic focuses on the Cloud, Desktop, and
Environment scenarios, and the readiness scenarios that are related to them.
Note: MAP generates many reports. This following list shows the scenarios relevant to
accessing and deploying Windows client operating systems and enterprise applications.
The following table lists the Windows 10 deployment scenarios and the reports that you can generate.
Scenario Description
Cloud All scenarios relevant to the migration to and use of cloud services and
products offered by Microsoft.
Office 365 Readiness This scenario provides readiness assessment of your environment for Office
365.
Accessing this scenario allows for the creation of the Office 365 Assessment
report. This is an Excel report that shows how many client computers are
ready for the Office 365 Web Apps Experience, how many are ready for full
client access to Exchange and SharePoint services, and how many are ready
for both Office 365 Web Apps and the full Microsoft Office client.
Additional tabs provide the supporting details for each of the systems
discovered.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-23
Scenario Description
Desktop The desktop scenarios in MAP provide discovery and readiness assessments
for desktops inventoried in your environment.
Windows 10 Readiness This scenario assesses the viability of all the desktop hardware found in
your environment for the installation of Windows 10.
Accessing this scenario allows for the creation of the Windows 10 Readiness
report. This is an Excel report that shows how many systems are ready to
upgrade to Windows 10 and how many need hardware upgrades to be
ready for Windows 10. Additionally, there are tabs with the details for each
of the systems discovered.
Office 2013 Readiness This scenario assesses the viability of all desktop hardware found in your
environment for the installation of Office 2013.
Accessing this scenario allows for the creation of the Office 2013 report.
This is an Excel report that shows you how many systems currently have
Office 2013 or newer, how many systems are ready for Office 2013, and how
many systems are not ready for Office 2013. Additional tabs include
supporting details for each discovered system.
Demonstration Steps
2. Create a Demo database, and then save it to the default database backup location \Program
Files\Microsoft Assessment and Planning Toolkit on drive C.
4. Review the Windows 10 Assessment Excel report with the class, by examining each tab and section.
5. Perform a similar report generation on the Environment node for the Inventory results. Review the
generated Excel report.
Question: You are the IT manager for the Adatum company. Your organization consists of
multiple locations connected to each other through an MPLS network. Over the previous
decade, the company has made several different computer purchases, and the application
portfolio has grown to include commercial and in-house developed applications. The CIO has
decided that it is time for a hardware update. You have been asked to develop a cost-effective
plan to upgrade or replace all the client systems so that every user will be using Windows 10.
As part of the planning phase, you have been gathering comments from the user base about
the environment. You are seeing frequent complaints about performance. How could you use
the MAP toolkit to assist with the migration planning, and to explore and assess the
complaints, and address performance issues, as necessary?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-25
Objectives
After completing this lab, you will be able to:
Determine your hardware and application inventory by using Configuration Manager.
Inventory and determine your hardware and infrastructure readiness by using MAP.
Lab Setup
Estimated Time: 45 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Sign in by using the following credentials:
o Password: Pa$$w0rd
o Domain: Adatum
2. In the Administration workspace, browse to Client Settings, open Default Client Settings, and then
configure the Hardware Inventory as follows:
o Disk Partitions
o Installed Applications
o Operating System
Results: After completing this exercise, you should have collected hardware inventory from the client
computers and reviewed the information about your client computers’ configuration.
2. On the Start menu, open the Microsoft Assessment and Planning Toolkit, and then create an
inventory database called Client Assessment with a description of Initial assessment of Adatum
clients.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 1-27
4. For All Computer Credentials, add the administrator@adatum.com and Pa$$w0rd for credentials.
5. After the inventory runs, review the Computer Discovery and Collector Status sections. Click Close
when the assessment is complete.
2. Under the Desktop node, under Windows 10 Readiness, observe the Details section.
3. Under the Desktop node, view the Windows 10 Readiness Summary Results.
4. Run a report on Windows 10 Readiness, and then open and analyze the generated report.
Note: It might take a few minutes for the Generate Windows 10 Readiness Report link to
display.
Results: After completing this exercise, you should have determined how many of the client computers are
ready for a Windows 10 upgrade.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Question: What are the differences between MAP and Configuration Manager when you use
them to assess operating system deployment readiness?
MCT USE ONLY. STUDENT USE PROHIBITED
1-28 Assessing the network environment for supporting operating system and application deployment
Windows ADK
o ACT fixes should be considered short-term solutions while the applications are being re-developed
to work with Windows 10 natively. Using an older application with a compatibility fix can leave an
application or system with security vulnerabilities.
o The Windows Performance Toolkit that ships with the Windows 10 ADK/SDK is not compatible
with Windows 7 SP1 or Windows Server 2008 R2 SP1.
o Before you use the Windows Assessment Services to assess production systems, you should
consider the implications carefully. Many of the tests modify the target system in undesirable
ways, such as altering local user accounts or automatic logons, and can take hours to complete.
Generally, only nondomain, nonproduction systems should be used to perform assessments.
o Keep checking the Microsoft Deployment Toolkit Team Blog at http://aka.ms/E43xvk for updates
and changes.
MAP
o The MAP inventory might not include all the applications installed on a system. The application
collection process queries WMI directly to find all applications that are installed through a
Microsoft Windows Installer (MSI). MAP does not discover applications that are not installed using
an MSI. Configuration Manager software inventory can collect information about applications on a
system that might not be visible to MAP.
o Keep checking the MAP Blog at http://aka.ms/Mll3el and MAP Toolkit Content Index (en-US) at
http://aka.ms/Nd394p for updates and changes, especially after new versions of MAP are released.
Review Question
Question: Which Microsoft products, features, or tools can you use to retrieve your network’s
hardware and software inventory?
MCT USE ONLY. STUDENT USE PROHIBITED
2-1
Module 2
Determining operating system deployment strategies
Contents:
Module Overview 2-1
Lesson 1: Understanding tools and strategies you can use for operating system
deployment 2-3
Lesson 2: Using the High Touch with Retail Media deployment strategy 2-10
Lesson 3: Using the High Touch with a Standard Image deployment strategy 2-13
Module Overview
A new operating system usually contains a new set of features and services that most organizations will find
beneficial. However, many organizations believe that an operating system deployment is complicated and
expensive, which often reduces the perceived return on investment (ROI). This misconception causes
organizations, large and small, to decide against deployment, and overlook the multitude of benefits that a
deployment offers.
Organizations also often face other deployment challenges that prompt them to consider whether a
deployment is valuable, such as:
This module will help you understand the different deployment strategies and tools that you can use to
perform an effective operating system deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
2-2 Determining operating system deployment strategies
Objectives
After completing this module, you will be able to:
Describe tools and strategies that are available for an effective operating system deployment.
Lesson 1
Understanding tools and strategies you can use for
operating system deployment
In larger organizations, conducting an effective operating system deployment can be a complex and
strenuous process. Because of this, organizations often decide to postpone an upgrade, and sometimes
even avoid deployment of a full version of an operating system. However, with the right tools and
strategies, you can deploy a new operating system easily to hundreds, and even thousands of computers,
without it being a complicated project or requiring long hours from your information technology (IT)
professionals.
Lesson Objectives
After completing this lesson, you will be able to:
Describe deployment features that the Windows Assessment and Deployment Kit (Windows ADK)
provides.
Describe common enterprise deployment strategies.
Did you deploy the operating system over a network or by using removable media, or by using both
methods?
How did you handle the need for non-Microsoft device drivers?
The answers to these questions will vary depending on your environment and your organization’s size,
including the level of automation that your environment allows and the deployment tools that are available
to you. However, these answers should summarize some of the key challenges that any organization
encounters when deploying an operating system.
o New. You must install the operating system on a new device, which no one in your organization
has used. In this scenario, if you will be deploying the device for a new user, there might not be
user state data to migrate. This also can include existing devices that you will be treating as new,
when you do not need to retain any of the device’s data.
o Upgrade. You have to install the new operating system over an existing operating system. This
upgrades the operating system and retains all existing applications and settings.
o Refresh. You have to reinstall the operating system on the device, usually to address an issue with
the device, or to follow standardization protocols. In this scenario, you usually need to maintain
user state data that resides on the device.
o Replace. This is a combination of the two previous scenarios. You will use a new device as a
replacement for an existing device. Therefore, you have to transfer the existing device’s user state
data to the new device.
Identify the operating system architectures to use. Your environment might still contain 32-bit
processor-based devices, and 64-bit processor-based devices. By identifying the available
architectures, you can determine the minimum number of images that you must create.
Identify the necessary device drivers. Different hardware requires different drivers. Ensure that you
identify and secure the necessary drivers for each hardware device that you use from a particular
manufacturer. Do this for all applicable manufacturers.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-5
Identify storage and network resources that you can leverage during deployment. You must store
images, installation files, device drivers, and user state data, and then copy this data to the device
undergoing deployment. Ensure that you identify available file servers, and estimate the amount of
space that you need for each item that you must store and copy.
Identify operating system features and settings that each deployment requires. You can automate most
settings to apply during deployment. Most organizations enable BitLocker drive encryption on their
Windows-based mobile devices. You can customize your deployment process to enable BitLocker after
deployment.
Identify how you will handle licensing and activation. Smaller organizations usually have an individual
product key per user, while larger organizations might use Key Management Service (KMS) or multiple
activation key (MAK).
Identify critical applications that you must maintain post-deployment. You need to ensure that
applications are compatible with the new operating system, or that you can mitigate any
incompatibilities. You will learn how to handle application compatibility issues in a later module.
Document your environment, and choose the appropriate strategy based on the information that you
identify.
Deployment Image Servicing and Management (DISM) tool. DISM is available as part of the Windows
operating system, and you can use it to perform offline image servicing. This is crucial for maintaining
images that an operating system deployment uses. DISM is part of the Windows 7, Windows Server
2008 R2, and newer operating systems.
Windows System Image Manager (SIM). You can use Windows SIM to create unattended Windows
Setup answer files.
Windows Preinstallation Environment (Windows PE). Windows PE is the initial operating system that
you use during a Windows operating system deployment. Windows PE prepares a computer by
running tasks such as partitioning a hard drive, creating and formatting volumes, copying disk image
files to a system, and initiating setup.
User State Migration Tool (USMT). USMT is a collection of executable files that you can use to copy user
state data from a computer. You then can load that data onto a new installation of the Windows
operating system.
MCT USE ONLY. STUDENT USE PROHIBITED
2-6 Determining operating system deployment strategies
Volume Activation Management Tool (VAMT). VAMT provides a centralized tool for managing volume
licensed Microsoft products, including Windows operating systems and Microsoft Office products.
Additional tools. You can use several command-line tools, such as oscdimg, which creates bootable
Windows PE .iso image files, and makewinpemedia, which creates Windows PE bootable universal
serial bus (USB) media.
Technical reference documentation. This includes documentation for Windows Setup, DISM, the
System Preparation Tool (Sysprep), Windows SIM, Windows Recovery Environment (WinRE), and
additional deployment documentation.
High Touch with Retail Media. This strategy involves using the Windows retail media on each individual
computer. You can use Windows SIM to create an answer file and automate a portion of the
installation. This strategy suits organizations that have a small, unmanaged network, few or no IT staff,
and a small network with fewer than 100 client computers.
High Touch with Standard Image. This strategy involves the creation of a standard image, by using the
available tools in the Windows ADK, which you can customize. It requires an IT professional with
imaging knowledge, and is ideal for small or distributed networks with 100 to 200 client computers.
Lite touch. This strategy involves the use of images and distribution technologies, such as Windows
Deployment Services, to provide minimum interaction during deployment. An IT professional starts the
process, and all other steps are automated. We typically recommend this method for organizations
that have a dedicated IT staff and a managed network with 200 to 500 client computers. You also can
integrate Windows Deployment Services with Microsoft Deployment Toolkit (MDT) and the latest
version of System Center Configuration Manager (Configuration Manager) to offer a lite touch
deployment experience.
Zero touch. This strategy utilizes Configuration Manager to provide a fully automated deployment
experience that does not require any interaction. You also can integrate Configuration Manager with
MDT to offer a zero touch deployment experience. This is ideal for larger organizations that have more
than 500 client computers and a dedicated IT staff that has knowledge of Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-7
Note: The number of devices listed above for lite touch and zero touch strategies are
recommendations only. Large enterprises can use lite touch deployment for thousands of devices,
or could use Configuration Manager for lite touch or zero touch deployments.
Windows 10 scenarios
Organizations can use the traditional deployment scenarios when deploying Windows 10, and also can take
advantage of the following deployment scenarios.
In-place upgrade. This deployment scenario provides a simple, automated process that leverages the
Windows setup process to upgrade automatically from an earlier Windows version. You also can use
this process to upgrade to a newer Windows 10 release. When you use an in-place upgrade, Windows
migrates existing data, settings, drivers, and applications automatically.
Dynamic provisioning. You should use this deployment scenario to configure new Windows 10 devices
without having to deploy a new custom organization image to the device. Typically, you would use this
with an MDM service, such as Microsoft Intune, to support a Bring Your Own Device (BYOD) strategy
for your organization’s end users, or choose your own device scenario to provide final customizations
to a device.
Both of these scenarios eliminate the image creation process, which can simplify the deployment process
significantly.
The in-place upgrade method has four phases to upgrade a supported operating system to Windows 10,
and they include:
1. Copying files. The operating system is Windows 7, Windows 8, or Windows 8.1. When you run setup, it
checks the system, inventories the applications, inventories the drivers, assesses compatibility, and
prepares to run WinRE.
2. Installing features and drivers. You can use the WinRE system to back up the down-level operating
system, install Windows 10, and prepare Windows 10 for the next phase. It injects drivers and migrated
data into Windows 10.
MCT USE ONLY. STUDENT USE PROHIBITED
2-8 Determining operating system deployment strategies
3. Configuring settings. The first start into Windows 10 begins the specialization phase for Windows 10.
Drivers are installed, applications are migrated, and any additional files are migrated.
4. Final Phase. The Windows 10 upgrade is finished, welcoming the user back and the out-of-box
experience (OOBE) is presented.
The in-place upgrade method uses the standard Windows installation media image (Install.wim). The in-
place upgrade method does not support using custom images due to potential conflicts between existing
applications and new applications in a custom image. Additional scenarios that would require a traditional
wipe and load deployment are:
Changing from legacy basic input/output system (BIOS) to Unified Extensible Firmware Interface (UEFI)
booting.
Demonstration Steps
The in-place upgrade to Windows 10 is the simplest way to deploy Windows 10 to existing systems.
1. Create Windows PE media. You can use a USB device or a bootable CD with Windows PE to capture
your image and deploy it after you customize it. You should:
b. Customize the image with any additional packages, such as the Windows RE.
c. Use the makeWinPEMedia /ufd command to create the bootable USB device.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-9
2. Create and modify answer files. To automate the installation, you need to create answer files with the
configuration that you want to use, including that you should:
a. Use the installation media to create a catalog file that Windows SIM can use.
b. Modify a sample answer file to fit your needs, and include any drivers or other packages in the
installation.
d. Copy the answer file to the root directory of the USB device and name it Autounattend.xml.
e. Create a profile that includes the CopyProfile setting, so that you can customize the default user
profile. You also can customize the profile manually by making direct changes to the registry or
creating a script that uses the REG command.
f. Copy the answer-file profile to the root directory of the USB device as CopyProfile.xml.
3. Use the answer file that you created to install a Windows operating system on your reference
computer:
b. Use the Windows product CD to start the reference system. The setup process will use the
Autounattend.xml file to complete the installation.
a. Use Sysprep to generalize the system. To use the CopyProfile.xml file, you use the following
Sysprep command, on a single line with no space after /unattend:
d. Verify that the computer image and profile settings are correct.
You can extend this deployment process by using additional tools that are available in Windows ADK,
including that you can:
Use the Application Compatibility Toolkit (ACT) to validate your application on a test computer.
Install and configure USMT to capture user profiles if you are deploying Windows in a refresh scenario.
Install and configure VAMT if you are deploying volume licensed versions of the Windows operating
system.
Question: In your environment, will you use the Windows 10 in-place upgrade?
MCT USE ONLY. STUDENT USE PROHIBITED
2-10 Determining operating system deployment strategies
Lesson 2
Using the High Touch with Retail Media deployment
strategy
Smaller organizations with little or no IT staff often deploy the Windows operating system by using the
High Touch with Retail Media strategy. Although it is a simple process, the person who executes the
deployment must spend a significant amount of time on it. Even without IT staff, you can reduce this time
by using answer files and accessing the retail media over a network.
Lesson Objectives
After completing this lesson, you will be able to:
Explain the requirements for using the High Touch with Retail Media strategy.
Describe the High Touch with Retail Media deployment process.
Explain the limitations of the High Touch with Retail Media strategy.
Applying updates.
Configuring settings.
Note: An answer file is an XML file that contains settings that Windows applies during Setup.
You can create these files by using any text editor, but that requires an understanding of the XML
schema that the Windows Setup program uses. To facilitate the creation of answer files, use
Windows SIM.
Requirements for Using the High Touch with Retail Media strategy
The requirements for using High Touch with Retail
Media are minimal. The only necessary
components are the:
Windows 10 media
Additional Reading: To download the Windows ADK for Windows 10 update, refer to
http://aka.ms/J8vq9g.
5. Install the required apps, and then configure any settings that the Unattend.xml file does not include.
Requires that you refresh computers frequently. Even if your organization has a dozen computers, but
has a requirement of refreshing all computers frequently (which is common on kiosk computers and
Internet cafes), using this strategy will be too time consuming.
Requires deploying multiple versions and editions of the Windows operating system. The use of the
same answer file for multiple versions of the Windows operating system is not supported. You must
have a separate file, that is made for each version of the Windows operating system that you are
deploying.
Question: In your environment, will you be using the High Touch with Retail Media
deployment strategy?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-13
Lesson 3
Using the High Touch with a Standard Image deployment
strategy
Smaller organizations with a small IT staff often deploy the Windows operating system by using the High
Touch with a Standard Image strategy. Although this is a simple process, it requires some preparation time
to create the standard image for the organization. Standard images are ideal for smaller organizations that
require the same operating system, and mostly the same settings and applications on all network
computers.
Lesson Objectives
After completing this lesson, you will be able to:
The High Touch with a Standard Image deployment strategy provides the following benefits:
Faster deployments. All applications and settings are present on the standard image, reducing the time
it takes to configure the computer after deploying the operating system.
Reduced testing and validation time. Because you will be applying the same image to all computers,
you can perform testing on a smaller set of target computers, as long as they have similar hardware
settings.
MCT USE ONLY. STUDENT USE PROHIBITED
2-14 Determining operating system deployment strategies
Offline updating. You can apply updates to the standard images, thereby reducing the time it takes to
apply updates to all computers.
Reduced support issues. Because settings are consistent throughout the entire organization, this
reduces troubleshooting time, and you can apply the same fix to all computers.
Requirements for using the High Touch with a Standard Image strategy
The High Touch with a Standard Image
deployment strategy requires a few more
components than the High Touch with Retail
Media strategy. The main difference between the
two strategies is that when using the High Touch
with a Standard Image strategy, you need an IT
professional to create the standard image. The
only necessary components are:
Windows 10 media
o Windows PE
o DISM
o Windows SIM
o ACT (optionally)
3. Install all necessary applications, device drivers, and updates on the reference computers. You also
might configure the necessary features and settings.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-15
4. Run Sysprep to generalize the image, and then shut down the computer. Some applications might not
work with Sysprep, and you might want to automate the installation by using an answer file.
5. Start the reference computer by using Windows PE, and capture the image by using DISM.
7. Create an answer file that points to the newly created image, or create a new installation media and
replace the install.wim file with the newly created image.
8. Run the setup program from the new installation media, or run it from the old media by using an
answer file. You can also use DISM to apply the image by using an answer file.
9. Activate the computer online if you do not have a volume license.
Unsuitable for images that need multiple updates. You can use Sysprep as many times as you want on a
computer. However, when you generalize an image by using Sysprep, this resets the computer’s
activation clock. This reset can occur only three times for retail media. Therefore, if you have to update
an image more than three times, you might have to recreate it from scratch. A possible solution for this
problem is to use a virtual machine (VM) as a reference computer, and save a snapshot prior to running
Sysprep.
Not scalable. This strategy requires a technician, and optionally removable media, for each installation.
Therefore, this strategy does not scale to larger organizations with hundreds, or thousands, of
computers.
No upgrades. Because you are deploying an image, you cannot use this strategy to upgrade an existing
deployment of the Windows operating system.
Question: In your environment, will you use the High Touch with a Standard Image method
for migrating to Windows 10?
MCT USE ONLY. STUDENT USE PROHIBITED
2-16 Determining operating system deployment strategies
Lesson 4
Using a lite touch deployment strategy
Larger organizations often use several Microsoft tools, such as the Windows ADK and the tools available in
the operating system, to automate operating system deployments in their environments. These
organizations might benefit from using the MDT 2013 Update 1, a free supported set of tools that you can
use to achieve a lite touch deployment. Lite touch deployments are ideal for larger organizations. Unlike a
high touch deployment, lite touch deployments do not require that an IT technician deploys the operating
system on every computer individually.
Lesson Objectives
After completing this lesson, you will be able to:
Easier deployment. You can use MDT 2013 Update 1 to provide device driver, application, and update
installation.
Streamlined maintenance. You can use MDT 2013 Update 1 to update device drivers, applications, and
images.
Scalable. There is no need for someone to be present at each computer during deployment.
Additionally, using a network to push deployment facilitates scalability to hundreds, even thousands, of
computers simultaneously.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-17
Reduced support issues. Settings are consistent throughout the entire organization, which typically
reduces troubleshooting time, and allows you to apply the same fix to all computers.
Can use multiple images. You can use a single thin image, and install apps depending on needs. You
also can use multiple thick images that contain all apps required for different user groups.
o ACT. ACT is not a mandatory requirement. Use it to mitigate application compatibility issues.
o USMT. Use USMT for refresh scenarios to migrate user state data.
o Windows Deployment Services or removable media. Start devices from your network by using
Windows Deployment Services or locally by using removable media.
MDT 2013 Update 1. Use MDT to manage images, device drivers, and task sequences.
File server to store distribution share. Use a file server to store all images, device drivers, and other
elements that MDT requires.
MCT USE ONLY. STUDENT USE PROHIBITED
2-18 Determining operating system deployment strategies
5. Create a distribution share. Distribution shares store operating system installation media, images,
applications, device drivers, and updates.
6. Create a task sequence for each configuration that your environment requires. You create task
sequences in MDT, and they contain tasks used to deploy Windows 10, configure a computer, and
install apps and device drivers.
7. Create and update a deployment share in MDT. When you update a deployment share, you create
Windows PE boot images that you can use to start target computers during deployment.
8. Add the images that you created in step 7 to Windows Deployment Services or a removable device.
9. Start the target computer by using Windows Deployment Services or the removable device that you
used in step 8.
Lesson 5
Using a zero touch deployment strategy
A zero touch deployment is a fully automated deployment with zero user interaction. Larger organizations
that have a standardized network environment and IT professionals who are proficient in Configuration
Manager and MDT 2013 Update 1 can use these tools to provide a zero touch deployment, or they can use
Configuration Manager without MDT to create a zero touch deployment.
Lesson Objectives
After completing this lesson, you will be able to:
Easier deployment. You can use Configuration Manager alone or Configuration Manager and MDT
2013 Update 1 integrated together to install device drivers, applications, and updates.
Streamlined maintenance. You can use Configuration Manager (with or without MDT 2013 Update 1) to
update device drivers, applications, and images.
Highly scalable. There is no need for a technician to be present at each computer during deployment.
Additionally, the use of Configuration Manager to push the deployment facilitates scalability to
hundreds, even thousands, of computers simultaneously.
Reduced support issues. Settings are consistent throughout the entire organization, so this method
reduces troubleshooting time and applies the same fix to all computers.
Can use multiple images. You can use a single thin image, and install applications depending on needs,
or you can use multiple thick images that contain all applications required for different user groups.
MCT USE ONLY. STUDENT USE PROHIBITED
2-20 Determining operating system deployment strategies
o DISM. Used in Configuration Manager task sequences to capture and apply images.
o ACT. ACT is not a mandatory requirement, but you can use it to mitigate application compatibility
issues.
MDT 2013 Update 1. MDT Update 1 is not required for zero touch, but you can use it to integrate with
Configuration Manager and allow Configuration Manager to use the zero touch deployment task-
sequence template.
Configuration Manager and its prerequisites. Configuration Manager assumes the roles that MDT
typically plays in a deployment.
Note: MDT is not a mandatory requirement for zero touch scenarios. However, we
recommend it highly because you can integrate it with Configuration Manager.
5. Create a capture image optionally. You can use Configuration Manager to capture an image from a
reference computer.
6. Create a task sequence for each configuration needed in MDT 2013 Update 1 or Configuration
Manager.
7. Deploy the task sequence that you created in MDT or Configuration Manager to a collection in
Configuration Manager.
Lesson 6
Alternative deployment strategies for Windows desktops
Organizations have used high touch, lite touch, and zero touch deployment strategies for decades. With
the evolution of the Windows operating system, MDT, and Configuration Manager, these strategies have
become easier to implement, and organizations are using them more often. However, beginning with
Windows 7 and Windows Server 2008 R2, Microsoft introduced additional deployment alternatives that
support specific needs that the high, lite, or zero touch deployments do not support. However, with
Windows 8 and Windows 8.1, the virtual hard disk with native boot and the Windows to Go deployment
strategies were introduced. In Windows 10, you also can use Windows ICD to provision devices.
Lesson Objectives
At the end of this lesson, you will be able to:
Explain the requirements for a virtual hard disk with native boot deployment.
Note: For additional information about Windows 10 for the Internet of Things (IoT) edition
visit: http://aka.ms/Buvdmo.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-23
After you determine which type of package to create, you must decide which customizations to configure.
For example, the customizations settings common to all Windows mobile editions include:
AutomaticTime
o NTPRegularSyncInterval
Use to set interval between time sync (hours)
o NTPRetryInterval
Use to set Retry if regular sync fails (hours)
o NTPServers
Enumerates the Network Time Protocol (NTP) source server that the NTP client uses
Certificates
o CACertificates
o ClientCertificates
o RootCertificates
o TrustedPeopleCertificates
o TrustedProvisioners
EditionUpgrade
o UpgradeEditionWithLicense
Enable an edition upgrade of Windows 10 mobile devices. Does not require reboot.
o UpgradeEditionWithProductKey
Enable an edition upgrade of Windows 10 desktop devices. Requires reboot.
You can configure more than 30 settings for the customizations settings that are common to all Windows
mobile editions. Once you configure all of the settings that you need, you can save the project, and then
deploy it to a USB-connected device or a removable drive. You also have the option to export the settings
as a provisioning package.
You can deploy a provisioning package in the following ways.
Removable media From the start menu, click All Windows 10 devices.
Settings, click Accounts,
click Work Access, and then
click Add or remove a
management package.
From a USB-tethered device. Drag-and-drop the package Windows 10 Mobile devices and
file onto the target device. IoT Core devices.
MCT USE ONLY. STUDENT USE PROHIBITED
2-24 Determining operating system deployment strategies
What is the virtual hard disk with native boot deployment strategy?
Organizations became familiar and proficient in
managing virtual hard-disk drive files that their
VMs use, thanks to the increased adoption of
virtualization technology in the past decade.
Virtual hard disk with native boot is a simple .vhd
file that contains a Windows image, and you can
use it to start a computer.
Deploying the Windows operating system for multiple boot scenarios, without requiring multiple disk
partitions.
Deploying supported Windows images for fast deployment in reusable testing and development
environments.
Requirements for using the virtual hard disk with native boot strategy
To use virtual hard disk with native boot on a
computer, you must meet the following
requirements, including that:
You must have enough physical space to expand dynamic virtual hard disks to their maximum size, and
use page-file creation when booting from the virtual hard disk.
Note: You create the page file for a virtual hard disk with native boot outside the virtual hard
disk, which differs from when you use a virtual hard disk in a VM.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-25
Configure Windows 10 to start from a virtual hard disk with native boot.
Start the computer from a virtual hard disk with native boot.
Remove the virtual hard disk with native boot.
Demonstration Steps
This simulation demonstrates the steps to configure Windows 10 to start from a virtual hard disk with native
boot. You also will see how to start a computer from a virtual hard disk with native boot, and remove the
virtual hard disk with native boot.
No footprint. Nothing is installed on the computer on which you use Windows To Go, which runs in its
self-contained environment from a USB key.
BitLocker Drive Encryption. BitLocker is built in to Windows To Go drives.
A 60-second lockdown. When you remove the drive while you are working, you have 60 seconds to
plug it back in without losing any work.
Easy licensing. If you utilize software assurance, employees can take a Windows To Go drive to work on
their personal computers without needing a new license.
MCT USE ONLY. STUDENT USE PROHIBITED
2-26 Determining operating system deployment strategies
To create a Windows To Go workspace, you must meet the following requirements, including that you:
Use a Windows To Go-certified USB 3.0 drive, 32 gigabytes (GB) or larger. Windows To Go-certified is
not a hard requirement, but rather a recommendation. Drives that are certified with Windows To Go
are built to last longer and work as a solid-state drive (SSD) more than a simple USB flash drive.
However, you can use any USB drive with Windows To Go.
Have a Windows 10 Enterprise license. Windows To Go is an enterprise feature of Windows 8.1 and
newer versions.
Have a generalized Windows 10 Enterprise image. This is the image to use for your Windows To Go
workspace. Make sure that it contains all of the applications that you want to make available to users.
1. Insert a certified USB 3.0 drive on a computer that is running Windows 10.
2. Ensure that you have a .wim file that contains a valid Windows 10 generalized image.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-27
4. In the Create a Windows To Go workspace wizard, on the Choose the drive you want to use page,
select the drive that you just plugged into the computer, and then click Next.
5. On the Choose a Windows 10 image page, select the generalized .wim file. If your generalized image
is not displayed, click on Add search location, and then browse for the folder in which the image is
located.
6. On the Set a BitLocker password (optional) page, enable Use BitLocker with my Windows To Go
workspace, type a password in the Enter your BitLocker password text box, enter your password in
the Reenter your BitLocker password text box, and then click Next to enable BitLocker or click Skip
to skip this setting.
7. On the Ready to create your Windows To Go workspace page, click Create. The workspace creation
can take approximately 20 to 30 minutes or longer if you are not using a USB 3.0 drive.
8. On the Choose a boot option page, click Yes to configure your computer to start from a USB, or click
No. You can come back to this page to reset your start options.
9. Click Save and close.
To create a Windows To Go workspace by using Windows PowerShell, DISM, and bcdboot, perform the
following procedure:
1. Insert a certified USB 3.0 drive on a computer that is running Windows 10.
2. In Cortana, type PowerShell, and right-click on Windows PowerShell, and then click Run as
administrator.
3. In the Windows PowerShell console, type each of the following commands, pressing Enter after each
command. These commands will format and partition the disk, and prepare it for the Windows To Go
image:
$Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and
-not $_.IsBoot }
Clear-Disk –InputObject $Disk[0] -RemoveData
Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
$SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive
Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 -Partition
$SystemPartition
$OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS -Partition
$OSPartition
Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
4. In the Windows PowerShell console, execute the following command by replacing imagepath with the
full path to the .wim file that you want to use, and indexNumber with the image’s index number in the
.wim file. If the .wim file has a single image, use 1. Type the following command, and then press Enter:
6. To prevent Windows To Go from bringing an internally connected drive online when it starts, create a
file named san_policy.xml with the contents below in the W: partition of the USB drive:
7. In the Windows PowerShell console, type the following command to apply the file that you created
above, and then press Enter:
8. Create an answer file (Unattend.xml) in the W:\Windows\System32\sysprep folder of the USB drive, and
ensure that the file includes the following code:
Question: Do you plan to use any of the alternative methods for deploying Windows 10 in
your environment?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-29
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Sign in by using the following credentials:
o Password: Pa$$w0rd
o Domain: Adatum
Requirements Overview:
To select the appropriate operating system deployment strategy and tools based on:
Familiarity of the IT staff with operating system image management.
Number of desktops that must be deployed.
Variation in desktop configurations.
Use of retail or volume license media.
Network configuration, in terms of the distribution of servers to be deployed and the services currently
installed that will support the deployment process.
The IT staff is planning to deploy Windows 10 to a remote office in Miami, Florida, that is used by
researchers. The remote office has 12 desktop computers that are running Windows 7, and does not have
any dedicated IT staff. They run independently, and although they have Internet connectivity for work
purposes, they are not connected to the corporate office. All users save their data to their local
computers, and there are no servers in the office. Each user has their own different set of applications,
and they prefer not to have to reinstall them.
Proposals
1. Would High Touch with Retail Media, High Touch with a Standard Image, lite touch, or zero touch
deployment be applicable for this scenario?
2. Which deployment technologies would you consider to implement the server upgrade plan?
Results: After completing this exercise, you should have planned an operating system deployment strategy
for the Miami remote office.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-31
Requirements Overview:
To select the appropriate operating system deployment strategy and tools based on:
Familiarity of the IT staff with operating system image management.
Number of desktops that must be deployed.
Variation in desktop configurations.
Use of retail or volume license media.
Network configuration, in terms of the distribution of servers to be deployed and the services currently
installed that support the deployment process.
The IT staff is planning to deploy Windows 10 to the regional office in Montreal, Quebec, Canada.
Montreal has their own IT staff composed of five IT professionals who have limited experience in
operating system deployment. They manage their own AD DS subdomain, and have two file servers with
ample storage space. Although Configuration Manager is installed in the main office and the regional
U.S. office, the Montreal office is not part of the Configuration Manager infrastructure. They want to
install Windows 8.1 on all existing user devices and future devices. They currently have 300 devices, and
users have a different set of apps they need based on the department in which they work.
Proposals
1. Would High Touch with Retail Media, High Touch with a Standard Image, lite touch, or zero touch
deployment be applicable for this scenario?
2. Which deployment technologies would you consider to implement the server upgrade plan?
Results: After completing this exercise, you should have planned an operating system deployment strategy
for the Montreal regional office.
MCT USE ONLY. STUDENT USE PROHIBITED
2-32 Determining operating system deployment strategies
Requirements Overview:
To select the appropriate operating system deployment strategy and tools based on:
Familiarity of the IT staff with operating system image management.
Number of desktops that must be deployed.
Variation in desktop configurations.
Use of retail or volume license media.
Network configuration, in terms of the distribution of servers to be deployed and the services currently
installed to support the deployment process.
The IT staff is planning to deploy Windows 10 to the U.S. region, which is composed of a main office and
32 regional offices. Each office has between 300 to 500 users, 10 to 20 servers, and their own Active
Directory Certificate Services (AD CS) site under the adatum.com domain. All System Center 2012 R2
products are in use at the U.S. region, and the IT staff is proficient with all System Center products.
Proposals
1. Would High Touch with Retail Media, High Touch with a Standard Image, lite touch, or zero touch
deployment be applicable for this scenario?
2. Which deployment technologies would you consider to implement the server upgrade plan?
Results: After completing this exercise, you should have planned an operating system deployment strategy
for the U.S. offices.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-33
2. Verify the results of the installation, and identify the tools that have been installed.
3. To prepare for the next module.
4. On the Select the features you want to install page, make sure only the following features are
selected, and then click Install:
o Deployment Tools
5. On the Welcome to the Windows Assessment and Deployment Kit - Windows 10! page, click
Close.
Task 2: Verify the results of the installation, and identify the tools that have been
installed
1. Open File Explorer.
2. Navigate to C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\.
3. Take note of the various features that have been installed, including:
o Deployment Tools
Results: After completing this exercise, you should have installed the Windows ADK on LON-CL1.
MCT USE ONLY. STUDENT USE PROHIBITED
2-34 Determining operating system deployment strategies
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Question: What type of deployment would you use for an organization that has 200 user
devices in a single location, with five Windows Server 2012 R2 servers that are running Internet
Information Services (IIS), SQL Server, and file services only, without having to purchase new
software?
Question: What type of deployment would you suggest for the same company if it had
deployed Configuration Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 2-35
Tools
The following table includes the tools that are needed for this module.
MDT 2013 Update 1 Deploy Windows by using the To download the Microsoft
lite touch and zero touch Deployment Toolkit (MDT) 2013
strategies. Update 1, refer to
http://aka.ms/Kplg7k.
Best Practices
Create your reference machine as a VM, so that you can take snapshots of the reference system at
various stages of development. This is useful if you need to recover your reference system quickly. You
can use MDT and Configuration Manager to maintain and service the reference image.
If you are using Configuration Manager to deploy your images, consider using thin images and adding
applications through application deployment in Configuration Manager.
Avoid using high touch strategies as much as possible. They leave a lot of room for human error and
are harder to maintain in larger environments.
Module 3
Assessing application compatibility
Contents:
Module Overview 3-1
Module Overview
Application compatibility can affect an organization’s productivity significantly, and it can determine the
success of an application environment’s implementation for a new operating system. Application
compatibility is an application’s ability to run as expected without data loss from the user’s perspective.
Whether you deploy new apps with a new operating system or use existing apps, one of your critical goals
should be to ensure that your users can sign in after a new Windows deployment and continue with their
work as usual.
This module describes the process for addressing common application compatibility issues that you might
experience during a new operating system deployment. The module also explains how to use Microsoft
Application Compatibility Toolkit (ACT) to help inventory, analyze, and mitigate application compatibility
issues.
Objectives
After completing this module, you will be able to:
Lesson 1
Diagnosing application compatibility issues
Migrating to a new operating system, or testing a new operating system prior to installing it in your
environment, can expose potential compatibility issues for apps in your environment. It is crucial that you
identify and mitigate these issues as a part of the testing and preparation phase before you install apps,
both before and after the new operating system is running in your environment.
This lesson provides you with information to help you understand application compatibility in Windows 10
and the issues that can arise from installing an incompatible app.
Lesson Objectives
After completing this lesson, you will be able to:
It is critical that you assess application compatibility correctly to identify potential application compatibility
issues. You must implement application compatibility as an environment-wide approach, rather than an
unplanned activity. However, you can assess application compatibility with a measured and manageable
process by following these steps:
1. Discover the apps that you want to continue to use in the Windows 10 environment.
2. Rationalize the apps to ensure that all discovered apps still fit into the organization’s app portfolio. If an
app no longer has a practical use, you can remove it from the compatibility-assessment process.
3. Prioritize apps. Organizations might have hundreds, or even thousands, of apps. It is financially and
operationally impossible to test such a multitude of apps. Therefore, you must prioritize your apps and
decide which ones to test.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 3-3
4. Test apps to ensure that the functionality that you require is available when the app runs in
Windows 10.
5. Mitigate any issues that you discover, which might include using built-in operating system
compatibility functionality, upgrading an app, or replacing the app with one that functions properly in
Windows 10. You can consider removing the app completely, but doing so typically leaves a gap in
business functionality. This is not a desirable outcome.
Windows as a service
The Windows operating system is evolving into a cloud-enabled delivery model starting with Windows 10.
Instead of creating and then deploying an entirely new operating system every few years, Microsoft will
update Windows 10 continuously with an update process called Windows as a service. Microsoft will
perform the Windows 10 servicing options by using configuration branching. In this method, you can
configure a single operating system in a number of different ways. Microsoft will have the following three
main branch deployments available in certain OS editions:
Long Term Servicing Branch (LTSB), which enables long-term deployment of Windows 10 releases in
low-change configurations. These Windows 10 releases will not contain many features that are likely to
change, so there is no need to plan and test these changes.
Testing application compatibility must become an ongoing process as Microsoft introduces new
components, features, and interfaces as part of the Windows as a service model. For organizations,
potentially sweeping changes to an interface or feature can radically effect how an application performs. A
strong change management process should be in place to ensure such changes do not stop applications
from working.
Note: When an app makes a low-level kernel call, it bypasses the standard Windows
application-programming interface (API) and communicates with system hardware. App errors
and failures at this level typically result in the app failing and general operating system failure.
An app tries to copy files and shortcuts to folders that existed in a previous Windows operating system,
but which no longer exist in the new operating system.
An app setup process checks for a specific operating system version. This can prevent application
installers from installing the app or prevent apps from starting.
The operating system might not detect custom installers, uninstallers, and updaters. When this occurs,
the apps’ permissions are not elevated to run as an Administrator, and do not respond.
Standard user apps that require administrative privileges to perform their tasks can stop responding, or
tasks within the apps that require administrative privileges will not be available to standard users.
Control Panel applets that perform administrative tasks and make global changes do not function
properly and stop responding.
When you need to run apps by using administrative-level credentials, you can quickly mitigate the
application compatibility issues that pertain to running as a standard user by applying the RunAsAdmin
flag in a custom shim database. However, we recommend that you use more advanced techniques to
troubleshoot and remediate administrator dependency. Avoid granting users administrator rights to
reduce the percentage of local Administrator accounts that the organization requires. Some apps might
require the user to have administrative rights to write to the file system and the registry, but UAC includes
file and registry virtualization technology that allows the app to run even if the user does not have
administrative rights.
Kernel-mode drivers
Kernel-mode drivers must support the Windows 10 operating system. By default, vendors must sign all
drivers digitally for Windows 10 64-bit versions to be installed.
Note: Microsoft has removed kernel-mode printer driver support from Windows 10,
Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows Server 2012 R2, Windows Server
2012, Windows Server 2008 R2, and Windows Server 2008.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 3-5
Microsoft Edge
Microsoft Edge is the default browser for Windows 10. Microsoft Edge implements a new web-based
extension model that does not use third-party add-ins or other programmatic features. For example,
Microsoft Edge does not support ActiveX controls, browser helper objects, or VBScript. However, many
enterprise organizations have line-of-business (LOB) services and web apps that depend on Internet
Explorer and various third-party add-ins and programmatic features. To help support these organizations,
Windows 10 includes Internet Explorer 11 with Enterprise Mode, which is the same version that Windows 8.1
and 7 support. This means you can use Enterprise Mode with Microsoft Edge to open Internet Explorer 11
for your business’s sites that require Internet Explorer. You can extend Enterprise Mode support to
Microsoft Edge by having Microsoft Edge open Internet Explorer 11 in any site specified on the Enterprise
Mode site list. Administrators can use existing Internet Explorer 11 Enterprise Mode site lists or they can
create new lists specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in
Windows 10 and only opening legacy LOB sites in Internet Explorer, you can help keep newer development
projects on target by using the latest Microsoft Edge standards. For organizations that have significant
legacy content, you can also configure any intranet site to open in Internet Explorer when a user navigates
to it by using Microsoft Edge. This functionality is available as part of Windows 10 and has no additional
installation requirements.
You can use the Enterprise Mode Site List Manager for Windows 10 tool to create and update the Enterprise
Mode Site List in the version 2.0 XML schema. This tool is available as a free download from the Microsoft
Download Center. If you already have an existing site list, you can import it into the tool.
Additional Reading: For more information about importing the site list, refer to Import your
Enterprise Mode site list to the Enterprise Mode Site List Manager: http://aka.ms/O5qdm2.
Before you can use the Enterprise Mode site list, you must turn on the Group Policy setting that points to
the XML file. To do so, in the Local Group Policy Editor, or a domain-level Group Policy Object (GPO),
navigate to Computer Configuration\Administrative Templates\Windows Components
\Microsoft Edge, and enable the Configure the Enterprise Mode Site List policy setting.
Application compatibility issues in the Internet Explorer Protected Mode relate to the following:
Apps that use Internet Explorer cannot write directly to disk while the computer is connected to the
Internet. Protected Mode builds on integrity mechanisms in Windows to restrict write access to
securable objects with higher integrity levels, such as processes, files, and registry keys. When you run
Internet Explorer in Protected Mode, it is a low-integrity process. It cannot gain write access to files and
registry keys in a user’s profile or system locations.
Low-integrity processes can write only to folders, files, and registry keys to which you assign a low-
integrity mandatory label. As a result, Internet Explorer and its extensions run in Protected Mode, which
can write only to low-integrity locations, such as the Temporary Internet Files folder, the History folder,
the Cookies folder, the Favorites folder, and the Windows Temporary Files folders.
Locally installed apps do not respond to messages sent from the web application. The Protected Mode
process runs with a low-integrity level, which prevents it from sending most window messages to
higher-integrity processes.
MCT USE ONLY. STUDENT USE PROHIBITED
3-6 Assessing application compatibility
Note: Because many apps verify the operating system version during install, the various
operating systems report their version number in the following manner:
Windows XP as 5.1, Windows Vista as 6.0, Windows 7 as 6.1, Windows 8 as 6.2, Windows 8.1 as 6.3,
and Windows 10 as 10.0. You can use an operating system version to specify a shim that the app
may require.
64-bit architecture
Windows 10 fully supports 64-bit architecture. The Windows 10 64-bit version can run 32-bit apps with the
help of the Windows-32-bit-on-Windows-64-bit (WoW64) emulator. Issues for applications running on for
the Windows 10 64-bit version include the following:
Apps or components that use 16-bit executables, 16-bit installers, or 32-bit kernel drivers do not start or
function properly on a computer that is running a Windows 10 64-bit edition.
32-bit kernel driver installations stop responding on a 64-bit system. If an installer adds a driver by
editing the registry, the system does not load this driver. This can cause the system to stop responding.
64-bit unsigned driver installations stop responding on a 64-bit system. If an installer adds a driver by
editing the registry, the system does not load the driver during load time when the driver is not signed.
The WOW64 emulator redirects 32-bit apps that require registry and file system access to the
appropriate folder and registry locations.
Deprecated components
Some components available in previous Windows versions are deprecated or removed from Windows 10. If
an application attempts to use a deprecated component, it might lose functionality or stop responding. For
example, the Windows Media Center has been removed in Windows 10.
The current authentication model does not require the Graphical Identification and Authentication DLL,
and it ignores all previous Graphical Identification and Authentication DLLs. This change affects any app or
hardware component that attempts to sign in by using customized sign-in apps, including biometric
devices, customized user interfaces, and virtual private network (VPN) solutions for remote users with
customized user interfaces.
Error messages. Although error messages can be frustrating and cryptic at times, they also are the first
indication that an application compatibility problem exists. For example, an error message referencing
permissions often leads to a UAC issue. Conversely, an error message about the wrong Windows
version points to an app that is querying with GetVersion for the operating system version number.
Event Viewer. Event Viewer can contain events that indicate application compatibility. The greatest
benefit of using Event Viewer is that it records and stores events in the event log. These events are
available to reference long after end users clear error messages and notifications.
Task Manager and performance-monitoring tools. Simple tasks like observing unresponsive processes
and unexpected usage of system resources can help you diagnose subtler incompatibility issues, like
invalid hardware requests or inefficient use of memory or processor cores.
User acceptance. Ultimately, users consume apps. If the users are able to use the app as they expect,
without data loss, then the app is ready for install and does not require any changes.
MAP 9.3 takes advantage of preexisting technology in the information technology (IT) environment to
enable agentless discovery of IT resources. These technologies include Windows Management
Instrumentation (WMI), Remote Registry Service, Active Directory Domain Services (AD DS), secure shell,
and the Computer Browser service.
MCT USE ONLY. STUDENT USE PROHIBITED
3-8 Assessing application compatibility
MAP 9.0 provides three key functions that aid in app and operating system migration and planning,
including:
Software-usage tracking.
Evaluations of existing hardware against the recommended system requirements for Windows 10. MAP
provides recommendations that detail which machines meet the requirements and which machines
might require hardware upgrades.
Assessments regarding the readiness of your IT infrastructure for a Windows Server 2012 R2
deployment. MAP includes a comprehensive inventory of servers, operating systems, workloads,
devices, and server roles to help in planning efforts.
Performance data for Linux-based physical and virtual machines, which you can use to perform
virtualization and private cloud planning and analysis for Windows-based and Linux-based machines in
the Hyper-V and Microsoft Private Cloud Fast Track scenarios.
Currently installed Windows client operating systems, including these systems’ hardware and
recommendations for migration to Windows 10.
An inventory and reporting of deployed web browsers, Microsoft ActiveX controls, and add-ons for
migration to Internet Explorer versions that are compatible with Windows 10.
Currently installed Windows Server operating systems, and their underlying hardware and devices, in
addition to recommendations for migration to Windows Server 2012 R2.
Currently installed Linux operating systems, and their underlying hardware and suitability for
virtualization within Hyper-V or for management by Microsoft System Center 2012 R2 Operations
Manager.
Virtual machines that are running on both Hyper-V and VMware, their hosts, and details about hosts
and guests.
Analysis of web apps, Microsoft Internet Information Services (IIS) servers, and SQL Server databases for
migration to the Microsoft Azure platform.
Detailed assessment of server utilization, and recommendations for server consolidation and virtual
machine placement by using Hyper-V.
Windows Server
SQL Server
Lync Server
You also can use the Active Users and Devices report to inventory active users and active Windows-based
devices in your environment to assess adherence to enterprise licensing agreements and Active Directory
information for your environment.
You also can use the Windows Sysinternals tool process monitor and other process monitoring tools to
verify the reason why an app is failing. These tools show you the list of files and registry settings that an app
is trying to access. Therefore, if the app is trying unsuccessfully to access a resource to which the user does
not have access, you will be able to determine to what resources the app was denied access.
Additional Reading:
The Windows Sysinternals Suite includes the process monitor tool along with many other tools and
is available as a free download. To download the Windows Sysinternals Suite, go to
http://aka.ms/P1dc88.
Identify and manage your overall application portfolio within your organization.
Verify application, device, and computer compatibility with a new version of the Windows operating
system, including determining your risk assessment.
Reduce the cost and time involved in resolving application compatibility issues.
ACT is available as part of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10.
Additional Reading: To download Windows ADK for Windows 10, which includes ACT, refer
to the Microsoft website at http://aka.ms/Miad4n.
What is the biggest concern that the Microsoft Edge browser brings to application compatibility?
People are not used to Microsoft Edge and do not know how it works.
It does not use third-party add-ins or other programmatic features, such as ActiveX controls,
browser helper objects, or VBScript.
The Internet Explorer browser has been removed from Windows 10.
Lesson 2
Mitigating application compatibility issues
Mitigating application compatibility issues in Windows 10 is not limited to local computers. You have
options for mitigating incompatibility locally by using tools such as ACT and Client Hyper-V. Other options
leverage the Windows Server 2012 R2 infrastructure to provide more robust and highly available solutions
to application compatibility problems within Windows 10. These options include Remote Desktop Services
(RDS) and Virtual Desktop Infrastructure (VDI). This lesson introduces these local and server-based
remediation methods.
This lesson covers how each of these technologies functions and each method’s use in various compatibility
scenarios.
Lesson Objectives
After completing this lesson, you will be able to:
Identify available application compatibility solutions.
Describe how you can resolve application compatibility issues by using Client Hyper-V.
Describe how you can resolve application compatibility issues by using RDS and VDI.
Discuss the process of determining an appropriate application compatibility remediation strategy for a
given scenario.
ACT
ACT can diagnose application compatibility issues
in Windows. Depending on the type of
incompatibility issues you encounter, it can also
solve application compatibility problems.
One of the greatest benefits of ACT is that it can provide a solution that requires no significant change to
the users’ operating environment. ACT mitigates compatibility issues by attaching shims to apps. Shims
redirect calls from apps to the appropriate location in Windows 10, or simulate the operating system
components that the app is attempting to access.
Client Hyper-V
Introduced in Windows 8, Client Hyper-V enables you to provide a local, virtualized environment in which
previous versions of Windows can run in virtual machines. This environment enables you to run
incompatible apps on supported versions of Windows while maintaining Windows 8 or Windows 10 as the
main operating system, and while using only local resources. If you are providing a virtual environment for
Windows XP, you must consider that Microsoft discontinued support for Windows XP in April 2014. You
should investigate a long-term solution that does not involve Windows XP.
MCT USE ONLY. STUDENT USE PROHIBITED
3-12 Assessing application compatibility
Note: You must have a computer with a 64-bit processor capable of Second-level Address
Translation (SLAT) to run Client Hyper-V in Windows 10.
RDS
RDS allows you to connect to a remote computer so that you can use resources and applications on that
computer. You can set up an RDS Server Host that is running a version of the operating system that is
compatible with specific applications, and you can allow users to connect remotely to the computer to use
specific applications. You also can use Windows Server 2008 RemoteApp to provide the same functionality,
except that RemoteApp runs the application inside its own window within the user’s desktop.
VDI
VDI combines RDS and Hyper-V virtualization technology to provide a more personalized and
compartmentalized user experience. You can use the new features in Windows Server 2012 or Windows
Server 2012 R2 to more easily implement and manage virtual machines that you use to support VDI.
You can create desktop collections, which are pooled collections that users share or dedicated personal
virtual machines that you can maintain and manage in a similar fashion to physical machines.
You can consider other methods, such as finding apps and software that better fit the Windows 10
environment. While you can consider Application Virtualization (App-V) as an option, you can use App-V
only when you have a license agreement that allows you to use the Microsoft Desktop Optimization Pack.
While App-V is not useful for app compatibility issues, a later module covers the use of App-V.
By using this method, you can mitigate application compatibility issues while isolating the app from the rest
of the host operating system. This isolation is beneficial because it can prevent a potentially incompatible
app from negatively affecting other services and apps on the Windows 10 computer.
The Hyper-V environment also is useful for testing application compatibility in different Windows versions
or for multiple configurations of an app. You can use virtual machine snapshots to capture operating
system or app configuration as it exists at a specific time. If irreparable installation or configuration errors
occur during testing, you can revert to the snapshot and then attempt various mitigation methods until one
is successful.
You can use Client Hyper-V in Windows 10 to:
Isolate an app from the host operating system. If an app is causing other apps or operating system
components to stop responding, you can run the app within a virtual machine to prevent this issue.
Run apps in other versions of Windows. Virtual machines in Hyper-V can run different versions of
Windows without affecting the state of the host operating system.
Control system resources available to an app within a virtual machine. You can limit the processor,
memory, and hard-disk usage of an app by running it within a virtual machine that has been allocated
a specific amount of system resources. This could be useful in a situation where an app consumes all of
the system memory because of a memory leak. If this situation occurs within the virtual machine, the
app will consume only the memory assigned to the virtual machine and not all of the physical memory
available to the host computer.
Test an app within a virtual machine before deploying the virtual machine to your production Hyper-V
environment. The virtualization environments in Windows 10 and Windows Server 2012 R2 are
compatible, so you can create, configure, and test virtual machines in Windows 10. After the virtual
machine is ready for the production environment, you can export the virtual machine, and then import
it directly into Windows Server 2012 R2.
You are planning to centralize your application environments. RDS enables you to centralize
application environments in a server-based solution, which you can manage in a central datacenter or
in regional datacenters.
You are combining your computing resources and users after a company merger or acquisition. You
can deliver an alternate client desktop or app alongside an organization’s existing desktops, so that
users have access to desktops and apps from both parts of the merged enterprise. This method can
accelerate the integration of the acquired company’s systems significantly.
You are delivering full desktop environments. Organizations might use RDS to deliver a new desktop
environment to computers when they do not want to or cannot upgrade the computers with a new
operating system.
You are deploying new apps rapidly across an enterprise. This method enables users to be up and
running very quickly without needing to wait for new apps to install on their desktops.
You are provisioning individual apps and desktops through a web browser to external vendors,
suppliers, or other third parties.
You want to ensure business continuity if a disaster occurs. You can use RDS to provision a full working
desktop rapidly to a newly acquired or rented population of user workstations in a new location.
You are provisioning apps that are difficult to maintain or used infrequently. The management
overhead of running such apps on end-user workstations can be significant. It can make business sense
to run them centrally, and then deliver the apps through RDS.
You are delivering data-intensive client workloads over low-bandwidth links. You can use RDS to
deliver apps over bandwidth-constrained links. This is very effective for remotely accessing and
manipulating large volumes of data, because only a screen view of the data, rather than the actual
data, is transmitted over the network to the client.
Note: Keep in mind that apps that are running on an RDS server are installed on a server
operating system, such as Windows Server 2012 R2, Windows Server 2012, Windows Server 2008
R2, or Windows Server 2008. Therefore, you need to test the app to ensure that it works properly
on the operating system, and you should ensure that other application compatibility issues do not
arise due to the server operating system.
Deployment scenarios
The two key deployment scenarios that VDI supports are personal virtual machines and pooled virtual
machines:
Personal virtual machines. When you use personal virtual machines, there is a one-to-one linking of
virtual machines to users. Each user is assigned a dedicated virtual machine, which the user can
personalize and customize. The one-to-one linking preserves any changes that the user makes.
Therefore, by deploying personal virtual desktops, you are providing great flexibility to end users.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 3-15
Pooled virtual machines. In a pooled virtual machine, VDI replicates a single image. You can store the
user state by using profiles, folder redirection, and personal disks on Windows Server 2012 and newer
versions. However, the user state does not persist on the virtual machine after the user signs out, which
frees some system resources.
Note: VDI stores personal disks as a separate virtual hard disk, which means they are
persisted for reuse.
In both cases, the Windows Server 2012 R2 solution supports image storage on the Hyper-V host, and
clients connect to the virtual machine by using RDP.
Reduce the cost and time involved in resolving application compatibility issues.
Create application mitigation packages that you can deploy to client computers.
ACT is available as part of the Windows ADK for Windows 10 Update, which contains a collection of tools
that you will use for Windows deployment.
Inventorying your portfolio of apps, ActiveX controls, and computers. You can conduct inventory by
using an inventory agent that runs on client computers.
Prioritizing and categorizing app and computer inventory. Prioritizing and categorizing your app and
computer inventory provides detailed views of inventory that you can use to analyze the stored data
fully.
Synchronizing compatibility information from the ACT community and from the Windows
Compatibility Center. The ACT community is a web service that provides compatibility information
from ISVs, in addition to compatibility information shared by other members of the IT community.
MCT USE ONLY. STUDENT USE PROHIBITED
3-16 Assessing application compatibility
Runtime analysis packages. The runtime analysis package gathers compatibility information. You install
it on computers so that you can test apps with the version of Windows that you want to deploy. The
data from the runtime analysis package replaces data from issue detectors that attempt to forecast
compatibility issues by running on a previous version of Windows.
Streamlined inventory collection. Data collection overhead is reduced because the purpose of the
inventory-collector package now is limited to inventory collection. The redesigned inventory-collector
package does not cause app conflicts because it does not interact with apps. You no longer need to
schedule the inventory-collector package to avoid conflicts.
Application grouping. The reports about apps in Application Compatibility Manager now show a single
parent entry for an app when multiple versions of the app are detected. All of these app versions are
grouped together under this entry.
Restructured ACT documentation. ACT documentation is streamlined so that you can locate
information faster and more conveniently than in previous versions of ACT.
Windows ADK integration. ACT is now part of the Windows ADK. You can install ACT by using ADK
Setup.
Categorize Activity
Categorize each item into the appropriate category. Indicate your answer by writing the category number
to the right of each item.
Items
10 Test an app within a virtual machine before deploying the virtual machine to your production
Hyper-V environment.
Lesson 3
Using ACT to address application compatibility issues
You can use ACT to resolve many Windows application compatibility issues. You can use ACT to diagnose
and remediate compatibility problems, while maintaining your users’ operating system environment and
continuing to provide apps in their native, locally installed state.
This module explains how to use ACT to provide application compatibility solutions for your organization’s
computers that are running Windows 10.
Lesson Objectives
After completing this lesson, you will be able to:
Runtime analysis-package. A DCP that you can deploy to computers in a test environment. This allows
you to perform compatibility testing on a new operating system. You deploy these packages as .msi
files to client computers.
ACT Log Processing Service. A service that you use to process the ACT log files uploaded from your
client computers. It automatically adds the information to your ACT database.
ACT Log Processing Service share. A file share that the ACT Log Processing Service accesses. It stores
the log files that are processed and added to the ACT database.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 3-19
ACT database. A Microsoft SQL Server database that stores data regarding the collected apps,
computer, device, and compatibility. You can view the information stored in the ACT database as
reports from the Application Compatibility Manager.
Microsoft Compatibility Exchange. A web service that propagates application compatibility issues from
the server to the client. It also enables client computers to connect to Microsoft through the Internet to
check for updated compatibility information.
2. The packages write log files to the ACT Log Processing shared folder.
3. The ACT Log Processing Service processes the logs, and then uploads the data to the ACT database.
4. The Application Compatibility Manager presents the collected data for analysis.
5. The Application Compatibility Manager retrieves the relevant assessments, issues, and solutions that
Microsoft, vendors, and the ACT community post.
There are two DCP types in ACT–the inventory collection package and the runtime analysis package:
Inventory collection package. You can install these packages on client computers to gather a list of
installed apps and devices. Inventory collection packages collect the following data from Windows:
o System inventory. Contains information about the client computer, including memory capacity,
processor speed, and processor architecture.
o Device inventory. Contains information about the devices that are installed on the client computer,
including a device’s model, manufacturer, and class.
o Software inventory. Contains an inventory of apps that are installed on the computer.
You should inventory all computers within the scope of your application assessment. However, the
more computers to which you deploy the inventory collection package, the larger your resultant data
set becomes. This data set could be overwhelming both in the information sent to the ACT Log
Processor and in the effort required to analyze the data.
MCT USE ONLY. STUDENT USE PROHIBITED
3-20 Assessing application compatibility
Runtime analysis package. You can use these packages to collect information about actively running
apps in the Windows environment. The runtime analysis package includes a tool called Compatibility
Monitor, which enables real-time analysis of app execution. You can also use the Compatibility Monitor
to provide feedback about apps that you run in your environment. This feedback uploads to the ACT
community database for other organizations to use in their application assessment tasks.
Works. During your organization’s testing phase, no issues with the app, installation package, or
website existed.
Works with minor issues or has solutions. During your organization’s testing phase, there were no
major issues with the application, installation package, or website.
Does not work. During your organization’s testing phase, the application, installation package, or
website experienced a major issue resulting in unexpected app termination.
You can view high-level assessment summaries and specific app, device, or website assessment details in
the applicable report screen or in the Report Detail dialog box, respectively.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 3-21
Creating and configuring the ACT database. You use the ACT database for storing information that
pertains to your organization’s inventory, including information about your computers, devices,
installed apps, and associated compatibility issues.
Creating and configuring a DCP. You use DCPs for collecting the information that the ACT database
stores. You must configure each DCP to identify the scenario related to the evaluation, such as
deploying a new operating system or service pack, applying Windows updates, or updating to a
new version of Internet Explorer. You also must configure the starting date and time for monitoring
app use.
Analyzing your compatibility data by using the Application Compatibility Manager reports. After data
collection occurs, you can organize it by using priorities, assessment ratings, categories, and
subcategories. After organizing your data, you can filter it, determine which apps have compatibility
issues, and view the information in customized reports from the Application Compatibility Manager.
You can use Application Compatibility Manager to configure, collect, and analyze data to fix any issues
detected during testing and pilot phases prior to deploying a new operating system in your organization.
The functionality that the Application Compatibility Manager performs is divided into five phases:
Phase 1: Collect inventory
Phase 3: Test
Phase 5: Mitigate
If the Application Compatibility Manager determines that the issues are valid, you can use the Compatibility
Administrator tool in ACT to create mitigation packages to fix the issues, or use the other developer tools
that the ACT provides.
The following sections provide more detail on the tasks performed in Phases 1 and 2.
Prioritize your data. Prioritize apps and computers based on how critical they are to your business.
Exclude any apps or computers that you no longer want to track or review in reports. The available
priority levels are:
o Priority 1 - Business Critical. This is the highest priority level. Assigned to business-critical items that
are so important to your organization that that they must be certified before you can deploy the
updated operating system.
o Priority 2 – Important. This is the priority level for apps, websites, and updates that your
organization regularly uses, but which your organization can continue to function without using.
You can deploy the updated operating system without certification.
o Priority 3 – Nice to have. The priority level for apps, websites, and updates that do not fall into the
previous two categories; however, you want them to appear in your ACT compatibility reports. The
updated operating system will deploy regardless of certification.
o Priority 4 – Unimportant. The priority level for apps, websites, and updates that are not relevant to
your organization’s daily functions. Use this priority level to filter out the unimportant items from
your reports.
o Unspecified. The default priority level, which is assigned automatically to all apps, websites, and
updates. You can use this priority level to denote apps that are not yet reviewed for deployment.
Categorize your data. You can create categories and subcategories, and then assign them to apps. Use
this process to view custom reports.
Select your assessment rating. Assign an assessment rating to each of your apps, application
installation packages, and websites. Base an assessment rating, which must apply to your entire
organization, on your own testing results and organizational requirements. Filter your app data,
application installation package data, and website data according to the assessment.
Phase 3: Test
In this phase, you deploy and collect data from the runtime analysis DCPs based on the information created
during phase 2.
Synchronizing compatibility issue data. Keeps your compatibility issue data current by synchronizing
with the Microsoft Compatibility Exchange. This online database provides information regarding
compatibility issues from Microsoft, ISVs, and the ACT community.
Data filtering. Creates and applies custom filtering to provide specific data for your organization and
requirements. Creates a single filter to display your compatibility data based on your priority, category,
subcategory, and assessment rating. You can view the filtered data as a customized report that you can
tailor to your organizational requirements.
Extensive reporting. Creates reports based on your deployment type, such as operating system
deployment or update impact analysis. You can filter these reports by entity, such as apps, computers,
and websites. In addition, users can view reports based on priorities or custom categories that you
created.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 3-23
Phase 5: Mitigate
After you have identified application compatibility issues that you must mitigate in your environment, you
can use mitigation tools to fix problems with application compatibility in your environment. You can use
tools like the Compatibility Administrator and Standard User Analyzer to provide mitigation or create
mitigation packages to deploy to client computers.
Some apps might not run properly under standard user credentials because they require access to
restricted file or registry locations. The Standard User Analyzer monitors and reports many issues, including
issues related to files, registry keys, initialization (.ini) files, tokens, privileges, namespaces, and processes.
You can find the Standard User Analyzer at C:\Program Files (x86)\Windows Kits\10\Assessment and
Deployment Kit\Application Compatibility Toolkit\Standard User Analyzer\.
Compatibility information from your environment, which you generate from a search tool that is
available in Compatibility Administrator. This tool allows you to verify which fixes have applied in your
environment.
Compatibility fixes created in the tool. These fixes often are referred to as shims.
MCT USE ONLY. STUDENT USE PROHIBITED
3-24 Assessing application compatibility
Compatibility modes. A compatibility mode is a collection of fixes that you can apply together.
AppHelp messages. You can create blocking and nonblocking AppHelp messages that the operating
system presents to the user when an app starts.
You can add the .msi files that the Standard User Analyzer creates as compatibility fixes in the Compatibility
Administrator tool.
Demonstration Steps
Configure ACT
1. On LON-DC1, create a new folder named ACTLogs on Local Disk (C:).
2. Open the Application Compatibility Manager, and then run the ACT Configuration Wizard, using the
following information:
4. Ensure that the ACT Log Processing Service has a status of Running.
To provide a web service that propagates application compatibility issues from the server to the
client.
To configure, collect, and analyze data to fix any issues before deploying a new operating system
or deploying a Windows update in your organization.
Note: You will not actually use the LON-CL2 virtual machine in this lab.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 45 minutes
Virtual machines: 20695C-LON-DC1, 20695C-LON-CL1
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, from the Start screen, click Hyper-V Manager.
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
o Database settings
o Preferences
6. From the Task Manager, click the Services tab, and then confirm that the ACTLogProcessor Service is
running.
4. Install SalesRuntimePKG.msi.
2. In the Application Compatibility Manager, click Analyze, and then configure the following:
o Under the Windows 10 Reports\Computers node, verify that LON-CL1 has reported information.
Double-click LON-CL1 to view reported data.
o In the Windows 10 Reports section, click Applications. Verify that applications are listed in the
details pane.
o Click the Devices node, and then verify that devices are reported for LON-CL1.
o Under Windows 10 Reports, on the Applications node, create a new category named Sales,
create a new subcategory within the Sales category named Customer Service, and then assign
Microsoft Office Excel Viewer to the Customer Service subcategory.
o On the Applications tab, assign Microsoft Office Excel Viewer a deployment status of Ready to
Deploy.
Results: After completing this exercise, you should have analyzed applications for potential compatibility
issues.
3. In the User Account Control window, type Adatum\Administrator as the username and Pa$$w0rd as
the password, and then click Yes.
4. In Compatibility Monitor, from the Advanced tools menu, run the Standard User Analyzer.
5. In the Standard User Analyzer window, browse to, and then open, the following file: C:\Program Files
(x86)\StockViewer\StockViewer.exe.
6. In Standard User Analyzer, clear the Elevate check box, and then launch StockViewer.
8. In the User Account Control window, type Adatum\Administrator as the username and Pa$$w0rd as
the password, and then click Yes.
o Click Trends.
2. Check the errors reported in the Other Objects tab in the Standard User Analyzer window.
Results: After completing this exercise, you will have mitigated application compatibility issues by using
Microsoft Application Compatibility Toolkit (ACT).
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Question: You have just installed ACT and configured the initial settings. What final task must
you complete to ensure that inventory collection occurs?
Tools
Tool Used to Where to find it
Enterprise Mode Site List Create and update the Enterprise http://aka.ms/Wn7yay
Manager for Windows 10 Mode Site List in the version 2.0 (v.2)
XML schema and import an existing
site list.
Application Compatibility A set of tools that you can use during Downloaded as part of the
Toolkit (ACT) the inventory, analyze, and mitigate Windows Assessment and
phases of the application Deployment Kit (Windows ADK),
compatibility testing process. IT available at
professionals use ACT in corporate http://aka.ms/Miad4n
environments to determine whether
apps are compatible with a new
version of the Windows operating
system before deploying the apps.
They also use ACT to determine how
an update to the new version might
affect their apps.
MCT USE ONLY. STUDENT USE PROHIBITED
4-1
Module 4
Planning and implementing user state migration
Contents:
Module Overview 4-1
Module Overview
Determining how to migrate user profiles and data is an important part of planning the deployment of a
new operating system. Many users spend a significant amount of time configuring their Windows client
operating systems to personalize display items such as desktop wallpaper, UI elements, or other operating
systems and application components. They also might save documents locally to their computers, rather
than saving them on a file server or Microsoft SharePoint Server. This grouping of specific settings, or user
state, is an important part of the migration process when you replace a computer, or when you install a new
operating system. This module will introduce you to user state migration, and to the tools and methods
that you can use to plan and implement a user state migration in the Windows software environment.
Objectives
After completing this module, you will be able to:
Describe user state migration.
Identify the features of the User State Migration Tool (USMT) 5.0.
Lesson 1
Overview of user state migration
User state migration enables you to retain users’ settings and preferences when it is necessary for them to
change their operating systems or computers. You can perform user state migration by using a variety of
tools, in scenarios ranging from a single user on a stand-alone computer to thousands of users in an
enterprise environment.
This lesson introduces user state migration in detail. In this lesson, you also will identify and discuss the key
tools that you can use to perform user state migration.
Lesson Objectives
After completing this lesson, you will be able to:
Identify tools that you can use for user state migration.
User settings. This component describes all settings that a user has personalized after the operating
system was installed.
User registry. This is the part of the machine’s registry that is specific to each user. Registry hive
HKEY_CURRENT_USER (HKCU) stores settings that are specific to the currently signed-in user. The
HKCU registry key is a link to the HKEY_USERS subkey that corresponds to the user. The same
information is accessible in both locations. On computers that run Windows 7 or newer, each user's
settings are stored in their own files, named NTUSER.DAT and USRCLASS.DAT. These files are in their
Users folder on the boot volume. Settings in the HKCU hive follow users with a roaming profile from
machine to machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-3
Application Data. Application Data (or AppData) is one of the folders that are part of user state. This
folder contains mostly application settings that are specific to a user. For example, if a user installs
Microsoft Word 2016, and personalizes settings to fit his or her needs, such as adjusting toolbars,
proofing, or language settings, Word stores these settings in the Application Data folder. Although all
well-designed applications should ideally store the user’s settings in the same folder, it is not possible
to enforce this behaviour because it is entirely up to the developers.
o In previous versions of Windows operating systems, the Application Data folder stored
application-related data with little or no separation of user-related or computer-related
application settings. However, in Windows 7 and newer versions, the AppData folder replaces the
Application Data folder, and it provides a high degree of separation for user-related and
computer-related application settings. In Windows 7 and newer Windows versions, the AppData
folder is stored in the user’s profile folder.
User data. This component contains all user-specific data, such as files, in the Documents folder,
Favorites folder, and Pictures folder.
Settings might be stored in the registry, .ini files, or in text or binary files. To determine the location of an
application setting, review the application’s documentation or relevant websites.
Replace scenario. When deploying a new operating system to new computers, you can capture the
user state from source computers before or after you deploy the operating system to destination
computers. After the operating systems deploy to the destination computers, you can restore the user
states on these computers. In this scenario, the source and destination computers are different
computers.
Refresh scenario. When upgrading operating systems on computers that have existing operating
systems, you can capture the user state, store it in temporary storage, deploy the operating systems,
and then restore the user state on the upgraded computers. In this scenario, the source and destination
computers are the same computers.
MCT USE ONLY. STUDENT USE PROHIBITED
4-4 Planning and implementing user state migration
Note: Microsoft Deployment Toolkit (MDT) 2013 Update 2 also supports an in-place upgrade
from Windows 7 or newer which maintains user profiles and installed applications. This upgrade
does not employ the USMT and you cannot specify what settings will be migrated. The in-place
upgrade migrates all profiles and settings.
When you deploy Windows 10 to a computer that has an existing, supported Windows operating system,
Windows creates a Windows.old folder. You can migrate user settings from that folder. Windows 10 enables
nondestructive deployment because a Windows 10 installation does not wipe out the target partition and
preserves data in its original location.
The previous Windows installation folder, the Program Files folder, and the Users folder move to the
Windows.old folder, whereas user data in the root folder remains unchanged. However, it is not possible to
start the computer by using the files in the Windows.old folder.
Because roaming user profiles contain almost the entire user state, it is a simpler solution to use. However,
you cannot use this solution if the users save data outside of their profile or if the applications save settings
outside of the users’ profile, in either the registry or the file system. Although roaming user profiles is a
good solution in the absence of other solutions, because a profile can grow to a large size, synchronization
can take a considerable amount of time.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-5
Folder redirection
Folder redirection allows users or administrators to redirect the path, manually, of a known folder to a new
location. Administrators typically use Group Policy for folder redirection. The new location can be a folder
on the local computer or a directory on a shared network folder. Users interact with files in the redirected
folder as if it still existed on the local drive. For example, you can redirect the Documents folder, which
typically is on a local drive, to a network location. The files in the folder then are available to the user from
any computer on the network. Windows 10 supports the redirection of the following 13 folders found within
user profiles: AppData\Roaming, Desktop, Start Menu, Documents, Pictures, Music, Videos, Favorites,
Contacts, Downloads, Links, Searches, and Saved Games.
You also can use folder redirection to minimize the size of the roaming profile. However, you cannot
redirect all data in the user’s profile. The AppData folder contains three subfolders, named Local, LocalLow,
and Roaming. You can redirect the Roaming folder only. Redirecting the Roaming folder can cause issues,
because not all applications do well with a redirected AppData folder. For example, when the same user
signs in to more than one workstation, this can cause the files and settings to be updating at the same time.
Most administrators only want to target the business applications that have settings that need to roam. UE-
V provides the administrator this choice by using settings location templates. Administrators also can roll
back settings due to unexpected changes on a per-application basis, and do not have to roll back the entire
user profile.
USMT captures:
User accounts
User files
You can automate USMT as part of the deployment phase when using either Microsoft Deployment Toolkit
(MDT) or Microsoft System Center Configuration Manager for deployment. Windows Assessment and
Deployment Kit (Windows ADK) includes USMT.
Limitations of USMT
USMT is appropriate for large Windows automated deployments. Scenarios where USMT is not a good fit
include:
Question: What is the difference between a replace scenario and a refresh scenario?
Lesson 2
Overview of USMT 10.0
USMT 10.0 can simplify user state migration during large-scale Windows deployments. USMT captures user
state from the old Windows installation, and then migrates them to a new Windows installation. You can
use USMT for both PC replace and PC refresh migrations.
USMT consists of three command-line interface (CLI) tools: Scanstate.exe, Loadstate.exe, and
USMTUtils.exe.
This lesson describes the features of USMT 10.0 and its use in performing a user state migration.
Lesson Objectives
After completing this lesson, you will be able to:
1. Run the LoadState tool on the destination computer. Specify the same set of .xml files that you
specified when you used the ScanState tool. However, you do not have to specify the Config.xml file,
unless you want to exclude some files and settings that you migrated to the store. Sign out after
running the LoadState tool.
2. Some settings, such as fonts, wallpaper, and screen savers, will not take effect until the next time the
user signs in.
Features of USMT 10
USMT 10 includes the following features:
Command-line switches for USMTUtils.exe that you can use to ensure data consistency in data stores
and extract specific files from a store. These switches include:
o /verify. Use the verify option after gathering a ScanState compressed store. This verifies the
consistency of the store and checks for corrupted files or a corrupted catalog. The verify switch is a
reporting tool only. It cannot fix a corrupt store.
o /extract. Use the /extract option if you want to restore only specific files, or if you cannot restore a
compressed store with LoadState. There are several situations in which you can use the /extract
option:
If a store was partially corrupt after validation.
If LoadState cannot operate normally on a destination computer.
If a user deletes a file shortly after LoadState restoration, but before his or her backups run.
This capability can restore files based on include and exclude patterns. The /extract switch
restores files only. It does not restore registry information or settings.
Hard-link migration store. For use in the refresh computer scenario, hard-link migration stores are
saved locally on the computer that is being refreshed. It improves migration performance significantly
and reduces hard-disk utilization. A hard-link migration store also reduces deployment costs and
enables entirely new migration scenarios.
Offline migration. This enables you to collect data from offline Windows operating systems by using
the ScanState tool in the Windows Preinstallation Environment (PE). Furthermore, USMT 10 supports
migrations from previous operating system installations that are in Windows.old directories. The offline
directory can be a Windows directory when you run the ScanState tool in Windows PE, or Windows.old
when you run the ScanState tool in the Windows operating system.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-9
Benefits of USMT
USMT provides several benefits to businesses that are deploying Windows operating systems, including
that it:
Migrates user accounts, operating system settings, and application settings safely.
Reduces the cost of deploying the Windows operating system by preserving the user state. This
reduces the time necessary for users to become familiar with a new operating system, which in turn
reduces the time necessary for users to customize desktops and locate missing files and settings.
Reduces end-user downtime, which reduces help-desk calls and increases employee satisfaction.
LoadState then transfers files to their correct locations, deletes their temporary copies, and begins
migrating more files. Compression improves performance by reducing network bandwidth usage and
the space that the store requires. You can turn off compression by using the /nocompress option.
USMTUtils. This tool can perform several functions relating to compression, encryption, and validation
of a migration store. USMTUtils also can extract files manually if your data store becomes corrupt or
your hard-link store becomes locked.
Migration XML files. These are the XML files that USMT uses for migrations. These include the
MigApp.xml, MigUser.xml, or MigDocs.xml files, and any custom .xml files that you create:
o MigApp.xml. This file contains rules for migrating application settings.
o MigDocs.xml. This file contains rules for the MigXmlHelper.GenerateDocPatterns helper function,
which can find user documents on a computer automatically without creating extensive custom
migration .xml files.
o MigUser.xml. This file contains rules for migrating user profiles and data.
Config.xml. To exclude data from the migration, you can create and modify the Config.xml file by using
the /genconfig option with the ScanState tool. This optional file has a different format from the
migration .xml files, because it does not contain migration rules.
The Config.xml file lists the elements that you can migrate. Specify migrate=“no“ for the elements that
you want to exclude from the migration. You also can use this file to control some migration options
for USMT.
MCT USE ONLY. STUDENT USE PROHIBITED
4-10 Planning and implementing user state migration
Component manifests for Windows 7 and newer. If the source or destination computer is running
Windows 7 and newer, the component-manifest files control which operating system settings migrate
and how they migrate.
o These files are located on computers that are running Windows 7 and newer, and you cannot
modify them. If you want to exclude certain operating system settings when the source computer
is running Windows 7 and newer, you need to create and modify a Config.xml file.
USMT internal files. All other .dll, .xml, .dat, .mui, and .inf files included with USMT are for USMT internal
use. You should not modify these files, and the migration process would most likely fail if you attempt
to do so.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Lesson 3
Planning user state migration
Carefully planning user state migration can help ensure that the migration proceeds smoothly and reduces
the risk of migration failure. In migration planning, you must first identify what to migrate, such as user
settings, applications and application settings, and personal data files and folders. By identifying the
applications that you want to migrate, you can avoid capturing data for applications that you expect to
discontinue.
One of the most important requirements for migrating settings and data is to restore only the information
that the destination computer requires. Even if the data captured on the source computer is more
comprehensive than the data restored for backup, it is redundant to restore data or settings for applications
that users will not install on the destination system, and it can introduce instability in the newly deployed
computer.
Lesson Objectives
After completing this lesson, you will be able to:
Determine what to migrate. Consider migrating user-state elements, which include end-user
information, application settings, operating system settings, files, folders, and registry keys.
Determine where to store your data. Based on the size of your migration store, you can store data
remotely on a file share, locally in a hard-link migration store, on a local external storage device, or
directly on the destination computer.
Estimate the time it will take to do the migration. Do not underestimate the amount of data users store
locally on their computer. It may take several hours, per computer, to perform the migration,
depending on the size of the migration store and the network speed.
MCT USE ONLY. STUDENT USE PROHIBITED
4-12 Planning and implementing user state migration
Use the /genmigxml command-line option to select the files that you will include in your migration
and to determine whether any modifications are necessary. The /genmigxml option specifies that the
ScanState tool must use the document finder to create and export an XML file. This file defines how to
migrate the files on the computer on which the ScanState tool is running.
Modify the migration XML files and create custom .xml files, if necessary. To modify migration
behavior, you can create a custom .xml file or modify the rules in existing migration .xml files. For
example, an organization might want to migrate the \Data folder on drive C but not the \Data\tmp
folder on drive C.
Create a Config.xml file to exclude any elements from a migration. To create this file, use the
/genconfig option and the .xml files you want to exclude when you use the ScanState tool.
Review the migration state in the Config.xml file and specify migrate=no for any element that you do
not want to migrate.
Offline. In an offline migration, ScanState runs against a copy of the Windows operating system that is
not running. This can be done by:
a. Running ScanState from the Windows PE environment, and collecting data from an existing
version of the Windows operating system.
b. Running ScanState against the Windows.old directory that contains data from the previous
Windows installation.
In the PC refresh scenarios, the source and destination computers are the same. Windows 10 replaces the
old operating system, and you preserve and migrate the user state to Windows 10 by using USMT.
1. Collect user state data with ScanState and save it to a migration store.
3. Use LoadState to restore user state by using preserved data from the migration store.
You can collect the user state data in step 1 online or offline. There are several ways to perform a PC refresh
migration. The method that you select depends on several factors, including how you install Windows 10
and which resources you have available.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-13
1. On each computer, boot the machine into Windows PE, and then run the ScanState command-line
tool, specifying the /hardlink /nocompress options. ScanState saves the user state to a hard-link
migration store on each computer, which improves performance by minimizing network traffic.
2. On each computer, install the company’s standard image that includes Windows 10 and company
applications.
3. Run the LoadState command-line tool on each computer. LoadState restores each user state back to
each computer.
1. On each computer, from the original operating system, run ScanState, and then specify the file server
as the location for the migration store.
2. On each computer, install the company’s standard image that includes Windows 10 and company
applications.
3. Run LoadState on each computer, which will restore the user state from the previous version of the
Windows operating system.
1. On each computer, from the original operating system, run ScanState with the /hardlink and
/nocompress options. This will save the user state to a local, hard-link migration store on the computer.
The ScanState process completes faster because the files do not have to transfer across the network or
write to an external disk. The files do not even move on the disk, but instead remain in their original
location.
2. On each computer, install the company’s standard image that includes Windows 10 and company
applications.
3. Run LoadState on each computer, which will restore the user state from the previous version of the
Windows operating system.
You will perform an offline migration from within the newly installed Windows 10 operating system by
using the Windows.old directory and a hard-link migration store. For this scenario, you need to perform the
following procedure:
1. On each computer, install Windows 10 without reformatting or repartitioning the operating system
drive, and then install all required applications.
2. Run ScanState and then run LoadState on each computer with the /hardlink and /nocompress options.
MCT USE ONLY. STUDENT USE PROHIBITED
4-14 Planning and implementing user state migration
2. On each of the destination computers, deploy Windows 10 by using the company’s standard Windows
deployment process.
3. On each of the destination computers, run LoadState, which restores the user state from the source
computer.
1. On each of the managers’ old laptops, run ScanState to export the user state to the migration store on
the file server.
2. On each of the new laptops, deploy Windows 10 by using the company’s standard Windows
deployment process.
3. On each of the new laptops, run LoadState, which will restore the user state from the managers’ old
laptops.
4. On each of the old laptops, deploy Windows 10 using the company’s standard Windows deployment
process. No user state migration is necessary for the new employees’ laptops.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-15
1. On each of the source computers, configure System Center Configuration Manager, MDT, or a logon
script to run ScanState. Store the user state data in the migration store on the file server.
2. On each of the new computers, deploy Windows 10 by using the company’s standard Windows
deployment process. This involves using System Center Configuration Manager, MDT, or Windows
Deployment Services.
3. On each of the source computers, configure System Center Configuration Manager, MDT, or a logon
script to run LoadState. Restore the user state data from the migration store on the file server.
User data
ScanState uses rules in the MigUser.xml file to collect everything in a user’s profile. ScanState then performs
a file extension–based search on most of the system for other user data.
By default, USMT migrates the following user data and access control lists (ACLs) by using the MigUser.xml,
MigDocs.xml, and MigApps.xml files:
Folders from each user profile. USMT migrates everything in a user’s profile, including Documents,
Video, Music, Pictures, Desktop files, Start menu, Quick Launch settings, and Favorites.
Folders from the All Users and Public profiles. USMT also migrates the following from the Public profile
in Windows 7 or newer: Shared Documents, Shared Video, Shared Music, Shared Desktop files, Shared
Pictures, Shared Start menu, and Shared Favorites.
File types. The ScanState tool searches the fixed drives and collects and migrates files that have any of
the following file name extensions: .accdb, .ch3, .csv, .dif, .doc*, .dot*, .dqy, .iqy, .mcw, .mdb*, .mpp,
.one*, .oqy, .or6, .pot*, .ppa, .pps*, .ppt*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt,
.vl*, .vsd, .wk*, .wpd, .wps, .wq1, .wri, .xl*, .xla, .xlb, or .xls*.
Files outside of a user profile that do not match one of the file name extensions in the MigUser.xml file.
The following list includes some of the operating system components that migrate with USMT:
Network printers
Folder Options
Supported applications
We recommend that you install all applications on the destination computer before restoring the user state.
This ensures that you preserve migrated settings. If you install the application after the user state has been
migrated, the installation might overwrite the users’ settings.
The installed applications’ versions must match on the source and destination computers. USMT does not
support migrating the settings of an earlier version of an application to a later version, except for Microsoft
Office. USMT only migrates settings that users have changed. Default application settings might not be
migrated if the user has not changed the settings from the default values. If you specify the MigApp.xml
file, USMT will migrate settings for many of the applications.
Application settings. USMT does not migrate settings from earlier versions of an application.
Additionally, it does not migrate application settings, and some operating system settings, when you
create a local account.
Existing applications. USMT does not migrate existing applications. You have to reinstall all applications
on the destination computer before restoring the application settings.
Operating system settings. USMT does not migrate the following operating system settings.
Files and settings migrating between operating systems with different languages.
USMT is an administrator tool. If you run the USMT as a standard user, either the tool will not run or only
the current user will be migrated. Depending on the Windows version that you install, USMT will not
migrate some operating system settings.
Identify users
You should consider how to migrate users carefully. You can specify which users to include and exclude at
the command prompt with user options.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-17
If local user accounts do not exist on the destination computer, use the /lac option with the LoadState
command. If you do not use this option, USMT will not migrate these accounts.
You may need to create new user accounts on the destination computer. The /lae option enables the
account that was created by using the /lac option. If you create a disabled local account by using only
the /lac option, a local administrator must enable the account on the destination computer.
You should be careful when specifying a password for local accounts. The /lac:[Password] allows you
to specify a password when the local user accounts are created. If you create a local account that has a
blank password, anyone can sign in to that account on the destination computer. If you create a local
account that has a password, the password is available to anyone with access to the folder where you
store the USMT command-line tools and accompanying scripts.
Source and destination computers do not have to be connected to the domain for domain user profiles
to migrate.
Identify an experienced application owner to provide insight into how the organization installs,
configures, and uses the various applications.
After you complete the list of applications to migrate, review the list, and then work with each
application owner to develop a list of settings to migrate.
Consider whether the destination version of the application is newer than the source version and if the
existing settings work with the new version.
Create a custom .xml file to migrate the settings, and work with application owners to develop test
cases. Typically, you continue to perform migration testing for application settings to determine if the
settings have migrated successfully.
Any previous experiences with migration, or the results of any surveys and tests that you conduct.
The number of help desk calls related to operating system settings that you have had in the past, and
how many you think you will receive in the future.
Divide the settings into three categories: settings that users must have to do their work, settings that
make the work environment more comfortable, and settings that might reduce help-desk calls.
Migrating these items can increase user productivity and overall satisfaction with the migration
process.
Because users may not remember how to apply all operating system settings, the operating system
settings are often an overlooked part of user state migration.
MCT USE ONLY. STUDENT USE PROHIBITED
4-18 Planning and implementing user state migration
Identify and locate the nonstandard locations. Consider the file types that you want to include and
exclude in the migration, the locations that you want to exclude, and new locations to which you want
to migrate files on the destination computer.
After verifying which files and file types end users regularly utilize, you need to locate the files.
Compressed. The compressed migration store is a single-image file that contains all of the files and
settings that you are migrating, as well as a catalog file. This image file often is encrypted and
password-protected, and you cannot navigate it by using Windows Explorer. ScanState creates a
compressed migration store by default.
Hard-link. A hard-link migration store functions as a map that defines how a collection of bits on the
hard disk integrates into the file system. You can use the hard-link migration store only in the refresh
computer scenario. This is because the hard-link migration store is maintained on the local computer,
while you remove the old operating system and install the new operating system.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-19
Using a hard-link migration store saves network bandwidth, and minimizes both the time and storage
space required to perform the migration. Keeping files in place on the local computer eliminates
redundant files. Additionally, it benefits performance and reduces disk usage. Create a hard-link
migration store by using the /hardlink option when ScanState is running. Hard-link migration is almost
identical to an uncompressed migration store. It is stored at a location that you specify by using the
ScanState command-line tool, and you can view the store’s contents by using Windows Explorer. After
you create the store, you can delete or copy it to another location without changing the user state.
Restoring a hard-link migration store is similar to restoring any other migration store.
The amount of space that the store requires will vary depending on your organization’s local storage
strategies. For example, one key element that determines the size of migration data sets is email storage. If
your organization stores email centrally, data sets will be smaller. If your organization stores email locally,
such as by using offline storage files, data sets will be larger. Mobile users most likely will have larger data
sets than workstation users. Perform tests and inventory the network to determine the average size of your
organization’s data sets. During the tests, measure the time that you need to perform the migration. Several
companies have had to extend the time to finish migration due to the extended time it takes to copy huge
amounts of data to and from the network’s shared folder.
If you use hard-link migration, you do not have to estimate the size of the migration store because files do
not move from the local disk. This is only possible in the PC Refresh scenario.
You should consider the following issues when determining how much disk space you will need:
Email. If users manage a large volume of email or keep email on their local computers instead of on a
mail server, this email can occupy as much disk space as all other user files combined. Before migrating
user data, ensure that users who store email locally synchronize their Inbox folders with their mail
server.
User documents. The size required for user documents varies greatly depending on the types of files
involved. You should look at sample folders of user documents before performing calculations for
storage requirements.
For example, an architectural firm that uses computer-aided design files needs much more space than
a law firm that primarily uses word-processing documents. You do not have to migrate the documents
that users store on file servers through mechanisms such as folder redirection, as long as users will have
access to these locations after the migration.
User operating system settings. 5 MB usually is a sufficient amount of space for saving registry settings.
However, this requirement can fluctuate based on the number of applications that a user installs on his
or her computer.
If you choose the replace scenario, or if the local computer has insufficient space, you must store the user
state data remotely. For example, you can store it in on a shared folder or removable media.
MCT USE ONLY. STUDENT USE PROHIBITED
4-20 Planning and implementing user state migration
You can also store it directly on the destination computer. For example, you can create and share C:\store
on the destination computer, run the ScanState tool on the source computer, save the files and settings to
\\DestinationComputerName\store, run the LoadState tool on the destination computer, and then specify
C:\store as the store location. By doing this, you do not have to save the files to a server.
Migration store. For migrations that do not use a hard links, ensure that there is enough available space
on the location where you want to store the migrated data. You can save your migration store to
another partition or an external storage device, such as a USB flash drive or a server.
Source computer. The source computer must have enough available space for the following:
o 250 MB minimum of hard disk space. This is required to support USMT operations, such as the
growth in the page file. If every volume involved in the migration is formatted for the NTFS file
system, 250 MB may be enough to ensure success for almost every hard-link migration, regardless
of the migration’s size. USMT will not create the migration store if 250 MB of disk space is not
available.
o Temporary space for USMT to run. Additional disk space for USMT to operate is required. This does
not include the minimum 250 MB required to create the migration store. ScanState can calculate
the temporary space that you will require.
o Hard-link migration store. You do not have to estimate the size of a hard-link migration store. The
only case in which the hard-link store can be large is when non-NTFS file systems exist on the
system and contain data that you are migrating.
Destination computer. The destination computer must have enough available space for the following:
o Operating system.
o Applications.
o Data being migrated. In addition to the files being migrated, registry information also requires
hard-disk space for storage.
o Temporary space for USMT to run. Additional disk space for USMT to operate is required.
ScanState can calculate the temporary space that you will require.
Create an XML file that includes an improved space estimate for the migration store by using the /p option
of the ScanState tool. This option creates an XML file in the path that you specify.
The following example shows the ScanState command to create this .xml file:
The report returns the disk-space requirements in bytes, so in the sample report, the store is approximately
10.5 gigabytes (GB) and the temporary space is 55 MB.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Lesson 4
Migrating user state by using USMT
USMT is the recommended tool for scenarios in which you have many computers to migrate. You must
spend time configuring the migration .xml files, and you may have to create Config.xml and other custom
.xml files to provide additional customization for your migration. After configuring your migration settings,
you migrate the user state by using USMT, and then run the ScanState and LoadState tools to capture and
restore user state data.
This lesson describes how to edit USMT migration files. Typically, the basic settings for USMT migration
scripts are configured automatically when you perform lite-touch installation and zero-touch installation
deployments by using MDT and Configuration Manager. Therefore, you might only have to edit the files
manually for advanced settings.
Lesson Objectives
After completing this lesson, you will be able to:
Must be UCS Transformation Format 8 (UTF-8). You must save the file in this format, and you must
specify <?xml version=“1.0“ encoding=“UTF-8“?> at the beginning of each .xml file.
Must have a unique migration urlid. The urlid of each file that you specify at the command prompt
must be different. If two migration .xml files have the same urlid, the second .xml file that you specify
at the command prompt will not be processed. This is because USMT uses the urlid to define the
elements within the file.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-23
Each element in the file must have a display name for it to appear in the Config.xml file. This is because
the Config.xml file defines the elements by the display name and the migration urlid. For example,
specify My Application.
Scanstate.exe /genmigxml:<xmlfilename>.xml
o Checking for the correct version of the executable application file by using the
DoesFileVersionMatch helper function.
2. If the correct version of the application is installed, ensure that each setting is migrated to the
appropriate location on the destination computer:
o If the versions of the applications are the same on the source and destination computers, migrate
each setting by using the <include> and <exclude> element.
o If the version of the application on the destination computer is newer than the one on the source
computer, and the application cannot import directly without modification, your script must add
the set of files that trigger the import by using the <addObjects> element. Alternatively, your
script must create a mapping that applies the old settings to the correct location on the
destination computer by using the <locationModify> element and the RelativeMove and
ExactMove helper functions.
o You must install the application before migrating the settings. You can delete any settings that are
on the destination computer by using the <destinationCleanup> element.
<!-- Describe the pattern for the list of objects to be excluded from migration -->
<objectSet>
<pattern type="Registry">HKCU\Software\MyApp [Display]</pattern>
</objectSet>
</exclude>
</rules>
</role>
</component>
</migration>
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-25
The following syntax provides an example of how you can configure ScanState to scan a source computer:
The Config.xml file has a different format compared to other migration .xml files because it does not
contain any migration rules. It only contains a list of the operating system features, applications, and user
documents that can be migrated, as well as user-profile and error-control policies. For this reason,
excluding features by using the Config.xml file is easier than modifying migration .xml files, because you do
not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in
this file.
After you create and alter the config.xml file to satisfy of your migration’s requirements, you should include
it in the migration with the /config parameter.
For example, use the following command to create a store that is encrypted by using the Config.xml file
and the default migration .xml files:
The ScanState tool provides various options related to specific categories, which the following sections
explain.
Storage Options
The following table describes the storage options that you can configure by using ScanState.
Option Description
Storepath Specifies the folder in which you want to save the migration store.
StorePath cannot use drive C. You must specify the StorePath
option in the ScanState command. The only exception is when
using the /genconfig option. You can specify only one StorePath
location.
/vsc Specifies that the volume shadow copy service should migrate files
that are locked or in use. This command-line option eliminates
most file-locking errors that the <ErrorControl> section typically
encounters. You can only use this option with the ScanState
command, and you cannot combine it with the /hardlink option.
/hardlink Creates a hard-link migration store at the location that you specify.
You must specify the /nocompress option with the /hardlink
option.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-27
Option Description
/encrypt:”keystring” Encrypts the store with the key that you specify. You must enable
or encryption, because it is disabled by default. With this option, you
must specify the encryption key in one of the following ways:
/encrypt /keyfile:[Path\]Filename
/key: KeyString specifies the encryption key. If there is a space in
KeyString, you will need to enclose it with quotation marks.
/keyfile:[Path\]FileName specifies a text (.txt) file that contains
the encryption key.
For security reasons, you should use a KeyString that is at least
eight characters long. It cannot exceed 256 characters. The /key
and /keyfile options cannot be used on the same command line.
Additionally, you cannot use the /encrypt and /nocompress
options on the same command line.
Use caution because anyone who has access to the ScanState script
also will have access to the encryption key.
The following example shows the ScanState command and the
/key option:
scanstate /i:miguser.xml /i:migapp.xml
\\fileserver\migration\mystore /encrypt /key:mykey
Option Description
/i:[Path\]FileName Specifies an .xml file that contains rules that defines what
applications and settings to migrate. You can specify this option
multiple times to include all of your .xml files, such as MigApp.xml,
MigUser.xml, and any custom .xml files that you create (except
config.xml). You must specify the config.xml file with the /config
option. The path can be a relative or full path. If you do not specify
the full path, then FileName must be located in the current
directory.
/genconfig:[Path\]FileName Specifies the Config.xml file that the ScanState command must use
to create the store. You can only use this option once at the
command prompt. The path can be a relative or full path. If you do
not specify the full path, FileName must be located in the current
directory.
The following example shows the ScanState command to create a
store by using the Config.xml file, MigUser.xml and MigApp.xml
files:
scanstate /i:migapp.xml /i:miguser.xml
/genconfig:config.xml /v:13
/config:[Path\]FileName Specifies the Config.xml file that the ScanState command must use
to create the store. You can only use this option once at the
command prompt. The path can be a relative or full path. If you do
not specify the full path, FileName must be located in the current
directory.
The following example shows the ScanState command to create a
store by using the Config.xml file, MigUser.xml and MigApp.xml
files:
scanstate \\fileserver\migration\mystore
/config:config.xml /i:miguser.xml /i:migapp.xml /v:13
/l:scan.log
/localonly Only migrates files that are stored on the local computer. This
option will disregard the rules in the .xml files that you specify at
the command line. Use this option to exclude the data from
external drives on the source computer, such as USB flash drives
and external hard drives, and mapped network drives. If you do
not specify the /localonly option, the ScanState command will
copy files from these drives into the store.
The /localonly command-line option includes or excludes data in
the migration, according to the following list:
Flash drive: Excluded
Network drive: Excluded
Fixed drive: Included
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-29
Monitoring options
USMT provides several options that you can use to analyze problems that occur during migration. The
following table describes the monitoring options that you can configure by using ScanState.
Option Description
/listfiles:FileName Generates a text file that lists all of the files that the migration
includes.
/l:[Path\]FileName Specifies the location and name of the ScanState log. The
ScanState log is created by default, but you can specify the name
and location of the log with the /l option. The path can be a
relative or full path, but not Storepath. If you do not specify the full
path, the ScanState tool will create the log in the current directory.
You can use the /v option to adjust the amount of logged
information. If you run the ScanState or LoadState commands
from a shared network resource, you must specify this option or
USMT will fail with the “USMT was unable to create the log file(s)“
error. To fix this issue, use the /l:scan.log command.
/v:VerbosityLevel Enables verbose output in the ScanState log file. The default value
is 0.
You can set the VerbosityLevel to one of the following levels:
0: only the default errors and warnings are enabled.
1: enables verbose output.
4: enables error and status output.
5: enables verbose and status output.
8: enables error output to a debugger.
9: enables verbose output to a debugger.
12: enables error and status output to a debugger.
13: enables verbose, status, and debugger output.
The following example shows the ScanState command and the /v
option:
scanstate \\fileserver\migration\mystore /v:13
/i:miguser.xml /i:migapp.xml
MCT USE ONLY. STUDENT USE PROHIBITED
4-30 Planning and implementing user state migration
User options
By default, all users are migrated. The only way to specifically include or exclude users is with user options.
You cannot exclude users in the migration .xml files or by using the Config.xml file. The following table
describes the user options that you can configure with ScanState.
Option Description
/all Migrates all of the users on the computer. USMT migrates all user
accounts on the computer unless you specifically exclude an account
with either the /ue or /uel options. For this reason, you do not need
to specify this option at the command line. However, if you choose
to specify the /all option, you cannot use the /ui, /ue, or /uel
options.
/ui:DomainName\”User Name” Migrates the specified users. By default, all users are included in the
or migration. Therefore, this option is helpful only when you use it with
the /ue or /uel options. You can specify multiple /ui options, but the
/ui:LocalUserName
/ui option cannot be used with the /all option. DomainName and
UserName can contain the wildcard character (*). When you specify a
user name that contains spaces, you need to place it in quotation
marks.
The following example shows the ScanState command to include
only local users:
/ue:*\* /ui:%computername%\*
/uel:NumberOfDays Migrates the users who signed in to the source computer within the
or specified period, based on the Last Modified date of the Ntuser.dat
file on the source computer. For example, the /uel:30 option
/uel:YYYY/MM/DD
migrates users who signed in within the last 30 days from the date
or when the ScanState command is run. It also is possible to specify a
/uel:0 date, in the YYYY/MM/DD format.
/uel:0 will only migrate currently signed in users.
The following example shows the ScanState command to include
only users that have signed in at least once since January 31, 2014:
/uel:2014/01/31
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-31
Option Description
/ue:DomainName\”User Name” Excludes the specified users from the migration. You can specify the
or /ue option multiple times on the command-line. You cannot use this
option with the /all option. <DomainName> and <UserName> can
/ue:LocalUserName
contain the asterisk (*) wildcard character. When you specify a user
name that contains spaces, you need to surround it with quotation
marks.
The following example shows the ScanState command to exclude
users from the adatum domain:
/ue:contoso\*
Option Description
/efs:hardlink Creates a hard link to the Encrypting File System (EFS) file instead of
copying it. Use only with the /hardlink and the /nocompress
options.
/efs:abort Causes the ScanState command to fail with an error code if it locates
an EFS file on the source computer. This is the default action.
/efs:skip Causes the ScanState command to ignore EFS files and not include
them in the migration store.
/efs:copyraw Causes the ScanState command to copy the files in the encrypted
format. The files will be inaccessible on the destination computer
until EFS certificates are migrated. If you use this option, ensure that
the certificates will be migrated.
The following syntax provides an example of how you can configure ScanState to scan a source computer:
Storage options
The following table describes the storage options you can configure by using LoadState.
Option Description
/StorePath This is the folder that stores the files and settings. StorePath is
a required option when you use the LoadState command. You
can specify only one StorePath.
/decrypt /key:"KeyString" Specify the encryption key in one of the following ways:
or /key:KeyString specifies the encryption key. If there is a
/decrypt /keyfile:[Path\]FileName space in KeyString, the KeyString must be surrounded with
quotation marks.
/keyfile:FilePathAndName specifies a text (.txt) file that
contains the encryption key.
Option Description
/i:[Path\]FileName Specifies an .xml file that contains rules that define what to
migrate. You can specify this option more than once to include all
the .xml files, such as MigApp.xml, MigSys.xml, MigUser.xml, and
any other custom .xml files that you create.
/config:[Path\]FileName Specifies the Config.xml file that the LoadState command must
use. You can only specify this option once at the command
prompt. The path can be a relative or full path. If you do not
specify the full path, then the FileName must be located in the
current directory.
Monitoring options
USMT 10 provides several command-line options that you can use to troubleshoot problems that might
occur during the migration. The monitoring options and syntax is the same as it is for the scanstate.exe
command.
User options
All users are migrated by default. You can include and exclude users by using user options. You can only
exclude users with these options. You cannot exclude users by using one of the .xml files. The following
table describes the user options that you can configure with LoadState.
Option Description
Option Description
Reduced complexity. In refresh computer scenarios, migrations from the Windows.old directory reduce
complexity by eliminating the need to run the ScanState tool before you deploy the operating system.
Additionally, migrations from the Windows.old directory enable ScanState and LoadState to be run
successively.
Improved performance. When USMT runs in a Windows PE environment, it has better access to
hardware resources. The file system creates links to the files as opposed to moving or copying them,
which may increase performance on older machines with limited hardware resources and numerous
installed software applications.
New recovery scenario. In scenarios where a computer no longer starts correctly, you can start
Windows PE on that computer and collect user state information with the ScanState tool.
Improved migration success. The offline migration feature increases the migration’s success rate
because files are not locked for editing while the operating system is offline. Windows PE also provides
administrator access to files in the offline Windows file system. This eliminates the need for
administrator-level access.
MCT USE ONLY. STUDENT USE PROHIBITED
4-36 Planning and implementing user state migration
Command-line options
You can enable an offline migration by using a configuration file at the command line or by using one of
the following command-line options.
Option Description
/offlineWinDir:<Windows directory> Enables the offline-migration mode and starts the migration
from the specified location. It is only for use in Windows PE
offline scenarios where the migration is occurring from a
Windows directory.
1. Run the Windows 10 installation program on an existing Windows 7 computer. You can run the
installation program from the product DVD, removable media, or Windows Deployment Services.
2. Install Windows 10 on the same partition as the Windows 7 installation. Follow the default installation
instructions, and do not delete or format partitions containing the operating system or data.
3. After you complete the Windows 10 installation, open Windows Explorer, and then go to drive C or to
the drive letter containing the Windows 10 operating system.
If there are folders other than the default folders in the root directory in the Windows 7 operating
system, those folders will still be there because the Windows 10 installation does not delete user data.
You also will find a Windows.old folder. Windows.old contains the files and settings to be migrated
from the Windows 7 operating system to the newly installed Windows 10 operating system.
4. Run ScanState and LoadState with administrative privileges with the following options:
The ScanState tool creates the hard-link migration store at C:\store from the Windows.old directory.
The LoadState tool will remap the hard-link files to their appropriate locations in Windows 10.
5. Go to the Users folder on drive C. You will see the user folders in Windows 10 and all user files in
corresponding file libraries.
Note: The ability of Windows 10 to seamlessly upgrade from Windows 7 or newer will reduce
the requirement for offline migrations to be performed except in special circumstances, such as
when the old operating system has become inaccessible.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-37
Do not use MigUser.xml and MigDocs.xml together. Using both .xml files can cause duplication of
some migrated files if there are conflicting instructions about the destination locations. If your data set
is unknown, such as when you use many nonstandard file locations, MigDocs.xml is a better choice.
You can use the /genmigxml command-line option to determine which files your migration will
include and to determine if any modifications are necessary.
Close all applications before running the ScanState or LoadState tools. Using the /vsc option to enable
volume shadow copy allows many files that are open with other applications to migrate. However, it is
recommended that you close all applications to ensure the proper migration of all files and settings.
Without the /vsc or /c option, USMT will fail if it cannot migrate a file or setting. When you are using
the /c option, USMT will ignore any files or settings that it cannot migrate, and it will log an error.
Sign out after you run the LoadState tool. Some settings, such as fonts, wallpaper, and screen saver
settings, will not take effect until the user signs in. A restart is necessary after you perform an offline
migration.
Create a managed environment. To create a managed environment, you can move all of an end user’s
documents into My Documents (%CSIDL_PERSONAL%). We recommend that you migrate files into the
smallest possible number of folders on the destination computer. This helps to clean up files on the
destination computer if the LoadState command fails to complete.
Migrate in groups and phases. If you perform the migration while users are using the network, we
recommend that you migrate user accounts in groups. To minimize the impact on network
performance, determine the size of the groups based on the size of each user account.
By migrating in phases, you can make sure each phase is successful before starting the next phase. Using
this method, you can modify your plan between groups, as necessary.
MCT USE ONLY. STUDENT USE PROHIBITED
4-38 Planning and implementing user state migration
Drive-encryption technologies. When performing migrations by using USMT in Windows PE, you
should suspend drive-encryption technologies, such as BitLocker drive encryption. These technologies
could prevent access to the hard disk’s contents.
Migration store encryption. Consider using the /encrypt option with the ScanState tool and the
/decrypt option with the LoadState tool. However, use extreme caution with this set of options because
anyone who has access to the ScanState command-line script also has access to the encryption key.
Virus scan. Scan the source and destination computers for viruses before running USMT. Additionally,
scan the destination computer image. To help protect data from viruses, run an antivirus utility before
migration.
Security of the file server and the deployment server. You must maintain the security of the file and
deployment servers. Make sure that the file server where you save the migration store is secure. You
also must secure the deployment server to ensure that the user data in the log files is not exposed. We
recommend that you transmit data over a secure Internet connection, such as a VPN.
Password migration. To ensure the privacy of end users, USMT does not migrate passwords, including
those for applications such as Windows Live Mail, Internet Explorer, Remote Access Service
connections, and mapped network drives. Make sure that end users know their passwords.
Local accounts migration. You should use the /lac option when you are using the LoadState tool to
migrate local accounts that do not exist on the destination computer. If you do not specify the /lac
option, no local user accounts will be migrated. Additionally, consider whether to use the /lae option to
enable user accounts that are created on the destination computer.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Chad Corbitt
Subject: Re: User State Migration for the new Research Department Windows 7 computers
Hi Chad,
We have 8 new Windows 10 computers that are being deployed within the Research department. Last time
the employees got a new computer, we did not remember to get their settings from the old computers
before they were reused. They had to spend hours to get the settings back on the computers. This time we
want to do it the right way. What I want you to do is use USMT 10 to help with the user state migration.
Here are some additional things to consider:
The contents of the Shared Video, Shared Music, and Shared Pictures folders should not be migrated
from Windows 7 to the new Windows 10 computers.
We have a custom folder named ResearchApp that has to be migrated from all the old computers to
the new Windows 10 computers.
All domain profiles that are on each existing computer should be migrated to the new system.
There is a local service account on each Windows 7 computer called DBService that will also have to be
migrated to the new Windows 10 computers.
Each Windows 7 computer has a local account called LocalAdmin. This account should not be migrated
to the new Windows 10 computers.
Please make sure that all encrypted files are also migrated from the old computers to the new
computers.
You can use \\LON-DC1\MigrationStore as a location to store the data store during the migration task.
The data store should be compressed in order to minimize space. Since there is no confidential
information on these specific computers, we do not need the migration store encrypted.
Thanks, Adam
MCT USE ONLY. STUDENT USE PROHIBITED
4-40 Planning and implementing user state migration
PC Replace
64 bit
64 bit
Windows 8 32 bit
64 bit
64 bit
Windows 10 64 bit
Remote store
Encrypted
Compressed
Hard-link
Domain accounts
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 4-41
Application settings to
be migrated
Custom folders to be
migrated
Operating system
settings to be migrated
MigUser.XML
Custom.XML file
Objectives
Plan for the user state migration.
Create and customize the USMT XML files.
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
MCT USE ONLY. STUDENT USE PROHIBITED
4-42 Planning and implementing user state migration
o Password: Pa$$w0rd
Results: After completing this exercise, you will have planned for user state migration.
5. To exclude the Shared folders, locate the Documents node, and then modify the lines to match the
following code:
2. Change the file to migrate the C:\ResearchApp folder and all of the content below. The entire line
should read as follows:
Results: After completing this exercise, you will have created and customized XML files to use with the User
State Migration Tool (USMT).
Task 1: Create user state for a research user on the source computer
1. Sign in to LON-CL3 as Adatum\Allie with the password Pa$$w0rd.
2. Open a command prompt, change to drive F, type the following, and then press Enter:
3. Open a command prompt. change to the F drive, type the following, and then press Enter:
3. Verify that the Our pictures folder has not been migrated.
7. Among the list of local users, verify that DBService is LocalAdmin is not listed.
8. If DBService is not listed, then open Computer Management. Locate Users under Local Users and
Groups. DBService should be listed here.
Results: After completing this exercise, you will have captured and restored user state by using USMT.
Tools
Tool Use for Where to find it
LoadState.Exe Restoring user state data to newly installed operating systems. Windows ADK
USMTUtils.Exe Extracting data from and verifying a migration store. Windows ADK
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
5-1
Module 5
Determining an image management strategy
Contents:
Module Overview 5-1
Module Overview
Imaging is an important part of the desktop deployment process. Several Microsoft and non-Microsoft
tools are available for imaging Windows operating systems. One of the key differences between imaging
tools is the format in which they store the images. Microsoft imaging tools use a Windows image file format
to store the files that image deployment uses. Several tools are available for managing and maintaining the
.wim files (Windows image files) that you use to deploy systems in your environment.
This module provides the information that you need to manage images to support operating system and
application deployments. Specifically, the module describes the image formats and strategies for managing
images.
Objectives
After completing this module, you will be able to:
Describe the purpose and benefits of the Windows image file format.
Lesson 1
Overview of the Windows image file format
For many years, organizations have used various disk-imaging methods to deploy Windows operating
systems. These methods have evolved through the years from sector-based imaging products to the
current file-based imaging products. In this lesson, you will learn about the types of images that you can
create and the tools that you can use to manage them.
Lesson Objectives
After completing this lesson, you will be able to:
Describe the tools that you can use to manage the Windows image file format.
Use image management tools to view the contents of a Windows image file.
Question: How do you currently handle the deployment of software to new systems?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 5-3
o Header. Defines the content of the Windows image file, including .wim file attributes.
o Metadata resources. Information about the files that you capture. There is one metadata resource
for each image in a .wim file.
o Lookup table. Information about the location of file resources in the .wim file. There is one lookup
table for each image.
o XML data. Additional information about the image. There is one XML data field for each image.
o Integrity table. Security hash information that you can use for image verification during
operations. There is one integrity table for each image.
Virtual hard disk (.vhd). Typically, you use .vhd files with virtual machines. Windows 7 and newer
operating systems provide the capability to start physical machines by using a .vhd file on the hard
disk, instead of installing the operating system files directly on the hard disk. This is the boot from VHD
process. There are multiple ways to create .vhd files, such as the Windows PowerShell New-VHD
cmdlet, the DiskPart command-line tool, the Disk Management console, or Microsoft Hyper-V
Manager. Once you create the .vhd file, you can apply a Windows image file that contains your
operating system to it, and boot from it as if it were a physical computer. Additionally, the Windows 8
Enterprise operating system introduced Windows To Go, which enables you to start a physical
computer from a removable storage device, such as a USB drive. Windows To Go uses a .vhd file to
store an operating system partition on a removable device.
Note: The DiskPart command-line tool is being deprecated, although it remains currently
available. The preferred tool is Windows PowerShell.
.vhdx. Windows 8 and Windows Server 2012 introduced the .vhdx file format to overcome some of the
limitations of the .vhd file format. Some of the benefits of the .vhdx file format include:
o Maximum size of 64 terabytes (TB), whereas .vhd files are limited to a maximum size of 2 TB.
o Improved alignment of the virtual-disk structure for working with large sector disks.
o The availability of large block sizes for dynamic and differencing virtual hard disks.
WIMBoot files
WIMBoot files allow a computer that is running Windows 10 to boot and run directly from a compressed
.wim file by using a new partition layout. A normal Windows installation has two sets of operating system
files. One compressed version is for recovery, while the Windows partition uses an uncompressed set of files
as the running operating system. In a WIMBoot installation, the compressed .wim file writes to the disk, and
the Windows partition uses pointers. In this process, the Windows installation uses significantly less space
than a standard Windows installation.
Compression. The .wim file format supports different compression levels to help maintain smaller
image sizes.
Single instancing. When a .wim file contains multiple images, such as multiple versions of an operating
system, and certain files exist in those multiple images, the .wim file stores only one copy of the
duplicated files. Other images store pointers to the location of the duplicated files. This enables
multiple images to exist without files growing too large.
Offline servicing. You can open .wim files, and add or remove folders, files, drivers, and operating
system components without deploying the image to a computer.
Installation on any hard disk. The .wim file format is file-based. Unlike sector-based images, .wim files
do not limit you to deploying the file to a disk that is the same size or larger than the imaged disk.
Nondestructive deployment. You can deploy an image on a computer that has data on it, such as in a
refresh scenario, and the data will still be there when the deployment is complete. This is because the
disk is not erased by default, as it might be in other formats.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 5-5
Tools that you can use to manage the .wim file format
You might want to modify an existing .wim file by
injecting drivers or adding Windows packages to
an image. You can use several tools to service .wim
files. You can deploy .wim files through the
Microsoft Deployment Toolkit (MDT), Windows
Deployment Services, and Microsoft System Center
2012 Configuration Manager. You also can use the
ImageX and Deployment Image Servicing and
Management (DISM) command-line tools or the
DISM PowerShell module cmdlets to service and
deploy .wim files manually.
ImageX
ImageX is a command-line tool that Microsoft introduced with the .wim file format to manage .wim files.
You can run ImageX from within the Windows operating system when servicing an image, or from the
Windows Preinstallation Environment (Windows PE) when deploying an image. ImageX is being
deprecated and replaced with DISM.
DISM
DISM.exe is a command-line tool that you can use to service and deploy .wim files. Microsoft developed
DISM to replace several image management tools, including ImageX. DISM includes the same functionality
that ImageX includes, such as the ability to mount, service, capture, and create .wim files. You also can use
DISM to prepare Windows PE images and to deploy .vhd and .vhdx files.
A DISM PowerShell module is available natively in Windows 8 and newer versions, and Windows Server
2012 and newer versions. The DISM PowerShell module also is available through Windows Assessment and
Deployment Kit (Windows ADK). This module has 22 cmdlets, and it provides the ability to service existing
images in .wim files. However, it does not have all the functionality of the command-line tool. For example,
there is no Windows PowerShell cmdlet to apply an image to a disk.
DISM command-line
Task Windows PowerShell cmdlets
parameters
DISM command-line
Task Windows PowerShell cmdlets
parameters
Additional Reading: To read the available options for DISM for Windows 10, see “DISM
Image Management Command-Line Options”: http://aka.ms/Ee69eb.
Additional Reading: To view the available Windows PowerShell cmdlets for DISM, see
“DISM Cmdlets”: http://aka.ms/Jjtaes.
Use the DISM PowerShell module to mount an image to a directory for servicing.
Use the DISM PowerShell module to unmount the image back to a .wim file.
Use the DISM command-line tool to view the contents of a .wim file.
Demonstration Steps
Use the DISM PowerShell module to view the information about a .wim file
1. Open Windows PowerShell and run the following cmdlet:
Use the DISM PowerShell module to mount an image to a directory for servicing
1. Create a directory on the C: drive named Service.
3. Open the C:\Service folder, and then discuss the files and folders.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 5-7
Use the DISM PowerShell module to unmount the image back to a .wim file
Run the following cmdlet:
Use the DISM command-line tool to view the contents of a .wim file
1. Open a command prompt and run the following command:
2. Review the results of the command, and then close all open windows.
Lesson 2
Overview of image management
An important part of the imaging process is determining the best way to store the images that you create.
Additionally, you will need to maintain and service images after building them. In this lesson, you will learn
how to plan for implementing and maintaining an imaging solution. You also will learn about the different
kinds of images that you might use in Windows deployments.
Lesson Objectives
After completing this lesson, you will be able to:
Type of image
You can choose between sector-based and file-
based imaging. As discussed earlier, file-based imaging has many advantages over sector-based imaging.
These include hardware independence, storing multiple images in a single file, single instancing, offline
servicing, and nondestructive deployment. However, sector-based images have a few advantages,
including:
They deploy faster than file-based images. File-based images copy files to the destination volume
whenever they are applied. File-based images then read answer files and apply configuration options.
Sector-based images just copy bits, regardless of what files or configurations you might need.
They typically include all the necessary drivers, and they work well when all client systems are identical.
If your computer includes critical hardware that is not Plug and Play, using file-based imaging requires
extra work to ensure that the proper device drivers are available.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 5-9
Storage requirements
Depending on what your image includes, the image can take up a large amount of storage space. Typically,
the images that sector-based imaging products create include the blank space on a hard drive, because it
simply copies everything on the hard drive. This can lead to larger images than a file-based imaging
solution creates, because the file-based image only contains the files installed on the computer.
Additionally, if you have many different hardware vendors, you might need to have sector-based images
for each different hardware abstraction layer (HAL). This can require substantial disk space for storage.
Number of images
When planning your image management strategy, you need to consider the number of images that you
have to create. Besides the space that you need to store the images, you will require an appreciable amount
of time to maintain them.
When you use sector-based imaging, you might need to create multiple images based on the hardware
that your environment is using. Typically, each different storage technology that you use requires an image.
Additionally, as you acquire new hardware, you might have to create, store, and maintain additional
images. When you use file-based imaging, you can use the same image for deployment to most systems.
Software
Operating system images do not have to include only the operating systems. You can install most software
on your reference computer before imaging it. However, the more software that images include, the larger
the images become, and the longer they take to deploy.
Image updates
When you create an image, you are taking a snapshot of what the computing environment looks like at
that time. However, outside of the image, your drivers, operating systems, and applications continue to
update. You need to plan for including these ongoing changes in your images. If you are using sector-
based images, this typically means deploying the image, making the necessary changes, and then
recapturing the image. File-based images that feature offline servicing greatly reduce the time necessary
for maintaining images.
The Windows installation media contains a default boot image named Boot.wim. In many cases, you can
use this boot image to start the imaging process, but you can modify the Boot.wim file to meet any special
requirements of your organization, such as injecting specific network drivers.
You can use boot images to start a system in two ways. You can use Windows Deployment Services to start
the system from the network via Pre-Boot EXecution Environment (PXE) boot, or you can use a CD, DVD, or
USB drive to start the system by using local media.
You can create two special types of boot images for the image deployment process: capture images and
discover images. These types of images are specific to Windows Deployment Services.
Capture images
You use capture images to start a reference computer so that you can create an image of it. Capture images
contain the files necessary to capture an image. You must first create the capture image by using the
Windows Deployment Services Image Capture Wizard. The wizard creates a capture image from an existing
boot image stored in the Boot Images folder of the Windows deployment server. After you prepare a
reference computer for imaging by using the Sysprep tool, you can then start it with a capture image. Then
you can capture the reference machine’s operating system volume to a .wim file.
Discover images
You use discover images to start computers that cannot perform a network start when deploying an image.
You can configure discover images to use:
Static discovery. You configure the discovery image to connect to a specific deployment server.
Dynamic discovery. The discovery image emulates the PXE boot process to find that deployment
server.
Operating system updates. Microsoft publishes software and security updates on a monthly basis and
sometimes publishes other, critical updates that you should apply immediately. You need to apply
these updates to your running clients, and you need to update your images as Microsoft publishes
them.
Application updates. End users often update or replace applications regularly. When they update
applications on their client systems, you need to update them in the images as well. You can do this
with online or offline servicing.
Driver updates. Typically, drivers are stored not in a .wim file but on the deployment server.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 5-11
Data images
A data image is a type of .wim file that enables you to add resources such as applications, files, or scripts
during the installation process. Data images can be useful if you have applications that require certain file
structures or data sets to exist in order to function. You can create data image files by using the DISM
/Capture-Image parameter. You can then use the Windows System Image Manager (Windows SIM) to
create an answer file that specifies the path to the data image. You can use data images instead of $OEM$
folders to transfer data to a Windows installation.
There are three primary strategies that you can use to create images for use in operating system
deployments, including:
Thick image. The thick-image strategy involves installing, in every image, every application that your
organization uses. This image strategy requires that you perform significant work creating and testing
the image to ensure that the imaging process does not affect any of the applications. The result is a
very large image. However, after you deploy it, your client system is ready instantly. Because the image
contains all of your applications, it is unlikely that you would need to add multiple images into a single
.wim file.
Thin image. The thin-image approach is the opposite of the thick-image strategy. When creating a thin
image, you do not capture any applications to the image. The image consists solely of the operating
system and software updates. This method requires that you install applications either as scripted,
silent installations post-deployment or through some other post-deployment method. Because the
image does not include installed applications, it is unlikely that you would need to create multiple
images in a single .wim file.
Hybrid image. The hybrid image is a combination of both strategies, which can capitalize on the
Windows imaging technology. By using the hybrid strategy, you create one or more images with a
limited set of applications. You can create images that include the few applications and client software
that everybody uses, and you can create multiple images, each of which can include the applications
and clients that a specific group or department uses. This method allows you to take advantage of the
single instancing in a Windows image by combining multiple hybrid images into a single .wim file.
MCT USE ONLY. STUDENT USE PROHIBITED
5-12 Determining an image management strategy
Offline servicing. This strategy involves using DISM to mount a .wim file and service the image. When
servicing images offline, you can add Microsoft Update–based Windows software updates, drivers, and
language packs, and add or remove folders, files, and Windows software components. Offline servicing
typically does not include installing applications.
Online servicing
You can perform online servicing with the DISM tool or through manual intervention. After deploying the
system to a reference computer, you can add Plug and Play device drivers to the driver store, install
applications and system components, install folders and files, and test the changes to the image. After you
complete and test the changes, you can recapture the reference system. You can use the following tools to
perform various online operations:
DISM to enumerate drivers, international settings, packages, features, and to apply unattended answer
file settings.
Windows Update Standalone Installer to add service packs or other .msu files.
Offline servicing
Offline servicing is available for images that are stored in the .wim file format and use the DISM tool for
servicing. The DISM tool can perform one or more of the following:
Add, remove, and enumerate packages, including language packs, provided as .cab files.
Typically, Plug and Play drivers have an .inf file that describes the files and settings that the driver needs.
You can install these drivers in the following ways:
Online when the image is first built or later, while performing online servicing.
By using deployment tools that inject them from a custom driver store during the image deployment.
When you add device drivers to an offline image by using the DISM tool, the drivers can be:
Not boot-critical. These drivers are staged in the Plug and Play driver store. They are available, but do
not install until you plug in the device.
Boot-critical. You install boot-critical drivers in the operating system. The critical device database is
updated to reflect these drivers, and any necessary registry changes apply.
MCT USE ONLY. STUDENT USE PROHIBITED
5-14 Determining an image management strategy
Deployment tools, such as Windows Deployment Services and Configuration Manager, can maintain a
database of drivers and inject them during the deployment of the images. You should be aware of the
following additional considerations when you manage device drivers:
When adding multiple drivers to an image, you should store the files in separate folders under a
common parent folder. Using a common parent folder allows you to import the drivers in bulk by using
the /recurse option with DISM or the import functions of Windows Deployment Services, the MDT, or
Configuration Manager.
Some drivers have installation .exe files, which you can install only when the operating system is online.
Some drivers are stored in compressed files, and you need to extract them before using offline
servicing to add them to an image.
By default, 64-bit versions of the Windows operating system require that the drivers are signed
digitally.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Objectives
After completing this lab, you will be able to identify requirements, and then plan an image management
strategy.
Lab Setup
Estimated Time: 30 minutes
No setup is required for this lab. You need to read the scenario.
London:
o About 40 percent of the systems in London are 64-bit versions of Windows 8.1. There is a mix of
laptops and desktops. A. Datum acquired all of these systems in the last few months, and we have
not created an image for them yet.
o The rest of the systems are a mix of Windows 7 32-bit and 64-bit systems.
o London currently maintains 20 different Windows 7 images. These include images for French,
Japanese, German, and Swedish.
o All users have Microsoft Office installed. Marketing has three different applications that they use,
while Human Resources has two different applications that are department-specific. Research is
currently using two different applications, but they report a high turnover in the applications that
they use. Sales uses a customer relationship management (CRM) application. Accounting has its
budgeting application, and the warehouse has a tracking application that integrates with
handheld scanners through a wireless connection.
Toronto:
o About 20 percent of their systems are 64-bit versions of Windows 8.1. These are primarily laptops
that A. Datum purchased in the last few months, and they still have the OEM image on them.
o Approximately 70 percent of their systems are Windows 7, with a mix of 32-bit and 64-bit systems.
MCT USE ONLY. STUDENT USE PROHIBITED
5-16 Determining an image management strategy
o They currently are maintaining 12 different Windows 7 images. They have image sets for English,
French, and Japanese, and for each of these languages, they have a 32-bit and 64-bit image.
Additionally, they have a few different application sets.
o There is budget approval to purchase new computers to replace the Windows 7 systems and to
install Windows 10.
o Everyone uses Microsoft Office in the appropriate language. Marketing has two apps that they use
exclusively, Sales has the CRM application, and the computers in the warehouse have the tracking
software installed.
Sydney:
o About 10 percent of their systems are 64-bit versions of Windows 8.1. These are primarily laptops
that they purchased last year, which still have the OEM image on them.
o They currently are maintaining 12 different Windows 7 images. They have image sets for English,
Korean, and Japanese, and for each of these languages, they have a 32-bit and 64-bit image.
Additionally, they have a few different application sets.
o The rest of the systems are running 32-bit Windows Vista. They are planning to replace the systems
with new systems once they develop corporate Windows 10 images.
o Everyone uses Microsoft Office in the appropriate language. Marketing has two legacy apps that
they use exclusively, which currently have support only on Windows 7 32-bit systems. Sales has the
CRM application, and the computers in the warehouse have the tracking software installed.
Given the multisite infrastructure that comprises Adatum.com, you need to determine your image-
management strategy for each major location. Based on your initial hardware and software discovery, you
need to support the following platforms:
London and Toronto: Windows 8.1 64-bit and Windows 10 64-bit.
How will you address the applications that your users utilize within the company?
How will you address storage considerations for the image management strategy?
Results: After completing this exercise, you should have identified requirements and then planned an
image management strategy.
Question: How did you determine your current imaging strategy in your company?
Question: What additional factors might you include in your image strategy?
MCT USE ONLY. STUDENT USE PROHIBITED
5-18 Determining an image management strategy
If you are using a physical computer as your reference machine, wipe the disk, and then perform a
clean installation.
Perform a clean installation on your reference image. Do not use a system that you have upgraded or
used in production as your reference image.
Tools
This table shows tools that were mentioned in this module.
Windows Driver Kit (WDK) 10 Develop drivers for Windows Download from
operating systems http://aka.ms/Drbal2.
MCT USE ONLY. STUDENT USE PROHIBITED
6-1
Module 6
Preparing for deployments by using the Windows ADK
Contents:
Module Overview 6-1
Lesson 3: Using Windows SIM and Sysprep to automate and prepare an image
installation 6-21
Lab B: Building a reference image by using Windows SIM and Sysprep 6-30
Module Overview
To deploy and manage images successfully, you must understand how the deployment process works.
You also must understand how to build and capture images from a reference computer, and then update
and maintain those images. Microsoft provides a number of tools that you can use for these tasks. These
free tools are available as a bundle in the Windows Assessment and Deployment Kit (Windows ADK).
Windows ADK provides both a toolset and documentation to assist with the imaging tasks. Windows ADK
for Windows 10 is the latest version officially available, which you can find in the Microsoft Hardware Dev
Center. In this module, you will first learn how Windows Setup installs the Windows operating system, and
then you will learn how to use the tools that Windows ADK includes.
Objectives
After completing this module, you will be able to:
• Use Windows System Image Manager (Windows SIM) and Sysprep to automate and prepare images.
Lesson 1
Overview of the Windows Setup and installation process
Windows Setup installs Windows operating systems by using image-based setup (IBS). By using IBS, you
can either perform a clean installation or upgrade an existing instance of an operating system, if it is
upgradeable. You can customize and automate Windows Setup by using answer files. In this lesson, you
will learn how Windows Setup works and how you can control it. You also will learn about the various
phases of configuration.
Lesson Objectives
After completing this lesson, you will be able to:
Installation types
Windows Setup can initiate two types of installations:
• Custom installations are clean installations that allow you to repartition the disk or save the previous
Windows directory, but never preserve applications or settings.
• Upgrade installations retain the settings, preferences, and applications while upgrading the operating
system.
Windows Setup performs all of the required tasks to install the operating system, and requires very little
user intervention. Windows Setup supports interactive setup and automated installations. Deployment
tools such as Windows Deployment Services and Microsoft Deployment Toolkit (MDT) no longer use
Windows Setup.exe. Microsoft deployment tools use the Deployment Image Servicing and Management
(DISM) command-line tool to apply the image and to process any answer files. While you can still use the
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-3
older ImageX command-line tool to capture and apply images, the current version of DISM has all the
features of ImageX and several additional features.
Whether you perform an upgrade, or perform a custom installation over an existing Windows installation,
Windows Setup moves directories and files from the previous Windows installation to a folder named
Windows.old. This includes the contents of the Users directory and Program Files.
During an interactive setup, Windows Setup presents the user with dialog boxes at certain stages of the
installation process. The user can select options such as language, time and currency format, and
keyboard layout in these dialog boxes.
Automated installations use answer files to supply some or all of the information that a successful
installation requires, such as computer name. Regardless of the type of setup that you perform, the setup
process goes through the same basic phases that the following table describes.
Down level for custom installations, or Windows 1. Complete Windows Setup through interactive
PE, started from DVD or custom Windows PE Windows Setup dialog boxes or an unattended
image
answer file. You can use a combination of the
two.
Logging
The following directories log all of the setup actions and results.
$windows.~bt\sources\rollback Log location when setup rolls back after a fatal error
occurs.
Note: During the installation, you can press Shift+F10 to open a command-prompt
window. You then can use Notepad to view the setupact.log file, which provides ongoing
information about the setup in progress.
Windows 10 now includes a new upgrade process, the in-place upgrade. You can perform an in-place
upgrade when you want to replace an existing version of Windows 7 or Windows 8.1 with Windows 10,
and you wish to retain all user applications, files, and settings. For the home or small business user, you
can run Setup.exe from a product DVD or from a network share. During an in-place upgrade, the
Windows 10 installation program automatically retains all user settings, data, hardware device settings,
apps, and other configuration information. Microsoft recommends this method for existing Windows 7
and Windows 8.1 devices. An in-place upgrade has four phases:
• Checking the system
You can stop and roll back an installation during any of these four phases. However, we recommend that
you always back up your important data, when performing an upgrade or as a periodic maintenance
function.
The “Determining Operating System Deployment Strategies” module of this course covers the in-place
upgrade in further detail.
tool such as the Windows System Image Manager (Windows SIM) to avoid syntax errors. You can use
Windows SIM to create and edit answer files that you use to automate Windows installations. It uses a
graphical interface to create an XML-based answer file. This module covers creating answer files with
Windows SIM in more depth in a later lesson.
The following table lists the common command-line options that Setup.exe supports.
Option Description
/installfrom:<path> Enables you to specify a custom .wim file to use for installation.
/noreboot Instructs Windows Setup not to restart the computer after the
first phase of the setup process completes.
WindowsPE This is the first pass in any installation. Low-level actions such as disk
partitioning and language selection occur during this pass. You can add
critical drivers to Windows PE at this time.
OfflineServicing This pass applies updates, packages, language packs, and security updates.
You also can add drivers to the image before you install the image.
Specialize This pass applies system-specific information, such as computer name and
domain information.
MCT USE ONLY. STUDENT USE PROHIBITED
6-6 Preparing for deployments by using the Windows ADK
Generalize This pass is associated with Sysprep and occurs in the image creation stage.
It removes system-specific information, such as computer name and
security identifier (SID), and hardware-specific information. This pass only
runs if you run the Sysprep /generalize command. The next time the
Windows image boots, the specialize pass will run.
AuditSystem This pass processes unattended Setup settings while the Windows
operating system is running in system context, before a user signs in to the
computer in Audit mode. The auditSystem pass runs only if you boot to
Audit mode. Original equipment manufacturers (OEMs) often use this pass
for testing configurations, and it is not required to run. You can only
configure AuditSystem and AuditUser mode to run on the next boot by
using the /audit parameter in Sysprep.
AuditUser This pass processes unattended Setup settings after a user signs in to the
computer in Audit mode. The auditUser pass runs only if you boot to Audit
mode. OEMs often use this pass for testing configurations, and it is not
required to run.
OobeSystem The out-of-box experience (OOBE) pass applies settings to the Windows
operating system before the Windows Welcome starts. You typically use
this pass to configure settings such as time zone, locale, and local user
accounts.
You use Windows Setup for manual installations, and often for creating the initial reference system that
will later become a corporate image for distribution. A typical installation involves the following steps:
1. Start the system by using the Windows product DVD and, optionally, an answer file on a USB flash
drive. If an answer file exists, its values provide the information that setup requires during the various
configuration passes.
2. Windows Setup starts, and the WindowsPE and offlineServicing passes run.
3. The Windows image copies to the hard disk, the system restarts, and Windows Setup runs the
specialize pass.
4. After Windows Setup completes, the oobeSystem configuration pass runs and Windows Welcome
starts.
If you create this system to be a reference system that a corporate image will be based on, then the
system will be sysprepped by using the generalize parameter. When you deploy a sysprepped image by
using the Microsoft deployment tools, Windows Setup runs the specialize and oobeSystem passes. You
can configure the values for these settings by using a combination of task sequence variables, custom.ini
files, or answer files.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-7
Deployment tools such as Windows Deployment Services and MDT no longer use
Windows Setup.exe. What tool do they use instead?
Lesson 2
Preparing boot images by using Windows PE
Windows PE provides a basic operating system for performing tasks such as operating system deployment
and troubleshooting of existing installations. Windows PE provides functionality as the initial operating
system during computer deployment, and it provides a wider range of functionality and tools to enhance
the deployment process.
Lesson Objectives
After completing this lesson, you will be able to:
Additional Reading: For more information, refer to What's New in Windows PE:
http://aka.ms/Jrbdg8.
Windows PE benefits
Windows PE supports 32-bit and 64-bit hardware, and the installation of 32-bit or 64-bit versions of the
Windows operating system. This eliminates the need to maintain multiple versions of boot media for
different hardware platforms. Additionally, because it is based on the Windows kernel, there are additional
benefits compared to MS-DOS–based boot disks, including:
• Native support for some Windows-based applications through the Windows application
programming interface (API).
• The ability to start from multiple media types, including CD, DVD, USB, and the Pre-Boot EXecution
Environment (PXE).
• Inclusion of all Microsoft Hyper-V drivers, except display drivers. This allows Windows PE to run in a
hypervisor and take advantage of features such as mass storage, mouse integration, and networking.
Windows PE requirements
Windows PE is not a typical operating system, and
it does not have the requirements associated with
other operating systems. Although you can run a
few other applications in addition to Windows
Setup on Windows PE, there are not many
resources available to run these applications. The
primary reason for using Windows PE is that you
have to start a computer before you can install a
Windows operating system or troubleshoot the
computer. There are several different ways to start
a system by using Windows PE. You can install
Windows PE from:
• A CD or DVD
• A hard drive
Typically, when you start a system by using Windows PE media, Windows PE loads into a random access
memory (RAM) disk, and you start the computer from a removable device. This enables you to remove
the media once the system is running. You also can configure Windows PE to perform a flat boot. Flat
booting is the process of installing Windows PE on the computer’s hard drive, and then booting from the
hard drive. Flat boot–configured media must remain connected to the computer while you are using
Windows PE.
When booted into a RAM disk, the Windows PE drive uses the letter X. Booting Windows PE into a RAM
disk provides several benefits, including the ability to:
• Repartition a hard disk that was used to boot into Windows PE.
• Speed up startup time duration.
Flat booting Windows PE can allow you to start a system with less than 512 MB of RAM. However, we
recommend that you have at least 512 MB of RAM to start your system. When flat booting Windows PE,
you must consider the following points:
• You must install Windows PE on a FAT32 file system, and limit the FAT32 file system to a maximum of
32-gigabyte (GB) partition.
• Flat booting can enable faster performance during the initial startup process and can be very useful in
virtual environments with low available memory.
Limitations of Windows PE
Because Windows PE is designed for you to use
during installations and troubleshooting scenarios
only, there are several built-in limitations,
including that:
• Only TCP/IP and NetBIOS over TCP/IP connections can connect to file servers.
• The Windows PE registry is volatile and will not save changes made while an image is running. To
make permanent registry changes, you must edit the registry offline.
• When creating volumes in Windows PE, the drive letters are assigned in the order that you create
them. After restarting the computer, the volumes will be lettered in the default order.
• If you convert any disks to dynamic disks by using Diskpart in Windows PE prior to installing the
Windows operating system, the Windows setup process will not recognize any of the volumes on the
dynamic disk.
• You cannot install Windows Installer (.msi) file packages in Windows PE.
• You cannot start Windows PE from a path that contains non-English characters.
• 64-bit Windows PE does not include Windows 32-bit on Windows 64-bit (WOW64). Only native
programs can run on Windows PE. For example, only 32-bit Windows Setup can run on 32-bit
Windows PE.
Command Description
BCDboot Initializes the Boot Configuration Data (BCD) store and copies boot
environment files to the system partition during image deployment.
Bootsect Updates the master boot code for hard disk partitions to switch
between Windows Boot Manager (Bootmgr.exe) and Windows NT
Loader.
Command Description
Note: You typically use optional components in special case scenarios. Typically, the most
that you will need to customize Windows PE will be to inject network or storage drivers that the
native driver store might not include. The Windows PE driver store is equivalent to its Windows
counterpart.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-13
The Windows SIM tool does not add components automatically to the default Windows PE image if you
select to use them in an answer file. Whenever you want to customize the Windows PE image, you can use
the DISM /Add-package or /Remove-package options. Windows Recovery Environment (Windows RE) is
an example of a customized Windows PE environment.
Optional components are in Windows ADK. It contains more than 30 optional components and
languages. The following table lists a few of the more common optional components and languages.
Optional component
Description
name
WinPE-FMAPI Provides access to the File Management API for finding and restoring
deleted files on an unencrypted volume. Additionally, you can use a
password or recovery key to recover files from a volume that is protected
by BitLocker drive encryption.
WinPE-NetFX4 Contains the Microsoft .NET Framework 4 Client Profile, a subset of the
.NET Framework.
WinPE-DismCmdlets Contains the DISM Windows PowerShell module, which includes cmdlets
used for managing and servicing Windows images.
WinPE-Rejuv Used by Windows RE. Rejuv package included in the base winre.wim file.
Demonstration Steps
Create the directory structure to support building a Windows PE image
3. Use File Explorer to view the contents of the E:\Winpe64 folder. Note the size of the
media\Sources\Boot.wim file.
Note: The version of DISM installed with Windows ADK for Windows 10 is not the same as
the version in the default Windows PowerShell console (version: 6.3.9600.16384). You must add
the correct DISM module for the current version of Windows ADK. The reason this is so is the
version that is in Windows PowerShell is for Windows Server 2012 R2, while the version in the
latest Windows ADK is for Windows 10.
1. In the Administrator: Windows PowerShell window, type the following cmdlet, and then press Enter:
2. To mount the Boot.wim, open Windows PowerShell, and then run the following command:
2. To add support for the Windows PowerShell command-line interface to the Windows PE image, run
the following commands:
1. To commit the changes to the Windows PE image, run the following command:
Note: To avoid syntax errors, copy and paste the commands into the Windows PowerShell
command prompt from the E:\Labfiles\Mod06\Mod06_DISM_Powershell.txt file.
2. Use File Explorer to view the contents of the E:\Winpe64 folder. Note the size of the
media\Sources\Boot.wim file. It should be larger than when first checked.
Using Makewinpemedia
The following table describes the Makewinpemedia command-line tool parameters that are available.
Parameter Description
WorkingDirectory Specifies the name of the root directory that is created to hold the
directory structure. This parameter is required.
DestinationLocation Specifies the drive letter of the USB flash drive if you are using the
/ufd option, or the name of the .iso file if you are using the /iso
option. This parameter is required.
MCT USE ONLY. STUDENT USE PROHIBITED
6-16 Preparing for deployments by using the Windows ADK
MakeWinPEMedia examples
Use the following command to create a bootable USB flash drive that has been assigned the drive letter F:
from the working directory C:\Winpe:
Use the following command to create a .iso file named Winpe64.iso from the working directory C:\Winpe
and save it to a folder named C:\BootImages:
Note: The folder in which you create the .iso file must exist before you run the
Makewinpemedia command. If it does not, the command will fail to create the .iso file.
Note: The architecture of the created boot image is dependent on the architecture that
you specify with the copype.cmd tool. For example, if the copype command specified the x86
architecture, the boot image that is created will be 32-bit.
There are a number of ways in which you can create and format multiple partitions and assign drive
letters to them on your USB hard disk. For example, you can use the Diskpart command-line tool or the
Disk Management console.
Note: Although you can configure multiple partitions on USB thumb drives, the
manufacturer classes these devices as removable drives. Windows operating systems will
recognize only the first partition on the drive. Therefore, you cannot use USB thumb drives to
support multiple partitions on Windows operating systems, unless the USB thumb drive supports
Windows 8 standards.
Once you partition your USB hard disk with a boot partition that you format in FAT32 and a data partition
that you format in NTFS, you can use Makewinpemedia with the /UFD parameter to apply the Windows
PE image from the Boot.wim file to the USB boot partition. You then can copy your deployment image to
the NTFS partition.
Categorize Activity
Categorize each item into the appropriate category. Indicate your answer by writing the category number
to the right of each item.
Items
1 Installation DVD
2 Copype
3 WinPE-DismCmdlets
5 BCDBoot
6 WinPE-Scripting
7 Network share
8 Lpksetup
9 WinPE-SecureStartup
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$w0rd
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
Note: Ensure that 20695C-LON-DC1 starts fully before starting any other virtual machines.
3. Use File Explorer to view the contents of the E:\Winpe64\Media\Sources folder. Note the size of the
Boot.wim file.
Note: To avoid syntax errors, copy and paste the commands into the Windows PowerShell
command prompt from the E:\Labfiles\Mod06\Mod06_DISM_Powershell.txt file.
Note: The version of DISM installed with Windows ADK for Windows 10 is not the same as
the version in the default Windows PowerShell console (version: 6.3.9600.16384). You must add
the correct DISM module for the current version of Windows ADK. The reason this is so is the
version that is in Windows PowerShell is for Windows Server 2012 R2, while the version in the
latest Windows ADK is for Windows 10.
1. In the Administrator: Windows PowerShell window, type the following cmdlet, and then press Enter:
2. To mount the Boot.wim, open Windows PowerShell, and then run the following command:
2. To add support for the Windows PowerShell command-line interface to the Windows PE image, run
the following commands:
Note: To avoid syntax errors, copy and paste the commands from the
E:\Labfiles\Mod06\Mod06_DISM_Powershell.txt file into the Windows PowerShell command
prompt.
Note: After each Windows PowerShell cmdlet, ensure that the operation completes
successfully.
2. Use File Explorer to view the Boot.wim file located at E:\Winpe64\Media\Sources. Note the new
size of the file.
MD E:\BootISO
MakeWinpeMedia /iso E:\Winpe64 E:\BootISO\WinPEx64.iso
2. Use File Explorer to ensure that the WinPEx64.iso file was created.
Results: After completing this exercise, you should have customized the Windows Preinstallation
Environment (Windows PE) image and created an .iso file of the image.
Lesson 3
Using Windows SIM and Sysprep to automate and prepare
an image installation
Building a reference computer to capture a Windows operating system installation image can be a simple
or complex process. A reference computer can be as simple as a base operating system, or as complex as
an operating system with installed applications and specialized hardware. You can use answer files to
automate and customize your installation. An important part of the imaging process is ensuring that the
image does not contain any information specific to the computer or installation. You can accomplish this
with the Sysprep tool.
Lesson Objectives
After completing this lesson, you will be able to:
• Using a USB flash drive. Create an answer file named Autounattend.xml, and save it to the root of
the USB drive. Windows Setup will detect if there is a file with that name. If it finds the file, Windows
Setup will load it into memory and use the values that it contains.
• Replacing the answer file in an offline image. Mount the image by using DISM and replacing the
Windows\Panther\unattend.xml file with your customized version of unattend.xml.
• Specifying and caching answer files when Sysprep is running. You can use the Sysprep /unattend
parameter to specify the answer file.
MCT USE ONLY. STUDENT USE PROHIBITED
6-22 Preparing for deployments by using the Windows ADK
Windows SIM creates answer files that relate to a specific Windows image. This allows you to validate the
settings in the answer file against the settings in the Windows image. Answer files have two main sections:
components and packages.
Components
This section contains all of the settings that Windows Setup applies during the configuration phases. The
organization of the components matches the configuration passes: auditUser, auditSystem, windowsPE,
generalize, specialize, offlineServicing, and oobeSystem. You can apply settings during one or more
passes. If a setting can apply to more than one configuration pass, you must select the pass in which to
apply the setting.
Packages
Microsoft uses packages to distribute service packs, software updates, and language packs. Additionally, it
stores Windows-based features in packages. During the offlineServicing configuration pass, you can add,
remove, or configure packages in an image.
Features
You can use answer files to enable or disable Windows features, such as Telnet Client or the XPS Viewer in
Windows operating systems. All of the resources for a Windows feature are available to users, if you
enable that feature. Users cannot use disabled Windows features. However, an administrator can enable
disabled features when necessary.
Some Windows-based features have dependencies that require the installation of other features before
they will install. When you are enabling features in an answer file, you must validate your answer file
against the installation media, and add any necessary packages.
Demonstration Steps
Create an answer file by using Windows SIM
1. Open the Start screen, and then start Windows System Image Manager.
1. In the Answer File pane, under the Components node, explain the settings imported with the
sample file.
3. Type your name in the FullName field and your company name in the Organization field.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-23
4. Note the UserData, ProductKey field, and then review how to use the help file to see the format
required for the Key field.
o Support Hours: 6 AM to 8 PM
o Support URL: your company URL
3. Open the answer file with Notepad, and then review the entries in the file.
Option Description
/oobe Instructs the Windows operating system installation to run OOBE the
next time that the computer starts.
MCT USE ONLY. STUDENT USE PROHIBITED
6-24 Preparing for deployments by using the Windows ADK
Option Description
/reboot Instructs the computer to restart. You can use this option to audit the
computer and to verify that the first-run experience operates
correctly.
/mode:vm Generalizes a virtual hard disk, so that you can deploy it as a virtual
hard disk on the same virtual machine or hypervisor. After the virtual
machine restarts, it can boot to OOBE. You can only run the vm mode
from inside a virtual machine, and you must deploy the virtual hard
disk to a virtual machine with a matching hardware profile.
You can use the Sysprep tool in two scenarios: creating a new reference image or creating a model-
specific reference image.
Benefits of Sysprep
Sysprep provides the following benefits:
• Removes system-specific data from Windows operating systems. You then can capture the Windows
operating system installation and deploy the image throughout an organization.
• Configures Windows operating systems to start in the audit mode. Audit mode uses a built-in
administrator account that enables you to customize and test the integrity of the Windows image.
• Resets the Plug and Play database so that device detection runs the next time that the system starts.
• Configures Windows operating systems to start to the OOBE mode. This allows the user to accept the
license agreement and complete the installation.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-25
Sysprep dependencies
Sysprep has the following dependencies:
o Generalize: %Windir%|System32\Sysprep\Panther
o Specialize: %Windir%\Panther\
o Unattended Windows Setup actions: %Windir\Panther\Unattendgc
3. Parsing command-line arguments. If a user does not provide command-line arguments, a System
Preparation Tool GUI window appears.
4. Processing Sysprep actions. Calls appropriate .dll and executable files, and adds actions to the log file.
5. Verifying Sysprep processing actions. Verifies that all .dll files have processed all of their tasks, and
then shuts down or restarts the system.
On the next startup, Windows starts into either OOBE mode or audit mode. OOBE mode is the default
mode that allows the user to customize the Windows operating system by entering personal information
and language settings, setting up networking, and accepting the Microsoft terms of service.
You can configure a Windows-based computer to start in the audit mode by using Sysprep. In audit
mode, you can make additional changes to a Windows operating system installation without interrupting
the OOBE process. You can add drivers or applications that you cannot install unless the Windows
operating system is running. For example, all computers might require a driver for a special hardware
device that is not Plug and Play, such as a barcode reader.
Starting up into audit mode signs you in as the built-in administrator account. Immediately after signing
in, the built-in administrator account is disabled and remains disabled once the computer reboots into
OOBE mode.
MCT USE ONLY. STUDENT USE PROHIBITED
6-26 Preparing for deployments by using the Windows ADK
• Bypass the OOBE process. You can access the desktop without configuring the default settings, such
as user account, location, and time zone.
• Install applications, add device drivers, and run scripts. You can connect to a network and access
additional device drivers, language packs, installation files, and scripts.
• Test the validity of a Windows operating system installation. You can perform tests on the system
without creating a user account. After testing is complete, you can prepare the system to start in the
OOBE mode on the next startup.
• Add more customizations to a reference image. You can maintain one base image, and then add
customizations to specific computers as you deploy them.
2. After the installation is complete, boot the computer into the Windows operating system.
7. Reboot the computer into Windows PE that has Windows PowerShell and DISM support added.
You can now use this reference image to install the Windows operating system on computers that support
the same architecture.
1. Build a reference image on a computer that is representative of the specific model that you are using.
This is similar to the first scenario.
2. After you complete the installation, run the Sysprep /audit /generalize /shutdown command to
configure the Windows operating system to start the computer in audit mode.
3. Image the computer and install the image on the model-specific target computer. On startup, the
computer will be in audit mode.
4. Install applications and other model-specific updates. Verify that all components are working
correctly.
5. After all updates are complete, run the Sysprep /oobe /shutdown command. The computer now is
ready for deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-27
The best way to avoid these issues is to only Sysprep reference computers that have not had any users on
them except a local administrator. Beyond this, to resolve this issue, you must remove any altered app
package for the user who is running Sysprep, and also remove the provisioning. Use the following these
steps to fix the issue:
Note: To prevent Windows Store from updating apps, unplug the Internet connection or
disable Automatic Updates in audit mode before you create the image.
Import-Module Dism.
Get-AppxPackage -AllUser | Where PublisherId -eq 8wekyb3d8bbwe | Format-List
-Property PackageFullName,PackageUserInformation.
o In the output of this last cmdlet, check the users for whom the package is appearing as Installed.
Delete these user accounts from the reference computer. As an alternative, you can sign in to the
computer by using these user accounts. Then run the cmdlet in step 2 below to remove the AppX
package.
o This cmdlet lists all packages published by Microsoft and installed by any user on that reference
computer. Because the computer is to be Sysprepped, these user profiles no longer require the
package, so deleting the user accounts is your best option.
2. If you have manually provisioned apps that belong to other publishers, run the following cmdlets:
If you try to recover from an update issue, you can reprovision the app after you follow these steps.
Note: The issue does not occur if you are servicing an offline image. When offline servicing,
the provisioning is automatically cleared for all users, including the user who runs the command.
MCT USE ONLY. STUDENT USE PROHIBITED
6-28 Preparing for deployments by using the Windows ADK
Additional Reading: For more information, refer to Sysprep, SkipRearm, and Image Build
Best Practices: http://aka.ms/Txojm2.
Persisting Plug and Play device drivers through the generalize configuration pass
By default, the generalize configuration pass removes all unique settings, including Plug and Play drivers.
If you want to save the Plug and Play drivers when generalizing a system, you must use an answer file and
configure the PersistAllDeviceInstalls setting in the Microsoft-Windows-PnPSysprep section of the
answer file as True.
If you installed Windows 8.1 initially with an answer file that had settings from the generalize,
auditSystem, or auditUser section, then those settings would not have been applied. However, they would
have been cached for later use. To use the settings in the answer file cache, you can run:
• Sysprep /audit. Applies any settings that you configure in the auditSystem or auditUser sections of
the cached answer file.
• Sysprep /generalize. Applies any settings that you configure in the generalize section of the cached
answer file.
If you do not want to use settings from a cached answer file, or want to use a different answer file to
deploy the system, you can specify an answer file by using Sysprep /unattend:<filename>.
Demonstration Steps
1. On LON-REF1, run a command prompt as Administrator.
Objectives
After completing this lab, you will be able to:
• Customize an image in audit mode and preserve profile changes by using Sysprep.
Lab Setup
Estimated Time: 70 minutes
Password: Pa$$w0rd
1. Create a new answer file, on a virtual floppy disk, by using Windows SIM.
Task 1: Create a new answer file, on a virtual floppy disk, by using Windows SIM
1. Switch to LON-CFG. From the Media menu, insert the Reference.vfd diskette drive located at
D:\Program Files\Microsoft Learning\20695\Drives.
2. On LON-CFG, open File Explorer, and then format the floppy disk in the A: drive.
4. Select the E:\Sources\Install.wim Windows image. When prompted, create a catalog file. This will
take several minutes.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-31
3. In the Windows Image pane, expand Components, and then add the amd64_Microsoft-Windows-
UnattendedJoin_10.0.10586.0_neutral component to Pass 4.
4. In the Answer File pane, under the 4 specialize pass, configure the amd64_microsoft-Windows-
Shell-Setup_10.0.10586.0_neutral ComputerName value as Reference.
o amd64_Microsoft-Windows-International-Core_10.0.10586.0_neutral
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0 _neutral\OOBE
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0 _neutral
\ UserAccounts\AdministratorPassword
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral
\ UserAccounts\LocalAccounts\LocalAccount
o amd64_Microsoft-Windows-International-Core_10.0.10586.0_neutral\InputLocale as en-us
o amd64_Microsoft-Windows-International-Core_6.3.9600.16384_neutral\UILanguage as en-
us
o amd64_Microsoft-Windows-International-Core_10.0.10586.0_neutral\UserLocale as en-us
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\TimeZone as Pacific
Standard Time
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\OOBE\HideEULAPage as
true
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\OOBE\NetworkLocation as
Work
o Right-click amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\UserAccounts
\AdministratorPassword\ Value, and then select Write Empty String.
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\UserAccounts
\LocalAccounts\Local Account\DisplayName as your full name
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\UserAccounts
\LocalAccounts\Local Account\Group as Administrators
MCT USE ONLY. STUDENT USE PROHIBITED
6-32 Preparing for deployments by using the Windows ADK
o amd64_Microsoft-Windows-Shell-Setup_10.0.10586.0_neutral\UserAccounts
\LocalAccounts\Local Account\ Name as your first name
o LocalAccount[Name=”yourname”]\Password\Value as Pa$$w0rd
o Microsoft-Hyper-V-Management-Clients
o Microsoft-Hyper-V-Management-PowerShell
Note: You will see warnings that say The setting has not been modified. It will not be
saved to the answer file. You will also see a warning that the Setting Network Location has
been deprecated. You can ignore these warnings.
3. In the Answer File pane, in the Microsoft-Windows-Shell-Setup Properties pane, set the value of
CopyProfile to True.
4. Save the file to Floppy Disk Drive (A:), and then name it CopyProfile.xml.
5. Close the Answer file, and then close Windows System Image Manager.
Results: After completing this exercise, you should have created an answer file on a virtual floppy disk by
using Windows System Image Manager (Windows SIM), added components and packages to the answer
file, and validated and saved the answer file.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-33
Task 1: Mount the Windows 10 media, and start the unattended installation
1. In Hyper-V Manager, insert the reference.vfd floppy disk drive located at D:\Program Files
\Microsoft Learning\20695\Drives to 20695C-LON-REF1.
3. Start 20695C-LON-REF1.
2. Sign in to LON-REF1 by using the local account you provided in the answer file.
3. On the Start screen, type Hyper-V. The search results should include the Hyper-V Manager feature
you added.
4. From the Control Panel, open the System applet, and then verify that the Computer name is
Reference and the Workgroup is imaging.
5. Open Computer Management, and then verify that your user account is in the local Administrators
group. Verify that the System partition is 350 MB.
Results: After completing this exercise, you should have mounted the Windows 10 media, performed an
unattended installation, and verified that the answer-file settings were applied.
MCT USE ONLY. STUDENT USE PROHIBITED
6-34 Preparing for deployments by using the Windows ADK
Exercise 3: Customizing your image in the audit mode and preserving the
profile changes by using Sysprep
Scenario
To complete the configuration of the reference computer, you need to finalize settings and application
requirements. You need to place the reference computer into audit mode and then set the required
configuration settings. You will use Sysprep and Windows SIM to help address these configuration
requirements.
2. Run Sysprep with the /generalize, /oobe, /shutdown, and /unattend switches.
Task 1: Boot into the audit mode and configure changes as required
1. On LON-REF1, connect to \\LON-CFG\E$\Software as Adatum\Administrator with the password
Pa$$w0rd. Remember the credentials.
2. Install the Microsoft PowerPoint Viewer software from the Office Viewers folder.
5. After the reboot, LON-REF1 will sign in as the Administrator automatically, by using a blank
password. Open the System window, and then click Advanced System Settings.
6. Click the Advanced tab, and then in the User Profiles section, delete the profile that you created for
your name.
7. Open Computer Management, and then delete the user account that you created for your name.
Task 2: Run Sysprep with the /generalize, /oobe, /shutdown, and /unattend switches
1. On LON-REF1, run a command prompt as Administrator.
Note: After completing this step, you might see an error message that states A fatal error
occurred while trying to sysprep the machine. This is due to a corrupt CopyProfile.xml file
being saved to the floppy disk. To address this issue, redo the “Create an answer file to preserve
the profile” lab task from Exercise 1. Save the answer file to the floppy disk as indicated.
Results: After completing this exercise, you should have the Windows 10 reference system generalized
and ready for imaging.
Lesson 4
Capturing and servicing a reference image by using DISM
After you have built and prepared a reference image, the next deployment phase is to capture the image
for future deployments. After you capture an image, you will want to maintain it to avoid building a new
image if hardware and software updates occur. Windows ADK contains the DISM.exe command-line tool
to help you with this process.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe DISM.
Overview of DISM
You can use the DISM.exe command-line tool to
service Windows operating systems or Windows
PE images. You can use DISM to service .wim,
.vhd, or .vhdx files. DISM cannot service files that
are newer than the installed version of Windows
ADK. Windows ADK for Windows 10 and Windows
10 both include the latest DISM version. You can
use DISM to service the following operating
systems:
• Windows 10
• Windows 7
Note: To install or remove drivers in an offline Windows Vista SP2 or Windows Server 2008
image, you must use the Windows 7 version of DISM.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-37
• Managing data, such as installed components, updates, or drivers in a Windows image. You also can
use DISM to manipulate .wim files by capturing, splitting, or mounting an image, or deleting an
image in a .wim file.
• Servicing an image, which involves adding or removing drivers, modifying language settings, enabling
or disabling Windows-based features, or upgrading the Windows operating system to a newer
edition.
You can also use DISM in Windows PE. When creating a Windows PE image, add the WinPE-DismCmdlets
package for full functionality.
System partition (BIOS system Not required. If you have made customizations and you use this
partition or Extensible image on one model only, then you can capture this partition.
Firmware Interface [EFI] system Otherwise, the partition will be recreated automatically during the
partition) deployment process.
Microsoft Reserved partition No. This partition contains a globally unique identifier (GUID) for a
GUID partition table (GPT) disk partition.
Primary partitions (Windows Yes. This is the operating system and any data drives that you want
operating system partitions, to include in the image.
utility partitions)
Logical partitions (Windows Yes, if you create the partitions so that the operating system and
operating system partitions, any data drives that you want to capture reside in a logical
utility partitions) partition.
Other partitions (without the No. If you are planning to have an additional, empty partition on
Windows operating system or the deployed systems, there is no reason to capture an empty
other data that you wish to partition.
capture)
MCT USE ONLY. STUDENT USE PROHIBITED
6-38 Preparing for deployments by using the Windows ADK
Command Description
List disk If there are multiple hard disks, this command will enumerate them. The first
hard disk detected will be disk 0 (zero).
Select disk 0 If there is more than one hard drive on the reference computer, you can use
the select disk command to determine the proper disk to choose. Using the
select disk command defines the disk that the following commands will use.
Even if there is only a single hard disk, you must run this command to select it.
List partition Displays the partitions defined on the hard disk. Use the information presented
to determine the drive to which you need to assign a letter.
Select partition 2 Defines the partition that the following command will use.
After you assign drive letters to all of the partitions that you want to capture, you can use the DISM tool
to capture the images. The basic command for capturing an image is DISM /Capture-Image. For
example, you can use the following commands to capture the images of a primary partition and a system
partition, after assigning S: to the system drive:
The following table includes a brief description of the switches that the commands shown above use.
Command Decription
/ImageFile:<Path> Captures an image to the new .wim file specified. Captured partitions
include all subfolders and data. Any folders that you want to capture
must contain at least one file. If the drive that you are capturing has
enough empty space, DISM saves the image locally.
The following table includes additional switches that you can use with DISM /Capture-Image.
Command Description
/Bootable Marks a volume as bootable. You can use this option only
when capturing Windows PE images.
/CheckIntegrity Monitors the .wim file for corruption. The capture process
will halt if corruption is detected.
Once a local image capture occurs, you can transfer it to a network share or copy the file to an external
drive. From the command prompt, you can use the Net Use <drive letter> \\Server\Share command to
map a connection to a network share.
The basic command line for mounting an image is DISM /Mount-Image. The Windows PowerShell DISM
cmdlet is Mount-WindowsImage. For example, you could use either of the following commands to
mount an image named image.wim located in the C:\images folder to the C:\images\offline folder:
or
The following table provides a description of the typical parameters for the DISM /Mount-image
command and the DISM Windows PowerShell cmdlet Mount-WindowsImage.
/Imagefile:<path> -ImagePath <path> Specifies the path and name of the .wim file to
mount.
/Index:<integer> -Index <integer> Specifies the image to mount from the .wim file
by index number. Alternatively, you can use the
/Name switch.
/MountDir:<path> -Path <path> Specifies the folder location to mount the .wim
file.
After you mount an image, you can open the mount directory, and then modify the folders and files in
the image. After all modifications are complete, you must commit the changes that you made by using
the DISM /Commit-Image command. For example, to commit changes to the image mounted in the
previous example, you would run the following command:
You then can use the DISM /Unmount-Image command to unmount the image. For example, the
following command would unmount the image mounted in the previous examples:
To dismount and save changes, you can use the following Windows PowerShell cmdlet:
Similar to modifying an image, the first step in servicing an image is to mount the image so that it is
accessible. A wide variety of DISM command-line options exist for servicing images. The following sections
provide examples that briefly describe some of the tasks that you can perform and the commands that
support them.
Servicing applications
Application servicing allows you to check the applicability of Windows Installer application patches (.msp)
files, and to verify the .msp files applied to an offline image. Additionally, you can view information for
Windows Installer–installed applications. The following table contains a summary of the available
command parameters for the DISM /Image:<path to mounted image>.
/Check-AppPatch Displays information about the .msp patch, but only if the patch is
/PatchLocation: <mountpath> installed on the image.
/Get-AppPatchInfo Displays detailed information about the .msp patches that you
[/PatchCode:<GUID>] specify or about all the patches applied to a specific product.
/ProductCode:<GUID>
/Get-AppPatches Displays information about all .msp patches applied to the image.
[/ProductCode:<GUID> Alternatively, you can specify a product to view information about
all the .msp patches applied to the application.
/Get-Apps Displays basic information about all installed .msi applications for
all users or for a specific package or user.
Note: When you are servicing a Windows 8, Windows Server 2012, or newer image, the
operating system that you use for performing the servicing must match the Windows version
being serviced, or you must use Windows PE 4.0 or newer. If you use a different operating
system, the driver signature verification can fail.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-43
The following table lists options that are available for servicing device drivers.
• Get detailed information about a package, and service an image with Windows PowerShell DISM
cmdlets.
Demonstration Steps
Use Windows PowerShell DISM cmdlets to mount an image
5. Open the E:\service folder, and then show the mounted image.
Get detailed information about a package, and service an image with Windows PowerShell DISM
cmdlets
You have mounted an image for offline servicing. You have added a couple of
Windows feature packages, added a new device driver, and put a custom folder
structure onto the system drive. You now need to dismount the image and save the
changes. Which DISM command do you use?
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
LON-DC1 and LON-CFG virtual machines should still be running from the last lab. You Sysprepped and
shut down LON-REF1 at the end of the last lab.
3. Use DISM to capture the reference image to the shared network folder.
3. Start 20695C-LON-REF1 from the DVD. When prompted, hit a key to start from the DVD.
MCT USE ONLY. STUDENT USE PROHIBITED
6-46 Preparing for deployments by using the Windows ADK
Select disk 0
List partition
Select partition 2
Assign letter R
Exit
Task 3: Use DISM to capture the reference image to the shared network folder
1. Use the Net Use command to map drive letter G: to the \\LON-CFG\E$\Images shared folder as
Adatum\Administrator.
Note: For a few minutes, the cursor will continue to sit at the prompt, but then the image
save will begin. At that point, you can shut down the virtual machine.
Results: After completing this exercise, you should have booted the reference machine into your
customized Windows PE image, used Diskpart to assign a drive letter, and used DISM commands to
capture the image to the shared network folder.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-47
Lesson 5
Using the Windows ICD
Windows 10 provisioning enables you to configure and apply Windows images on new desktop devices.
This is especially useful in Bring Your Own Device (BYOD) scenarios. You use the Windows Imaging and
Configuration Designer (Windows ICD) to create and configure devices with provisioning packages.
Windows ICD is part of Windows ADK for Windows 10.
Several different tasks are well suited for Windows ICD, including:
• Viewing all the various configurable settings and policies for a Windows 10 image or provisioning
package.
• Creating alternate images and specifying the settings that apply to each.
Windows ICD is primarily designed for OEMs and original design manufacturers (ODMs), system
integrators, and IT departments that need a quick and easy way to make changes to Windows images,
as follows:
• System builder or OEM/ODM. They need to configure and apply Windows images on new desktops
and mobile devices that they sell. They can use Windows ICD to create full image media (USB,
network, USB tethering) for sale with a device, or to create a provisioning package to deploy the
images directly, prior to sale.
• Small organizations. They can use Windows ICD to customize new desktops and mobile devices and
to create provisioning packages.
• Midsize organizations. Normally, they would use MDT to create and deploy custom images, but they
could also use Windows ICD to create provisioning packages for those images and to deploy mobile
device images.
MCT USE ONLY. STUDENT USE PROHIBITED
6-48 Preparing for deployments by using the Windows ADK
• Large or enterprise-size organizations. Normally, they would use MDT or Microsoft System Center
Configuration Manager (Configuration Manager) to create and deploy custom images, and they
would use Windows ICD to create provisioning packages. However, they also could use Windows ICD
to create provisioning packages for those images and to deploy mobile device images.
Windows ICD opens in a management console with large block-size tiles that let you create a new
provisioning package or a new Windows image customization. It also lists a tile for every provisioning
package or Windows image customization project that you have already created. However, if you have
already created numerous projects, only the most recent projects will appear as tiles. In that event, a tile
labeled Open will show a File Explorer window of the default project folder location, which is your user
name\Documents\Windows Imaging and Configuration Designer (WICD)\. Windows ICD lists each project
that you have created here with an .xml extension.
The View area has an expandable list of items in one or more nodes, depending on what item you select
in the View drop-down list. The drop-down list has three items that you can select: All settings,
Common OEM settings, and Common IT Pro settings. The default selection in the drop-down list is All
settings. Below the View drop-down list is a Search text box, where you can type the name of the asset
or setting that you want to configure, if you know it. Below the Search text box are two nodes:
Deployment assets and Runtime settings. If you select Common OEM settings, only the Deployment
assets node displays. If you select Common IT Pro settings, only the Runtime settings node displays.
Both nodes appear under the All settings view.
When you expand the Deployment assets node, several expandable subnodes appear. All the subnodes
pertain to files that you can deploy to a device or image, such as application .appx files, device driver files,
or Windows Update .msu files. You do not set deployment assets directly; you add the files that contain
various settings that then are applied to that image. You apply assets not at runtime but during the
deployment phase. You can also deploy assets to an offline image.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-49
The following table lists the subnodes and their major settings.
Driver set .inf All driver .inf files and their payloads in a specified
folder are added to the driver store in an image, and
boot-critical drivers will be reflected.
Drivers .inf An individual driver .inf file and its payload are added
to the driver store in an image, and boot-critical
drivers will be reflected.
Language packages .cab In Windows 10, language packs have been rewritten so
that the package sizes are much smaller.
Reference device .ppkg These are Classic Windows application files and
data registry settings that User State Migration Tool (USMT)
ScanState.exe captures in a provisioning package from
a reference device. Instead of installing a Classic
Windows application online on a device, you can install
the app to a desktop image offline by importing the
provisioning package that contains reference device
data.
Windows ICD applies runtime settings to a running device, to an offline image, or after you have
deployed the image to that device. There are several runtime settings, with some having multiple
subsettings with various targets and values that allow conditional configuration of a particular device or
group of devices. The following table lists the settings and their uses.
After you have applied all of your various asset and settings choices, you save your project, and then you
can deploy or export the provisioning package. Under the Deploy drop-down list, next to the File menu,
you have two selections: To USB connected device or To removable device. If you choose either
option, you have to provide a source full flash update (FFU) image. Finally, there is the Export drop-down
list, which lets you export a provisioning package that other Windows ICD systems can import.
need to change configuration, you can reset a device to its original state and then apply a new
provisioning package rather than wiping the device and applying a new system image. This saves
deployment time.
Use the Windows ICD tool included in Windows ADK for Windows 10 to create a runtime provisioning
package. Open Windows ICD, and then perform the following steps:
4. On New project page, click Finish. The workspace for your package then opens.
5. Configure settings to whatever you require. There are dozens of settings you can choose. See the
previous topic in this lesson, “How to build and customize a provisioning package,” for a detailed
overview of all the various settings.
8. Change Owner to IT Admin, which will set the precedence of this provisioning package higher than
other provisioning packages applied to this device, and then select Next.
10. In the Provisioning package security window, you can choose to encrypt the package and enable
package signing. This is optional. You can choose the following:
o Enable package encryption. If you select this option, Windows ICD displays an autogenerated
password on the screen.
o Enable package signing. If you select this option, you need to apply a valid certificate to use for
signing the package. You can specify the certificate by clicking Select... and then choosing the
certificate you want to use.
11. Click Next to specify the output location where the provisioning package will go after you build it.
Windows ICD uses the project folder as the output location by default. You can click Browse to
change the output location.
12. Click Build. This will start building the package. The build page and the progress bar indicate the
build status.
13. If your build fails, you will receive an error message that includes a link to the project folder. You can
scan the ICD.log to determine what caused the error. You can find the log in c:\users\accountname
\Documents\Windows Imaging and Configuration Designer (WICD)\Project name. After correcting
the issue, you can try building the package again. If your build runs successfully, it will display the
name of the provisioning package, output directory, and project directory.
You can build the provisioning package again and pick a different path for the output package. To do
this, before closing the package, click Back to change the output package name and path, and then
click Next, which starts another build. Otherwise, click Finish to close the wizard.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-53
14. To apply the package, in the Customizations page, select the output location link to go to the
location of the package, which you set in step 11. You can provide that .ppkg file to others through
any of the following methods:
o SharePoint site
o Email
15. The user then runs the .ppkg file on the device and the provisioning begins.
Demonstration Steps
Build a Windows ICD provisioning package
1. On LON-CFG, open Windows ICD, and then create a new provisioning package with the following
values:
o Name: Demo1
o Folder location: E:\Images\WICD
o Choose which settings to view and configure: Common to all Windows editions
2. Accept all other options by clicking Next, and then click Finish.
3. In the Demo1 window, add the following runtime settings, and then save the package:
4. Export Demo1 with the Owner item set to IT Admin, and all other settings set to the defaults, and
then build the package.
5. Click the File menu item, select Close project, and then in the Save project(s)? dialog box: Save all.
1. On LON-CL2, open the Settings app, and in the Privacy settings, click Feedback & diagnostics.
Check the Diagnostics and usage data area and note that the drop-down list item is set to Full
(Recommended).
2. In the Settings app, open Update & security, click Windows Defender, and note that there are no
exclusions listed.
6. In the Privacy, Feedback & diagnostics page, under the Diagnostics and usage data area, note
that the pull down item is set to Security, and that it appears dimmed and is not adjustable.
7. In the Windows Defender page, in the Exclusions page, note that the C:\WICD folder is now listed.
Close the Settings app.
Note: After you have selected the Install.wim file, all the images that make up that .wim file
are listed in the Available images panel. The first Windows image in the list is selected by
default and the information about this image is displayed in the Image information panel.
To use the Microsoft package option, you need to have access to a preinstalled operating system kit. If
you selected the WIM file, the next page, the Select image page, has a Browse option to help you find
images that have been saved in the file system. After this, you have the option to import a provisioning
package, which merges its contents into the package you are creating, and then you click Finish.
The Available customizations page will then open. This page is presented in a management console–like
view. On the left side is the View area, at the top middle is the Details pane, on the bottom middle is a
section that shows a webpage that is dependent on the item selected in the Details pane, and on the right
side is the Selected customizations area.
The View area has an expandable list of items in one or more nodes, depending on which item you
select in the View drop-down list. The drop-down list has three items that you can select: All settings,
Common OEM settings, and Common IT Pro settings. The default selection in the drop-down list is
All settings. Below the View drop-down list is a Search text box, where you can type the name of the
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-55
asset or setting that you want to configure, if you know it. Below the Search text box are three nodes:
Deployment assets, Image time settings, and Runtime settings. The next topic discusses deployment
assets and runtime settings. Over 50 image time settings, which are settings deployed at package runtime,
each of which contains a list of subsettings, are available to configure an image.
Note: To see a list of all the Windows Provisioning settings, refer to Windows Provisioning
settings reference: http://aka.ms/mz452x.
After you have configured all your settings, you can create media by using the options available in the
Create drop-down list by the File menu. The Create drop-down list provides options to create
Production media, Clean install media, or Recovery media. In the Deploy drop-down list, you can
select either To a USB device or To removable device. Both options require the use of an FFU image,
which is primarily a mobile device tool. Finally, the Export drop-down list helps you make the image
setting into a provisioning package.
2. If you have completed configuring your customizations, or have finished optionally exporting a
provisioning package, you can now build the media that contains the image. To do so, click Create
from the main menu, and then select one of the media types:
o Production media. This is media that OEM manufacturing uses. The media can run fully
automated. It provides you with the option to boot to audit mode and use optional test scripts.
Production media provides several optimizations to save deployment time.
o Clean install media. This is media that only the end user can use to perform a clean install. This
media boots to OOBE for end user input and then continues until it gets to the desktop. The
installation itself ends before booting to OOBE and the OOBE continues as in a normal user
installation.
MCT USE ONLY. STUDENT USE PROHIBITED
6-56 Preparing for deployments by using the Windows ADK
Note: If you are building clean install media, all the assets are placed in a provisioning
package together with install.wim. The .ppkg file is not injected into install; instead, it merges into
the operating system (OS) at deployment time.
o Recovery media. This is media that the end user uses for data-only recovery of a device that is
not fully functioning. This can only be in the WIM image format.
3. Click Next to select the image format and media type, and provide other information as necessary to
build your image:
o On the Select image format page, you can choose to build the image in a WIM or FFU format:
WIM. Builds the image in a WIM file format.
This allows you to build the media to a local folder or network share, or to create a bootable
media on a USB drive.
FFU. Builds the image in a FFU.
If you select the FFU option, enter or select the path for the target location.
o You can also select image options, such as enabling Compact OS, which installs the operating
system files as compressed files, or specifying the first boot behavior, which includes booting to
audit mode or selecting to run a script at first boot.
o In the Deployment media page, select the type of media that you want to create:
Save to a folder. Selects a folder that contains the deployment media. The resulting media is
not a bootable media and is not guaranteed to work on bootable drives.
Create a bootable USB drive. Creates bootable media on a USB drive. If you select this,
Windows ICD detects all the available USB drives attached to the host PC and lists these in
the Output drive drop-down list. If Windows ICD does not detect a USB drive, reattach the
USB drive, and then click Refresh.
4. Click Next and then click Build to start the image build. The build page displays project information
and the progress bar indicates the build status.
5. If your build fails, you will receive an error message that includes a link to the project folder. You can
scan the ICD.log to determine what caused the error. You can find the log in c:\users\accountname
\Documents\Windows Imaging and Configuration Designer (WICD)\Project name. After correcting
the issue, you can try building the image again. If your build runs successfully, it will display the name
of the provisioning package, output directory, and project directory.
o You can build the provisioning package again and pick a different image format, or select the
deployment media, or both. To do so, before you close the package, click Back to select what
you want to change, and then click Next, which starts another build.
Deploying the Windows ICD–created image is straightforward. You can use the USB drive method, or you
can use other management solutions for deploying operating systems. To deploy an image to a desktop
computer by using the USB drive, perform the following steps:
1. Insert the USB drive that contains the bootable media into the computer and then boot the computer
from the USB drive.
2. Enter the Windows 10 edition product key, if you used an image that has a retail key.
3. Accept the license terms and then wait for the installation to complete.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-57
There are several ways of deploying the image. You can use the bootable USB drive as describe earlier, or
you can import this build inside your MDT Deployment share. Alternatively, you can import the build
image and use the Windows Deployment Services (Windows DS) server role, or import into Configuration
Manager and use the operating system deployment (OSD) feature to push the build image out to desktop
computers.
Demonstration Steps
1. On LON-CFG, open Windows Imaging and Configuration Designer and select New Windows image
customization.
o Project folder location: Create a new folder in Allfiles (E:)\Images\WICD\ named BuildIMG
4. For the selected image, select Allfiles(E:)\Sources\install.wim, and note that there is only one
available image on install.wim.
6. Create the build by using Clean install media with the WIM image format. When asked where to
store the deployment files, select Save to a folder. Save to a new folder named BuildImage in
Allfiles (E:)\Images\WICD.
7. Build the Windows image and note the progress bar on the Build the Windows image page. It will
take several minutes to build the deployment media folder.
9. Examine the folder structure. It is the same as a mounted installation .iso file.
MCT USE ONLY. STUDENT USE PROHIBITED
6-58 Preparing for deployments by using the Windows ADK
Categorize Activity
Categorize each item into the appropriate category. Indicate your answer by writing the category number
to the right of each item.
Items
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Virtual machines: 20695C-LON-DC1 and 20695C-LON-CFG
Password: Pa$$w0rd
LON-DC1 and LON-CFG virtual machines should still be running from the last lab. If not, you must
complete the following steps:
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
Note: Ensure that 20695C-LON-DC1 starts fully before starting any other virtual machines.
o Name: LabDPP
o Choose which settings to view and configure: Common to all Windows desktop editions
2. Accept all other options by clicking Next, and then click Finish.
o Deployment Assets
o Driver Set: E:\ Software\Drivers\point64
o Runtime settings
o Folders\
o PublicDocuments,
Results: After completing this exercise, you should have created a provisioning image and stored it in a
networkshared folder location.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 6-61
o Name: LabDBuild
o Project folder location: Create a new folder in Allfiles (E:)\Images\WICD\ named
LabDBuildIMG
Task 4: Create a Full flash Update (FFU) image and save it to LON-CFG
1. In the Windows ICD console, create the build by using Clean install media with the FFU image
format. Save to E:\Images\WICD\LabDBuildIMG\LabDBuild.ffu.
2. Build the Windows image and note the progress bar on the Build the Windows image page. It will
take several minutes to build the FFU file.
4. Examine the folder contents. You should see the LabDBuild.ffu file. It can be exported to a USB
removable drive or a SD card for deployment to a Windows 10 desktop.
Results: After completing this exercise, you should have created the Windows 10 FFU image to meet the
deployment requirements for the IT department.
MCT USE ONLY. STUDENT USE PROHIBITED
6-62 Preparing for deployments by using the Windows ADK
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
• Prior to capturing an image of your reference machine, remove any null drivers (indicated by yellow
icons in Device Manager) by uninstalling them from Device Manager.
• Ensure that you are capturing the correct partition. Use Diskpart to assign drive letters.
• Always validate answer files in Windows SIM. Using Windows SIM to create and validate your answer
files will reduce the chance that you will create invalid answer files.
• Avoid creating empty elements in answer files. You can use Windows SIM to create empty values.
However, not all settings will work with empty elements, and this might cause deployment issues.
Review Question
Question: How would your company benefit from moving to image-based deployments?
Considering that the Microsoft tools to implement image-based deployments are free, and most
sector-based deployment tools are expensive, the return on investment could be large.
MCT USE ONLY. STUDENT USE PROHIBITED
6-64 Preparing for deployments by using the Windows ADK
Tools
Tool Location
DISM Install Windows ADK. Accessible from the Deployment and Imaging Tools
Environment command prompt.
Windows PowerShell Native to Windows. Accessible from the taskbar or Start screen.
Sysprep %WinDir%\System32\Sysprep
MCT USE ONLY. STUDENT USE PROHIBITED
7-1
Module 7
Supporting PXE-initiated and multicast operating system
deployments
Contents:
Module Overview 7-1
Module Overview
Deploying a new operating system over the network can expedite the deployment process. Windows
Deployment Services (Windows DS) is a server role in Windows Server 2012 R2 that enables computers to
start up via the network and download the operating system over the network. You can deliver this
operating system in the Windows image (.wim) file format and install it on a computer, or you can deliver
it in virtual hard disk format.
This module introduces you to the architecture of network boot, multicasting operating system delivery,
and the Windows DS functionality in Windows Server 2012 R2.
Objectives
After completing this module, you will be able to:
• Identify solutions to support PXE-initiated and multicast solutions when performing operating system
deployment tasks.
Lesson 1
Overview of PXE-initiated and multicast operating system
deployments
Windows DS uses two networking technologies during operating system deployment occurring over a
network—Pre-boot Execution Environment (PXE) and multicast. PXE enables the computer to start up by
using the network adapter, and then retrieves information from the Windows DS server to install an
operating system. Multicasting deploys an operating system image to several computers concurrently.
This reduces the network bandwidth that you have to use, because the data is sent over the network only
once per subnet.
This lesson explains the architecture behind PXE. It also describes the factors that you need to consider for
an operating system deployment to work successfully on larger networks.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe PXE.
• Explain the requirements for implementing a PXE-initiated operating system deployment solution.
What is PXE?
PXE is a specification of client-server technology
that allows computers to start up by using the
network adapter to download and boot into a
minimal operating system while bypassing any
installed operating systems. PXE is primarily used
to install new operating systems. PXE eliminates
the need to have boot media such as DVDs or
bootable USB drives available to start computers.
It uses several standard network protocols, such as
Internet Protocol version 4 (IPv4), Dynamic Host
Configuration Protocol (DHCP), and Trivial File
Transfer Protocol (TFTP) to deliver the operating
system to the computer.
When a PXE boot is initiated, the computer tries to locate available PXE boot servers on the network by
using a PXE redirection service (Proxy DHCP), which may be the PXE boot server itself. The computer then
asks a PXE server for a network boot program (NBP), downloads the NBP into its random access memory
(RAM) by using TFTP, and executes it.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-3
Custom images can be more than 10 gigabytes (GB) in size, and downloading that amount of data can
take considerable time and significant bandwidth. Companies that are deploying large numbers of
computers may provide a physical staging area on a dedicated subnet. This helps to isolate operating
system deployment traffic, and avoids extra strain on the normal office local area network (LAN). This can
speed up the deployment of large numbers of computers by taking advantage of the network to multicast
the image to multiple computers simultaneously.
Having the PXE server, DHCP server, and the PXE client on different subnets takes some extra
configuration, which later sections of this module detail. Additionally, depending on your PXE server’s
functionality, you may be able to automate your deployment fully.
• PXE Server. The PXE Server sends the NBP path to the client after the client receives an IP address
from the DHCP server.
• TFTP Server. The TFTP server sends the NBP to the client.
• Network. If the DHCP server, PXE server, and client are on the same subnet, you do not need to
perform any additional configuration. If one or the other is on a different subnet, you may need to
configure DHCP options 66 and 67. You also may require an IP Helper address, depending on the
configuration. The IP Helper will forward the DHCP/PXE broadcast to the DHCP and/or PXE server,
which will respond to the client computer.
• Client computer. The network adapter on the client computer needs to support PXE booting. The
majority of computers, that most major brands manufacture today, support PXE.
MCT USE ONLY. STUDENT USE PROHIBITED
7-4 Supporting PXE-initiated and multicast operating system deployments
2. The DHCP Server sends a DHCPOFFER to the client on UDP port 68.
3. The client sends an extended DHCPREQUEST with a request for the boot-file name.
4. When the client computer receives an IP address from the DHCP server, it requests service from the
PXE server. A request goes to the DHCP Proxy as a broadcast, with the limitations of broadcasts
traversing the network routers. The request contains a Global Unique Identifier and a MAC address to
identify the client computer. The PXE server will respond, depending on the server configuration,
either by servicing the request, ignoring the request, or passing the request to another PXE server.
5. When the client computer receives a reply from the PXE server, it initiates a TFTP download of
the NBP.
6. When the NBP downloads, the client computer executes it. Normally, the NBP prompts the user to
press F12 to initiate a network installation. If the user does not press F12 within three seconds, the
network boot stops, and the client computer attempts to boot from the next available boot device.
When the user presses F12, the client computer uses TFTP to download a program that performs the
network installation.
Note: If DHCP and PXE are on the same server, the DHCP server also sends DHCP option
60, which lets the client computer know that the DHCP server also is the PXE server. If they are on
different servers, the DHCP offer can be split into two separate packages coming from the
different servers. The DHCP server will send out the DHCP offer containing the client’s IP address
and the PXE server will send out the DHCP offer containing the option 60, indicating that the
server is PXE-capable and can supply the boot server and file information.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-5
• Option 60 should be set to the string PXEClient to identify the client as PXE-capable if the DHCP
server and the Windows DS server are on the same physical server.
• To support complex networks and Microsoft Active Directory Domain Services (AD DS) topologies
IP helper address
The IP Helper address allows the local computer to retrieve network configuration settings. This option
involves configuring the router and switching hardware to forward DHCP and PXE boot requests from the
network subnet on which the client is located, to the IP address on which the DHCP server and the PXE
server are located. The UDP traffic being forwarded includes:
69 TFTP
67 BOOTP Client
68 BOOTP Server
Note: You need to ensure that UDP port 4011 traffic is allowed through any firewalls
between networks.
MCT USE ONLY. STUDENT USE PROHIBITED
7-6 Supporting PXE-initiated and multicast operating system deployments
The unicast method involves sending a separate network packet to each recipient host. As a result, the
load on the network increases with each additional concurrent recipient. Broadcasting involves sending
the same network packet to all hosts, including those not interested in receiving it. Multicasting is the
most practical method for one-to-many delivery, with respect to operating system deployment, because it
only sends the network packets to those computers that are configured to receive packets.
If you want to use the multicast delivery method on your network, there are special IP addresses reserved
for multicast. The deployment server or a special multicast scope on a DHCP server can hand out the IP
addresses. The multicast addresses are:
• IPv6: FF00::/8
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-7
Note: Each client in a multicast transmission does not get one of these addresses. Instead,
the transmission gets one multicast IP address.
IP multicasting components
A multicast solution consists of several components:
• Host (source or receiver). A host is a client or server on the network. You can configure a host to send
and/or receive multicast traffic.
• Router. A multicast router is capable of handling host requests to join or leave a group, and of
forwarding multicast data to subnets that contain group members. A multicast router can be either a
third-party router that uses a multicast routing protocol, or a Windows Server running the Routing
and Remote Access service.
• Multicast address. A Class D IP address used for sending IP multicast data. An IP multicast source
sends the data to a single multicast address. That specific IP multicast address is a group address.
• Multicast group. A multicast group is the set of hosts that listen for a specific IP multicast address.
A multicast group is a host group.
Before you can use multicast, you must enable the network for multicasting by:
Multicast support is not enabled by default. It is usually something that involves the network group.
Multicast will not work just because you set up Windows-specific components.
IGMP is responsible for maintaining the transmission membership on a local subnet. Hosts use IGMP to
send multicast group membership requests to their local multicast router. The routers send out queries to
determine which multicast transmissions are active or inactive on the local subnet.
Many multicast deployment servers can generate the transmission and set it to start automatically,
depending on the number of connected clients, or at a specific time. An example scenario in which
multicast is beneficial is if you are about to deploy 20 new client computers on the same subnet, and you
do not want to start the deployment of the new operating system before all 20 client computers are
ready. Another scenario in which multicast is beneficial is if you do not want to start the deployment until
after work hours.
MCT USE ONLY. STUDENT USE PROHIBITED
7-8 Supporting PXE-initiated and multicast operating system deployments
Has network equipment that Has network equipment that does not support multicasting.
supports multicasting.
Is a large company that requires Deploys images to only a small number of computers
many concurrent installations. concurrently.
Has enough disk space on client Has disk-space limitations on the client computers. This is
computers for the image to because the image downloads to client computers and is then
download. installed, instead of being installed from the server.
Note: In Windows DS, a multicast transmission can only be created if there is an image
group containing an image to transmit.
• If you have multiple servers that are using multicast functionality on a network, you must configure
each server so that the multicast IP addresses do not collide. Otherwise, you may encounter excessive
traffic when you enable multicasting. To ensure that each server is using a unique IP address, use
Multicast Address Dynamic Client Allocation Protocol, or specify static ranges that do not overlap.
• If you change the multicast IP address, UDP port range, or remote procedure call (RPC) port number,
you must restart the service so that the changes can take effect.
• Each transmission can only be as fast as the slowest client. Therefore, the entire transmission will be
slow if you have one slow client. If the deployment is unacceptably slow, determine which client is the
slowest (this is the master client), and disconnect that client. The other clients' multicast performances
should speed up. If the performances do not speed up, repeat this step for the new master client.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-9
Note: The next lesson provides detailed information regarding Windows DS. This topic only
discusses how Windows DS uses PXE and multicast.
You can create multicast transmissions if images have been added to Windows DS. All Windows DS
servers will use the same IPv4 address ranges, namely 239.192.0.2-239.192.0.254 and FF15::1:1-FF15::1:FF,
and approximately 250 addresses for both IPv4 and IPv6 multicast. If there are several Windows DS
servers, then you need to change the scope manually or choose to obtain addresses from DHCP. Multicast
Address Dynamic Client Allocation Protocol, which is part of the DHCP server, can assign multicast IP
addresses to clients. Windows DS also supports creating transmissions at more than one speed (up to
three) or disconnecting clients that are connecting at speeds that are lower than a configured speed.
You can schedule multicast transmissions to start automatically when the first client requests it, to start at
a specific time and date, or to start when a specified number of clients request the image. You can
configure the multicast to allow clients to join the multicast at any point in the transmission.
Windows Server 2012 R2 supports multicast with IPv6. In Windows Server 2012 R2, there no longer is a
requirement to create a local copy of the image. This shortens the time that it takes to deploy with
multicast.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Network boot referrals are the preferred method for the client computer to
discover the PXE boot server.
MCT USE ONLY. STUDENT USE PROHIBITED
7-10 Supporting PXE-initiated and multicast operating system deployments
Option 66
Option 67
Option 44
Option 60
Option 3
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-11
Lesson 2
Installing and configuring the Windows DS environment
Windows DS is Microsoft’s implementation of a PXE server. Windows DS makes it possible to deploy the
Windows operating system across a network. Windows Server 2012 R2 and earlier versions of Windows
Server include Windows DS, which aids in automating the image-deployment process. Windows DS also
provides enhancements to the deployment process, such as network boot, dynamic driver deployment,
and virtual hard disk deployment.
This lesson will introduce you to Windows DS and the different options for installing Windows DS.
Additionally, this lesson discusses the image types that Windows DS supports, and explains how to install
and configure Windows DS.
Lesson Objectives
Describe deployment considerations and the services that are included in the Windows DS server role.
After completing this lesson, you will be able to:
• Deployment Server. This role service manages end-to-end Windows operating system deployment
solutions, including a PXE component.
• Transport Server. This role service provides basic network services and a PXE listener. This listener
forwards the requests to a PXE provider, which the Transport Server does not include. If you install the
Transport Server role service as a stand-alone component, you must use an additional management
tool, such as Microsoft System Center Configuration Manager, Microsoft System Center Virtual
Machine Manager, or custom deployment services.
• Windows DS snap-in. This is the Windows DS graphical user interface (GUI). You can complete most
Windows DS tasks in this snap-in, which you can install only if you install the Deployment Server role
service.
• WDSUTIL. The command-line management tool for Windows DS. You also can use WDSUTIL to script
Windows DS management.
• Windows PowerShell cmdlets that were introduced in Windows Server 2012 R2.
You can use the Deployment Server and Transport Server roles together, or you can use the Transport
Server role alone by using Configuration Manager or Virtual Machine Manager. You cannot run WDSUtil
and the Windows PowerShell cmdlets remotely. You must log on to the Windows DS server to be able to
configure Windows DS though the command line.
You can install and integrate Windows DS with AD DS, or install it as a stand-alone service. Installing
Windows DS as an AD DS–integrated service provides the following benefits:
• AD DS acts as a data store, and you can pre-stage a computer in AD DS. During the deployment
process, Windows DS will match the physical computer to the AD DS object.
• AD DS allows Windows DS to register as a system services control point. A system services control
point identifies the computer account as a Windows DS server and stores configuration settings, such
as whether the server is responding to PXE requests.
o Capture images. Capture images are boot images that you use to start a custom configured
system that you have generalized by using Sysprep. You capture the operating system in a .wim
file. You also can create boot media, such as a CD, DVD, universal serial bus (USB) drive, or other
type of media, that contains the capture image, and then you start the reference computer from
the media. You can create a capture image by customizing the default Boot.wim file.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-13
o Discover images. You can use these when clients cannot perform a network boot by using PXE.
They enable a computer to locate a Windows DS server and use it to install an image. You also
can use discover images when a client is not PXE-enabled, a client is on a different subnet and
there is no method of getting PXE to the client, or you want to target a specific Windows DS
server.
• Install images. Install images contain the operating system images for deployment. Windows 10 and
Windows Server 2012 R2 installation media include the basic image used for installation named
install.wim in the sources directory.
You have to add at least one boot image to Windows DS before you can add an install image. If you add
multiple boot images to Windows DS, clients will have a menu of available options when they connect.
Windows 7 and newer operating systems support natively starting the operating system from a virtual
hard disk. Windows 8 and newer operating systems also support starting the operating system from a
.vhdx file. The Windows DS role fully supports deploying virtual hard-disk images and .wim files.
Windows DS will copy the virtual hard disk file to the local hard drive, and then configure the local Boot
Configuration Data (BCD) to use the virtual hard disk file to start the computer.
DHCP server You must have a working DHCP server with an Not required. The Transport
appropriate, active scope to use PXE boot. Server role does not natively
support PXE boot.
DNS server You must have a working DNS server on your Not required for Transport only
network before you deploy Windows DS. mode.
NTFS The server running the Deployment Server role The Transport Server role does
volume must have an available NTFS volume to store not use install images.
the install images.
Credentials The user performing the install is a local The user performing the install is
administrator. When in AD DS mode, the user a local administrator.
that initializes the server must be in the Domain
Users group. If DHCP is located on the server
you must be in the Enterprise Admins group to
authorize the DHCP server.
MCT USE ONLY. STUDENT USE PROHIBITED
7-14 Supporting PXE-initiated and multicast operating system deployments
Your overall deployment strategy will determine the deployment options that you choose. If you are
planning to use a third-party deployment solution, you may need to install just the Transport Server role.
The following table shows a comparison of the differences between installing both roles and installing just
the Transport Server role.
PXE Includes a PXE provider to support Does not include a PXE provider. To
network boot. support PXE boot, you must install a
custom PXE provider.
Image server Includes a secure store on an NTFS Does not natively store images for
volume for storing images. deployment.
Transmission method Supports both unicasting and Only supports multicasting natively.
multicasting. You configure
multicasting per image that you are
deploying.
Management tools GUI-based through the Windows DS You can manage it by using the
snap-in, or command-line based by WDSUTIL tool natively.
using the WDSUTIL tool.
Multisite operations
When you are planning a Windows DS architecture to include multiple physical locations, it is
recommended that you create a Distributed File System (DFS) shared folder to store your images. DFS
Replication will allow you to maintain consistency across all your Windows DS servers. Additionally, it is
recommended that you configure the supporting environment, such as DHCP and DNS, to direct client
computers to local Windows DS servers.
Additional Reading: For more information, refer to Storing and Replicating Images Using
DFS: http://aka.ms/Qrnzn5.
Client operations
Most client computers will support PXE deployment. If you have systems that do not support PXE, you can
create a discover image in the Boot Images node of the Windows Deployment Services console. You need
to create a bootable media from that discover image. You then can start up the computer with the media
to perform the deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-15
Installing Windows DS
Installing the Windows DS role services through
the Server Manager is similar to deploying other
roles. After choosing the Windows DS role, you
have to choose whether to install both the
Deployment Server and the Transport Server role
services, or just the Transport Server role service.
To use Windows PowerShell for the installation, use the following command:
When you install roles and features by using Windows PowerShell, the management tools are not
included by default. Therefore, you must include the –IncludeManagementTools parameter in the
command, or specify the name of the management tool.
Configuring Windows DS
After you install Windows DS, you have to choose whether you want your initial server configuration to be
stand-alone, or integrated with AD DS. This will configure the PXE provider, but can be unnecessary if you
use it in conjunction with other tools that come with their own PXE provider.
2. Launch the Server Manager, and then in the Tools section, click Windows Deployment Services.
4. Advance the wizard to the Install options page, and then click Stand-alone server.
5. When you advance through the wizard, you will be prompted to configure the Remote Installation
Folder Locations, which is the NTFS partition that will store your images.
6. Next, the wizard will prompt you to configure the PXE Server Initial Settings. This can be one of two
options:
o Do Not Respond to Any Client Computer. You may choose this option if you want to prevent
any computers from attaching until configuration is complete.
o Respond to All (Known and Unknown) Client Computers. Because standalone mode does not
support AD DS integration, all client computers will be unknown.
7. Finally, you will have a chance to add images to the server. You can clear the check box for this
option to install images later.
MCT USE ONLY. STUDENT USE PROHIBITED
7-16 Supporting PXE-initiated and multicast operating system deployments
2. Launch Server Manager, and then in the Tools section, click Windows Deployment Services.
4. Advance the wizard to the Install options page, and then click Integrated with Active Directory.
5. Advancing through the wizard will then prompt you to configure the Remote Installation Folder
Locations, which is the NTFS partition that will store your images.
6. If the server is also a DHCP server, you will see the Proxy DHCP Server page. On this page, you
should select the Do not listen on DHCP and DHCPv6 ports and Configure DHCP options for
Proxy DHCP check boxes. This will configure DHCP with options to allow your clients to locate the
Windows DS server.
7. Finally, you will have a chance to add images to the server. You can clear this check box for this
option to install images later.
• General. Contains information about the Windows DS, including the location of the Remote
Installation folder. The General tab does not include any configurable options.
• PXE Response. Contains the configuration options for the PXE service. On this tab, you can change
the settings you chose during the initial configuration. The PXE options include:
o Respond only to known client computers. This option requires that the client computers be
pre-staged in AD DS.
o Respond to all client computers (known and unknown). This option allows you to require
administrator approval for a deployment.
• AD DS. Includes policies for naming unknown clients. Additionally, you can specify the domain and
organizational unit in which to create an unknown client when joining the domain.
• Boot. Includes options for configuring PXE boot behavior and the default boot images to use.
• Client. Includes the Windows DS client unattend file settings to allow unattended installation of an
image, whether to join the client to the domain, and the ability to enable logging.
• Multicast. Allows you to configure multicast deployments and the parameters for transferring
images.
• Network. Allows you to configure the UDP ports used for image deployment.
• TFTP. Contains the maximum block size settings that control how image files are transferred across
the network.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-17
• Windows DS client unattend file. You require an Unattend.xml file that is stored on the Windows DS
server in the C:\RemoteInstall\WDSClientUnattend folder. This file automates the Windows DS
client screens, such as entering credentials, choosing an install image, and configuring the disk. This
file is added to Windows DS on the Client tab in the Windows DS server Properties dialog box.
• Image unattend file. You require an Unattend.xml file in Windows Vista or later. This file is stored with
the image, and you use it to automate the remaining setup phases. You can add this file to an image
by opening the image properties, and then specifying the file on the General tab.
• %USERDOMAIN%. The name of the user's domain, which is specified by credentials or in the
Windows DS client unattend file.
• %USERNAME%. The user's name, which is specified by credentials or in the Windows DS client
unattend file.
Note: We do not recommend using the %USERPASSWORD% variable because it may pose
a security risk.
• %MACHINEDOMAIN%. The domain containing the computer account that represents the physical
client computer.
• %MACHINENAME%. The computer name of the account that represents the physical client computer.
• Add the initial boot image. You must have a boot image before you can perform any deployment
tasks.
• Add an install image. You can add the default image from the operating system media.
• Create a capture image. A capture image is a boot image you use to capture a custom operating
system install image.
MCT USE ONLY. STUDENT USE PROHIBITED
7-18 Supporting PXE-initiated and multicast operating system deployments
For example, if you are applying the install.wim file to a virtual hard disk mounted on the V: drive, you
would run the following command:
2. Import the virtual hard disk into the Windows Deployment Services console. You can import the .vhd
file by following the same method that you use to import a custom .wim file.
3. Create an answer file to deploy the image. You can customize the operating system with an answer
file by following the same method that you use for a .wim file deployment.
Demonstration Steps
o Ensure that both check boxes are checked for Proxy DHCP Server.
Note: You would not see this screen if DHCP is not installed on the server.
Note: If you receive a message stating “The service did not respond to the start or control
request in a timely fashion”, then start the service manually.
2. On the Multicast tab, click the Separate clients into three sessions (slow, medium, fast) option.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Objectives
• Plan the Windows DS environment.
Lab Setup
Estimated Time: 20 minutes
Password: Pa$$w0rd
Exercise 1 is a paper-based lab. The remainder of the exercises will require LON-DC1.
Before you begin, you must complete the following steps:
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 7-21
Supporting Documentation
E-mail from Adam Brooks to Chad Corbitt:
Chad Corbitt
To: chad@adatum.com
Subject: Requirements for the new Windows DS environment needed to deploy new Windows 10
computers
Hi Chad,
We have several new Windows 10 computers that we are deploying within the entire corporation. We
need to configure a Windows DS environment to make the deployment go smooth. We have the image
ready, together with files to automate the deployment and migrate the user state.
All configuration options not specified by the considerations should be left at their default. You need to
consider the following when you design the Windows DS environment:
• LON-DC1 also hosts the Dynamic Host Configuration Protocol (DHCP) server role.
• LON-DC1 has two volumes: Drive C: and drive E:. We do not want to store the Windows DS files and
images together with the operating system.
• The network contains multiple subnets connected with routers that have broadcasts disabled.
• PXE and Multicast transmission needs to be supported. We have some offices where the network
connections do not have the same bandwidth as the newer part of the building. We want the
installation to be as fast as possible for all clients.
• We do not want to create the computer accounts in AD DS before deployment, and we do not want
to delay the deployment by requiring the approval of unknown clients.
• It would be preferable to place the new client computer accounts in the London Clients
organizational unit (OU).
I hope you have everything you need to plan the Windows DS environment.
Thanks, Adam
MCT USE ONLY. STUDENT USE PROHIBITED
7-22 Supporting PXE-initiated and multicast operating system deployments
Server on which to
install Windows DS
Windows DS AD
installation mode
Stand-alone
Option 67
Require
administrator
approval
No
Should multicast be No
supported and if yes,
how should it be Yes 1 speed
configured
2 speeds
3 speeds
DHCP multicast
scope
Windows DS default
Task 1: Read the supporting documentation and complete the design table
• Based on the information in the email, you should be able to complete the Windows DS
Configuration Job Aid that is located in the exercise scenario.
Results: After completing this exercise, you should have filled out the table that leads to a design concept
for the Windows DS deployment to support multiple subnets within the organization. Be sure that the
plan also covers Windows DS configuration requirements.
4. If you receive a message stating “The service did not respond to the start or control request in a
timely fashion”, right-click LON-DC1.Adatum.com, click All Tasks, and then click Start.
MCT USE ONLY. STUDENT USE PROHIBITED
7-24 Supporting PXE-initiated and multicast operating system deployments
o Multicast configuration: Separate clients into three sessions (slow, medium, fast)
3. In the Windows Deployment Services console, create an image group in Install Images named
Windows 10.
4. In the Windows Deployment Services console, add D:\sources\install.wim as an install image to the
Windows 10 install image group.
2. In the Create Multicast Transmission Wizard, use London MultiCast as the name for transmission and
Auto-Cast as the multicast type, and then accept the other default values.
3. Verify that no clients are connected to the London Multicast multicast transmission.
4. When the Installing Windows page appears, and the installation begins, switch to LON-DC1.
5. In the Windows Deployment Services console, click the Refresh button on the toolbar. Notice that
one client is connected.
Results: After completing this exercise, you should have deployed and configured Windows DS to support
the imaging environment. You will have also performed a Windows DS multicast deployment of
Windows 10.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
• Move the client computer and the Windows DS server as close to each other as possible on the
network.
• Have sufficient bandwidth on the network. You may have to upgrade your network infrastructure to
support greater bandwidth and higher throughput. For instance, you may have to upgrade from 100
Mb to 1 Gb, upgrade cabling, use routers or switches instead of hubs, or lower the number of clients
that are able to concurrently access a particular network segment.
• Reduce image size: Because larger images mean longer installation times and greater network strain,
consider creating images that contain minimum customization, drivers, and applications; or consider
creating specialized images for each department, hardware type, or function.
• Use Performance Monitor to identify resource issues on Windows DS servers. The following are useful
counters for diagnosing Windows DS performance:
o PhysicalDisk (Avg. Disk sec/Read, Avg. Disk sec/Write, and Current Disk Queue Length )
• Reduce the number of drivers on individual PCs to reduce the number of potential driver conflicts.
This ultimately streamlines installation and setup times, and improves the reliability of the PC.
• Ensure that there is sufficient memory on the server to handle the demands.
• Use Windows DS together with software deployment tools such as Microsoft Deployment Toolkit or
System Center 2012 R2 Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
7-26 Supporting PXE-initiated and multicast operating system deployments
Tools
Tool Used for Where to find it
Windows PowerShell cmdlets Command line configuration of Installed with the Windows DS
the Windows DS server role on Windows Server 2012
R2
Module 8
Implementing operating system deployment by
using the MDT
Contents:
Module Overview 8-1
Module Overview
The Microsoft Deployment Toolkit (MDT) 2013 Update 2 is a collection of tools, processes, and guidance
that you can use to manage and deploy operating system images. You can use the MDT to perform
lite-touch installations (LTIs), which require little user interaction. You can enhance the LTI deployment
process by integrating MDT with Windows Deployment Services (Windows DS) in the Windows Server
2012 R2 operating system. You can add enhancements to zero-touch installations (ZTIs) by integrating
MDT 2013 Update 2 with Microsoft System Center 2012 R2 Configuration Manager.
Objectives
After completing this module, you will be able to:
• Describe the MDT components and process for a lite-touch deployment strategy.
• Describe how you configure Windows DS to integrate with MDT 2013 Update 2.
MCT USE ONLY. STUDENT USE PROHIBITED
8-2 Implementing operating system deployment by using the MDT
Lesson 1
Planning for the MDT environment
To plan the MDT deployment process, you first must understand the various available integration
strategies. MDT 2013 Update 2 supports LTI, which automates most of the installation process and
requires minimal user interaction to complete. In this lesson, you will learn how to plan the MDT
environment.
Lesson Objectives
After completing this module, you will be able to:
When you use LTI, you start a deployment on each computer, and then configure deployment settings.
This automates the deployment and typically requires no user intervention. The lite-touch occurs when
you start the computer and input customized information, which starts the entire process.
Note: You can preconfigure deployment settings to provide the information that the user
would normally have to provide. This can automate the LTI deployment to the point that the user
needs only to run a command to start the LTI deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-3
Organizations that maintain a standardized environment, but do not have the required infrastructure or
skilled staff for a ZTI, can utilize the functionality in MDT 2013 Update 2 to support LTI scenarios. Then, in
the future, those organizations can use the experience and knowledge their IT personnel gained from LTI,
to migrate to a ZTI environment. ZTIs do not require customized information from an administrator or
user to start the deployment process. When the computers are started, they immediately proceed with the
installation. Furthermore, if you use With Wake-on-LAN technologies, you can start the computers
remotely to begin the process. The ZTI methodology requires a System Center 2012 Configuration
Manager (Configuration Manager) infrastructure as its primary tool.
One of the common purposes for MDT 2013 Update 2 in an LTI or ZTI scenario is to create a reference
image. In this case, you separate the reference-image creation process from the production deployment
process. MDT creates the reference image by capturing a reference computer operating system into a
Windows image (.wim) file. You can configure a particular computer with all of the settings and apps that
you want to deploy to other computers, and then capture it to a .wim file. You then can use the .wim file
as a basis of deployment through MDT, or alter it by adding drivers, packages, and apps by using task
sequences when deployment occurs.
When preparing to use the LTI method, you can divide your preparation into four major tasks:
• Plan the MDT imaging strategy. Your imaging strategy will determine how you build the MDT
management computer.
• Install the prerequisites and MDT 2013 Update 2 and the Windows Assessment and Deployment Kit
(Windows ADK) for Windows 10, both of which are free downloadable solution accelerators from
Microsoft. The LTI method has fewer prerequisites than other installation strategies.
• Create the deployment share. The deployment share is the repository for all of the deployment files.
• Create and customize the task sequences. You can use task sequences to automate the build and
deployment processes.
Considerations Overview
Where will you store your distribution LTI deployment files are stored in the MDT deployment
files? shares. ZTI and user-driven installation deployments
integrate with System Center 2012 Configuration Manager,
which stores most of these files on distribution points.
Depending on your environment, you might need to have
multiple deployment shares.
Will you deploy across the network, or If you are deploying across the network, verify that there is
with removable media, or both? Will sufficient bandwidth between the deployment shares or
you use multicast deployments? distribution points, and target computers.
What is your imaging and source-file You can create .wim files containing multiple images or
strategy? single images. Additionally, you might decide to include
applications in your images.
Will you deploy the image from the The packaged Windows Media file contains the Install.wim
packaged Windows Media file, or will file, which is the basis for all Windows operating system
you create custom images? installations. Typically, you use the Install.wim file to deploy
the reference computer, and you then use the reference
computer to create custom images for installation on client
computers. The custom image output will be a .wim file
that you name intuitively, depending on its purpose.
Will you need to create custom boot Although the Boot.wim file included with the Windows
images? media will work in the majority of cases, boot images are
hardware-dependent, and you might need to customize
them for mass storage drivers or network drivers.
How are you going to manage Depending on your organization’s size, you might use
product keys and licensing? individual product keys or volume license keys. You need to
consider providing licensing services and activation
procedures, as well.
Are you going to allow users to choose You can choose between LTI, ZTI, and user-driven
any installation parameters? installation deployments. The latter allows you to specify
the level of control that you want users to have over the
operating system deployment.
How will you allow apps to deploy? Apps can be imbedded in the image as part of the
deployment or selected at deployment time or you can let
users install apps post-deployment. Keep in mind that users
would need local administrator rights to install apps
manually.
Are you going to migrate user-state When replacing existing computers, you might want to
settings? save and restore local user settings throughout the
deployment process.
Do you want to back up the When refreshing computers with a new operating system,
computers prior to deployment? you might want to back up the computer prior to
deployment. The amount of storage space required for this
will influence your decision.
Do you want to use Windows When deploying to laptops or tablets, you might want to
BitLocker Drive Encryption? use BitLocker to protect or encrypt laptop or tablet drives
in case they are stolen or lost.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-5
Considerations Overview
Will you deploy 32-bit or 64-bit If you deploy multiple operating architectures, this
architectures, or both? increases the amount of hard drive space required on the
deployment share.
Will you deploy multiple editions of If you deploy multiple operating system editions, this can
the Windows operating system? increase the amount of hard-drive space that the
deployment share requires.
What deployment scenarios are you You can deploy operating systems to new systems, migrate
planning? existing computers (replacement scenario), or install
operating systems on existing computers (refresh scenario).
o .NET Framework 3.5 Service Pack 1 (SP1) for Windows 8, Windows 8.1, and Windows 10
o .NET Framework 4.0 for Windows Server 2012 and Windows Server 2012 R2
o Windows PowerShell 2.0 or newer for Windows 8, Windows 8.1, and Windows 10
o Windows PowerShell 3.0 for Windows Server 2012 and Windows Server 2012 R2
Additionally, you will need the following server roles in your environment:
Optionally, you can integrate the MDT with a Windows DS server. You also can deploy software updates
from Windows Updates or Windows Server Update Services (WSUS) as part of a custom task sequence.
These updates install when you deploy the target system. In this scenario, you must provide a WSUS
infrastructure before using this task sequence. You can use the Install Updates Offline task sequence to
create a selection profile to specify which particular updates to deploy.
• Applications. This folder contains application files for installation through MDT task sequences.
• Control. This folder contains task sequences in subfolders and control files, such as the
CustomSettings.ini and Bootstrap.ini files.
• Operating Systems. This is the default location for imported operating system install images.
• Out-of-Box Drivers. This is the default location for storing non-Microsoft drivers. This will typically be
used to store vendor-issued drivers that you have gathered for specific computer models or devices.
This location becomes a driver repository for Plug and Play (PnP) during deployment.
• Packages. This is the default location for operating system packages, such as security updates or
language packs.
• Scripts. This contains the default MDT scripts.
• Servicing. This contains x86 and x64 tools such as DISM.exe, ImageX.exe and various provider
DLL files.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-7
• Templates. This contains the MDT 2012 Security Compliance Manager Group Policy Object (GPO)
packs.
• Tools. The default location for the MDT tools that you can use with ZTI deployments.
Some of these folders appear in the MDT Deployment Workbench, such as Applications, Operating
Systems, Out-of-Box-Drivers and Packages.
You can use the MDT Workbench or Windows PowerShell MDT cmdlets to create and manage task
sequences. When using the MDT task sequences, ensure that all of the deployment steps happen in the
correct order. The following list provides an overview of the components that make up a task sequence:
• Task steps. These steps define the individual actions in the task sequence. Task steps can consist of
actions and conditions.
• Actions. These are the actual commands performed in the task steps. There are two types of actions:
built-in, and custom.
• Built-in action. This is a predefined step, such as partitioning a hard drive, which a task sequence can
perform.
• Custom action. This is a script or command, which the administrator provides, that the task sequence
can perform.
• Conditions. These are parameters within a task step or task group to determine if the step or group
should be processed.
MDT 2013 Update 2 also has several task sequence templates that cover common deployment scenarios.
You can use these templates directly or modify them for particular requirements. The next lesson will
discuss the available templates.
MCT USE ONLY. STUDENT USE PROHIBITED
8-8 Implementing operating system deployment by using the MDT
Which of the following operating systems can MDT 2013 Update 2 deploy? Choose
all that apply.
Windows 10
Windows 7
Windows Vista
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
You can install only MDT 2013 Update 2 on client computers running
Windows 8 or newer operating systems.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-9
Lesson 2
Implementing MDT 2013 Update 2
By using MDT, you can automate and customize your organization’s computer deployment. You can
configure MDT to specify different actions for different types of deployments and the operating systems
that are deployed. For example, you can specify the user data and apps that are on the operating system,
and any updates or drivers they contain. In this lesson, you will learn how to configure and use MDT.
Additional Reading: For more information, refer to Get started with the Microsoft
Deployment Toolkit (MDT): http://aka.ms/Ruvrsi.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the advanced configuration and monitoring options for MDT 2013 Update 2.
After installing the MDT, the next step is to start the Deployment Workbench and begin configuring the
MDT environment. In the Deployment Workbench, you should configure the Components container first.
The Components container displays the status of the MDT components. Some components will display as
already installed, and some may show as required. Required components will need to be downloaded and
installed. If you are connected to the Internet, you can highlight any component, and then click
Download to download the component for installation.
After the initial installation is complete, you need to create your first deployment share. The deployment
share is created as a physical structure on a hard drive, and most of the deployment share folders on the
hard drive are directly represented as folders in the Deployment Workbench. In addition to the default
folders, you can create subfolders through the Deployment Workbench to keep your objects organized.
You can create multiple deployment shares to support multiple deployment configurations, if desired. You
may also create deployment shares on alternate servers across a wide area network (WAN) connection,
especially when you have limited bandwidth. To create a new deployment share, right-click the
Deployment Shares node, click Create New Deployment Share, and then complete the steps in the
New Deployment Share Wizard.
1. Install the MDT, create a deployment share on the management computer, and then import the
source files that you want to use.
2. Create a task sequence and boot image for the reference computer.
4. Boot the reference computer with the MDT media. This will provide access to the task sequence files,
the task sequence, and the boot image to the reference computer.
5. Run the Deployment Wizard to install the operating system on the reference computer, and capture
an image of the reference computer.
7. Create the boot image and task sequence to deploy the captured image to target computers.
10. Run the Deployment Wizard to install the operating system on the target computer.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-11
Demonstration Steps
Install MDT 2013
1. On LON-SVR1, open File Explorer, and then browse to \\LON-DC1\Labfiles\MDT2013.
2. Install MicrosoftDeploymentToolkit2013_x64.msi.
3. Complete the Microsoft Deployment Toolkit 2013 Update 2 (6. 3.8330.1000) Setup Wizard with the
default settings.
2. Run adksetup.exe as an administrator, and then install Windows ADK. When prompted to add or
remove features, click Continue.
3. On the Select the features you want to install page, select the check boxes next to Deployment
Tools, Windows Preinstallation Environment (Windows PE), and User State Migration Tool
(USMT). Clear the checkbox on any other components, and then click Change.
4. Complete the Assessment and Deployment Kit Wizard, and then close File Explorer.
3. Examine each tab in the MDT Deployment Share (C:\DeploymentShare) Properties dialog box.
4. Close the MDT Deployment Share (C:\DeploymentShare) Properties dialog box.
The Bootstrap.ini file and the CustomSettings.ini file are organized into sections. The first section is the
Settings section, which defines the file’s contents, including:
• Priority. Specifies the sections to process during deployment and the order in which to process them.
This property is in both the Bootstrap.ini file and the CustomSettings.ini file.
• Properties. Specifies the variables that you are defining for use in the file. This property is in the
CustomSettings.ini file only.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-13
Additionally, each of the files contains the Default section, which stores the default properties when you
create a deployment share.
• SkipDomainMembership=YES
Tells the Deployment Wizard to skip the Join the computer to a domain or workgroup page.
• JoinDomain=<domain>
• DomainAdmin=<adminaccount>
Specifies the account to use to join the domain. This account must be a member of the Domain
Admins group in the <domain>.
• DomainAdminDomain=<domain>
The domain of which the DomainAdmin account is a member.
• DomainAdminPassword=<adminpwd>
• UserDomain=<domain>
The domain that contains the user account that can connect to the deployment share.
• UserID=<username>
The user account name of the user who is allowed to connect to the deployment share.
MCT USE ONLY. STUDENT USE PROHIBITED
8-14 Implementing operating system deployment by using the MDT
• UserPassword=<password>
The password for the user account that can connect to the deployment share.
Additionally, the Bootstrap.ini file can contain a property to skip the initial Welcome screen,
SkipBDDWelcome, or to specify the keyboard language, KeyboardLocalePE. You must configure both
the SkipBDDWelcome and KeyboardLocalePE properties in the Bootstrap.ini and CustomSettings.ini file
to function properly.
Database option
As an alternative to using the CustomSettings.ini text file, you can prestage your Windows 10 deployment
information in a Microsoft SQL Server 2014 SP1 Express database. You then can use the database to
specify data, such as computer names, IP addresses, apps that you want to deploy, and many other
settings, to those operating systems that you are deploying.
You also can use a full version of a SQL Server, but this will require additional licensing. We recommend
using the free SQL Server 2014 SP1 Express version, because most deployment databases are small, even
in large enterprise environments.
You configure the database option for the MDT in the Deployment Workbench. Go to the Database node
in the Advanced Configuration node under Deployment Share. In the Database node of the
Deployment Workbench, you can use the New DB Wizard to add information about the deployment
database, including the server name, database name, instance, and the port number. This wizard contains
the following configuration pages:
• SQL Server Details. Add the SQL Server name and instance, and the network library type. The default
type of network library is Named Pipes. Microsoft recommends using Named Pipes, because it
works well with Windows Preinstallation Environment (Windows PE).
• Database. Use an existing database, create a new database, or create tables and views in an existing
database. In most cases, you would create a new database.
• SQL Share. When Windows PE is running, it needs to communicate with the server that is hosting the
database. By default, this communication is through Windows integrated security, so you must map a
drive directly to establish a secure connection. The communication type is Server Message Block
(SMB) and SQL named pipes. However, the purpose of this share is to authenticate to the SQL Server.
This is required only if you use named pipes as the network library. You use named pipes because
they are easier to authenticate using a share. If you select TCP/IP as the network library, the
connection string would have to include a user name and password, which, in turn, must be written
somewhere in plain text. If you are using SQL Server 2014 SP1 Express that is running on your MDT
server, you can use the default MDT share, DeploymentShare$.
You also can configure database rules by using the Configure DB Wizard, which walks you through the
following configuration pages:
• Computer Options. Add several computer-related queries, such as computer-specific settings, role
assignments, apps to be installed, and other options.
• Location Options. Add location-related queries, such as location names based on default gateways
or other location-specific settings.
Additional Reading: For more information, refer to Microsoft Deployment Toolkit (MDT):
http://aka.ms/N4twrh.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-15
• Standard Client Replace Task Sequence. Use to back up a client system completely, including the
user state data, and then wipe the disk before deploying an operating system.
• Standard Client Upgrade Task Sequence. Use to automate the process of upgrading a PC currently
running Windows 7, Windows 8, or Windows 8.1 to Windows 10.
• Litetouch OEM Task Sequence. Use to preload operating system images on computers in a staging
environment prior to deploying the target computers in the production environment. Typically,
computer original equipment manufacturers (OEMs) use this template.
• Standard Server Task Sequence. Use to create the default task sequence for deploying server
operating system images to servers.
• Standard Server Upgrade Task Sequence. Use to automate the process of upgrading a server
currently running Windows Server 2008 or newer Windows Server operating system to Windows
Server 2016.
• Post OS Installation Task Sequence. Use to perform tasks after you deploy an operating system to a
target computer, such as enabling Windows Update.
• Deploy to VHD Client Task Sequence. Use to deploy an operating system to a target computer’s
virtual hard disk for Boot from VHD installations on client computers.
• Deploy to VHD Server Task Sequence. Use to deploy an operating system to a virtual hard disk on
a target computer for Boot from VHD installations on servers.
• Custom Task Sequence. Use to create a customized task sequence. A custom task sequence has only
one task available after creation—the Install Application task. However, you can add other tasks to
the task sequence.
After you create a task sequence, you can further customize each task in the task sequence. You also can
add new tasks to the task sequence.
MCT USE ONLY. STUDENT USE PROHIBITED
8-16 Implementing operating system deployment by using the MDT
Demonstration Steps
2. Use the New Task Sequence Wizard to create a task sequence with the following information:
o Organization: Adatum
o Administrator password: Pa$$w0rd
3. In the Upgrade the Operating System section, edit the Inject Drivers task step to use the Nothing
selection profile.
Lpksetup.exe
Lpksetup.exe is a tool that allows you to perform unattended or silent-mode language pack operations,
and runs only on online Windows operating systems. You can install or uninstall specified language packs.
You can run Lpksetup.exe in silent mode to suppress the user interface while the install or uninstall
operation occurs, or you can manually run the tool after installation from Control Panel. If you are
performing an unattended installation, you first must download the language pack that you wish to
install. If you are using Control Panel, the language pack that you specify will be downloaded
automatically.
The following code example installs all language packs from a given installation media as defined in the
path:
2. Add a RunSynchronous command to the pass in which you want to install the language pack. For
the command, specify the command-line options that you intend to use. For example, to install the
German language pack from the Windows\Langpacks folder, type:
The Lpksetup.exe tool requires administrator privilege to run. The RunSynchronous command must run
in an account that has administrator privilege. Running Lpksetup.exe during unattended installations is
supported only in the following configuration passes:
• auditUser
• oobeSystem
MCT USE ONLY. STUDENT USE PROHIBITED
8-18 Implementing operating system deployment by using the MDT
Note: The language pack version must match the operating system version you are
installing. For example, if you are installing Windows 10 Enterprise Version 1511, then the
language pack must be version 1511. If the versions do not match, then the language pack
deployment will fail.
SkipPackageDisplay=YES
LanguagePacks1={guid_for_lp1}
LanguagePacks2={guid_for_lp2}
Note: You can view the GUID of a language pack in the Details pane in the Packages node
in the Deployment Workbench.
You can install multiple language packs when deploying the Enterprise editions of the Windows client and
Windows Server operating systems. When deploying other editions of Windows operating systems, you
can select only one language pack because of Windows licensing restrictions.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-19
2. After you connect to the deployment share, from the Welcome page, you can:
o Run the Deployment Wizard to install a new operating system, which starts the Windows
Deployment Wizard.
o Run the Windows Recovery Wizard, which starts the Windows Recovery Environment.
Choosing the Run the Deployment Wizard to install a new operating system involves the following steps:
1. The Credentials dialog box appears. If you have not configured the Bootstrap.ini file with user
credentials for accessing the deployment share, you will be prompted to enter them.
2. The CustomSettings.ini file is processed. The CustomSettings.ini file includes settings for
preconfiguring and skipping Windows Deployment Wizard pages, including skipping the wizard
altogether.
3. The Task Sequence page appears. After you apply the CustomSettings.ini file settings, the Windows
Deployment Wizard presents the available task sequences.
After you choose a task sequence, the Windows Deployment Wizard will proceed to show the pages that
are appropriate for the type of deployment and task-sequence template used. Settings in the
CustomSettings.ini file could prevent certain pages from displaying.
When you perform a new computer deployment by using a task sequence based on the standard client-
task sequence and a default CustomSettings.ini file, the Windows Deployment Wizard will present the
following pages:
• Computer Details. This page allows you to specify the Computer name, Join a workgroup, or Join
a domain, and if joining a domain, the information required to join the domain.
• Move Data and Settings. If the computer had an existing operating system, you could choose to
Move the user data and settings to a specified location.
• User Data (Restore). If you have previously used the Move the user data and settings option as
part of a computer migration, you can specify the location on this page.
• Locale and Time. This page allows you to specify the language and time settings for your
deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
8-20 Implementing operating system deployment by using the MDT
• Ready. If you click the Details button on this page, you can review all the settings that you have
configured. If you need to change anything, you can use the Back button to return to the
appropriate page. When the settings are correct, you click Begin to start the deployment.
The Deployment Workbench has a Troubleshooting Reference document in the Documentation node of
the Information Center. There are numerous troubleshooting articles on the Internet based on the MDT
function, such as apps installation, deployment shares, driver installation, and Sysprep. The
Troubleshooting Reference document also contains a list of error codes, and descriptions of what they
mean. Additionally, it contains flowcharts on both the LTI and ZTI deployment processes. A section on
logs explains what information the logs contain and how to read them.
MDT creates and updates several logs, such as the BDD.log and the smsts.log. By default, these logs are
stored on the computer that the operating system is being deployed to. You can configure these logs to
be stored on a network share to make them more accessible. Two types of logging are available:
• Standard logging stores all the logs on a network share at the end of the deployment.
• Dynamic logging writes only the BDD.log file, but writes it in real time during the deployment.
To perform standard logging, add the following entry to the Default section of the CustomSettings.ini file:
SLShare=\\servername\share
To perform dynamic logging add the following entry to the Default section of the Customsettings.ini file:
SLShareDynamicLogging=\\servername\share
Note: CMtrace.exe is a tool for viewing the MDT logs in a more readable form, showing live
data being written to the logs. This tool is part of the System Center 2012 R2 Configuration
Manager Toolkit, and is available from the Microsoft Download Center as well.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-21
MDT has a monitoring feature that the Deployment Workbench and MDT scripts support. You can use the
Monitoring node in the Deployment Workbench to view the deployment process.
Selection profiles
Selection profiles allow you to create groups of folders in the Deployment Workbench. You can use any
folder that contains at least one item, including Applications, Operating Systems, Out-of-Box Drivers,
Packages, and Task Sequences. Once you create your selection profiles, you can use them in several
different locations, including:
• The Deployment Share Properties dialog box, on the Windows PE tab, in the Drivers and Patches
tab. Here you can specify the selection profile to limit the drivers that will be added to the Windows
PE boot image.
• An Inject Drivers task step. You use the selection profiles in this step to control the drivers that will be
available for a particular task sequence.
• An Apply Patches task step. You use the selection profiles in this step to control the update packages
that will be installed.
• The New Media Wizard. Here you can use the selection profiles to control the Applications, Operating
Systems, Out-of-Box Drivers, Packages, and Task Sequences folders that deploy with standalone
media.
• The New Linked Deployment Share Wizard. Here you can use the selection profiles to control the
linked content.
The following table details the six selection profiles that are created by default.
All drivers Contains all folders from the Out-of-Box Drivers item
All drivers and packages Contains all folders from the Packages and Out-of-Box Drivers items
Sample A sample selection profile that contains folders from the Packages and
Task Sequences items
Media
You can use the Media item to create LTI media for standalone deployment media, which enables you to
perform an LTI deployment without contacting the server. You can create media and place it on a DVD,
USB drive, or other portable media. You can control the contents of the standalone media by choosing
the appropriate selection profile when you start the New Media Wizard.
Database
By default, the variables that you use with your task sequences are stored in CustomSettings.ini. As your
deployments grow more complex, the conditions that you define in the CustomSettings.ini file might
become too numerous to manage effectively. To address this challenge, you can create a SQL Server
database to store the conditions that you want to define. After creating the database, you run the
Configure DB Wizard to configure the CustomSettings.ini file to use the MDT database.
• Updating the CustomSettings.ini file with the EventService property, and a value of
http://<Management Computer>:9800. This connection does not require Microsoft Internet
Information Services (IIS). It uses features from the .NET Framework to provide the http functionality.
After you enable the monitoring feature, you can monitor deployments by using the Monitoring node in
the Deployment Workbench. You will need to refresh the Monitoring node periodically.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Question: What do you have to do to allow the addition of language packs by using the
Deployment Wizard?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-23
Lesson 3
Integrating Windows DS with MDT
You can use Windows DS to enhance the MDT deployment process. In Module 7 of this course, you
reviewed Windows DS. In this lesson, you will learn how to configure MDT and Windows DS integration.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe how to create and import an MDT boot image into Windows DS.
Change:
DeployRoot=\\<ServerName>\DeploymentShare$
to:
DeployRoot=\\%WDSServer%\DeploymentShare$
After you make this change, you need to recreate the LTI boot images by updating the deployment share.
After that process completes, you import the LTI boot images into Windows DS.
There are many scenarios where integrating Windows DS and MDT is beneficial. You can add the LTI boot
images, which allows Windows DS to initiate LTI deployment automatically by starting the LTI boot image
after an administrator or user starts the system. Another example is the ability to use a Windows DS image
when creating task sequences. This means that the images created in either MDT or Windows DS are
interchangeable.
In an LTI deployment scenario, MDT cannot use prestaged computer accounts. However, you can utilize
prestaged computer accounts by using Windows DS in conjunction with MDT.
MCT USE ONLY. STUDENT USE PROHIBITED
8-24 Implementing operating system deployment by using the MDT
One of the highlights of Windows DS is the ability to perform multicast deployments. This means that
multiple computers can receive a single copy of an image. Using multicast can significantly reduce the
amount of bandwidth that your network’s deployment services consume when you are performing
multiple simultaneous deployments. MDT supports multicasting when you install both MDT and the
deployment share on the computer that is running the Windows DS role, or when you install them on
another computer that has access to administrate the Windows DS server remotely by using the WDSUTIL
command-line tool.
1. In the Out-of-Box Drivers folder, create any necessary subfolders, and then import the new device
drivers. There might be network adapter drivers that you must inject for the particular device.
2. In the Advanced Configuration node, create or modify the Selection profile that you want to use
for the LTI boot media.
3. Open the Deployment Share Properties dialog box, click the Windows PE tab, click the Drivers
and Patches tab, and then select the desired Selection profile. Configure this setting for both
platform types.
4. Click the Features tab, and then select any desired additional features. Configure these settings for
both platform types.
5. Click the General tab, ensure that the check boxes are selected to create both a Windows image file
and an International Organization for Standardization (ISO) file. Configure this for both platform
types.
6. When the Windows PE configuration is complete, click OK to close the dialog box.
7. Right-click Deployment Share, and then click Update Deployment Share to generate the new LTI
boot images.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-25
2. Start the Server Manager, and then in the Tools menu, click Windows Deployment Services.
3. Expand the server container, click Boot Images, and then click Add Boot Image.
5. Provide a name and description on the Image Metadata page, and then complete the wizard.
• Use a deployment server that has Windows Server 2008 R2 or newer installed.
You can enable multicast for MDT on the General tab of the Deployment Share Properties dialog box
in the Deployment Workbench. It is disabled by default.
Note: The Network (UNC) path text box and the Local Path text box on the General tab
must contain valid paths for multicasting to function properly.
After the configuration is complete, an Auto-Cast Windows DS multicast transmission that uses the MDT
deployment share is created. An Auto-Cast Windows DS Multicast transmission starts when the first client
connects, and other clients will join the stream in progress. You can use multicast only with operating
system image .wim files, and not boot.wim files.
MCT USE ONLY. STUDENT USE PROHIBITED
8-26 Implementing operating system deployment by using the MDT
When an installation is running, the Installation Progress dialog box will show Multi-Cast Transfer while
the Install Operating System action is running.
After you deploy a computer by using multicast, verify that the operating system was downloaded from a
multicast transmission by examining the BDD.log file in the \Windows\Temp\DeploymentLogs folder. You
will find two entries in the logs folder, both beginning with Multicast transfer. Check them to verify a
successful transfer.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
A. Datum has not had a major client-system deployment since you were hired, and Cora wants a fresh pair
of eyes to look at the process. You know that all the client systems had to be reimaged in London
recently, and that the reimaging did not go as smoothly as desired. Therefore, you will evaluate MDT 2013
Update 2 and use it to create reference images for deployment throughout your organization. You will
assist in the planning and implementing the solution, and then update the MDT planning job aid that
explains your choices.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 130 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
2. In Microsoft Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
6. You also will use 20695C-LON-REF1, but you only need to bring up its virtual-machine connection.
Do not start this virtual machine until instructed to do so.
MCT USE ONLY. STUDENT USE PROHIBITED
8-28 Implementing operating system deployment by using the MDT
From: Cora Bauer [cbauer@Adatum.com] Sent: 17 Dec 2:30 PM To: Robert Bevins [rbevins@adatum.com]
Subject: Re: Automated Windows 10 deployment
Robert,
You know my philosophy on this, keep it uncomplicated, and reduce the opportunity for errors. I know
there were a few complaints when we had to reimage several systems in London after that virus outbreak,
but the company policy remains: all A. Datum–related files are to be stored on a server. Since we use
roaming profiles, I do not see the need to migrate profiles for users. Since there is nothing critical on the
client systems, I do not think we need to worry about that feature either. None of the users have BitLocker
Drive Encryption enabled.
For the time being, we are going to continue deploying apps to the client systems post installation. Unless
purchasing changes their policies, we do not want to deploy any apps until the requesting department
has secured their licenses.
As for the rest of the features, I like the idea of deploying from a central image. Since we are not giving
the users local administrative rights, we need to include any drivers they might need, for instance the
IntelliPoint drivers for the Microsoft pointing devices we use in our department. You can use the server
named LON-SVR1 to host the deployment share. The LON-DC1 computer has the 64-bit Windows 10
evaluation ISO file on it. You just need to make a custom image based on these criteria. If we eventually
tie in MDT to Windows DS, we also will need custom boot images.
Keep in mind that not all the custom apps have been tested in a 64-bit environment yet. If anything else
comes up, just use your best judgment and we can discuss it at the next meeting. While we do not need
to use the Windows DS role in our test environment, install it on LON-SVR1 and set it to provide
multicasting.
Thanks,
Cora
----- Original Message ----- From: Robert Bevins [rbevins@adatum.com] Sent: 17 Dec 11:15 AM To: Cora
Bauer [cbauer@Adatum.com] Subject: Re: Automated Windows 10 deployment
Cora,
I have had a chance to download the Microsoft Deployment Toolkit 2013 Update 2. I am not sure if you
are aware of all the features in the Toolkit. Besides deploying Windows 10, we could do the following:
• Partially Automated Deployment of Windows 10 (Lite-Touch)
• Deploy Apps
I know you want a report at the next department meeting. Do you have a preference as to which features
we should evaluate before then?
Thanks,
Robert
----- Original Message ----- From: Cora Bauer [cbauer@Adatum.com] Sent: 15 Dec 09:30 AM To: Robert
Bevins [rbevins@adatum.com] Subject: Automated Windows 10 deployment
Robert,
As discussed in the last planning meeting, we are looking at rolling out Windows 10 next quarter. I want
you to download the latest version of the Microsoft Deployment Toolkit and evaluate it for use in
automating the deployment of Windows 10.
Thanks,
Cora
Question Answer
Question Answer
Results: Students will have a plan that outlines how they will configure MDT at the London location
3. Complete the Microsoft Deployment Toolkit 2013 Update 2 (6.3.8330.1000) Setup Wizard with the
default settings.
2. Run adksetup.exe as an administrator, and then install Windows ADK. When prompted to add or
remove features, click Continue.
3. On the Select the features you want to install page, select only the check boxes next to
Deployment Tools, Windows Preinstallation Environment (Windows PE), and User State
Migration Tool (USMT), and then click Change.
4. Complete the Assessment and Deployment Kit Wizard, and then close File Explorer.
Results: After completing this exercise, you should have installed MDT 2013 Update 2 and Windows ADK
for Windows 10 on the technician server.
5. Modify the customsettings.ini file to store log files, and skip unused pages in the Deployment Wizard.
2. In the Deployment Workbench, from the Operating Systems folder, click Import an Operating
System.
3. Use the Import Operating System Wizard to import a full set of source files from drive D into the
Windows10x64 folder.
3. Use the Import Driver Wizard to import all of the drivers from \\LON-DC1\Labfiles\Drivers
\point64.
o Organization: Adatum
o Administrator Password: Pa$$w0rd
4. Select the Task Sequences\Windows 10 node, right-click the Deploy Windows 10 task sequence,
and then click Properties.
5. Under Preinstall, edit the Inject Drivers task step to use the Nothing selection profile.
Task 5: Modify the customsettings.ini file to store log files, and skip unused pages in
the Deployment Wizard
1. Open the properties of the MDT Deployment Share (C:\DeploymentShare), and then click the
Rules tab.
Note: Because you are deploying to new computers, do not back up computers, invoke
BitLocker, or migrate any user data. You will configure the CustomSettings.ini file not to display
those pages in the Deployment Wizard. You will also save the deployment log files to a network
share.
o SkipUserData=YES
o SLShare=\\Lon-DC1\Labfiles\DeployLogs
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 8-33
2. Open the Windows Deployment Services Snap-in, expand the list of servers until LON-SVR1 appears,
and then right-click and configure LON-SVR1 with the following options:
o PXE Server Initial Settings: Respond to all client computers (known and unknown)
o Clear the Add images to the server now check box on completion
3. Add the install.wim file from the deployment share (C:\DeplaymentShare\Operating Systems
\Windows10x64\Sources\Install.wim) to the Install Images node.
3. On the Windows PE tab, do not generate a Lite Touch bootable image for the x86 platform.
4. Right-click the MDT Deployment Share (C:\DeploymentShare),, and then click Update
Deployment Share.
6. Return to the Windows Deployment Services and check that a multicast transmission named MDT
Share DeploymentShare$ auto-cast transmission has been created.
Results: After completing this exercise, you should have ensured that the deployment share is ready
to use.
1. Start the reference computer, and complete the Windows Deployment Wizard.
2. Review the deployment summary, and verify the capture of the reference computer.
Task 1: Start the reference computer, and complete the Windows Deployment
Wizard
1. Modify the settings of the 20695C-LON-REF1 virtual machine on the localhost to insert the
D:\Program files\Microsoft Learning\20695\Drives\LiteTouchPE_x64.iso into the DVD drive.
2. Start 20695C-LON-REF1.
3. After the system starts, click Run the Deployment Wizard to install a new Operating System.
Task 2: Review the deployment summary, and verify the capture of the reference
computer
1. On LON-REF1, verify that the Deployment Summary window displays Success - Operating system
deployment completed successfully.
2. Click Finish.
6. Close all open windows, and then sign out of all virtual machines.
Results: After completing this exercise, you should have deployed and captured a reference computer.
2. In the Virtual Machines list, right click 20695C-LON-DC1, and then click Revert.
• Create folders in the Out-of-Box-Drivers node to organize all your vendor or model-specific drivers.
• Use Profile Selections to deploy only the required drivers to a given hardware configuration.
• Build thin images and apply applications on demand through the applications node. This will allow
you to keep the application current as updates and patches are released, without having to rebuild
the image.
Module 9
Managing operating system deployment
Contents:
Module Overview 9-1
Module Overview
You can use the operating system deployment feature in Microsoft System Center Configuration Manager
(Configuration Manager) to create operating system images that you can deploy to both unmanaged
computers and those that Configure Manager manages. Several scenarios exist in which you can deploy
operating systems by using Configuration Manager, including when you work with new systems or when
you upgrade existing systems. Operating system deployment uses both Configuration Manager and
Windows components to manage and deliver operating system images. You can configure settings on a
reference computer prior to capturing an image of its operating system or by using task sequences that
Configuration Manager creates after you deploy the image to a target system.
Objectives
After completing this module, you will be able to:
• Describe the terminology, components, and scenarios used to deploy operating systems by using
Configuration Manager.
• Describe how to prepare a site for operating system deployment.
Lesson 1
Overview of operating system deployment
Operating system deployment in Configuration Manager is a set of technologies that focuses on the
complete end-to-end deployment of operating systems. You can configure an operating system
deployment to occur with minimal or no user interaction. In this lesson, you will learn about the operating
system deployment feature and the terminology and scenarios associated with it.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the various operating system deployment scenarios that Configuration Manager supports.
• Describe the server roles for the operating system deployment process.
• Describe the Unified Extensible Firmware Interface (UEFI) considerations for operating system
deployment.
• The Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. The Windows ADK
for Windows 10 is a collection of tools and documentation that can help you to deploy Windows
Server and Windows client operating systems. Before you install Configuration Manager, you must
download and install the Windows ADK for Windows 10.
• Task sequences. Task sequences enable performing multiple commands or tasks on a computer with
little or no user intervention. Task sequences do not represent a full scripting language.
• Operating system image deployment. By using operating system image deployment, you can place
an operating system image on a destination computer. You can use several methods to deploy
images across a network or from removable media, such as CDs, DVDs, or USB flash drives.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-3
• User state migration. You can capture and restore user state information by using the User State
Migration Tool (USMT) 10. The Windows ADK for Windows 10 includes USMT 10, which supports the
following operating systems:
o Windows 10
o Windows 8.1
o Windows 8
o Windows 7
Additional Reading: For more information about how to manage enterprise operating
systems with Configuration Manager, refer to Manage enterprise operating systems with System
Center Configuration Manager: http://aka.ms/Xz0qx9.
Image Boot image The Windows Preinstallation Environment (Windows PE) 10 image
that you can use to start a computer for operating system
deployment actions.
.wim file A compressed collection of files and folders that contain a copy of
the files and file structure from the source computer for an image
that you capture by using operating system deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
9-4 Managing operating system deployment
Task Task sequence A step that performs a single task, such as:
step • Format and Partition Disk
• Apply Windows Settings
• Apply Device Drivers
Task sequence steps run entirely on a destination computer and
never on a Configuration Manager site system.
Task sequence A collection of one or more task sequence steps. For example, the
group Install Operating System task sequence group might include the
following task sequence steps:
• Restart in Windows PE
• Format and Partition Disk
• Apply Operating System
• Apply Windows Settings
• Apply Network Settings
• Apply Device Drivers
Task sequence A series of one or more task sequence steps or groups that run
administrator-specified actions. You use task sequences with
operating system deployment to:
• Deploy an operating system to source computers.
• Capture an operating system image from a reference computer.
Driver Windows A set of files consisting of an information file (.inf file) and one or
device driver more additional files that install a device driver.
(or driver) For example, this might be the settings and drivers for a particular
video card or for a particular chipset on a motherboard.
Driver package A Configuration Manager package that contains the content for
one or more device drivers.
Computer Reference A fully configured computer from which you generate a .wim file
computer that you can use to distribute operating system images to
destination computers.
Other Windows PE 10 A lightweight version of Windows 10 that you can use to provide
an operating system environment in which to run the task
sequence steps for operating system deployment.
System A Windows tool that you can use to prepare an image for
Preparation deployment to multiple destination computers. Sysprep
Tool (Sysprep) generalizes a reference computer by removing computer-specific
information, such as security identifiers, network addresses, and
the computer name. When you deploy a generalized image to
other computers, they establish their own identity and do not
duplicate the identity of the reference computer.
Note: Sysprep does not generalize the Configuration Manager
client. Therefore, you should uninstall the client from a reference
computer before you capture it.
• Operating system refresh. Use Configuration Manager to install a supported operating system on a
computer system with an existing operating system. In an operating system refresh scenario, you do
not save any data on a client system. You only install a new operating system.
• In-place upgrade. Use Configuration Manager to perform an operating system refresh and save user
data that is on the system you are refreshing. An in-place upgrade provides you with the tools to
automate saving data from a client system before the refresh occurs. You can then use tools to
restore data after the operating system refresh is complete.
• Side-by-side migration. When you replace a user’s computer with a new computer, you can use a
side-by-side migration to save the old system’s data; install an operating system on the new, bare-
metal computer; and then restore the data to the new system. This method requires that the old
computer be a Configuration Manager client and that you link the new computer to the old
computer by using a computer association in Configuration Manager.
The following table provides information about the various initiation methods and their respective
scenarios, dependencies, advantages, and disadvantages.
Typical
Initiation method Dependencies Advantages Disadvantages
scenarios
PXE boot • Bare-metal You must install This method works Optional PXE
installation Windows well when no user deployments
Deployment is present at the require user
• Side-by-
Services (Windows destination intervention.
side
DS) on a computer, such as You need to
migration
distribution point. in datacenter consider the
• Operating You must enable environments. implications when
system the PXE This method works the Dynamic Host
refresh configuration for with bare-metal Configuration
the distribution computers and Protocol (DHCP)
point on which requires no service is on the
you install physical media. same server with
Windows DS. the PXE-enabled
You must also distribution point.
configure all
intervening
firewalls to allow
PXE traffic.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-7
Typical
Initiation method Dependencies Advantages Disadvantages
scenarios
Standalone media • Bare-metal This method uses This method works The media must
installation removable media well for computers contain all the
such as a USB that connect to necessary
• Operating
flash drive, CD, or the Configuration installation files
system
DVD, which will Manager site with and device drivers.
refresh
contain the a low-bandwidth No way exists to
necessary connection. set an expiration
installation files. This method date on the media.
requires no The operating
connection to the system image can
Configuration span media,
Manager site. depending on the
You can size of the files.
password-protect
media for security
enhancement.
Prestaged media • Bare-metal All the installation You copy all The media must
installation files and drivers bootable media contain all the
must be available and image files to necessary
• Operating
to build the a computer’s hard installation files
system
image. disk drive. and required
refresh
This method helps device drivers.
to increase the No way exists to
speed of a set an expiration
deployment in date on the media.
remote offices.
Windows To Go is a feature in Windows 10 Enterprise that allows you to boot and run Windows 10
directly from an external USB drive independently of the operating system currently installed on the
computer.
Before you use the Windows To Go feature, you must create a bootable USB drive with the Windows To
Go workspace. You can manually create the Windows to Go drive from a computer running Windows 10
Enterprise, or you can use Configuration Manager to provision Windows To Go.
Note: Even though the provision of Windows To Go is much like other operating system
deployments, you must do some things a bit differently when provisioning Windows To Go.
MCT USE ONLY. STUDENT USE PROHIBITED
9-8 Managing operating system deployment
o Distribute the boot image and the Windows 10 operating system image to a distribution point.
3. Create a Windows To Go Creator package in Configuration Manager, and then distribute it to your
distribution points.
o Note that when you use BitLocker with Windows To Go, you must configure a passphrase.
5. Deploy the Windows 10 deployment task sequence and the Windows To Go Creator package as
available.
o Runs the Windows To Go Creator package from either the Configuration Manager Software
Catalog or the Configuration Manager Software Center.
o Inserts the USB drive to be provisioned and selects it, and then the Windows To Go Creator
package configures and prestages content to the USB drive.
o The computer boots into Windows PE and connects to the Configuration Manager infrastructure
to get information about how to complete the operating system deployment.
o After Configuration Manager stages the drive, the end user can restart the computer and
optionally install applications and join the computer to the domain.
Additional Reading: For more information about Windows To Go, refer to Windows To
Go: Feature Overview: http://aka.ms/Qtkylp.
For more information about how to deploy Windows To Go by using Configuration Manager,
refer to Deploy Windows to Go with System Center Configuration Manager:
http://aka.ms/Ti75o6.
For more information, refer to Methods to deploy enterprise operating systems using System
Center Configuration Manager: http://aka.ms/Xp2gon.
Question: What is the difference between a bootable media deployment and a standalone
media deployment?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-9
• Primary site server. You use the primary site server to import the operating system image and
distribute it to the distribution points.
The Configuration Manager system roles that deployment scenarios use can differ, depending on the
specific deployment scenario that you use.
Deployment
Description Server role Server role description
scenario
Bare-metal A basic operating system Primary site server You must import the
installation deployment. Before computer information
deploying an operating into the primary site.
system to a bare-metal Additionally, you must
computer, you need to create a deployment for
import the computer the operating system
information or enable image to a collection
unknown computer that contains the
support. The information imported computer or
you import to uniquely the All Unknown
identify the bare-metal Computers collection.
computer is either the
system GUID or the Distribution point You can configure the
network card’s media distribution point to
access control (MAC) support PXE boot for the
address. clients. You can use
bootable media in place
of PXE boot for the bare-
metal installation
scenario.
MCT USE ONLY. STUDENT USE PROHIBITED
9-10 Managing operating system deployment
Deployment
Description Server role Server role description
scenario
• Autocast mode. When you use the autocast mode, the multicast session starts as soon as the first
client system requests the image. When you start additional client systems and request the same
image, they join the current multicast session in progress and download the remainder of the stream.
When the stream ends, it starts again. The systems that join late download the parts that they missed.
Using autocast mode is not as efficient as using scheduled multicast mode. However, it is more
efficient than delivering an image to one system at a time. When you enable multicasting, autocast is
the default mode.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-11
• Scheduled multicast mode. When you use scheduled multicast mode, you have more control of the
multicast session. You can configure the maximum time delay or a minimum number of clients that
must join the session before the multicast starts. The multicast session starts whenever either of the
two requirements is met. This helps to provide an administrator with enough time to start and
prepare all systems. After the systems are ready, they simultaneously load the image, which helps to
provide for the best usage of network resources. You can enable scheduled multicast by selecting the
Enable scheduled multicast check box on the Multicast tab in the Distribution Point Properties
dialog box.
Additional Reading: For more information, refer to Manage enterprise operating system
with System Center Configuration Manager: http://aka.ms/Xz0qx9.
Question: When creating a Servicing Plan for Windows 10, which kinds of software updates
are included in the software update group created by the Servicing Plan rule?
Lesson 2
Preparing a site for operating system deployment
An operating system deployment can be as simple as using standalone media to deploy a system.
Conversely, it can be a complex operation in which bare-metal computers use the PXE boot method on a
subnet firewall that exists between the clients and the Configuration Manager site. Before you use a
deployment method, you must prepare the Configuration Manager site for the scenarios that you intend
to use. Several prerequisites and optional components for configuring operating system deployment exist.
In this lesson, you will learn how to configure a site for operating system deployment.
Lesson Objectives
After completing this lesson, you will be able to:
Prerequisite Description
Windows ADK for Before you install Configuration Manager, you must download the Windows
Windows 10 ADK for Windows 10 and then install it on the primary site server. Configuration
Manager takes advantage of several components of the Windows ADK for
Windows 10, including:
• Boot images. Configuration Manager copies the Windows PE boot images
that the deployment uses from the Windows ADK to Configuration Manager.
• USMT 10. USMT contains tools that copy user data from a source computer
to a destination computer when the deployment requires user state
migration.
Distribution point The distribution point stores the images that you can deploy to destination
computers. The distribution point also stores any other content that the task
sequence references, such as applications, software updates, packages, and
programs.
DHCP server DHCP provides an IP address to client computers. In scenarios that use PXE boot,
the DHCP server directs client computers to the PXE server.
Windows DS • Windows DS is a Windows Server role that provides PXE services and
multicast support. Enabling PXE support on a distribution point automatically
installs Windows DS for computers that are running Windows Server 2008 or
later.
• The destination computer must be able to communicate to the PXE server
over User Datagram Protocol ports 69 (for Trivial File Transfer Protocol) and
4011 (for PXE).
State migration A state migration point is a Configuration Manager role that USMT uses to store
point user state data in a security-enhanced manner during operating system
upgrades and side-by-side migration scenarios.
Additional Reading: For more information, refer to Prepare site system roles for operating
system deployments with System Center Configuration Manager: http://aka.ms/Uojhnf.
Demonstration Steps
1. Open the Configuration Manager console, click the Administration workspace, and then navigate to
the Servers and Site System Roles node.
o Require a password when computers use PXE: use Pa$$w0rd as the password
Question: What is the difference between autocast mode and scheduled multicast mode?
The Network Access account should have at least the minimum number of appropriate permissions on the
distribution points to access content for software deployment or operating system deployment. The
account must have the appropriate Access this computer from the network permission on the distribution
point or on any other server that holds the package content. You can create multiple Network Access
accounts per site in case you need to access resources on the distribution point in different domains.
To configure the Network Access account for a site, complete the following steps:
1. In the Administration workspace, under Site Configuration, in the Sites node, select the site that
you want to configure.
2. On the ribbon, in the Settings group, click Configure Site Components, and then click Software
Distribution.
3. On the Network Access Account tab, select Specify the account that accesses network locations,
and then add the account that you want to use to download the operating system deployment files
to a destination computer.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-15
Note: The password of the Network Access account is not validated against Active
Directory Domain Services, so you must be certain that you use the correct password. You can
use the Verify feature to verify that the account is able to connect to the distribution point.
Drivers
When you build a task sequence, two task sequence steps are available for applying drivers:
• Auto Apply Drivers. When you build a task sequence in the Create Task Sequence Wizard, an Auto
Apply Drivers task sequence step named Apply Device Drivers is included, except when you create a
custom task sequence. By default, this task sequence step uses Plug and Play, and it installs only the
best-matched drivers. However, you can modify it to install all compatible drivers. Additionally, by
default, this task sequence step installs drivers from all categories. However, you can modify it to
install drivers from only specified categories. The Auto Apply Drivers task sequence step installs
drivers only for devices that attach to the client during the deployment process.
• Apply Driver Package. You can add this task sequence step when you modify an existing task
sequence or create a custom task sequence. This task sequence step installs all the drivers in the
package that you specify.
The Software Library workspace of the Configuration Manager console contains two nodes, named
Drivers and Driver Packages, that you can use to manage drivers.
Drivers node
You can import Windows device drivers into the Configuration Manager site so that they are available for
operating system deployments. You can categorize imported drivers to make them easier to sort and find
in the Configuration Manager console. When you import drivers, you can add them to packages during or
after the import process. Additionally, you can add drivers to boot images during the installation process
or later. Because boot images only start the computer and download task sequence content from a
distribution point, you should add only necessary network and/or storage drivers to a boot image. Device
drivers are enabled by default, and you can disable them during or after the import process. The share
that you specify during the import process stores the device drivers, and you can view them in the Drivers
node. By storing drivers in this way and not with each individual operating system image, you reduce the
number of required operating system images. When you deploy an operating system image, each
operating system image can install enabled device drivers that have been imported and are available on a
distribution point.
You must copy the driver package to at least one distribution point for computers to access it, and you
must copy all the device drivers in a specific package together. If you want to copy a subset of device
drivers from an existing driver package to a distribution point, you must create a new driver package that
contains the subset of drivers.
MCT USE ONLY. STUDENT USE PROHIBITED
9-16 Managing operating system deployment
Demonstration Steps
1. Under Site Configuration, click the Sites node. On the ribbon, click Settings, click Configure Site
Components, and then click Software Distribution.
2. In the Software Distribution Components Properties dialog box, on the Network Access Account
tab, provide the following information as the credentials for the Network Access account:
o Password: Pa$$w0rd
3. Verify that the account can access the \\LON-CFG\SMS_S01 share, and then close the Software
Distribution Components Properties dialog box.
Question: What permissions does the Network Access account require for use with the
operating system deployment process?
Demonstration Steps
1. In the Software Library workspace, in the Operating Systems folder, select the Drivers node, and
then on the ribbon, click Import Driver.
2. Use the Import New Driver Wizard to import the drivers into the \\LON-CFG\Software\Drivers
\HypervX64 folder.
3. Remove the check mark next to Hide drivers that are not digitally signed.
4. Create two categories for the drivers: 64-bit Drivers and Hyper-V Drivers.
5. Create a new package named Hyper-V Drivers, and then store it in \\LON-CFG\E$\Source\Drivers.
6. In the Driver Packages node, right-click the Hyper-V Drivers package, and then click Distribute
Content.
8. Right-click the Hyper-V Drivers package, and then click Refresh. Repeat this step until the status
shows Success. This should take about one minute.
Question: Why do you want to add only the necessary drivers to a boot image?
Question: When importing drivers into Configuration Manager, should you use one package
for all the drivers or divide them into multiple packages?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-17
• Windows 10
• Windows 8.1
• Windows 8
• Windows 7
Like it does for operating system images, Configuration Manager distributes boot images to distribution
points. From a distribution point, clients can copy boot images from the local hard drive for client-
targeted task sequences, copy them to .iso images or USB flash drives for boot-media initiated task
sequences, or distribute them over the network for PXE-initiated task sequences.
Boot images must contain both the appropriate network adapter drivers and mass storage drivers to run
task sequences successfully on the destination computer. Because Windows PE 10 comes with many
drivers, you probably do not need to add any drivers. If you need to add drivers, you must use either the
32-bit or the 64-bit version of the Windows 10 driver you want to add, because Windows PE 10 is based
on Windows 10. Many hardware vendors provide Windows PE driver packages that you can download
from their respective websites.
The boot images might also require input device drivers to provide full keyboard support in Microsoft
Hyper-V in Windows Server 2012 or to support the use of a wireless keyboard and mouse.
Configuration Manager allows you to customize a boot image directly in the Properties dialog box for
the boot image. You can add drivers to a boot image on the Drivers tab, and you can further customize
the image on the Customization and Optional Components tabs.
MCT USE ONLY. STUDENT USE PROHIBITED
9-18 Managing operating system deployment
• Enable prestart command. Selecting the Enable prestart command check box allows you to
specify a command that will run before the client contacts a management point. If this command
requires access to files that are not part of the boot image, you can add the files to the boot image.
For example, you can run a script that runs a Windows Management Instrumentation query for the
Chassis Type value. Based on the value, the script can then set the SMSTSPreferredAdvertID task
sequence variable to an appropriate value to deploy an image for a desktop computer or portable
computer.
• Windows PE Background. The Windows PE Background area allows you to specify a custom
background for your deployment.
• Windows PE Scratch Space (MB). Configuration Manager uses Windows PE 10, which can
dynamically set its scratch space. Therefore, you do not have to specify a scratch-space size setting.
Regardless of what you select, if at least 1 gigabyte of memory exists on the deployed computer,
Windows PE 10 assigns 512 megabytes (MB) of scratch space.
• Enable command support (testing only). Selecting this check box allows you to press F8 while the
deployment is running to display a Command Prompt window on the deployed client computer. For
example, you can use this Command Prompt window to open the log files that the deployment
process creates. However, before selecting this check box, consider the security implications of
allowing full access to the installation files.
Note: If the Command Prompt window is open, no automatic restarts will occur. You must
manually close the Command Prompt window for automatic restarts to occur.
You must enable PXE for at least one boot image from each architecture on your PXE-enabled
distribution points. When a client boots by using PXE, the Windows DS server delivers a network boot
program (NBP) to the client that depends on the architecture of the client. The NBP is included in the
boot image.
Question: In your work environment, is there a need to customize any of the boot images?
Demonstration Steps
1. In the Boot Images node, right-click Boot Image (x64), and then click Properties.
2. On the Customization tab, select the Enable command support (testing only) check box.
3. On the Data Source tab, verify that the Deploy this boot image from the PXE-enabled
distribution point check box is selected.
4. Click the Optional Components tab, and then in the Components section, click new (sun icon).
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-19
5. In the Select optional components window, select Windows PowerShell (WinPE-PowerShell), and
click OK twice.
7. In the Configuration Manager dialog box, click Yes, and then complete the wizard with the default
settings.
10. On the Customization tab, select the Enable command support (testing only) check box.
11. On the Data Source tab, verify that the Deploy this boot image from the PXE-enabled
distribution point check box is selected.
12. Click the Optional Components tab, and then in the Components section, click new (sun icon).
13. In the Select optional components window, select Windows PowerShell (WinPE-PowerShell), and
click OK twice.
14. In the Boot Image (x86) Properties dialog box, click OK.
15. In the Configuration Manager dialog box, click Yes, and then complete the wizard with the default
settings.
16. Click Boot Image (x64), Ctrl+click Boot Image (x86), right-click Boot Image (x64), and then click
Distribute Content.
17. Use the Distribute Content Wizard to add the packages to LON-CFG.ADATUM.COM.
18. Right-click one of the packages, and then click Refresh. Repeat this step for the other package to
check its status. Repeat periodically until both show a status of Success. This should take about one
minute.
Question: Why did you include only the network driver when modifying the package?
An operating system upgrade package generally does not include any additional applications or service
packs.
Typically, you use the operating system upgrade package for a build and capture task sequence. You use
a Build and Capture task sequence to install an operating system on a reference computer and then
capture an image of its hard drive.
Note: You can use either operating system upgrade packages or operating system images
for deployment task sequences. However, when you create a task sequence to install an
operating system by using the Create Task Sequence Wizard, you can select only an image. If you
later edit the task sequence, you can change the Apply Operating System Image task sequence
step to use an installer.
Typically, you use the operating system image file to deploy to destination computers.
USMT package
A USMT 10 package is created by default, but you have to distribute it to the distribution point.
Additional Reading: For more information, about how to Plan for operating system
deployment in System Center Configuration Manager, refer to: http://aka.ms/R8e4ej.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-21
Demonstration Steps
Verify that the USMT and Configuration Manager client packages are ready for use
1. In the Software Library workspace, navigate to Application Management, Packages, and then
verify that the following two packages exist:
2. View the Content Locations properties of the Configuration Manager Client Package, and then
notice that the package is distributed to LON-CFG.Adatum.com.
3. Check the Content Locations properties of the User State Migration Tool for Windows 10
package, and then notice that the package is not distributed.
4. Right-click the User State Migration Tool for Windows 10 package, click Distribute Content, and
then distribute the package to the LON-CFG.ADATUM.COM distribution point.
Question: What kinds of drivers must you add to your boot images, and which operating
system should they be for?
Question: How do you enable the Windows PE peer cache in a task sequence?
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Objectives
After completing this lab, the students will be able to:
• Manage the site system roles used to support operating system deployment.
Lab Setup
Estimated Time: 30 minutes
Virtual machines: 20695C-LON-DC1 and 20695C-LON-CFG
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, complete
the following steps:
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
2. Select \\LON-CFG.adatum.com, right-click the Distribution point role, and then click Properties.
3. In the Distribution point Properties dialog box, click the PXE tab, and then select the Enable PXE
support for clients check box. When prompted, click Yes.
4. Select the Allow this distribution point to respond to incoming PXE requests and Enable
unknown computer support check boxes. When prompted, click Yes.
5. In the Password and Confirm password boxes, under Require a password when computers use
PXE, type Pa$$w0rd.
6. Next to the User device affinity box, select Allow user device affinity with manual approval.
9. Right-click \\LON-CFG.Adatum.com, and then select Refresh. Repeat periodically until the PXE
column displays Yes.
2. Start the Add Site System Roles Wizard for \\LON-CFG.Adatum.com, and then add the state
migration point role.
3. Configure the state migration point to use the E:\UserState folder to store migration data.
2. In the Software Distribution Component Properties dialog box, click the Network Access
Account tab. Specify the details of the Network Access account as Adatum\NetworkAccess with the
password Pa$$w0rd.
3. Verify that the account can access \\LON-CFG\SMS_S01, and then close the Software Distribution
Components Properties dialog box.
Results: After this exercise, you should have enabled PXE on the distribution point and configured the
Network Access account to support Configuration Manager operating system deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
9-24 Managing operating system deployment
3. Use the Import New Driver Wizard to import the drivers in the \\LON-CFG\Software\Drivers
\HyperVx64 folder.
4. Remove the check mark next to Hide drivers that are not digitally signed.
5. Create two categories for the drivers: 64-bit Drivers and Hyper-V Drivers.
6. Create a new package named Hyper-V Drivers, and then store it in \\LON-CFG\E$\Source\Drivers.
2. Use the Distribute Content Wizard, and then add the package to LON-CFG.ADATUM.COM.
3. Right-click the Hyper-V Drivers package, and then click Refresh. Repeat this step periodically until
Content Status shows Success. This should take about one minute.
2. On the Customization tab, select the Enable command support (testing only) check box.
3. On the Optional Components tab, click new (sun icon), select Windows PowerShell
(WinPE-PowerShell) , and when prompted, click OK.
5. In the Configuration Manager dialog box, click Yes, and then complete the wizard with the default
settings.
6. In the Boot Images node, right-click Boot image (x64), and then click Properties.
7. On the Customization tab, select the Enable command support (testing only) check box.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-25
8. On the Optional Components tab, click new (sun icon), select Windows PowerShell (WinPE-
PowerShell), and when prompted, click OK.
9. On the Drivers tab, click new (sun icon).
10. In the Select a driver dialog box, remove all selections, select Microsoft Hyper-V Network
Adapter, and then click OK.
11. In the Boot Image (x64) Properties dialog box, click OK, and then update the distribution points as
prompted.
2. Use the Distribute Content Wizard, and then add the packages to the LON-CFG.ADATUM.COM
distribution point.
3. Right-click one of the packages, and then click Refresh. Repeat this step for the other package to
check its status.
Note: Repeat this step periodically until both packages show a status of Success. This
might take several minutes.
3. Use the Distribute Content Wizard, and then add the packages to LON-CFG.Adatum.com.
4. Right-click the User State Migration Tool for Windows 10 package, and then click Refresh.
Note: Repeat this step until the package shows a status of Success. This should take about
one minute.
Results: After this exercise, you should have configured the boot images and created the driver package
that is required for operating system deployment.
Question: In your work environment, would you enable unknown computer support for PXE
boot?
Question: Apart from the packages deployed in the lab, what packages would you include
as part of the operating system deployment process?
MCT USE ONLY. STUDENT USE PROHIBITED
9-26 Managing operating system deployment
Lesson 3
Deploying an operating system
After you create and capture an operating system image, you have to import it into Configuration
Manager and then deploy the image to destination computers. Several methods exist for deploying an
operating system image. For all the methods, you use a task sequence to perform the deployment.
Additionally, you can apply software updates to the operating system images you use for deployment so
that the deployments include up-to-date images. In this lesson, you will learn techniques for deploying a
captured operating system image.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the process for creating and deploying a task sequence to install an existing image.
• Describe how to maintain software updates for operating system deployment images.
• Describe the log files and reports that are used to troubleshoot operating system deployment.
3. Creating a task sequence to install an operating system. You need to choose the method that you use
to deploy an image and then create a task sequence that supports that choice.
4. Deploying the task sequence. You need to deploy the task sequence to appropriate destination
computers.
Additional Reading: For more information, about How to Deploy Operating Systems in
Configuration Manager, refer to: http://aka.ms/F6tt75.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-27
The file must include the computer name, the system management BIOS (SMBIOS) GUID (32 hexadecimal
characters), and the MAC address (12 hexadecimal characters), with each pair of values separated by a
comma.
LON-CL6,11111111-1111-1111-1111-111111111116,25:12:15:A0:B9:A1
LON-CL7,11111111-1111-1111-1111-111111111117,25:12:15:A0:B9:A2
LON-CL8,11111111-1111-1111-1111-111111111118,25:12:15:A0:B9:A3
LON-CL9,11111111-1111-1111-1111-111111111119,25:12:15:A0:B9:A4
LON-CL10,11111111-1111-1111-1111-111111111110,25:12:15:A0:B9:A5
The following table describes the pages and settings in the Import Computer Information Wizard.
Page Description
Select Source On this page, you can select Import computers using a file to
specify a file that contains the computer information to import. You
can select Import a single computer to specify information related
to that one computer.
Single Computer On this page, you can specify the computer name, MAC address,
and SMBIOS GUID. Optionally, you can create a computer
association by typing the name of a reference computer from which
the user state and settings will be migrated to the new computer.
Data Preview On this page, you can review the computer information.
Choose Target Collection On this page, you can add new computers to an existing
Configuration Manager collection. You can choose either Add new
computers only to the All Systems collection or Add computers
to the following collection. If you choose Add computers to the
following collection, the computer is added to the collection that
you choose and to the All Systems collection.
MCT USE ONLY. STUDENT USE PROHIBITED
9-28 Managing operating system deployment
Page Description
• Enable unknown computer support for your PXE-enabled distribution point or media.
Two unknown computer objects, one for 32-bit (x86) computers and the other for 64-bit (x64) computers,
are located in the All Unknown Computers collection. These objects are not real computers but serve as
placeholders that Configuration Manager uses as targets for the deployment.
To enable unknown computer support, perform the following steps in the Configuration Manager
console:
1. Select the Administration workspace, and then expand Site Configuration. Click the Servers and
Site System Roles node.
2. In the details pane, select the PXE-enabled distribution point, and then in the preview, right-click
Distribution point. Select Properties.
3. In the Distribution Point Properties dialog box, click the PXE tab, and then select Enable unknown
computer support. In the Configuration Manager dialog box, click OK.
To enable unknown computer support for bootable or prestaged media, perform the following steps in
the Configuration Manager console:
1. Select the Software Library workspace, and then expand Operating Systems.
2. Right-click the Task Sequence node, and then select Create Task Sequence Media.
3. In the Create Task Sequence Media Wizard, select either Bootable Media or Prestaged Media.
4. On the Security page, ensure that Enable unknown computer support is selected. Generally, it is
selected by default. Proceed through the rest of the wizard by making the appropriate choices.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-29
General • Contains the general information you provided in the Name, Version, and
Comment settings.
Images • Allows you to view the properties of the images in a .wim file.
• Allows you to reload an image that has been edited.
Data Source • Displays the location of an image source and allows you to modify that
location.
• Allows you to set a schedule for updating distribution points.
• Allows you to specify if content should persist in the client cache (not be
automatically deleted as needed).
• Allows you to specify the use of differential replication.
Distribution • Allows you to specify a distribution priority for site-to-site and site server–to–
Settings distribution point data copying.
• Allows you to specify if this package is available from protected distribution
points.
• Allows you to specify the behavior of the Package Transfer Manager when
the package is assigned to a distribution point that is enabled for prestaged
content.
• Allows you to specify if an operating system can be transferred via
multicasting.
Installed Updates • Lists all the software updates applied to the image.
Content Location • Shows the distribution points this package has been assigned to.
MCT USE ONLY. STUDENT USE PROHIBITED
9-30 Managing operating system deployment
After an image imports into Configuration Manager, you must distribute the image to one or more
distribution points before you can use it.
Additional Reading: For more information, about how to Customize operating system
images with System Center Configuration Manager, refer to: http://aka.ms/Dknlyp.
For more information, about an Introduction to operating system deployment in System Center
Configuration Manager, refer to: http://aka.ms/Bfdbr0.
Demonstration Steps
1. On LON-CFG, in the Configuration Manager console, click the Software Library workspace, expand
Operating Systems, and then click Operating System Images.
2. On the ribbon, in the Create group, click Add Operating System Image.
3. In the Add Operating System Image Wizard, on the Data Source page, in the Path box, type the path
to your .wim file, and then click Next.
4. On the General page, in the Name box, type the name of the image, and then click Next.
5. On the Summary page, click Next, and then on the Completion page, click Close.
6. Right-click the image you want to distribute, and then select Distribute Content.
8. On the Content Destination page, click Add, and then select Distribution Point.
9. In the Add Distribution Points dialog box, select your distribution points, and then click OK.
11. On the Summary page, click Next, and then on the Completion page, click Close.
12. Right-click the image, and then click Refresh. Repeat periodically until the status shows Success.
Question: If you plan to use operating system deployment to deploy Windows 10 to two
brands of laptops and three models of desktop computers, how many operating system
images will you have to import?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-31
The following table lists the terms that describe task sequences and their components.
Term Definition
Action The command part of a single step within a task sequence. Two types of task
sequence actions exist: custom actions and built-in actions.
Custom action A command-line string, which the administrator supplies, that runs a command
on a destination computer.
Built-in action A Configuration Manager action that performs a specific action on a destination
computer. Examples of built-in actions include joining a workgroup or domain,
and formatting and partitioning a disk.
Condition A parameter within a task sequence step or task sequence group that
determines whether the target should process the action.
Task sequence The basic component of a task sequence or task sequence group. Each step can
step contain an action and an optional check for the conditions assigned to a task
sequence.
Task sequence A logical arrangement of multiple steps within a task sequence. A task sequence
group group consists of a name and an optional check for the conditions assigned to a
task sequence.
You are not required to group the task sequence steps. However, using groups
improves the readability of the task sequence and provides better conditional
processing.
Note that each task sequence group can contain additional, nested task
sequence groups.
MCT USE ONLY. STUDENT USE PROHIBITED
9-32 Managing operating system deployment
Task sequence variables provide a mechanism to configure and customize individual task sequence steps
within a task sequence. You can configure task sequence variables on a collection or as part of a prestart
command on a boot image.
• On a computer
• On a collection
1. The Set Task Sequence Variable step in a task sequence wins over all other variables.
2. A variable defined on the computer object wins over a variable defined on the collection.
3. A task sequence that runs from media uses the variables set on the Customization page of the Task
Sequence Media Wizard and ignores the variables set on either the computer or collection.
You can use task sequence variables in the task sequence environment to perform the following actions:
For example, a task sequence might include a Join Domain or Workgroup task sequence step. You might
deploy the task sequence to different collections, where the collection membership determines the
domain membership. In this case, you can specify a per-collection task sequence variable for each
collection’s domain name and then use that task sequence variable to supply the appropriate domain
name in the task sequence.
Question: In your environment, how can you use task sequence variables?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-33
To create an operating system deployment task sequence, complete the following steps:
1. In the Configuration Manager console, in the Software Library workspace, in the Operating
Systems folder, click the Task Sequences node.
2. To start the Create Task Sequence Wizard, right-click the Task Sequences node, point to New, and
then click Create Task Sequence.
3. On the Create a New Task Sequence page, select Install an existing image package, and then
click Next.
The wizard then takes you through a series of pages that require you to provide information related to
creating an operating system deployment task sequence. The following table discusses these pages and
the information that you must provide on each page.
Install Windows • The operating system image package to deploy a new operating system
to a destination computer.
• The edition within the operating system image package.
• The licensing information.
• The Enable the account and specify the local administrator password
setting, which must be selected to enable the local administrator account.
• The Password and Confirm password boxes, which are optional.
Note: If you use the same password for all the local administrator accounts,
and if that password becomes compromised, all your systems will be
vulnerable to security threats.
MCT USE ONLY. STUDENT USE PROHIBITED
9-34 Managing operating system deployment
Configure Network • A Windows domain that you join and the domain and organizational unit
(OU) to join.
• An account with join domain permissions. You should never use a domain
administrator account, because the user name and password are
temporarily stored on the target system without encryption.
State Migration • Whether to capture the user state and, if so, whether to configure the
package for USMT.
• Whether to capture Windows and network settings.
Install Applications • Existing applications that you can select to be installed as part of the
operating system deployment.
After you complete the Create Task Sequence Wizard, you can choose to deploy or edit the new task
sequence.
The wizard takes you through a series of pages that require you to provide information related to
deploying an operating system deployment task sequence. The following table lists these pages and the
information you must provide on each page.
Scheduling • The date you want this deployment to be available, with enough time for
the content to replicate
• The date you want this deployment to expire
• Any mandatory assignment times if the deployment is required
Distribution Points • How clients will interact with the distribution points to retrieve content
for this deployment
Additional Reading: For more information about task sequence steps, including those for
enabling BitLocker, configuring UEFI settings, and partitioning disks, refer to Task Sequence Steps
in Configuration Manager: http://aka.ms/fjamr0.
Furthermore, the packages and applications that you want to install must be created in Configuration
Manager and distributed to your distribution points.
You can use either the Install Package task sequence step or the Install Application task sequence step to
install software as part of the task sequence. When either of these steps run, the installation starts
immediately without waiting for a policy polling interval.
MCT USE ONLY. STUDENT USE PROHIBITED
9-36 Managing operating system deployment
Because the Configuration Manager client handles the actual installation, like it does for any other
software deployment, you must place your Install Package or Install Application steps after the Setup
Windows and Configuration Manager step, which is responsible for installing and registering the
Configuration Manager client.
1. In the Configuration Manager console, select the Software Library workspace, expand Operating
Systems, and then click the Task Sequence node.
2. In the details pane, right-click the task sequence you want to add the Install Application step to, and
then select Edit.
3. In the Task Sequence Editor, click the Setup Windows and Configuration Manager step.
4. Click Add, select Software, and then click Install Application.
5. On the Properties tab of the Install Application step, in the Name box, type the name of the
application—for example, Microsoft XML Notepad 2007.
6. Verify that the Install the following application option is selected, and then click new (sun icon).
7. In the Select the application to install window, select the application, and then click OK.
1. In the Configuration Manager console, select the Software Library workspace, expand Operating
Systems, and then click the Task Sequence node.
2. In the, pane, right-click the task sequence you want to add the Install Package step to, and then
select Edit.
3. In the Task Sequence Editor, click the Setup Windows and Configuration Manager step.
5. On the Properties tab of the Install Package step, in the Name box, type the name of the
application—for example, Microsoft XML Notepad 2007.
6. Verify that the Install a single software package option is selected, and then click Browse.
7. In the Select the software package to install window, select the package, and then click OK. In the
Program box, select the program you want to run.
Instead of adding several Install Application or Install Package steps, you can install them by using a
dynamic variable list:
1. In the Configuration Manager console, select the Assets and Compliance workspace, click Device
Collections, and then right-click the collection that you have deployed the task sequence to.
2. In the Properties window of the collection, click the Collection Variables tab, and then click new
(sun icon).
3. In the <New> Variable window, in the Name box, type AdatumApps001, and then in the Value box,
type Microsoft Office 2016.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-37
4. Repeat step 3 to add another application by specifying another variable that uses AdatumApps002
as the Name and Microsoft Skype for Business as the Value.
Note: The name of the variable can be any combination of letters appended with a three-
digit number, beginning with 001 for the first entry. The value of the variable must be the name
of the application as it appears in the Configuration Manager console when using applications.
When using packages, it must be PackageID:Program.
5. To use the variable list to install either applications or packages, edit your task sequence, and then
select your Install Application or Install Package step.
6. On the Properties page of the Install Application or Install Package step, select Install applications
according to dynamic variable list or Install software packages according to dynamic variable
list, respectively, and then in the Base variable name box, type the first part of the variable name—
for example, AdatumApps.
You can also choose to install software updates as part of your operating system deployment. The
following requirements must be met:
• All the software updates you want to install must be downloaded and distributed to your distribution
points.
• The software updates must be deployed and targeted to the same collection that you used as the
target for your task sequence.
• The Software Updates Agent must be enabled.
You use the Install Software Updates task sequence step to install software updates as part of the task
sequence. The Create Task Sequence Wizard adds the Install Software Updates step if you choose to install
either mandatory software updates or all software updates.
If you manually add the Install Software Updates step, you must place it after the Setup Windows and
Configuration Manager step, which is responsible for installing and registering the Configuration Manager
client. The reason is that the Configuration Manager client handles the actual installation, like any other
software update deployment.
1. In the Configuration Manager console, select the Software Library workspace, expand Operating
Systems, and then click the Task Sequence node.
2. In the details pane, right-click the task sequence you want to add the Install Software Updates step to,
and then select Edit.
3. In the Task Sequence Editor, click the Setup Windows and Configuration Manager step.
4. Click Add, select Software and then click Install Software Updates.
5. On the Properties tab of the Install Software Updates step, select either Mandatory Software
Updates or All Software Updates.
• PXE boot
• Boot media
• Standalone media
• Prestaged media
PXE boot
You typically use this initiation method with new hardware—for either a bare-metal installation or the
deployment phase of a side-by-side migration.
In addition, you can use PXE to initiate operating system deployments to computers that are both known
and unknown to Configuration Manager.
When a destination computer that is configured for PXE boot starts, the client uses PXE to find a bootable
image to download and start. The PXE-enabled distribution point responds to PXE requests from
computers on the network. The client then downloads the boot image and starts Windows PE and the
Task Sequence Wizard.
Boot media
You typically use this initiation method with a bare-metal installation or an operating system refresh. You
often use boot media if your hardware does not support PXE boot, if manual initiation of the deployment
process is preferable, or if you do not want to add PXE support to the network infrastructure.
You can use Configuration Manager to deploy an operating system image to a new, bare-metal computer
or to a computer that is new to your Configuration Manager site by performing the following procedure:
2. Create bootable media that will initiate operating system deployment by performing the following
procedure:
a. Right-click the Task Sequences node, and then click Create Task Sequence Media to start the
Task Sequence Media Wizard.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-39
d. Specify the security settings, such as Enable unknown computer support, password protect the
media, and then select the certificate option you want to use.
e. Choose a boot image and distribution point from which to download the selected boot image.
3. Prepare the boot media from the created files, and then start the system from the media. After the
system starts Windows PE, the deployment begins.
Stand-alone media
You typically use this initiation method with a bare-metal installation or an operating system refresh in
locations with bandwidth concerns. You can also use this method when a network access policy prohibits
physically connecting a computer to the network before specified security updates have been applied to
that computer.
You can use Configuration Manager to deploy an operating system image to a new, bare-metal
computer, even if the computer cannot reach the Configuration Manager site, by using standalone media.
To do so, perform the following procedure:
a. Right-click the Task Sequences node, and then click Create Task Sequence Media to launch
the Task Sequence Media Wizard.
c. Specify the media type as USB flash drive or CD/DVD set. A CD/DVD set requires a file name
and creates an ISO image file. Depending on the size of the image, it image might span multiple
pieces of media.
Note: If you choose to use a CD/DVD set, you must burn the ISO image file or files that the
wizard generates to a CD/DVD set.
Prestaged media
You typically use this initiation method with a bare-metal installation to prepare a hard drive for a
computer. Original equipment manufacturers (OEMs) typically use this initiation method to prepare
systems for delivery.
You can use Configuration Manager to deploy an operating system image that can be copied to a hard
drive for deployment by performing the following procedure:
a. Right-click Task Sequences, and then click Create Task Sequence Media to launch the Task
Sequence Media Wizard.
c. Specify the media properties, including the location to create the file and the name of the file.
d. Specify the security settings to password protect the media, enable unknown computer support,
use device affinity, and select the certificate options.
j. Specify any driver packages you want to add to the prestaged media.
k. Specify the distribution point from where to download content, which the deployment of the task
sequence requires, by using the prestaged media.
2. Create a custom task sequence to deploy the image, or send the .wim file to your OEM.
Question: In your work environment, which deployment scenario and method are you most
likely to use?
Note: You must install and configure a software update point before you can use offline
servicing for your operating system images.
Only software updates that support Component Based Servicing (CBS) can be used with offline servicing,
and that normally includes operating system updates. Software updates for Internet Explorer, .NET, and
Office do not support CBS. Thus, they cannot be used with offline servicing and must be applied when the
full operating system is running.
To configure software updates for an existing operating system image, complete the following steps:
1. In the Software Library workspace, expand Operating Systems, and then click Operating System
Images.
2. Right-click the operating system image you want to configure for offline servicing, and then click
Schedule Updates.
3. In the Schedule Updates Wizard, on the Choose Updates page, select the updates you want to apply
to the operating system image, and then click Next.
4. On the Set Schedule page, specify the schedule for the updates, and then click Next.
1. Copy the .wim file from its source location to a temporary folder.
4. Unmount the updated .wim file, and then copy it to the source location of the original .wim file.
Note: Configuration Manager maintains a copy of the original .wim file in case you need to
revert the changes. However, Configuration Manager keeps only one version of the .wim file prior
to a software update. This means that when you update the image again, the original version of
the .wim file is deleted.
MCT USE ONLY. STUDENT USE PROHIBITED
9-42 Managing operating system deployment
Log files
Operating system deployment uses the log files
described in the following table when recording
information related to its components.
Reports
You can use reports to monitor an operating system deployment. Configuration Manager provides four
categories of reports that provide information about task sequences. The categories of the reports and
some of the reports in each category are:
o All the system resources in a specific state for a specific task sequence deployment available to
unknown computers
Question: You have a task sequence that deploys Windows 10 Enterprise (x64), and you
want to deploy it to a newly purchased computer that is not known by Configuration
Manager. What should you do next?
Question: You have created a task sequence that will install Windows 10 Enterprise, and you
want to deploy it on a few computers while minimizing the impact on your network. Which
deployment method is best suited to accomplish this task?
MCT USE ONLY. STUDENT USE PROHIBITED
9-44 Managing operating system deployment
Objectives
After completing this lab, the students will be able to:
• Deploy an image.
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. If the virtual machines are not still
running from the previous lab, complete the following steps:
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
2. Right-click Operating System Images, and then select Add Operating System image.
3. On the Data Source page, in the Path box, type \\LON-CFG\e$\Sources\Install.wim, and then click
Next.
4. On the General page, in the Name box, type Windows 10 Enterprise (x64) Evaluation, and then
click Next.
5. On the Summary page, click Next, and then on the Completion page, click Close.
3. On the Content Destination page, add the image to the LON-CFG.ADATUM.COM distribution
point.
6. Repeat refreshing the Windows 10 Enterprise (x64) Evaluation image periodically until the status
shows Success. This should take around five minutes.
2. In the details pane for the 20695C-LON-REF1 virtual machine, click the Networking tab, and then
from the Adapter column, write down the media access control (MAC) address.
3. In the Configuration Manager console, click the Assets and Compliance workspace, right-click the
Devices node, and then select Import Computer Information.
4. On the Select Source page, select Import single computer, and then click Next.
5. On the Single Computer page, type the following information, and then click Next:
6. On the Data Preview page, verify the information, and then click Next.
7. On the Choose Target Collection page, select Add computers to the following collection, select
the Adatum production image collection, and then click OK.
8. On the Choose Target Collection page, click Next.
11. Click the Device Collections node, and then update the membership for the All Systems and
Adatum production image collections.
12. When the Member Count column changes to 1, double-click the Adatum production image
collection, and then see the computer you have added.
Results: After completing this exercise, you will have imported a pre-created image into Configuration
Manager and distributed that image to the distribution point. You will have created a computer object for
LON-IMG and placed it in the Adatum production image collection.
Install Windows • Use the Windows 10 Enterprise (x64) Evaluation en-US image
that you imported earlier.
• Remove the check mark next to Configure task sequence for
use with BitLocker.
• Local administrator account: Enable account and specify the
local administrator password
• Password: Pa$$w0rd
Results: After this exercise, you will have created and edited a task sequence to deploy an existing image.
o Purpose: Available
4. Complete the rest of Deploy Software Wizard with the default settings.
MCT USE ONLY. STUDENT USE PROHIBITED
9-48 Managing operating system deployment
2. In the Virtual Machine Connection window, select Action, and then click Start.
3. When LON-REF1 boots, click inside the Virtual Machine Connection window, and when prompted,
press F12.
Note: Wait for the boot image to be staged and for the computer to boot into
Windows PE.
4. In the Welcome to the Task Sequence Wizard, type Pa$$w0rd, and then click Next.
6. Monitor the deployment. The task sequence will take approximately 15 minutes to complete.
7. After the deployment is complete, sign in to LON-REF1 as Adatum\Administrator with the password
Pa$$w0rd, and then verify that the computer is named LON-REF1.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After this exercise, you will have deployed the task sequence and installed the operating system
image on LON-REF1.
Question: When would you include an application in the install an existing image task
sequence rather than in the build and capture task sequence?
Question: In your work environment, will you use USMT for state migration?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 9-49
• Implement access controls to protect bootable media. When you create bootable media, you should
always assign a password and control physical access to the media.
• Always install the most-recent security updates on a reference computer. Starting with an up-to-date
reference computer helps to decrease the window of vulnerability for newly deployed computers.
• If you are deploying operating systems to unknown computers, implement access controls to prevent
unauthorized computers from connecting to the network. Although deploying operating systems to
unknown computers can be a convenient way to deploy multiple computers on demand, it can also
allow a malicious hacker to add a trusted computer on your network. It also can deploy an operating
system image to computers that have not yet been discovered by Configuration Manager by mistake.
Review Questions
Question: How can operating system deployment assist in managing your organization’s
systems?
Question: What packages can you use for operating system deployment?
Question: Why would you use a task sequence outside of operating system deployment?
Question: Why should you import computer information into the Configuration Manager
database before deployment?
Question: You are creating a new image for a new corporate standard laptop. You discover
that the accelerometer driver is not automatically installed during operating system
deployment. What can you do to install the accelerometer driver without user intervention?
Tools
Tool Use for Where to find it
Module 10
Integrating MDT and Configuration Manager for
operating system deployment
Contents:
Module Overview 10-1
Module Overview
You can use both Microsoft Deployment Toolkit (MDT) 2013 Update 2 and Microsoft System Center
Configuration Manager (Configuration Manager) to deploy operating systems, manage deployment
resources, and deploy applications, updates, and service-deployment resources. Determining which of
these two solutions you should use depends on the scale of your organization’s management. Typically,
organizations that have fewer than 500 devices use MDT 2013 Update 2, while organizations that have
more than 500 devices use Configuration Manager. Although MDT 2013 Update 2 is used primarily for
deployment, Configuration Manager can be used to perform several tasks in addition to deployment.
MDT 2013 Update 2 is a free Solution Accelerator, while Configuration Manager requires a System Center
license. In this module, you will learn how to integrate these tools to complement each other’s features.
Objectives
After completing this module, you will be able to:
• Integrate MDT 2013 Update 2 and Center Configuration Manager to ensure an effective operating
system deployment.
Lesson 1
Integrating deployment tools with Configuration Manager
Integrating MDT 2013 Update 2 with Configuration Manager can enhance your organization’s
deployment solutions significantly. When you use both products together, the tools' features complement
each other. This enables you to manage an operating system deployment centrally. In this lesson, you will
examine the benefits of and process for integrating MDT 2013 Update 2 and Configuration Manager.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the additional tools that you can use for deployment.
Dynamic deployment
UDI is part of MDT. Integrating MDT 2013
Update 2 with Configuration Manager adds the
UDI feature to Configuration Manager. With UDI,
you can allow your users to interact with some of
the operating system deployment steps such as naming the machines, choosing an organizational unit
(OU), choosing apps, and other choices based on their needs. The administrator can control the level of
interaction available to users, which offers greater flexibility in an organization’s operating system
deployment solution.
MDT, unlike Configuration Manager, can use the local administrator account to complete a deployment,
whereas Configuration Manager deploys under the Local System account. Therefore, you have greater
flexibility when you use MDT to deploy operating systems, because you can adjust the configuration’s
look and feel, and then use the CopyProfile setting to customize settings in the Default User profile.
After integrating MDT 2013 Update 2 and Configuration Manager, you can provide additional instructions
from the MDT rules, without increasing the complexity of the task sequence. This means that you can
store Configuration Manager task sequence settings in the CustomSettings.ini file or the MDT database,
which ultimately reduces the number of separate steps in the task sequences. You also can use the
Suspend function in MDT to suspend a task sequence in the middle of a deployment capture. This allows
you to make configuration changes manually that you cannot otherwise automate. You should not rely on
this as a standard practice, unless you have no other choice. Pausing a task sequence to make manual
changes defeats the purpose of the automatic deployment feature in MDT.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-3
Real-time monitoring
Integrating MDT 2013 Update 2 also enables you to monitor deployments in real time. Microsoft
Diagnostics and Recovery Toolkit (DaRT), which is part of the Microsoft Desktop Optimization Pack
(MDOP), is used to connect remotely to a Windows Preinstallation Environment (Windows PE)
deployment preinstall task sequence step. You can view the real-time deployment from the MDT
Deployment Workbench, or you can use a variety of tools, such as Windows PowerShell, a web browser,
Event Viewer, Office Excel 2013, or any script or app that can read information from an open data feed.
• Install the MDT 2013 Update 2 and run the ConfigMgr Integration app.
Demonstration Steps
Install MDT 2013 Update 2 and run the ConfigMgr Integration app
1. From the E:\Software\MDT2013 folder, install the MicrosoftDeploymentToolkit2013_x64.msi file.
Select the default for all option pages of the installation wizard. Make sure that you close the
Configuration Manager console before you begin the installation.
2. On the Apps page, run the Configure ConfigMgr Integration app, and accept all the defaults in the
installation wizard. Ensure the following values are used:
2. In the Deployment Workbench console, create a new deployment share and then accept all of the
default options in the New Deployment Share Wizard.
3. After the information successfully appears, close the Configuration Manager console.
You can use the UDI Wizard Designer to modify the behavior of the UDI Wizard when using UDI. This is
discussed in detail in the topic Working with UDI deployment, later in this module.
DaRT
DaRT is part of the MDOP, and to obtain it, you require a license agreement with Microsoft. You can use
DaRT to connect remotely into the Windows PE preinstall task sequence during a deployment. You might
want to interact with the UDI custom user screens during this phase. The DaRT Remote Control
component enables you to do this without being physically present at the location to which you are
deploying.
Before starting a build of the boot image in the Configuration Manager console, you must add the DaRT
components by using the following procedure:
1. Install DaRT 10 on the computer that is running the integrated MDT and Configuration Manager
console. In most cases, this is the site server.
2. Copy the DaRT Tools cabinet files to the MDT distribution folder. There are two sets of cabinet files.
There is one each for 32-bit and 64-bit architectures, respectively. The default location for these files
when DaRT is installed is C:\Program Files\Microsoft DaRT\v10. There are specific locations to which
you should copy them so that the boot image can incorporate them. Copy the Toolsx86.cab file to
C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86, and copy the
Toolsx64.cab file to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64.
After you integrate MDT 2013 Update 2 with Configuration Manager successfully, you will find a new
Create Boot Image using MDT menu option on the Boot Images ribbon of the Software Library
workspace. This item is also available on the context menu that appears when you right-click the Boot
Images node in the Software Library workspace. You then create a boot image by using the MDT 2013
Update 2 Wizard.
On the Components page of the wizard, you will see a Microsoft Diagnostics Recovery and Toolkit
(DaRT) check box. Selecting this check box includes DaRT in the boot image, and it allows you to connect
remotely to a deployment at the Windows PE deployment phase. To do this, after a deployment begins,
go to the MDT Deployment Workbench, and then expand and select the Monitoring node.
Right-click the deployment name found in the details pane, and then click the DaRT Remote Control
menu item. This opens a connection window to the computer that is deploying, and allows you to observe
and enter data that displays on the custom configuration screens. However, note that the DaRT Remote
Control only works during the Windows PE phase. After this phase is complete, the deployment reboots
the computer, and the process moves to the post-install phase. Because this phase does not run in
Windows PE, but rather in the context of the installed operating system, the remote control is no longer
available, so you can close the Remote Control window.
Again, by integrating MDT, you can monitor a deployment in real time. Aside from accessing the DaRT
Remote Control tool mentioned above, the MDT Deployment Workbench monitoring capabilities show
the deployment’s status, the current step of the deployment, the overall completion percentage, and the
elapsed time.
Question: What are the benefits of integrating MDT 2013 Update 2 with Configuration
Manager?
Question: To create a database for MDT 2013 Update 2, is it required to use MDT 2013
Update 2 with Configuration Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
10-6 Integrating MDT and Configuration Manager for operating system deployment
Lesson 2
Integrating MDT with Configuration Manager
You must take several steps during deployment if you want to integrate MDT 2013 Update 2 and
Configuration Manager. In this lesson, you will examine how the integration of MDT and Configuration
Manager enables you to create and modify boot images, boot media, and MDT-related task sequences.
You will learn how to enhance operating system deployments by using UDI. You will also review the
CustomSettings.ini file, the UDI Designer, and the various ways that you can add the Configuration
Manager client to newly deployed systems.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the methods that are used to add a target computer to the site database.
• Explain how to create a UDI task sequence and customize the behavior of the UDI Wizard.
• Package Source. You can use the wizard’s first page to specify the package source directory that will
store the new boot image. Note that you must provide a Universal Naming Convention (UNC) share
name. However, you can browse directly to a lettered drive and folder, which will result in an error.
Therefore, you should not use a lettered drive; you should only use a UNC share. The deployment
finds the boot-image location through the network, and a drive letter is considered local rather than
from another computer. Additionally, there is a note stating that the Windows ADK must be installed
on the computer that is running this wizard, and that after you create the boot image, you will need
to distribute it manually to the distribution points before you can use it in a task sequence.
• General Settings. You can use this page to provide a name, version, and comment to the create boot
image. You must provide at least the name. However, it is a best practice to use the comments
section to spell out the purpose of the boot image and other pertinent facts that are related to it.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-7
• Options. You can use this page to specify the platform or architecture of the boot image as either 32
bit (x86) or 64 bit (x64). This page also has a section to set the boot image’s scratch-space size (in
megabytes). MDT 2013 Update 2 with Configuration Manager uses Windows PE version 10, which can
set its scratch space dynamically. Therefore, you do not have to specify a scratch-space size setting.
Regardless of what you select, if there is at least 1 gigabyte (GB) of memory on the deployed
computer, Windows PE 10 will assign 512 megabytes (MB) of scratch space.
• Components. You can use this page to specify the optional Windows PE feature packs that you
might want to add to the boot image. Use this page to access the DaRT Remote Connection by
adding the DaRT feature pack. Note that DaRT will not appear in this list until you install it locally
and copy the cabinet files to the correct locations.
Additional Reading: For a complete list of the optional feature packages (Optional
Components) that you can add to Windows PE, refer to WinPE: Add packages (Optional
Components Reference): http://aka.ms/C6maq3.
• Customization. You can use this page to set prestart command settings. A prestart command is a
script or executable file that runs prior to the task sequence and allows possible interaction with a
user in Windows PE. You can accomplish several tasks by using a prestart command, such as
prompting a user for information or querying a task-sequence variable for information. For example,
you may want to prompt the installation technician to determine in which department to deploy the
operating system. You then can save that information as a variable and add task sequence steps, such
as adding specific software later for that department. The prestart command is run before the task
sequence policy downloads from the management point.
Additional Reading: For information on how to create a script to use for the prestart
command, distribute the content associated with the prestart command, or configure the prestart
command in media, refer to Prestart Commands for Task Sequence Media in Configuration
Manager: http://aka.ms/X8kzz4.
You also can use the Customization page to add additional files to the boot image and to use a
custom background bitmap file. You should store both in a UNC path, which you add to the text box
if you select these options. There is a check box named Enable command support (F8), which opens
an interactive command prompt that you can use for troubleshooting purposes. You can access it by
pressing the F8 key when starting the boot image. This option is selected by default.
• Summary. This page displays all the options that you have selected, and you can use the Previous
button to correct any issues that you find. Clicking the Next button will create a boot image. A
progress bar appears, and it can take several minutes to create the boot image. After this, the
Confirmation page displays the status of the completed wizard.
You now can further configure the boot image from its Properties sheet, which has 10 separate tabs with
settings that you can configure in each tab, including the:
• General and Customization tabs, which have the same functionality as the similarly named tabs in
the Create Boot Image using MDT Wizard.
• Content Locations tab, which shows the distribution point or distribution point groups to which the
boot image deploys.
• Data Access tab, which you can use to configure how the boot image is stored on the distribution
points.
MCT USE ONLY. STUDENT USE PROHIBITED
10-8 Integrating MDT and Configuration Manager for operating system deployment
• Data Source tab, which you can use to specify the Windows image file that holds the boot image.
This tab provides several options for configuring deployment settings, including the ability to use
binary differential replication and deploy from a Pre-Boot EXecution Environment (PXE)-enabled
distribution point. You also can schedule distribution point updates in the Data Source tab.
• Distribution Settings tab, which you can use to set a distribution priority to the boot image and set
preferred distribution points. You also can use this tab to specify the behavior that occurs when you
enable a distribution point for prestaged content, which is either automatically downloading content,
downloading changes only, or manually copying the boot image to the distribution point.
• Drivers tab, which you can use to add driver packages to the boot image. This is often necessary,
especially when you acquire new equipment. You can use the Optional Components tab to see the
components previously selected during the wizard, or even add components at this time.
• Images tab, which lists various property values. If you change these values by using an external tool,
you can reload the property values here.
• Security tab, which you can use to specify administrative users and their permissions for the boot
image.
• The Choose Template page, which includes a drop-down list of five predefined templates that you
can use for the task sequence that you are creating. Note that when you create a task sequence
directly with Configuration Manager, rather than using the MDT integrated wizard, you do not have
access to any task sequence templates. When you use MDT 2013 Update 2 independent of the
Deployment Workbench, there are nine templates available. However, in the Create MDT Task
Sequence Wizard, there are five task sequence templates available. They are:
• The General page, which you can use to set the task sequence name (required) and any comments
that describe it. You can add a detailed comment, because these comments can help you or other
administrators understand what the task sequence does.
• The Details page, which you can use to join a workgroup or a domain, set the account to do so,
specify the user and organization name (required), and add the product key. You can also choose to
leave the built-in administrator account disabled (recommended) or enable it and specify the
password.
• The Capture Settings page, which you can use to configure the task sequence to either capture or
not capture an image. The default is to not capture an image. If you choose to capture an image, you
can set the destination for the captured image file and the account that has permissions to do so.
• The Boot Image page, in which you can specify the boot image to use, such as the one created with
the Create Boot Image using MDT Wizard, or you can specify a new boot image package, which you
must create. Similar to the pages in the Create Boot Image using MDT Wizard, the Boot Image page
contains several subpages, including General settings, Options, Components, and Customization.
Note that the Windows 10 ADK must be installed on the machine running the wizard to create new
boot image package. Also note that you must provide a specific boot image or create one before you
click Next on this page.
• The MDT Package page, which has a default option called Specify an existing Microsoft
Deployment Toolkit Files package. You must use the Browse button to select this package. The
first time you create an MDT task sequence, you are required to select the Create a new Microsoft
Deployment Toolkit Files package, which can be used by subsequent MDT Task sequences. You
must supply a UNC share name for the package source folder. This takes you to a MDT Details page,
in which you can input the name (required) and other details about the package that you are
creating. If you choose the default action, which is Specify an existing Microsoft Deployment
Toolkit Files package to use, the next main page will appear.
• The OS Image page, which provides several choices. You can use an existing .wim file or install one
from an original source media file, such as an installation DVD. The default choice is Specify an
existing OS image, and you can use the Browse button to select one (required). If none are
available, which is possible if you have not created one yet, you can choose the Create a new OS
image option instead. With this option, you can specify the .wim file location, and the package source
folder to which you want to copy it. You also can choose the options to use an existing installation
package or create a new operating system installation package, which often is on installation media.
Operating system installation image files are files from an installation source, whereas operating
system image files are .wim files without the associated setup files found in installation media. If you
select one of these create options, the Image Details and Install Source pages will be shown. On
these pages, you supply an image name (required), version, and comments. Instead of creating a new
one, if you select an existing operating image or operating system install image with more than one
index, the OS Image Index page opens. On this page, you can select the index number from the
.wim file that you are using.
• The Deployment Method page, which provides two choices, Perform a Zero Touch Installation
with no user interaction or Perform a User-Driven Installation. The ZTI option is selected by
default. If you choose the UDI option, a wizard will run at the beginning of the operating system
deployment that enables you to choose various installation options.
MCT USE ONLY. STUDENT USE PROHIBITED
10-10 Integrating MDT and Configuration Manager for operating system deployment
After you select the deployment method, several package pages display, each with a different type of
package. In each of these pages, you can choose a package that already exists or you can create a new
one. The following list describes the available package pages:
• The Client Package page, which you can use to specify the Configuration Manager client package.
You can specify an existing package, which provides choices that are identical to the MDT Package
page above. Alternatively, you can create a new Configuration Manager client package.
• The USMT Package page, which provides choices that are similar to the Client Package page, except
that you can specify an existing User State Migration Tool (USMT) package or create a new one. If you
select Create a new USMT package, you must specify the package source directory that will store
the new USMT package. Note that you must provide a UNC share name. If a new USMT package is
created, the USMT Details page opens and lets you specify the name, version, and other details
about the package.
• The Settings Package page, which you can use to specify the settings package. The settings package
will include two files, CustomSettings.ini and Unattend.xml. The first time you create an MDT task
sequence, you are required to select Create a new Settings package, which can be used by
subsequent MDT task sequences. You must supply a UNC share name for the package source folder.
If a new settings package is created, the Settings Details page opens and lets you specify the name,
version, and other details about the package.
• The Sysprep Package page, which does not provide any choices. It just states “No Sysprep page is
required.” The System Preparation Tool (Sysprep) is required only when you are capturing a Windows
XP or Windows Server 2003 image. However, these operating systems are no longer supported.
• The Summary page, which displays all of the options that you have selected. You can use the
Previous button to correct any issues that you see here. Clicking the Next button starts the creation
of the task sequence. A progress bar appears, and it can take several minutes for the task sequence to
create, because an operating system image also might be created.
• The Confirmation page, which displays the status of the completed wizard.
[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipTaskSequence=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipUserData=YES
SkipDomainMembership=NO
SkipLocaleSelection=YES
SkipTimeZone=YES
TimeZoneName=GMT Standard Time
UILanguage=en-us
UserLocale=en-us
OrgName=Adatum
_SMSTSOrgName=S01
_SMSTSPackageName=%TaskSequenceName% on %OSDComputerName%
[INSTALL-W10]
DoCapture=NO
SkipCapture=YES
JoinDomain=adatum.com
DomainAdmin=Administrator
DomainAdminDomain=adatum.com
DomainAdminPassword=Pa$$w0rd
MachineObjectOU=ou=LondonClients,dc=adatum,dc=com
[CAPTURE-W10]
SkipCapture=NO
DoCapture=YES
You might expect that when you select your task sequence, it loads the settings for that task sequence
prior to execution. However, in this scenario, you do not want a Sysprep and Capture task to join the
domain. Therefore, you also want the task sequence to actually perform the sysprep and capture.
Conversely, if you perform the Standard Client Task Sequence task, you want the task sequence to join
the domain, but not attempt to capture the system.
The issue becomes apparent when you run the CAPTURE-W10 ID, because it first reads the settings for the
task sequence and then reads the default settings. However, when you select the task, either at start up or
by using the LiteTouch.vbs file, it does not reload the CustomSettings.ini. Instead, it applies only the
default settings.
To ensure the CustomSettings.ini file processes completely, modify the DeployWiz_SelectTS.vbs script in
your Deployment Share\Scripts folder, and then modify your CustomSettings.ini file. The modification to
the DeployWiz_SelectTS.vbs script causes MDT to run ZTIGather.wsf again. This forces MDT to parse the
CustomSettings.ini again and load the task sequence. You can make several changes to the
DeployWiz_SelectTS.vbs script, specifically in the ValidateTSList function.
MCT USE ONLY. STUDENT USE PROHIBITED
10-12 Integrating MDT and Configuration Manager for operating system deployment
Find the line containing Dim sTemplate, and then add the following two lines after it, as shown below.
Dim sTemplate
Dim sCmd
Set Oshell = createObject("Wscript.shell")
When you perform a ZTI by using Configuration Manager, the Deployment Workbench uses a template
version of the CustomSettings.ini file as a basis for a customized version of CustomSettings.ini.
[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
ScanStateArgs=/v:5 /o /c
LoadStateArgs=/v:5 /c /lac
This template does not contain sufficient settings to deploy Windows successfully to a target computer.
However, you can customize the file further by using the Deployment Workbench. The Create MDT Task
Sequence Wizard copies an unmodified version of the CustomSettings.ini template. Modify this version of
the CustomSettings.ini file to include the target computer-specific configuration values. After you modify
the file, update the distribution points for the Microsoft Deployment Files package so that the changes are
available to the task sequences, by using the following procedure:
4. Click the Task Sequence tab. Right-click the task sequence that you wish to change, and then click
Properties.
5. If the task you are modifying is a Standard Client Task, you must modify the Gather Local Only
action, which resides in the Initialization section. Change the action from Gather Only Local Data to
Gather Local Data And Process Rules.
6. In the text box immediately below that setting, enter the following:
%DeployRoot%\Control\CustomSettings.ini.
The file must include the computer name, SMBIOS GUID (12 hex characters), or media access control
(MAC) address (32 hex characters) with each value separated by a comma.
The following is a sample import file:
LON-CL6,11111111-1111-1111-1111-111111111116,25:12:15:A0:B9:A1
LON-CL7,11111111-1111-1111-1111-111111111117,25:12:15:A0:B9:A2
LON-CL8,11111111-1111-1111-1111-111111111118,25:12:15:A0:B9:A3
LON-CL9,11111111-1111-1111-1111-111111111119,25:12:15:A0:B9:A4
LON-CL10,11111111-1111-1111-1111-111111111110,25:12:15:A0:B9:A5
The following table describes the pages and settings within the Import Computer Information Wizard.
Page Description
Select Source On this page, you can select Import computers using a
file to specify a file that contains the computer
information to import. You can select Import a single
computer to specify information related to that one
computer.
Single Computer On this page, you can specify the computer name, MAC
address, and/or SMBIOS GUID. Optionally, you can
create a computer association by entering a name of a
reference computer from which the user state and
settings will be migrated to the new computer.
Data Preview On this page, you can review the computer information.
MCT USE ONLY. STUDENT USE PROHIBITED
10-14 Integrating MDT and Configuration Manager for operating system deployment
Page Description
Choose Target Collection On this page, you can add new computers to an existing
Configuration Manager collection. You can choose either
Add new computers only to the All Systems
collection or Add computers to the following
collection. If you choose Add computers to the
following collection, the computer is added to the
collection that you choose and to the All Systems
collection.
• You must deploy the task sequence to the All Unknown Computers collection.
• You must enable unknown computer support for your PXE-enabled distribution point or media.
Two unknown computer objects, one for 32-bit (x86) computers and the other for 64-bit (x64) computers,
are located in the All Unknown Computers collection. These objects are not real computers, but instead
serve as placeholders that Configuration Manager uses as targets for the deployment.
To enable unknown computer support, perform the following steps in the Configuration Manager
console:
1. Select the Administration workspace, and then expand Site Configuration. Click the Servers and
Site System Roles node.
2. In the details pane, select the PXE-enabled distribution point, and in the preview, right-click
Distribution point, and then select Properties.
3. In the Distribution Point Properties dialog box, click the PXE tab, and then select Enable unknown
computer support. In the Configuration Manager dialog box, click OK.
To enable unknown computer support for bootable or prestaged media, perform the following steps in
the Configuration Manager console:
1. Select the Software Library workspace, and then expand Operating Systems.
2. Right-click the Task Sequence node, and then select Create Task Sequence Media.
3. In the Create Task Sequence Media Wizard, select either Bootable Media or Prestaged Media.
4. On the Security page, ensure that Enable unknown computer support is selected. Generally, it is
selected by default. Proceed through the rest of the wizard by making appropriate choices.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-15
Demonstration Steps
1. On LON-CFG, open the Configuration Manager console.
2. In the Assets and Compliance workspace, right-click the Devices node, and select Import
Computer Information.
3. On the Select Source page, select Import single computer, and click Next.
4. On the Single Computer page, use LON-CL12 as the computer name and 112233AABBCC as the
MAC address. Click Next.
6. On the Choose Target Collection page, select Add computers to the following collection, click
Browse, and then select All Workstations. Click OK and Next.
10. Wait 20 seconds, and then refresh the All Systems collection.
11. Repeat the last two steps for the All Workstations collection.
12. When the Member count column changes to 1, view the members of the All Workstations
collection. You should now see the computer you have added.
13. Open Notepad and create a file with the following information. Save it as Computers.csv:
o LON-CL6,25:12:15:A0:B9:A1
o LON-CL7,25:12:15:A0:B9:A2
o LON-CL8,25:12:15:A0:B9:A3
o LON-CL9,25:12:15:A0:B9:A4
o LON-CL10,25:12:15:A0:B9:A5
15. On the Select Source page, select Import computers using a file, and then click Next.
16. On the Choose Mapping page, click Browse, and then select the Computers.csv file.
17. In the File preview section, verify that Column1 is Assign As Name. Click Column2 and assign it as
MAC address. Then, click Next.
22. Click the Device Collections node, and update the membership of the All Systems collection.
23. Wait 20 seconds, and then refresh the All Systems collection.
24. Repeat the last two steps for the All Workstations collection.
25. When the Member count column changes to 6, see the members for the All Workstations
collection. You should see the computers you have imported.
• Computer Name
• Domain information
• OU information
• Applications to install
UDI in MDT 2013 Update 2 supports all the common operating system deployment scenarios that you
typically use in enterprises. The three supported deployment scenarios are:
• New Computer. Use for deploying a new computer (bare-metal) that does not have an operating
system installed.
• Refresh. Use for redeploying an existing computer. This scenario performs a clean setup, but keeps
files and settings. However, it does not retain apps.
• Replace. This is similar to the Refresh scenario, except that you deploy to a new computer, and use
the USMT to pull and replace user information from the old computer to the new computer.
Even though UDI is designed with the end user in mind, technicians or IT supporters can also use it when
deploying operating systems, and it could even replace your old custom HTML Applications (HTAs) and
front-end GUIs. Furthermore, it provides an easy-to-use interface for people who want to be prompted
for a computer name during a deployment to a bare-metal machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-17
• Create MDT 2013 Update 2 boot images, one for x86 and one for x64. You must distribute these to
the distribution point by running the Distribute Content Wizard in the Software Library workspace,
from within the Configuration Manager console.
• Create an MDT 2013 Update 2 task sequence by running the Create MDT Task Sequence Wizard in
the Software Library workspace.
Note: Refer to the topic Creating an MDT-Related task sequence earlier in this module
for guidance on how to do this.
On the Deployment Method page of the Create MDT Task Sequence Wizard, you must select Perform a
User Driven Installation to activate the UDI Wizard in the task sequence. The wizard automatically sets
the task sequence variable SkipWizard to NO in the Set Variable for Wizard task-sequence steps.
Reference Links: For more information about UDI development, refer to User Driven
Installation – Developers Guide: http://aka.ms/Ywvmct.
The UDI Wizard Designer is added when you install MDT 2013 Update 2. The first time that you run the
UDI Wizard Designer, you can create a new default configuration that you can modify. You can drag and
drop pages from the page library onto the Flow Designer for stage groups, stages, and pages. A stage
group is a collection of wizard pages that users see when performing a particular deployment. By default,
there are three stage groups that reflect the most common MDT deployment scenarios:
• New Computer. Use for deploying a new computer that does not have an operating system.
• Refresh. Use for redeploying an existing computer. This scenario performs a clean setup, but keeps
files and settings. However, it does not retain apps.
MCT USE ONLY. STUDENT USE PROHIBITED
10-18 Integrating MDT and Configuration Manager for operating system deployment
• Replace. This is similar to the Refresh scenario, except that you deploy to a new computer, and use
the USMT to pull and replace user information from the old computer to the new computer.
You can use the UDI Wizard Designer to modify the stage groups by adding pages from the page library,
which enables you to provide more choices for your users who are receiving a deployment. There are
pages to add apps and languages, configure BitLocker, add reboots, and other customizations. Note that
the UDI Wizard Designer is a supplement to UDI. You still create task sequences to perform the
deployment, but the UDI Wizard Designer lets you modify user interactions that you have put into the
deployment, and it requires user responses.
By default, the UDI task sequence templates look for the UDIWizard_Config.xml file to load their
configuration. You can change the name of this file to anything you choose, as you long as you modify
the UDI Wizard task sequence steps with the definition of the new file name.
Find the UDI Wizard task sequence steps in the task sequence and append the following code marked in
bold below in the Command Prompt window.
Configure the UDI Wizard to use a configuration file with a non-default name
cscript.exe "%DeployRoot%\Scripts\UDIWizard.wsf"
/definition:NameOfUDIWizardConfigFile.xml
To predefine the Domain Joining Account and password, you can edit the CustomSettings.ini file, which
you can find in the source location of the MDT toolkit package. You can edit the file by adding to it the
following lines that are marked in bold.
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=NO
SkipProductKey=YES
OSDDiskPart=TRUE
OSDJoinAccount=DOMAIN\DomainJoinAccount
OSDJoinPassword=DomainJoinAccountPassword
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-19
The custom settings package needs to be updated on the distribution point whenever a change is made
to the files. Any failure to do so will result in the task sequence using the old copy of the files.
Question: What is the name of the variable used to automate the selection of full format of
the target machine’s hard disk? What value would you assign to it to enable this?
Question: How can you add a computer to the Configuration Manager database?
Question: Which file do you use to control the behavior of MDT?
Question: What is the name of the file in which the UDI Wizard Designer saves most of its
information?
MCT USE ONLY. STUDENT USE PROHIBITED
10-20 Integrating MDT and Configuration Manager for operating system deployment
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 120 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
4. Install MDT.
2. On the LON-CL3 desktop, create a folder named Projects and a shortcut for C:\Windows
\notepad.exe named Notepad.
3. Copy the file C:\Windows\CCM\Logs\CcmExec.log, and then paste it into the Projects folder.
4. Shut down LON-CL3. Do not revert it because you will use it in Exercise 3.
2. In the Software Library workspace, expand Operating Systems, and then right-click Task
Sequences. You should see the following items in the list:
o Folder
2. Accept all defaults for the installation wizard, ensuring the following values for the settings:
2. In the Deployment Workbench console, create a new deployment folder and share in
E:\DeploymentSource by right-clicking Deployment Shares. Name the deployment folder
DeploymentSource$, and then accept all the other default options in the New Deployment
Share Wizard.
3. In the properties of the MDT Deployment Share, in the Monitoring tab, enable monitoring.
2. In the Software Library workspace, expand Operating Systems, and then right-click Task
Sequences. You should see a new Create MDT Task Sequence item in the list.
3. On the Computer Agent node, change the Organization name displayed in Software Center to
Adatum.
2. Right-click S01 – Adatum Site, click Configure Site Components, and then click Software
Distribution.
3. On the Network Access Account tab, configure the ADATUM\NetworkAccess user account (select
New Account) and the password Pa$$w0rd as the network access account. Use the Verify option to
verify that the account can connect to the \\LON-DC1\sysvol network share.
Results: After completing this exercise, you should have installed MDT and integrated it with
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-23
1. Install DaRT 10, and copy the cabinet files to the appropriate location.
2. Run the Create Boot Image using MDT Wizard to create a customized MDT boot image.
3. Create an operating-system image.
Task 1: Install DaRT 10, and copy the cabinet files to the appropriate location
1. On LON-CFG, open File Explorer, and then navigate to \\LON-DC1\Labfiles\DaRT\x64.
2. Right-click MSDaRT100.msi, and then choose Install. Complete the wizard by using the default
settings, as follows:
a. On the Welcome to the Microsoft DaRT 10 Setup Wizard page, click Next.
b. On the End-User License Agreement page, click I Agree.
c. On the Microsoft Update page, click I don’t want to use Microsoft Update, and then
click Next.
d. On the Select Installation Folder page, click Next.
g. After you receive the message You have successfully completed the Microsoft DaRT 10
Setup Wizard, click Finish.
3. Using File Explorer, go to the C:\Program Files\Microsoft DaRT\v10 folder, and then copy the
Toolsx64.cab file to the C:\Program Files\Microsoft Deployment Toolkit\Templates
\Distribution\Tools\x64 folder.
4. Using File Explorer, go to the C:\Program Files\Microsoft DaRT\v10 folder. Copy the Toolsx86.cab
file to the C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86
folder.
Task 2: Run the Create Boot Image using MDT Wizard to create a customized MDT
boot image
1. On LON-CFG, create a folder named CMSources on the E drive, and share it with Authenticated
Users and give full control.
2. Create the following subfolders in the CMSources folder: OSD and Software.
o OSD\BootImages
o OSD\DriverPackages
o OSD\DriverSources
MCT USE ONLY. STUDENT USE PROHIBITED
10-24 Integrating MDT and Configuration Manager for operating system deployment
o OSD\MDT 2013
o OSD\OSImages
o OSD\MDTSettings
4. In the Software folder, create a subfolder named Microsoft. Finally, in the OSD\BootImages folder,
create the following subfolders: WinPE10x64 and WinPE10x64-MDT.
5. In the Configuration Manager console, under the Software Library workspace, in the Operating
Systems\Boot Images node, right-click Boot Images, and then select Create Boot Image using
MDT.
6. Complete the Create Boot Image using MDT Wizard with the following values:
e. Components: Windows PowerShell and Microsoft Diagnostics and Recovery Toolkit (DaRT)
7. Use the Distribute Content Wizard to distribute the Lab10 MDT Boot Image to the LON-CFG
distribution point, ensuring that the Lab10 MDT Boot Image Content Status circle is green.
8. Enable the Deploy this boot image from the PXE-enabled distribution point found in the Data
Source tab of Lab10 Boot Image properties.
After a few minutes, observe the new folder named for the Image ID of Lab10 MDT Boot Image
created in the C:\SMSPKGSIG\ folder.
4. Complete the Add Operating System Image Wizard with the following values:
5. Use the Distribute Content Wizard to distribute Win10 x64 Eval to the LON-CFG distribution point,
ensuring that the Win10Ent x64 Eval Content Status is successful. It might take several minutes.
Click Refresh on the ribbon to update the status.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-25
2. In the Configuration Manager console, in the Software Library workspace, right-click the Drivers
node, and then select Import Driver.
3. In the Import New Driver Wizard, accept all the default values except the following:
a. For Import all drivers in the following network path (UNC), specify \\LON-CFG\CMSources
\OSD\DriverSources\HyperVx64.
b. On the Specify the details for the imported driver page, clear Hide drivers that are not
digitally signed, and then create a category named Hyper-V Drivers.
Results: After completing this exercise, you should have created the MDT boot image.
1. Use the MDT Task Sequence Wizard to create an MDT task sequence that will upgrade an existing
network computer.
2. Edit the new task sequence and distribute content.
4. Deploy the new task sequence to upgrade an existing computer to Windows 10.
5. Start the computer upgrade.
Task 1: Use the MDT Task Sequence Wizard to create an MDT task sequence that will
upgrade an existing network computer
1. In the Configuration Manager console, select the Software Library workspace, and then navigate to
the Operating Systems\Task Sequences node.
2. Right-click Task Sequences, and then select Create MDT Task Sequence.
3. The Create MDT Task Sequence Wizard opens. Complete the pages on the wizard as follows:
b. On the General page, in the Name text box, enter MDT Client Upgrade.
c. In the Task sequence comments text box, enter MDT Task Sequence to upgrade a Windows
7 client to Windows 10 with migrated user state.
d. On the Details page, select Join a Domain, and enter Adatum.com as the Domain Name.
MCT USE ONLY. STUDENT USE PROHIBITED
10-26 Integrating MDT and Configuration Manager for operating system deployment
e. Click Set, and in the For the user name text box, enter adatum\CMDomainJoin, with the
password Pa$$w0rd.
h. On the Boot Image page, in Specify an existing boot image package, click Browse, and then
enter Lab10 Boot Image en-US.
i. On the MDT Package page, in the Create a new Microsoft Deployment Toolkit Files
package, Package source folder to be created (UNC Path) text box, enter \\LON-CFG
\CMSources\OSD\MDT 2013.
j. On the MDT Details page, in the Name text box, enter MDT 2013 Update 2 Toolkit.
k. On the OS Image page, in Specify an existing OS image, click Browse and then in Select a
Package, select Win10Ent x64 Eval en-US.
n. On the USMT Package page, in the Specify an existing USMT package text box, click Browse,
and then in Select a Package, select Microsoft Corporation User State Migration Tool for
Windows 8 10.0.10240.16384.
o. On the Settings Package page, in the Create a new settings package section, under Package
source folder to be created (UNC Path), enter \\LON-CFG\CMSources\OSD\MDTSettings.
p. On the Settings Details page, in the Name text box, enter Windows 10 x64 Settings.
r. Click Next on the Summary page, and then, when complete, click Finish.
2. In the Initialization group, select the first Format and Partition Disk (UEFI) action, and then in the
Volume list, delete the first three volumes.
3. Repeat the same action, but this time, do this for the Format and Partition Disk (UEFI) step that you
find in the Script does not exist or no partitions group.
4. Click Capture User State, and then note the Properties pane of the Capture User State step. Ensure
Capture all user profiles by using standard options is selected, and then select Enable verbose
logging. Ensure that Copy by using file system access is selected and that Continue if some files
cannot be captured is selected.
5. In the PostInstall group, select Apply Windows Settings, select Enable the account and specify
the local administrator, and then type Pa$$w0rd in the Password and Confirm Password text
boxes.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-27
6. In the PostInstall group, select Apply Network Settings, and then configure the Domain OU value
to use the Adatum/London Clients organizational unit (OU). You can browse for values.
7. Click OK.
8. Use the Distribute Content Wizard to distribute the MDT Client Upgrade task sequence to the
LON-CFG distribution point.
o Comment: Clients that are scheduled to be Upgraded via the MDT Client Upgrade task
sequence.
o Select Collection: All Systems
o Create a membership rule that adds a direct rule that has the following properties:
Resource class: System Resource
Attribute name: Name (both of these are the defaults)
Value: LON-CL3
3. In Device Collections, right-click All Unknown Computers, and then select Properties.
4. On the Collection Variables tab, create a new variable with the following settings:
o Name: OSDComputerName
o Clear the Do not display this value in the Configuration Manager console check box.
2. In the Deploy Software Wizard, ensure that the following settings are configured as specified and that
all other pages use the default settings:
a. On the General page, in the Collection text box, enter Clients to Upgrade.
b. On the User Experience page, ensure Show Task Sequence progress, System restart (if
required to complete the installation) and Commit changes at deadline or during a
maintenance window (requires restart) are selected.
c. Click Next on all the remaining pages, and then after completion, click Close.
MCT USE ONLY. STUDENT USE PROHIBITED
10-28 Integrating MDT and Configuration Manager for operating system deployment
3. In Control Panel, click the System and Security, Configuration Manager item, and then on the
Actions tab, run the Machine Policy Retrieval & Evaluation Cycle.
4. When the New Software is Available notification appears in the Notification area, double-click it to
open Software Center.
Note: The entire upgrade takes approximately two hours. Due to the limited amount of
time available for this lab, you can stop the upgrade by reverting the 20695C-LON-CL3 virtual
machine. This will complete the lab.
Results: After completing this exercise, you should have created and deployed an MDT task sequence.
Question: What is the purpose of creating the Clients to Upgrade collection, and how would you
use it?
Question: Why did you install DaRT before you started the MDT boot image?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-29
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 60 minutes
The required virtual machines should still be running from the previous Lab tasks. If they are not then
perform the following:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Sign in by using the following credentials:
o Password: Pa$$w0rd
o Domain: Adatum
4. Edit the CustomSettings.ini file to prepopulate Domain Join Credentials in UDI Wizard.
5. Update distribution points with the updated MDT 2013 Update 2 and MDT settings packages.
MCT USE ONLY. STUDENT USE PROHIBITED
10-30 Integrating MDT and Configuration Manager for operating system deployment
2. Right-click Task Sequences and then select Create MDT Task Sequence.
3. The Create MDT Task Sequence Wizard opens. Complete the pages of the wizard as follows, clicking
Next after each page is complete:
b. On the General page, in the Name text box, enter MDT UDI.
c. In the Task sequence comments box, enter MDT UDI Task Sequence used to deploy
Windows 10 to a new computer.
d. On the Details page, select Join a Domain, and enter Adatum.com as the domain name.
e. Click Set, and in the For the user name text box, enter adatum\CMDomainJoin, with a
password of Pa$$w0rd.
h. On the Boot Image page, in Specify an existing boot image package, click Browse, and then
enter Lab10 MDT Boot Image en-US.
i. On the MDT Package page, click Specify an existing Microsoft Deployment Toolkit Files
package, and then click Browse.
k. On the OS Image page, in Specify an existing OS image, click Browse, and then select
Win10Ent x64 Eval en-US.
m. On the Client Package page, in Specify an existing ConfigMgr client package, click Browse,
and select Microsoft Corporation Configuration Manager Client Package.
n. On the USMT Package page, in Specify an existing USMT package, click Browse, and then
select Microsoft Corporation User State Migration Tool for Windows 8 10.0.10240.16384.
o. On the Settings Package page, select Specify an existing settings package, click Browse, and
then select Windows 10 x64 Settings.
q. Click Next on the Summary page, and then, when complete, click Finish.
2. In the Initialization group, select the first Format and Partition Disk (UEFI) step, and then in the
Volume list, delete the first three volumes.
3. Repeat the same action, but this time for the Format and Partition Disk (UEFI) step that you find in
the Script does not exist or no partitions group.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-31
4. In the PostInstall group, select Apply Windows Settings, select Enable the account and specify
the local administrator, and then type Pa$$w0rd in the Password and Confirm Password text
boxes.
5. In the PostInstall group, select Apply Network Settings, and then configure the Domain OU value
to use the Adatum/London Clients OU. You can browse for values.
6. Click OK.
Task 3: Configure the UDIWizard_Config.xml file to control the UDI Wizard behavior
1. Start the UDI Wizard Designer and on the ribbon of the UDI Wizard Designer, click Configuration
Manager.
2. In the UDI Wizard Designer, click Open, navigate to E:\CMSources\OSD\MDT 2013\Scripts, and
then open the UDIWizard_Config.xml file.
3. Expand the Stage: NEWCOMPUTER section, and select the Install Programs page.
4. In the Site Settings window, type LON-CFG.adatum.com as the Site Server Name. Click Validate
Site. In the Application Collection text box, type MDT UDI Apps Ref. Click OK.
5. In the Stage: NEWCOMPUTER section, select the Welcome page, and click the Configure tab at the
top of the preview pane.
6. On the Welcome page under the Message heading, click right before the word Deployment and
then type Adatum OS followed by a space. The entire sentence should now read Welcome to the
Adatum OS Deployment Wizard. Click the Flow tab.
7. In the Stage: NEWCOMPUTER section, right-click the BitLocker page and select Remove Item, and
then click Yes.
8. Repeat the actions in previous step to remove: Select Target, Administrator Password and User
Device Affinity. You should have seven pages left in the Stage: NEWCOMPUTER section.
9. In the Stage: NEWCOMPUTER section, select the Volume page, and click the Configure tab. Click
the down arrow next to Image Combo Behavior.
10. In the Image Combo Box section, right-click the Windows 7 RTM images item, and then select
Select an Operating System Image.
11. Select Win10Ent x64 Eval, and then type Windows 10 Enterprise x64 Eval as Display Name.
Click OK.
12. Under the User Data and Settings section, expand User Data Combo Behavior. Select Format:
Clean all data on the target volume during install and click Unlocked. It should now read Locked.
Click the Flow tab.
13. In the Stage: NEWCOMPUTER section, select the New Computer Details page, and click the
Configure tab. Expand Network Details.
14. In the Domain or Workgroup Radio Buttons section, click Domain, and then click Unlocked.
15. Expand Domains and OUs, and then click Add Domain. In the Create or Edit Domain Information
window, type adatum.com as Domain Name and Adatum as Friendly name. Then click OK.
16. Right-click Adatum/adatum.com, and then select Search Domain for OUs. Select London Clients,
and then click OK.
17. Right-click Adatum/adatum.com, and then select Search Domain for OUs. Select Computers, and
then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
10-32 Integrating MDT and Configuration Manager for operating system deployment
18. Expand the Domain Join Credentials section, click the Unlocked button next to the User Name text
box and Password text box. Click the Flow tab.
19. In the Stage: NEWCOMPUTER section, select the Language page, and then click the Configure tab.
Expand Region and Language Defaults.
20. In Time Zone box, select (UTC) Coordinated Universal Time, and then click Unlocked. Click the
Flow tab.
21. In the Stage: NEWCOMPUTER section, select the Install Programs page and click the Configure
tab. Right-click General Software, and then click Remove Item. When prompted, click Yes.
22. Click Add Group, and type Adatum Software as the name. Then click OK.
23. Right-click Adatum Software, and then click Add Software to Group. In the Add Software To Group
Wizard, select I want to add a Package/Program, and then click Next.
24. Type Microsoft PowerPoint Viewer as the Display Name. In the Search for 32 Bit Program
section, click Select.
25. Click Search, and then select Microsoft PowerPoint Viewer. Then click OK.
26. In the Search for 32 Bit Program section, next to Program, select Per-system unattended, and
then click Finish.
27. Right-click Adatum Software, and then click Add Software to Group. In the Add Software To Group
Wizard, select I want to add an Application, and click Next.
28. Type XML Notepad 2007 as Display Name. In the Search for Application section, click Select.
29. Click Search, and then select XML Notepad 2007. Click OK, and then click Finish.
30. In the Software and Groups section, select Microsoft PowerPoint Viewer.
31. In the UDI Wizard Designer, click Save As. Click Save, and then click Yes. Then click OK.
OSDJoinAccount=ADATUM\CMDomainJoin
OSDJoinPassword=Pa$$w0rd
[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=NO
SkipProductKey=YES
OSDJoinAccount=ADATUM\CMDomainJoin
OSDJoinPassword=Pa$$w0rd
Task 5: Update distribution points with the updated MDT 2013 Update 2 and
MDT settings packages
• In the Configuration Manager console, within the Software Library workspace, in the Application
Management\Packages node, select the MDT 2013 Update 2 Toolkit and Windows 10 x64
Settings packages. Select Update Distribution Points, and then click OK.
Results: After completing this exercise, you should have created a working UDI task sequence, which will
enable you to deploy Windows 10 to new computer.
Task 1: Deploy the UDI task sequence to the Unknown Computers collection
1. In the Configuration Manager console, within the Software Library workspace, in the Operating
Systems\Task Sequences node, right-click MDT UDI in the task-sequence details pane, and click
Deploy.
2. On the General page, click Browse, and then click OK. In the Select Collection window, select All
Unknown Computers, click OK, and then click Next.
3. On the Deployment Settings page, under the Make available to the following heading, select
Only media and PXE, and then click Next.
2. In the Settings for 20695-LON-REF1 on host window, click the DVD Drive node under IDE
Controller 1.
3. In the Media section, click Browse, and browse to D:\Program Files\Microsoft Learning
\20695\Drives. Select the MDT-UDI-BootMedia.iso file and click Open. Then click OK.
4. Start the 20695C-LON-REF1, and then click Connect.
MCT USE ONLY. STUDENT USE PROHIBITED
10-34 Integrating MDT and Configuration Manager for operating system deployment
6. On the Select a task sequence to run page, select MDT UDI, and then click Next.
Note: It will take a few minutes to download the MDT Toolkit package.
8. On the Ready to start page, click Finish. The machine will reboot.
10. On the Volume page, select the Windows 10 Enterprise x64 Eval image, and click Next.
Notice that the Domain Join Credentials have been filled in automatically. They have been read
from the CustomSettings.ini file.
14. On the Install Programs page, select XML Notepad 2007, and then click Next.
Note: If time permits, you can leave the virtual machines running to finish the deployment,
while your instructor starts on the next module. You should ask your instructor for guidance
regarding this.
16. On the Deployment Complete page, click the Welcome, Deployment Summary, and Applications
Installed tabs to verify the installation. Then click Start Windows.
17. Sign in by using adatum\administrator as the username and Pa$$w0rd as the password.
Results: After completing this exercise, you should have deployed Windows 10 to a new computer by
using a UDI task sequence.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Question: Why did you have to update the distribution points with the MDT 2013 Update 2
toolkit package after you made the changes to UDI Wizard xml files?
Question: What must you do to integrate MDT 2013 Update 2 with Configuration Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 10-35
Question: You have made changes to the CustomSettings.ini file in the MDT Deployment
Workbench. What is it important for you to do next?
Question: Where can you find a new, bare-metal computer’s SMSBIOS globally unique
identifier (GUID) and media access control (MAC) address?
Tools
Tool Used to Where to find it
DaRT Remote Use to connect remotely into Included with the MDOP, only available
Control the Windows PE preinstall from a Microsoft Software Assurance
task sequence during a subscription.
deployment. More information about the MDOP can
be found here: http://aka.ms/Wdqu3p.
Module 11
Activating clients and managing additional configuration
settings
Contents:
Module Overview 11-1
Module Overview
After you deploy a Windows 10 client system and run all the task sequences, you must complete some
administrative configuration steps. Windows 10 activates differently from earlier client versions, because
you do not normally enter the product key during the initial installation. You do so after the installation
or deployment, and then activation takes place. Additionally, you can set up clients with several
specifications, such as locking down the Start menu and providing custom power options, mapped drives,
and printer assignments.
Objectives
After completing this module, you will be able to:
Lesson 1
Solutions for volume license activation
Product activation is a requirement of the Windows 10 operating system. It requires validation for each
Windows 10 license through an online activation service at Microsoft, either by phone, through the Key
Management Service (KMS), or through Active Directory Domain Services (AD DS). Activation enhances
protection from software piracy and helps you to manage the operating system and application instances
within an environment. In this lesson, you will learn how activation works. You will also learn about the
volume activation models to consider for an effective Windows 10 desktop deployment.
Lesson Objectives
After completing this lesson, you will be able to:
If you want to evaluate Windows 10 or Windows Server 2012 R2, Microsoft provides a separate evaluation
edition available through the TechNet Evaluation Center. Windows 10 Enterprise has a 90-day evaluation,
and Windows Server 2012 R2 has a 180-day evaluation. Both have a built-in product key, so you do not
need to enter one. However, you do need to activate each one online. You can convert the evaluation
version of Windows Server R2 to a retail version. However, you cannot do so for Windows 10.
If you are using the Windows Server 2012 R2 Datacenter edition as a Microsoft Hyper-V host, any virtual
machines with the Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, or Windows
Server 2012 R2 Essentials edition are automatically activated via the host’s activated license. You do not
need to take further action to activate these virtual machines.
• Retail. Any Windows 10 product purchased at a retail store comes with one unique product key that
you type in during product installation. Use the product key to complete the activation after installing
the operating system. The license terms prohibit reimaging by using original equipment manufacturer
(OEM) or retail media.
• OEM. OEM system builders typically sell computer systems that include a customized build of
Windows 10. You perform OEM Activation by associating the operating system with the computer
system BIOS.
• Microsoft Volume Licensing. Microsoft Volume Licensing (volume activation) comprises a series of
software licensing programs that are tailored to the size and purchasing methods of your
organization. Volume customers set up Microsoft Volume Licensing agreements, which might include
Windows upgrade benefits and other benefits related to value-added software and services. Microsoft
Volume Licensing customers use Volume Activation Services to assist in using the various activation
models, which consist of Active Directory-based activation, KMS activation, and multiple activation
key (MAK) activation.
If you do not activate Windows 10 or Windows Server 2012 R2, the operating system reverts to Reduced
Functionality Mode:
• Persistent notification remind the user that the operating system is illegitimate.
• Volume Activation Services. A server role in Windows Server 2012 R2 that allows you to automate and
simplify the issuance and management of Microsoft software volume licenses for a variety of
scenarios and environments. When you use Volume Activation Services, you can install and configure
KMS and enable Active Directory-based activation.
• KMS. A role service that allows an organization to activate operating systems within its network from
a computer where a KMS host has been installed. KMS allows IT professionals to complete activations
on their local networks, eliminating the need for individual computers to connect to Microsoft for
product activation. KMS does not require a dedicated system, and it can coexist on a system that
provides other services. By default, volume licensing editions of Windows 10 and Windows Server
2012 R2 connect to a system that hosts the KMS service to request activation. No action is required
from the user. You can use KMS for managed environments where more than 25 physical or virtual
Windows client operating systems are consistently connected to the organization’s network or for
environments with five or more server computers.
• Active Directory-based activation. A role service that allows you to use AD DS to store activation
objects, which can greatly simplify the maintenance of Volume Activation Services for a network.
When you use Active Directory-based activation, you do not need a KMS server. Activation requests
are processed during client computer startup. Any computer that is running Windows 8 or later or
Windows Server 2012 or later, that has a generic VLK, and that is connected to a domain will activate
automatically and transparently. These computers will stay activated as long as they remain members
of the domain and maintain periodic contact with a domain controller. Activation takes place after
the licensing service starts. When this service starts, the computer running Windows 8 or later or
Windows Server 2012 or later connects to AD DS automatically, receives the activation object, and
activates without user intervention.
• MAK activation. A model that uses product keys that can activate a specific number of computers. If
you do not control the use of VLKs, excessive activations can cause depletion of the activation pool.
You do not use MAKs to install Windows 10 but to activate the operating system after installation.
You can use MAKs to activate any Windows 10 volume edition.
Additional Reading: For more information, refer to Volume Activation for Windows 10:
http://aka.ms/T5383c.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-5
2. When a domain member computer that is running Windows Server 2012 or later or Windows 8 or
later and that has a generic VLK starts, the licensing service on the client automatically queries the
domain controller for licensing information.
Note: You cannot use Active Directory-based activation to license computers that are not
domain members.
3. If the licensing service on the client finds a valid activation object, activation proceeds silently without
requiring any user intervention. The same renewal guidelines apply to both Active Directory-based
activation and KMS activation.
4. If the licensing service on the client does not find volume licensing information in AD DS, a client that
is running Windows Server 2012 or later or Windows 8 or later looks for a KMS host and then
attempts activation by following the KMS activation process.
Active Directory-based activation greatly simplifies the process of activating clients that are running
Windows 8 or later or Windows Server 2012 or later. It requires the Windows Server 2012 AD DS schema.
Although you cannot directly edit activation objects, an administrator can use advanced AD DS tools to
view each activation object and configure security access control lists for the activation objects to restrict
access as needed. If necessary, administrators can delete activation objects. On a local client, a user with
read/write permission for the activation object can use the command prompt to perform these functions.
Many organizations have complex volume licensing infrastructures to support KMS and Office
installations. To add Active Directory-based activation to these environments, administrators must assess
their current implementations and determine what role Active Directory-based activation will play in their
environments.
An important point to consider is how to upgrade operating systems and applications to versions that
support Active Directory-based activation. For environments that exclusively run Windows 8 and later and
Windows Server 2012 and later, Active Directory-based activation is a suitable option for activating all
clients and servers, and you might be able to remove any KMS hosts.
If an environment will continue to contain earlier versions of volume-licensed operating systems and
applications, administrators will need a KMS host to maintain the activation status in addition to enabling
Active Directory-based activation for clients that are running Windows 8 and later and Windows Server
2012 and later.
You also can use Active Directory-based activation to activate volume license editions of Office 2016 that
are running on Windows 8 or later operating systems and that are domain members.
MCT USE ONLY. STUDENT USE PROHIBITED
11-6 Activating clients and managing additional configuration settings
Take these planning considerations into account when working with Active Directory-based activation:
• You do not need an additional host server. Your existing domain controllers can support activating
clients, with the following limitations:
o You cannot use Active Directory-based activation with non-Microsoft directory services.
o AD DS must exist at the Windows Server 2012 schema level to store activation objects.
o Domain controllers running earlier versions of Windows Server can activate clients after their
schemas update by using the Windows Server 2012 version of Adprep.exe.
Demonstration Steps
1. On LON-SVR2, start Server Manager, select Manage, and then click Add Roles and Features.
2. On the Before you begin page, click Next.
Note: Because of the configuration of the virtual machines, the activation of the KMS server
cannot be demonstrated.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-7
Note: You must update installations of KMS that run on Windows 7 and Windows Server
2008 R2 to activate Windows 10 by installing the hotfix at http://aka.ms/Nsvi4k.
Additional Reading: You must update installations of KMS that run on Windows 8.1,
Windows 8, Windows Server 2012 R2, and Windows Server 2012 to activate Windows 10 by
installing the hotfix at http://aka.ms/E34ryg.
After you download and install the hotfix, you must do the following:
2. Acquire a new KMS host key from the Microsoft Volume Licensing Service Center.
3. Go to your KMS host, and uninstall the old KMS host key by using the slmgr.vbs /upk command.
4. On the KMS host, install the new KMS host key by using the slmgr.vbs /ipk AAAAA-BBBBB-CCCCC-
DDDDD-EEEEE command.
5. Run the slmrg.vbs /ato command on the KMS host to activate the KMS host key.
You cannot update installations of KMS on Windows Server 2003 to support the activation of clients that
are running Windows 10 or Windows Server 2012 R2.
Windows Server 2012 and later versions and Windows 8 and later versions include KMS. After you
initialize KMS, the KMS activation infrastructure is self-maintaining. The KMS service does not require
dedicated computers and can coexist with other services.
A single KMS host can support an almost unlimited number of KMS clients. Most organizations can
operate with just two KMS hosts for their entire infrastructure: one primary KMS host and a backup host
for redundancy.
During installation, a KMS host automatically attempts to publish its existence and location in the Domain
Name System (DNS) in the form of a host (A record) and a service record (SRV record). This provides the
ability for both domain members and standalone computers to activate against the KMS infrastructure.
Client computers dynamically locate the KMS host by using the SRV record found in DNS or the
connection information manually configured in the registry. Client computers then use the information
returned from the KMS host to self-activate.
• Client computers that are not activated attempt to connect with the KMS host every two hours.
• To stay activated, client computers must renew their activation by connecting to the KMS host at least
once every 180 days.
• After activation, client computers attempt to renew their activation every seven days. After each
successful connection, the expiration date extends another 180 days.
• Client computers connect to the KMS host for activation by using anonymous remote procedure calls
(RPCs) over TCP/IP and by using default port 1688. You can configure this port information. The
connection is anonymous, allowing workgroup computers to communicate with the KMS host. You
might need to configure the firewall and the router network to pass communications for the TCP port
that will be used.
• To use KMS activation with Windows 10 or Windows Server 2012 R2, the computer must have the
qualifying operating system license as part of a new computer purchase, and it must contain a
Windows marker in the BIOS.
• A minimum threshold exists for KMS activation. Before you can activate any computer through KMS,
at least the following minimum numbers of clients need to exist for different KMS licenses:
o Windows 2008 Server and later: five clients
Note: The individual servers or clients can be running any combination of approved
operating systems. For example, if you have 12 Windows 10 clients and 13 Windows 7 clients,
you meet the minimum threshold of 25 clients. However, if the total number of activated clients
drops below 25 or 5, depending on the operating system or product, new activations cannot take
place until the minimum requirement is met. Because KMS activations last for 180 days, those
that are activated in this scenario will remain activated for the entire period. However, if the
minimum requirement is not met when the time period expires, those clients will revert to a state
of not activated.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-9
• AD DS
• Workgroup names
• IP addresses
• Computer names
VAMT provides a single graphical user interface for managing activations and performing other
activation-related tasks, such as:
• Adding and removing computers. You can use VAMT to discover computers in the local environment.
VAMT can discover computers by a query to AD DS, by workgroup name, by individual computer
name or IP address, or via a general Lightweight Directory Access Protocol query.
• Discovering products. You can use VAMT to discover Windows operating systems, Windows Server
operating systems, Office programs, and other products installed on client computers.
• Monitoring activation status. You can collect activation information about each product, including the
last five characters of the product key being used, the current licensing state (such as Licensed, Grace,
or Unlicensed), and the product edition information.
• Managing product keys. You can store multiple product keys and use VAMT to install them to remote
client products. You can also determine the number of activations remaining for MAKs.
• Managing activation data. VAMT stores activation data in an SQL database. You can export this data
to other VAMT hosts or to an archive in XML format.
• The user interface. The updated user interface makes volume activation and license management a
one-console process.
• Data storage. Data storage in a Microsoft SQL Server database provides greater scalability and speed.
MCT USE ONLY. STUDENT USE PROHIBITED
11-10 Activating clients and managing additional configuration settings
• Licensing reports. Five new volume licensing reports provide virtually instant licensing status
information for every computer in the database:
• Windows PowerShell command-line interface cmdlets. A Windows PowerShell module for VAMT
replaces the Vamt.exe command-line interface.
• Support for proxy authentication. If you are on a network that requires a user name and password to
reach the Internet, VAMT allows you to sign in and perform proxy activation.
• Active Directory-based activation. VAMT can activate an Active Directory-based activation object
either online or by proxy. When you deploy an Active Directory-based activation, any new qualifying
computers joined to the domain are automatically activated.
Note: VAMT 3.1, which is available in the Windows ADK for Windows 10, does not have
new features. However, it has several updates and fixes applied.
• Data storage in computer information list (.cil) files. VAMT no longer stores data in .cil files but rather
in a SQL Server database. You can import data currently stored in .cil files into VAMT. Data that you
export from VAMT is saved in a .cilx file.
• The Vamt.exe command-line interface. Vamt.exe is no longer available and has been replaced by a
Windows PowerShell module.
Additional Reading: For more information, refer to Import and Export VAMT Data:
http://aka.ms/Dzwia6.
computer on which you previously activated Office 2016, the reinstalled Office 2016 will silently reactivate
without user or administrator input, as long as you have an Internet connection. If you significantly
change the hardware environment, Office 2016 might require reactivation. In that case, the Reactivation
Wizard runs and prompts you for the product key.
Note: Office 365 ProPlus refers to the Office 365 versions of Office 2016.
All that KMS activation requires is a functioning KMS infrastructure and the Office 2016 KMS product key
added to the KMS server. For KMS to begin activation, the minimum threshold of five Office 2016
installations must exist. For the client, KMS activation then takes place automatically.
KMS activation
We recommend KMS activation for nondomain computers that are connected to the organization’s core
network or that have periodic connectivity, such as offsite computers. Administrators should modify their
environment’s firewall configurations to ensure that the appropriate exceptions are enabled for KMS
traffic. If you need to change the firewall or other default options later, you can open the VAMT console
and then modify the configuration. Additionally, if you have an RODC that services clients in a remote
location, KMS can run on that RODC and activate clients, whereas Active Directory-based activation
cannot.
The number of computers running Unlimited, but only with Active Directory-based
Windows Server 2012 or Windows domain membership activation
10 that will connect to the network
at least once every 180 days, either
directly or through a virtual private
network (VPN)
Question: You have installed the Volume Activation Services role and configured Active
Directory-based activation. You join a Windows 7 Enterprise computer to the domain, but it
will not activate. What is the problem?
Question: If you configure your KMS host to not publish DNS records to DNS, what must
you do for the KMS client to be able to find the KMS host?
MCT USE ONLY. STUDENT USE PROHIBITED
11-14 Activating clients and managing additional configuration settings
Lesson 2
Determining additional client configuration settings
After deployment, a Windows 10 computer might need additional configuration. You can use the
deployment tools to deploy an operating system as well as to load programs and apps, apply updates
and drivers, and migrate user data. Beyond these deployment tasks, you can use various tools, particularly
AD DS Group Policy, to further adjust a Windows 10 client’s configuration. In this lesson, you will learn
about post-deployment configuration and Group Policy preferences.
Lesson Objectives
After completing this lesson, you will be able to:
• Do you provide further desktop security? If so, what do you typically do?
• Which Group Policy settings do you think you will find useful in your organization?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-15
Live Tiles
Many of the tiles on the Start menu give you real-
time information from a particular app, and they are known as Live Tiles. For example, Live Tiles might
display the number of emails you have waiting or the sender and subject of those emails. They might
show your calendar appointments, currency exchange rates, stock-market values, or the latest
photographs in your collection.
Using AD DS GPOs
You can also centrally manage the Start menu items by using AD DS Group Policy Objects (GPOs), and
you can enforce several settings by using local Group Policy settings, as well.
Note: Windows RT devices cannot belong to a domain, so applying any policy to Windows
RT devices requires the use of a local Group Policy setting. Additionally, you must turn on the
Group Policy Client service, which is disabled by default on Windows RT device.
For Windows 10 clients in domains, the AD DS Group Policy settings provide a rich collection of
configurable settings. Settings exist to prevent updates on Live Tiles. This neither restricts bandwidth
nor allows some updates to get through but suspends all Live Tile updates.
MCT USE ONLY. STUDENT USE PROHIBITED
11-16 Activating clients and managing additional configuration settings
Your organization needs to carefully consider whether to apply such restrictions. One of the benefits of
the Windows 10 Start menu is how user friendly and customizable it is for individual users. In most cases,
you want your users to be able to set their Start menus and tiles according to their own needs and
preferences. You can also apply the layout by using the Import-StartLayout cmdlet, which sets a default
configuration but does not enforce it.
Demonstration Steps
Create a custom Windows 10 Start menu
1. On LON-CL1, click Start.
8. Place the Phone Companion tile next to the OneNote tile in the second column.
9. Remove the Money tile.
10. Remove all the tiles with the small icons and no text on them. Five of these should exist.
11. Click All apps. Find Notepad in the Windows Accessories group, and then add it to the Start menu.
12. Place the Notepad tile next to the OneNote tile in the second column.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-17
2. Switch to LON-DC1.
3. Open File Explorer, navigate to E:\Labfiles\, and then verify that you can see the AdatumLayout.xml
file.
2. Edit the Adatum W10 Start menu GPO in the Group Policy Management Editor, select User
Configuration, Polices, Administrative Templates, and then select Start Menu and Taskbar, Start
Screen Layout.
3. Enable the Start Menu and Taskbar, Start Screen Layout setting, and then in the Start Layout File
box, type \\LON-DC1\E$\Labfiles\AdatumLayout.xml.
4. Add the comment A custom Start menu developed on LON-CL1 by using Microsoft Notepad.
Note: The file location that you specify must be a location to which all user accounts have
read access.
2. Sign out, and then sign back in to LON-CL2 as Adatum\Administrator with the password
Pa$$w0rd.
3. Examine the Start menu. It should have the custom Start menu applied.
4. Attempt to drag and unpin some of the tiles. You should be unable to do so.
Power plans
In Windows 10, you can create power plans, which are groups of settings that govern power consumption
and operations. By default, three preconfigured power plans exist: Balanced, Power saver, and High
performance. You can adjust and save any of these power plans or save one of them as a new power plan,
or you can create your own power plan. The following table describes the three preconfigured plans.
Balanced A medium Turns off the display Measures ongoing activity and,
amount after a specified amount when in use, continues to provide
of time full power to all system
components
Power Saver The least By default, powers off Saves energy by reducing system
the display after five performance whenever possible
minutes of inactivity
High The most Sets the display at its Keeps the system’s disk drive,
performance brightest memory, and processor
continuously supplied with power
If the computer is a portable device, such as a tablet or laptop, you can use separate settings within each
plan for when the device is on battery or plugged in. Because you can adjust and save each plan, an
option in each plan allows you to restore the default settings.
You can access the power plans by opening Control Panel, clicking Hardware and Sound, and then
clicking Power Options. You also can type Power Plans on the Start menu.
Configuration options
The Power Options control panel item includes many options. The left pane contains a list of the settings:
• Require a password on wakeup. This setting allows you to ensure that when a computer resumes
from a hibernated state, the screen will be locked until the user presents credentials. By default, this
setting is off.
• Choose what the power buttons do. Most devices have a power button, and many have a sleep
button, as well. For mobile devices with both buttons, this setting includes an On battery and
Plugged in column with four choices for each button, including Do nothing, Hibernate, Sleep, and
Shut down. Some devices do not have a Sleep or Hibernate option. Certain devices also have a
Shutdown settings section on the Power button page, which includes the following check boxes:
o Turn on fast startup. Allows the Windows operating system to save system information to a file
that it uses to start up when you power on the computer.
o Sleep. Suspends power to the hard drive and display but keeps power supplied to the processor
and memory.
o Hibernate. Writes all the activity in memory to a file and then shuts down all power, but allows
the file to reanimate memory with the same values when power is supplied.
o Lock. Locks the screen and requires the user to reenter credentials before resuming operations.
Note: Not all devices have all of these settings. Several of the settings apply to particular
hardware that is not present on all devices.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-19
• Create a power plan. When you click this setting, the Create a Power Plan Wizard appears. In this
wizard, you can select one of the three default plans, save it with a custom name, and then change
the default plan settings on the wizard’s Edit Plan Settings page. This page has three options: Turn
off the display, Put the computer to sleep, and Adjust plan brightness. You select the Turn off
the display and Put the computer to sleep values from a list that has options with a scale from one
minute to five hours or never. You change the Adjust plan brightness values by using a slider bar
from fully dim to the maximum brightness.
• Choose when to turn off the display. This setting takes you to an Edit Plan Settings page that is
identical to the one in the Create a Power Plan Wizard.
• Change when the computer sleeps. This setting has options that are identical to those in the
Choose when to turn off the display setting.
The Power Options control panel item also lists the default and custom-created power plans. When you
click Change plan settings to access a particular power plan, the Change advanced power settings
setting becomes available. This setting opens the Power Options dialog box, which has a list of options
that you can expand and individually select. These options include settings for the battery, hard disk,
graphics, multimedia, and universal serial bus.
Using OUs
You can centralize power plans through AD DS
Group Policy settings and the organizational units
(OUs) that contain the different types of
computers needing different plans. The use of
OUs is important if you want to create a well-managed centralized policy. Depending on your
organization’s needs, OU structural requirements might conflict, so you need to carefully consider all of
them. However, a common OU structure uses a hierarchy of OUs for computers. For example, the top of
your hierarchy might have two major categories: servers and clients. You can then categorize the servers
according to the roles or functions that they perform, or you can categorize the clients as desktops,
laptops, and tablets. Each category can have its own GPOs containing unique power plans that link to a
specific OU. Larger organizations with multiple geographical regions might have a higher-level OU based
on a particular city or region.
The Specify a custom active power plan setting can import a power plan from an existing computer by
using that that power plan’s globally unique identifier (GUID). To export a computer’s power plan and
activate it on a group of computers, perform the following steps:
1. Use the Powercfg.exe command-line tool to export a computer’s active power plan.
2. Place the power plan’s GUID into the Specify a custom active power plan setting in the Group
Policy setting.
3. Import the exported file and GUID to every computer. All the computers linked to this Group Policy
setting then have the same power settings, and the various options to change the power plan on any
of these computers are unavailable.
Note: You can use a sign-in script to import the exported file and GUID to every computer.
Another way to centrally manage power settings is to use a Group Policy preference. You can use such a
preference in several ways to modify a computer’s power plan and other options. For example, to export a
computer’s power plan to a group of computers by using a Group Policy preference, perform the
following steps:
1. Create a new power plan in Computer Configuration/Preferences/Control Panel Settings
/Power Options. Right-click the Power Options node, point to New, and then click Power Plan
(At least Windows 7).
2. When the New Power Plan (At least Windows 7) Properties window opens, on the Advanced settings
tab, a list with the various plans is available. Because the preceding policy setting is a plan on the
domain controller, it is accessible here, and you can select it as your preferred power plan.
By making the plan preferred, you get a result almost exactly like that from the Specify a custom active
power plan setting, except that the user will be allowed to change the plan and all of its elements and to
create or apply a different plan. This is the key difference between a Group Policy setting and a Group
Policy preference: Group Policy settings are enforced, but Group Policy preferences are not.
You can also use several other Group Policy preferences. Access them from the list of items that you can
expand and modify when you navigate to the New Power Plan (At least Windows 7) Properties window
and then click the Advanced settings tab. These settings include options for hard disk, sleep, power
buttons and lid, PCI express, processor power management, display, and battery. Additional settings exist,
such as requiring a password on wakeup. On the Common tab, you can use targeting, and the Targeting
Editor can check whether a battery is present or the computer is portable. among other configurations.
• If multiple power setting values are applied to a computer, the least restrictive value is used.
• If different wakeup times are applied, the time closest to midnight is used.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-21
In Control Panel, you can set the local computer’s Windows Update functionality. You can allow all
software updates to download and run as required, or you can prevent the application of any update.
However, preventing application and security updates can be detrimental to security and contrary to well-
known best practices. You can apply Windows Update settings from an AD DS GPO so that users cannot
locally adjust these settings, or you can use Group Policy to configure computers to use the WSUS server
to retrieve and configure Windows software updates. You can find these settings in the Group Policy
Management Editor in the Computer Configuration/Polices/Administrative Templates/Windows
Components/Windows Update node. This node contains several significant settings that you can apply,
such as Configure Automatic Updates.
In the Configure Automatic Updates setting, you can set the main Windows Update settings, such as
automatically downloading and installing software updates when available, or downloading and notifying
you when software updates are available. You can also configure Windows simply to notify you when
software updates are available for download but to take no further action. For example, when you choose
to automatically download and schedule the installation of software updates, you can also specify the
time and the day of the week that Windows Update will apply any available updates. When you apply this
setting option, the local Windows Update settings in Control Panel are unavailable for all users, who
cannot change these settings.
Another setting in the Windows Update node is Specify intranet Microsoft Update service location.
This setting provides you with the ability to specify the URL of your WSUS server. This means that clients
configured to get automatic software updates will go to the WSUS server instead of the Windows Update
site to look for and apply most updates. This node also contains many other settings that deal with
restarts and notifications. Additionally, you can use Configuration Manager to manage software updates.
MCT USE ONLY. STUDENT USE PROHIBITED
11-22 Activating clients and managing additional configuration settings
The Group Policy settings for Configuration Manager are the same as the WSUS settings already
discussed.
• The settings available in the User Preferences Windows Settings node include Applications, Drive
Maps, Environment, Files, Folders, Ini Files, Registry, and Shortcuts.
• The Control Panel settings in the Computer Configuration node include Data Sources, Devices,
Folder Options, Local Users and Groups, Network Options, Power Options, Printers, and
Scheduled Tasks and Services.
• The Control Panel settings in the User Configuration node include all the same settings as the
Computer Configuration node, except Services. Additionally, the User Configuration node
contains the Internet Settings, Regional Options, and Start Menu settings that are not present in
the Computer Configuration node.
In the Internet Options dialog box in Internet Explorer, on the Advanced tab, you can select or clear
numerous check boxes, depending on the behavior that you want to achieve. These check boxes are also
present on the Advanced tab in the New Internet Explorer # Properties dialog box, but each check box
has a green circle beside it. This means that they are all available to select. However, if you press F8, the
circles all become red circles with a line through them, which means they are ignored. Press F5 and they
become green with no line once more. By pressing F6 and F7, you can switch individual items in the list
between available (green with no line) and ignored (red with a line), rather than switching all of them at
once.
Drive mapping
Two common domain-level functions that you can perform for users is to provide them with certain
shares that you map as drive letters and to make printers available. Traditionally, you do this by using a
sign-in script. However, with Group Policy preferences, you can map drives, assign printers, and configure
several other settings without having to write and manage sign-in scripts.
Item-level targeting
Item-level targeting lets you set the scope for a particular Group Policy preference, including selecting
which user, security group, or computer you want to apply a preference to. You can also have multiple
item-level targets and then link them with an AND or an OR operator. When you use the AND operator,
all the item-level targets must be true. When you use the OR operator, only one of the item-level targets
must be true. For example, you can have two targets with an AND operator, as follows: the user is a
member of the security group ADATUM\Research AND the NetBIOS computer name is LON-CL1. In this
case, both conditions must be met: the user must be in the Research group, and the computer name
must be LON-CL1. If either condition is not met, such as the user being in the Marketing group or the
computer being LON-CL2, the preference will not be available. With an OR operator instead of an AND
operator, the user can be in the Marketing group, or the computer can be LON-CL2, but not both.
• Green triangle. Represents Create, which makes a new mapped drive for the users in the container to
which you link the Group Policy.
• Red triangle. Represents Replace, which removes a drive mapping if one exists for this share and then
creates a new one. If no drive mapping exists, selecting this action creates a new one.
• Yellow triangle. Represents Update, which is similar to the Replace action in that if a drive mapping
does not exist, it will create one. However, unlike Replace, this action will not first remove an existing
mapped drive but simply change any values to the new values found in the Update properties. The
Update action is the default in the New Drive Properties dialog box.
Demonstration Steps
Create two drive mappings to the same share but for different groups
1. On LON-DC1, open the GPMC.
2. In the GPMC, at the Adatum.com domain level, click Create a GPO in this domain, and Link
it here.
Note: If you see a Group Policy Management dialog box, when you open the GPMC,
close the dialog box by clicking the red X. Then close the GPMC and reopen it.
4. Edit the new GPO, and then in the console tree, expand User Configuration, expand Preferences,
and then click Windows Settings.
5. Scroll down, and then double-click Drive Maps. This opens the configuration pane for the drive
maps.
o Action: Update
o Location: \\LON-DC1\Labfiles
o Drive letter: L
8. Create another drive mapping by using the same settings that you did for the previous one, except
for the following:
o Label as: Marketing Group Labfiles
o Action: Update
o High Performance
o Plugged in (minutes): 0
Note: If you see a Group Policy Management dialog box, when you close the GPMC,
close the dialog box by clicking the red X. Then close the GPMC.
5. In Control Panel, click Hardware and Sound, and then click Power Options. You should have High
Performance, with the Turn off the display option set to Never.
9. In Control Panel, click Hardware and Sound, and then click Power Options. You should have High
Performance, with the Turn off the display option set to Never.
10. Close all open windows, and then sign out of LON-CL1.
Question: What is the name of the Windows PowerShell cmdlet that is used to export a
custom Start menu from a reference computer?
Question: Verify the correctness of the statement by placing a mark in the column to the
right.
Statement Answer
Objectives
After completing this lab, you will be able to:
• Create and deploy a common Windows 10 Start menu and custom power plan.
• Use a GPO to deploy preferences to Windows 10 clients that have recently deployed.
Lab Setup
Estimated Time: 45 Minutes
Virtual machines: 20695C-LON-DC1, 20695C-LON-CL1, and 20695C-LON-CL2
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, complete
the following steps:
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
Dan,
The people in the contractors’ office, who use any available Windows 10 computer, are personalizing their
Start menus, which causes complaints from others who subsequently use the same computer. Can you
please look into solutions for setting a standard contractors’ office Start menu that can be locked down?
Also, when these computers go into hibernation, it can take several minutes to restart them, depending
on the processing that was taking place at the initial hibernation. Please take a look at turning off
hibernation on these computers.
Thanks,
Holly
Hi Holly,
I have read through some documentation on the Microsoft TechNet site about advanced Windows 10
Group Policy settings. There is a lot we can do by using Group Policy preferences. With these preferences
set, we can do the following:
I also spoke to Kari Tran, the person in Marketing who is responsible for the contractors’ office. She also
wants the contractors’ office computers to keep the display turned on and other power options turned on,
so a visiting contractor will have instant access. She wants different mapped drives for the contractors and
the ability to select default printers depending on the user. She agreed to help with the testing. To that
end, my research from TechNet says we can also do the following:
• Set up shared printers, even for those individual users who might need a certain printer to be the
default printer
I want to go ahead and start testing. Kari has already agreed to help. I need another user to test, as well.
Do you know anyone who can help?
Thanks,
Dan
MCT USE ONLY. STUDENT USE PROHIBITED
11-28 Activating clients and managing additional configuration settings
Hi Dan,
Well, because it is summertime, a lot of people are on vacation. That means I have far fewer emergency
meetings to attend. The IT department is a bit understaffed this week, but I am not busy. I will be glad to
help you as a test user. Sounds like fun!
Holly
Results: After completing this exercise, you should have a plan for Windows 10 customization.
1. Customize the Start menu, export the Start menu layout, and update the Group Policy settings to
display the new layout when users sign in.
Task 1: Customize the Start menu, export the Start menu layout, and update the
Group Policy settings to display the new layout when users sign in
8. Place the Phone Companion tile next to the OneNote tile in the second column.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-29
10. Remove all the tiles with the small icons and no text on them. Five of these should exist.
11. Click All apps. Find Notepad in the Windows Accessories group, and then add it to the Start menu.
12. Place the Notepad tile next to the OneNote tile in the second column.
2. Switch to LON-DC1.
3. Open File Explorer, navigate to E:\Labfiles\, and then verify that you can see the AdatumLayout.xml
file.
2. Edit the Adatum W10 Start menu GPO, and in the Group Policy Management Editor, expand User
Configuration, expand Polices, expand Administrative Templates, and then select Start Menu
and Taskbar, Start Screen Layout.
3. Enable the Start Menu and Taskbar, Start Screen Layout setting, and then in the Start Layout File
box, type \\LON-DC1\E$\Labfiles\AdatumLayout.xml.
Note: The file location that you specify must be a location to which all user accounts have
read access.
2. Sign out and then sign back in to LON-CL2 as Adatum\Administrator with the password Pa$$w0rd.
3. Examine the Start menu. It should have the custom Start menu applied.
4. Attempt to drag and unpin some of the tiles. You should be unable to do so.
5. Attempt to pin an app to the Start menu. You should be unable to do that, as well.
Task 2: Set a power plan to ensure that client computers do not hibernate
1. On LON-DC1, open the GPMC, and then create and link a new GPO named PowerSettings to the
London Clients OU.
3. Browse to Computer Configuration, Preferences, expand Control Panel Settings, and then click
Power Options.
MCT USE ONLY. STUDENT USE PROHIBITED
11-30 Activating clients and managing additional configuration settings
o Action: Update
o High Performance
6. On LON-CL2, restart the computer, and then sign in as Adatum\Administrator with the password
Pa$$w0rd.
7. In Control Panel, click Hardware and Sound, and then click Power Options. Ensure that the High
performance power plan is turned on, with Turn off the display set to Never.
Results: After completing this exercise, you should have created a common Windows 10 Start menu and a
custom power plan.
1. Create and deploy a GPO to set client preferences for printers and mapped drivers for Windows 10
users.
Task 1: Create and deploy a GPO to set client preferences for printers and mapped
drivers for Windows 10 users
1. On LON-DC1, in Server Manager, in Add Roles and Features, install the Print and Document
Services role.
2. Open the Print Management console tree, expand Print Servers, LON-DC1 (local), and then select
Printers.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-31
o First printer:
LPT1: (Printer Port)
Manufacturer: KONICA MINOLTA
Printer: KONICA MINOLTA PS Color Laser Class Driver
Printer Name and Share name: KONICA MINOLTA PS Color Laser
o Second printer:
LPT2: (Printer Port)
Manufacturer: HP
Printer: HP Color Laserjet 1600 Class Driver
Printer Name and Share name: HP Color Laserjet 1600
4. On LON-DC1, open the GPMC.
Note: If you see a Group Policy Management dialog box, when you open the GPMC,
close the dialog box by clicking the red X. Then close the GPMC and reopen it.
5. In the GPMC, at the Adatum.com domain level, click Create a GPO in this domain, and Link it
here.
6. Name the new GPO ClientUserPreferences, and then edit the GPO to create two drive mappings, as
follows:
o Expand User Configuration, expand Preferences, click Windows Settings, double-click Drive
Maps, and then create a new mapped drive with the following settings:
Action: Update
Location: \\LON-DC1\Labfiles
Label as: IT Department Labfiles
Drive letter: L
Hide/show this drive: Show this drive
o Click the Common tab, and then configure the following settings:
Options common to all items, Item-level Targeting
New Item: Security Group
Enter the object name to select: IT
New Item: Computer Name
Enter the object name to select: LON-CL1
o Create another drive mapping by using the same settings, when you created the drive mapping
for IT Department Labfiles, except for the following:
Label as: Marketing Group Labfiles
As Targeting, select Security Group. Enter the object name to select: Marketing
New Item: Computer Name
Enter the object name to select: LON-CL2
MCT USE ONLY. STUDENT USE PROHIBITED
11-32 Activating clients and managing additional configuration settings
o Expand User Configuration, expand Preferences, Expand Control Panel Settings, Expand
Printers, create a new shared printer with the following settings:
Action: Update
Share path: \\LON-DC1\ KONICA MINOLTA PS Color Laser
Select the Common tab, with the following settings:
Options common to all items, Item-level Targeting
New Item: User
Enter the object name to select: ADATUM\Holly (SID match)
o Create a new, shared printer with the following settings:
Action: Update
Share path: \\LON-DC1\ HP Color Laserjet 1600
o Select the Set this printer as the default printer check box.
o Click the Common tab, and configure the following settings:
Options common to all items, Item-level Targeting
New Item: User
Enter the object name to select: ADATUM\Kari (Hensien) (SID match)
Note: If you receive the message Windows couldn´t connect to the System Event
Notification Service service, click OK and retry step 3.
4. In File Explorer, examine the folders. You should have the mapped drive labeled IT Department
Labfiles (L:).
5. In Control Panel, click Hardware and Sound, and then click Devices and Printers. You should have
the KONICA MINOLTA PS Color Laser on lon-dc1 printer, with the KONICA MINOLTA PS Color
Laser as the default printer.
Note: If you receive the message Windows couldn´t connect to the System Event
Notification Service service, click OK and retry step 8.
9. In File Explorer, examine the folders. You should have the mapped drive labeled as Marketing Group
Labfiles (L:).
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 11-33
10. In Control Panel, click Hardware and Sound, and then click Devices and Printers. You should have
the HP Color Laserjet 1600 on lon-dc1 printer, with the HP Color Laserjet 1600 set as the default
printer.
11. Close all open windows, and then sign out of LON-CL2.
Results: After completing this exercise, you should have signed in as different users on LON-CL1 and
LON-CL2 and verified the preferences that you configured.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Question: In the PowerSettings GPO, why did you disable the Show hibernate in the power
options menu setting?
Question: In Exercise 2, why did the administrator restart LON-CL2? What could you have
done to achieve the same outcome without a restart?
MCT USE ONLY. STUDENT USE PROHIBITED
11-34 Activating clients and managing additional configuration settings
Review Questions
Question: What does item-level targeting enable you to configure in a Group Policy
preference?
Question: How do you activate a Windows Server 2012 R2 Standard Edition virtual machine
that is running on an activated Windows Server 2012 R2 Datacenter Edition computer?
Question: What is the tool you can use to import and export a customized power plan?
Tools
The following table describes the tools used in this module.
Windows ADK for Customize, assess, and deploy For more information, refer to Windows
Windows 10 Windows operating systems to new 10 ADK download (direct download
computers. This collection of tools link): http://aka.ms/Flsuee
contains VAMT 3.1, which you
cannot download separately.
Microsoft SQL Server Function as the default database Included with the Windows ADK for
2012 Express installed with the Windows ADK. Windows 10
VAMT also needs access to this
database.
Powercfg.exe Let you create, export, import, and Included in Windows operating systems
manage custom power plans. This is
a command-line utility.
MCT USE ONLY. STUDENT USE PROHIBITED
12-1
Module 12
Deploying Office 2016
Contents:
Module Overview 12-1
Lesson 6: Distributing apps using the Windows Store for Business 12-35
Lab: Deploying Microsoft Office 2016 by using the Office Customization Tool 12-39
Module Overview
For most computer users, a computer’s usefulness depends on the apps that are installed on it. Computers
in the business world are essential tools that enhance overall productivity and profitability. Microsoft
Office 2016 and previous Office versions provide a suite of productivity tools that are in use across the
globe. Apart from deploying and performing the initial operating system configurations, it is essential to
deploy productivity tools such as Microsoft Office, to provide a complete user-centric solution. In this
module, you will see how to deploy and configure Microsoft Office 2016.
Objectives
After completing this module, you will be able to:
• Describe the methods available for deploying Microsoft Office 2016 editions.
Lesson 1
Methods for deploying Microsoft Office 2016 editions
You can deploy Office 2016 by using traditional methods such as loading the program directly from a
disk on the computer itself. However, for deployment in larger enterprises, you most likely require a
centralized solution that you can use to distribute software quickly and simultaneously to thousands of
devices. Combining Office 365 with a subscription to the software as a service (SaaS) solution from
Microsoft provides you with additional methods for deploying Office 2016. In this lesson, you will examine
the different Office 2016 deployment methods and the various factors that those approaches involve.
Lesson Objectives
After completing this lesson, you will be able to:
You will have access to some or all of these applications, depending on the Microsoft Office edition that
you purchase or to which you or your enterprise subscribes.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-3
The following editions of Office 2016 retail, volume license, and with Office 365 as a subscription service,
are available:
• Office Home and Student 2016.This subscription service is a retail version that includes the following
core applications only: Word, Excel, PowerPoint, and OneNote.
• Office Professional. This subscription service is a retail version that includes core applications plus
Outlook, Access, and Microsoft Publisher.
• Office Home and Business 2016. This subscription service is a retail version that includes the core
applications plus Outlook.
• Office Professional Plus 2016. This subscription service is available through volume licensing and
includes core applications plus Outlook, Publisher, and Access.
• Office Standard 2016. This subscription service is available through volume licensing and includes
core applications plus Outlook, and Access.
• Office 365 Personal. This subscription service is for a single user license and includes core applications
plus Outlook, Publisher, and Access.
• Office 365 ProPlus. This subscription service includes core applications plus Outlook, Publisher, Access,
and Skype for Business.
• Office 365 Home. This subscription service is for up to five installations and includes core applications
plus Outlook, Publisher, and Access.
• Office 365 University. This subscription service is priced specially for university students only and
includes core applications plus Outlook, Publisher, and Access.
Note: There are similar Office 2016 editions available for Mac operating systems.
Office Online
Office Online, formerly known as Office Web Apps, allows you to use various Office 2016 applications
through a browser window without requiring you to have Office or an Office application installed on the
local computer. Office Online includes Word, PowerPoint, Excel, and Outlook. It also offers access to the
online Calendar, OneDrive, People, and Outlook.com web mail. Individual users can download a free
version of Office Online through OneDrive, and enterprise organizations can get Office Online through an
Office 365 subscription.
The following table lists the system requirements to run a downloaded local version of Office 2016.
Browser Internet Explorer 8 and newer, Microsoft Edge,; Mozilla Firefox 10.x
and newer; Apple Safari 5.x; or Google Chrome 17.x.
Additional considerations and Some functionality might vary based on the system configuration.
requirements Some features might require additional or advanced hardware or
server connectivity.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-5
Windows RT includes an already-installed version of Office Home & Student 2016 RT. It includes cloud-
enabled versions of Excel, Word, PowerPoint, and OneNote, which are optimized to run on Windows RT
hardware.
• Use media or a network share that contains the Setup.exe and associated files and libraries, and then
install it manually on a single workstation.
• Automate deployment with Windows Installer by using one of several deployment tools, including:
In most cases, automated deployment requires the use of the Office Customization Tool (OCT) to
create a transform file that will run a silent Office 2016 installation. The transform file can be used to
customize the installation. The OCT is available only with volume-licensed versions of Windows
Installer–based Office 2016, Office 2013, Office 2010, and Office 2007.
Note: The OCT is located in the root Admin folder on the installation media, which you can
copy to a network share. Lesson 2 of this module provides more specifics about using OCT.
• Purchase a Microsoft Intune subscription, and deploy Office 2016 in a similar manner to System
Center 2012 Configuration Manager.
• Create a reference image that contains a licensed version of Office 2016, and deploy that image to
various target systems.
• Install Office 2016 on Windows Server 2008 R2 or newer that is running Remote Desktop Services
(RDS), and allow clients to connect to Office 2016 on that RDS server.
MCT USE ONLY. STUDENT USE PROHIBITED
12-6 Deploying Office 2016
Note: Automated deployment and multiuse of Office 2016 requires a volume license rather
than a retail license. Systems purchased with an original equipment manufacturer (OEM)–
installed Office 2016 suite generally use a retail license for the product.
Using Click-to-Run
Click-to-Run uses a streaming and virtualization technology based on Microsoft Application Virtualization
(App-V). When you use the streaming capabilities in the Click-to-Run deployment method, you open and
start to use Office 2016 before it completes installation. When you open Office 2016 and begin using it
before installation completes, the rest of the software downloads in the background. If you attempt to use
a feature that is not downloaded and installed, Click-to-Run will download and install that feature
immediately.
This streaming function is similar to streaming videos from the Internet. You can start watching the first
part of the video even though the entire video has not yet downloaded. Click-to-Run versions of
Microsoft Office 2016 are licensed either as a retail version, which requires one product key for one
installation, or as a subscription to Office 365 ProPlus. There is no volume license for Click-to-Run. You
should use Windows Installer for volume licenses.
To install Office 365 ProPlus, users must have a license through their Office 365 subscription. To install it
directly from the Office 365 portal, users also must have Internet connectivity. Once Office 365 ProPlus
installs, users do not have to be connected continuously to the Internet to use it. However, users must
communicate back to the Office 365 service at least every 30 days to prevent Office 365 ProPlus from
switching to a limited functionality mode. Before users can install Office 365 ProPlus directly from the
Office 365 portal, they must be local administrators on their device. Otherwise, an administrator must
install Office 365 ProPlus to the user’s device or use another method to centrally deploy it.
As an Office 365 administrator, you also can use other methods to deploy Office 365 ProPlus, rather than
letting users install it directly. Typically, you download the Office 365 ProPlus files, and then use a local
deployment method to install the program to the user’s devices. This method allows you to:
• Decide the network location from which to install Office 365 ProPlus.
• Choose how to update Office 365 ProPlus after installation.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-7
• Determine which users, if any, get the 64-bit version of Office 365 ProPlus.
The deployment methods available from which you can choose are the same as the Office 2016 volume-
license versions, which include a GPO startup-script installation, MDT 2013, Configuration Manager, and
Microsoft Intune.
You also can also prevent users from installing Office 365 ProPlus from the portal entirely by performing
the following procedure:
1. Sign in to Office 365 with your administrator account.
2. Click Office 365 admin center, click Service settings, and then click user software.
3. In the Manage user software through Office 365 section, clear the Office and Skype for Business
check box.
Activation considerations
You need to activate Office 2016 and Office 365
ProPlus, including the volume-license versions.
Without activation, the products revert to a
minimal functionality state after a period of time.
To keep the Office 365 ProPlus programs fully
functional, it is important to make sure that your
subscriptions are up to date on all product
activations.
The Active Directory activation method does not require the same minimum requirement as the KMS
activation option.
To use Active Directory activation for Office 2016, you need to download
Office2016VolumeLicensePack_4285-1000_en_us_x86.exe from the Microsoft Office 2016 Volume License
Pack website.
Note: Note that other architectures and languages are available to download on the
Microsoft Office 2016 Volume License Pack website as well.
MCT USE ONLY. STUDENT USE PROHIBITED
12-8 Deploying Office 2016
When you run the downloaded file, it starts the Volume Activation Tools Wizard. On the wizard, you have
the option to click the Active Directory based Activation radio button, and on the next page, type in
the KMS key. The computer on which you do this initially must have Internet access so that it can connect
to Microsoft to validate the KMS key. However, there is a phone-validation option if Internet access is not
available.
The computer needs to do this at least once every 30 days. If more than 30 days go by without this check,
Office 365 ProPlus goes into reduced functionality mode until it can contact the Activation and Validation
Service. If an administrator deploys Office 365 ProPlus, rather than a user downloading and installing it,
the same activation check occurs after the installation is complete, and the same 30-day requirement is in
effect.
Deployment considerations
You should weigh carefully the consequences of the various deployment methods and determine the
strategy that best suits your organization. Some common questions to consider when determining which
deployment method to use include:
• Are users the local administrators on their computers? To install Office 2016 by using Click-to-Run or
Setup.exe, users need local administrator permissions on their computers. If they do, you can use
Group Policy computer startup scripts or a software-distribution product to install Office 2016.
• What is the total number of users to which you are deploying Office 2016? If you have to deploy
Office 2016 to several hundred or more users, you might want to use a software distribution product
such as Configuration Manager to help automate deployment. While Configuration Manager requires
a license, your organization can recoup the purchase cost quickly due to cost savings in reduced
administrator labor.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-9
• Do the client devices support the system requirements for Office? If not, you can use RDS features to
provide users with Office 2016, or in some cases the Office Online portion of Office 365. Office Online
users can access Word, PowerPoint, Excel, and Outlook through a web browser without having to
install an Office 2016 application on the local computer.
• Where are users located? Geographically separated users can install Office from a location that is
near to them. For example, branch-office users can use a local network installation point with the
Office 2016 installation programs for installing directly, or you can use a software distribution
program to use the branch’s local network installation point and utilize that location’s source files.
• Are there other programs installed on the client devices? You can install only one version of Office on
any one device. For example, you cannot have Office 2010 and Office 2016 running on the same
computer. However, there might be instances where this type of configuration is necessary, such as
when you have developed a local application that requires an older version of Office. In this situation,
you could use virtualization technologies, such as RDS or App-V.
• Local installation source. The local installation deployment method uses installation files that are on
removable media such as a DVD USB, or that a user copies to a local hard drive, and then runs from
that location. The user performing this installation must have administrator permissions on the
computer.
• Network installation point. This deployment method allows a user to make a connection to the
network installation, and run Setup.exe from that location. However, this requires that the user have
local administrator privileges. If that is not possible, then the user should use another method such as
a GPO or software distribution product to run the setup files from the same network installation
point.
• GPO computer startup script. This deployment method typically requires a volume-licensed version of
Office 2016 or an Office 365 subscription. In this scenario, you use a script that runs when the
computer starts, and it uses the setup files found in the network installation point.
Note: You cannot use a GPO software installation to run Office 2016, which requires an
.msi, .mst, or .zap file.
• Software distribution product. This deployment method is similar to using a GPO startup script, and
requires a volume license or an Office 365 subscription. You can perform advanced and complex
deployments by using a software distribution product such as Configuration Manager 2012 R2 or
Microsoft Intune. You then can configure numerous decision trees on how, when, and under what
conditions you want to allow installation of Office 2016. For example, you might need to make
certain version of Office 2016 available to different users, depending on their job function, or to
different devices, depending on their location.
• Virtualization technology. This deployment method allows you to use RDS or App-V to make
Office 2016 available to users. If you use RDS, the Office 2016 installation does not occur on the client
device, but instead runs on the Windows Server that is running the RDS role. Users then will use a
local installation on that server to run Office 2016, while still using their local printers, disk storage,
display, and other peripherals, even if their connection is via a wide area network (WAN) link. You can
deploy Remote Desktop Gateways (RD Gateways) and other role services of RDS to allow for a more
stable network configuration. The benefit of using RDS is that you only need to ensure that the
Windows Server that is running RDS meets the system requirements for Office 2016. You do not need
to worry about the users’ devices. In cases where the organization cannot afford to upgrade every
device, or cannot provide a local installation for that device, the RDS solution can provide significant
cost savings.
MCT USE ONLY. STUDENT USE PROHIBITED
12-10 Deploying Office 2016
Note: Deploying Office 2016 on a RDS server requires a volume-license version of Office
2016. You cannot use Office 2016 ProPlus from Office 365 or a retail version of Office 2016
because the license is always associated with a specific user.
If you are using Virtual Desktop Infrastructure (VDI), you can use Office 365 ProPlus providing the virtual
desktop is assigned to a single user. Another solution is to provide Office 2016 as an application that you
virtualize by using App-V. This requires App-V 5.0 with service pack 2 (SP2). (Earlier versions of App-V
cannot support Office 2016.) In this scenario, you would create an application package by using the Office
Deployment Tool, and then deploy it either through Configuration Manager or the App-V server, or by
using Windows PowerShell. The Managing Office Settings lesson of this module provides more details
about App-V deployment of Office 2016.
Standard desktop image. This deployment method allows you to create a deployable image with Office
2016 installed already, and then use a deployment tool such as MDT 2013 or Configuration Manager
2012 R2 to deploy the image to other devices. An advantage to this method is that you ensure that the
configuration of all devices is identical. You use a volume license in this configuration to ensure activation
of all Office 2016 instances. You also can use Office 365 ProPlus, if a subscribed user signs in to the device.
• You cannot run both the 32-bit and 64-bit versions of an earlier Office version on the same computer.
• If you are upgrading from an earlier Office version, such as Office 2013, it must match the
architecture of the version that you are upgrading. Therefore, you cannot upgrade 32-bit Office 2013
to 64-bit Office 2016. You could replace the 32-bit version with the 64-bit version, but that would
require you to uninstall Office 2013 first.
• Some programs block the installation of the 64-bit version of Office 2016.
However, there are benefits of using the 64-bit version. For example:
• The 64-bit version handles much larger data sets in Excel, Access and Project. If you have users
working with large data sets, you should consider using the 64-bit Office 2016.
• The 32-bit version has a file size limit of 2 GB, while the 64-bit version does not have a file-size limit,
except for the physical memory and resource limits on the system on which it runs. You should weigh
this benefit carefully with the possibility that other apps and add-ons might not work for users. If this
is not an issue, consider using the 64-bit version.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-11
Activation issues
When you create an image with Office 2016, you
must use a volume-license version. If you do not do this, you could have activation issues after the image
deploys. This is because you cannot activate non-volume license versions more than once. Therefore, if
you use the KMS activation option, you must start at least five deployed devices with Office 2016 before
activation of these devices occurs. After you reach the threshold of five devices, all subsequently deployed
devices activate immediately. If you use AD DS to activate, you do not need to have five deployed devices
already running. However, Office 2016 must be installed on domain-joined computers.
If you use the MAK activation option, the MAK product key is incremented by one for each deployed
device with Office 2016 until the total number of count of installations for the MAK reaches your licensing
limit. You can add a MAK key by using the OCT or the PIDKEY element in the Config.xml file. (The next
lesson in this module details the customization of the Config.xml file.) When you use the MAK activation
option, you must be aware of the total number of activations assigned to the MAK key that you have
purchased, and that you have consumed. You can use the Volume Activation Management Tool (VAMT)
to determine these numbers.
When you deploy an image with Office 365 ProPlus, it is important that you do not start Office 365
ProPlus on the reference computer. Starting any of the Office ProPlus programs (such as Word 2016) will
cause the program to attempt an automatic online activation. This activation accrues against the
subscription of the user who started the program, which in the case of a reference image could be your
administrator account. Because the Office 365 subscription allows each subscribed user to install Office
ProPlus on as many as five devices, your administrator account will quickly reach its maximum. Even if
another user subsequently signs in to a deployed target computer, Office 365 ProPlus will not attempt to
activate for that user. Instead, you will need to delete Office ProPlus, and then reinstall it for that user.
However, you can avoid this by not starting any of the Office 365 ProPlus programs on the reference
computer. After you deploy the reference image to the target computer, when the designated user opens
any of the Office 365 ProPlus programs, it will activate properly against that user’s subscription.
Note: The System Preparation Tool (Sysprep) does not remove the Office 365 ProPlus
activation.
MCT USE ONLY. STUDENT USE PROHIBITED
12-12 Deploying Office 2016
Using an image
You can customize the reference computer’s Office 2016 installation by using the OCT to create a Setup
customization file in the form of a Windows Installer patch file with an .msp extension, which is applied
when setup is run. When you make an image of a reference computer that has Office 2016 installed
already, you can deploy the standard desktop image multiple times with Office 2016 on it. However, when
each Office instance is first used, it goes through the initial activation and setup wizards. You can use the
OCT to customize additional deployment settings for Office 2016 so that it will be ready for the user when
the entire deployment finishes.
You can use the evaluation version of Office 2016 temporarily on an image before a user deploys the
image for use. You then can rearm that evaluation version so that you can capture the reference
computer image and change the product key to a volume license version once you deploy that image to
a target computer. To rearm the evaluation version, go to the Program Files or Program Files (x86)
directory, depending whether you installed the 64-bit or 32-bit version of Office 2016. The Microsoft
Office\Office 15 subfolder contains an executable file named OSPPREARM.EXE. Right-click
OSPPREARM.EXE, and then click Run as Administrator, or run the executable in a command prompt
window that you launch as an Administrator.
This process allows Office 2016 to run for a 30-day grace period in which reduced functionality mode is
not applied. You can rearm up to five times unless you activate Office by using a KMS host. If you exhaust
all of your rearm options, you can rearm one final time by using a KMS host to activate Office. Note that
this procedure is not for a deployed target computer, but rather for the reference image only.
You can use a number of software deployment products depending on your organization’s needs. You
could use:
• The Windows Assessment and Deployment Kit (Windows ADK) and the older imagex.exe command-
line program to create and deploy images. However, the process is labor-intensive, and you cannot
centralize it easily.
• The Deployment Image Servicing and Management tool (DISM) has extended much of the
imagex.exe functionality within it, and it is the primary tool that you can use to create and deploy
images manually in Windows 8 and newer Windows operating systems. However, like imagex.exe, it is
difficult to centralize.
Note: You cannot use either of these tools to create task sequences to customize a
deployment. Essentially, the image that you made or captured previously deploys to another
individual system.
• MDT 2016 and the Configuration Manager offers efficient methods of capturing and deploying
images, and you can use either based on your organization’s needs and abilities. Both methods allow
for deployment of the customized .msp files that you created with the OCT as part of their respective
task sequences.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Question: How often does a computer with Office 365 ProPlus installed have to
communicate with the Activation and Validation Service?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-13
Lesson 2
Customizing Office deployments
One of the main benefits of using a software deployment product is that it allows you to centralize the
process and reuse components. Therefore, once you configure the deployment, you can reassemble and
deploy the product as necessary. While you can interactively install Office 2016 on a local computer, you
also can deploy Office 2016 by using a software deployment product. You can do this by creating an
unintended installation of Office 2016 by using the Office Customization Tool.
Lesson Objectives
After completing this lesson, you will be able to:
The OCT customizes Office 2016 deployments and you can use it as your primary tool for unified setup,
customization, and maintenance of Office 2016. The OCT saves your customizations into a Windows
Installer patch file, which is applied at setup or during maintenance mode operations.
The OCT is available only in the Office volume-license versions, and not in the retail versions. To verify
whether have a volume-license version of Office 2016, check the installation disk to see if it contains a
folder named Admin. If it does, the disk is a volume-license edition. If it does not, then it is the retail
version. There are both 32-bit and 64-bit versions of the OCT.
To start the OCT, run setup.exe /admin from either the x86 (32-bit) or x64 (64-bit) folder, depending
upon the edition that you wish to customize. Most installations will use the x86 (32-bit) folder to run the
OCT in 32-bit.
When you open the OCT console, a console tree displays with five major nodes: Welcome, Setup,
Features, Additional Content, and Outlook. Except for the Welcome node, each node has a number of
subnodes that relate to specific customizations that you can make.
MCT USE ONLY. STUDENT USE PROHIBITED
12-14 Deploying Office 2016
You can use the following main nodes in the OCT to customize an installation of Office 2016 and to
perform the following tasks:
• Welcome. The Welcome node does not have any configurable options or settings, and instead
contains basic information about using the OCT tool.
• Setup. You can use this node to specify installation options. The available subnodes include:
o Install location and organization name. From this subnode, you can configure the default
folder in which Office 2016 installs, and provide the organizational name.
o Additional network sources. Use this subnode to identify different network installation points
that you can use if the original installation point is not available.
o Licensing and user interface. From here, you can select the type of volume-license product key
that you want to use: KMS, or MAK. If you select the MAK option, you can specify the 25-
character key, which is encrypted in the output file. You also can select the I accept the terms of
the License Agreement option, and then then set the Display level, which sets whether the user
will see any interactive prompts or dialog boxes. Selecting None means that the entire install is
silent, and the user does not see anything. You also can enable the Completion notice option,
prevent canceling of the installation, and enable Suppress modal, which you typically use in
conjunction with the None display method.
o Remove previous installations. The default setting for this is to remove all previous Office
versions. However, you also have the option of removing selected programs from the Office suite,
such as Word or PowerPoint.
o Add installations and run programs. Use these command-line executables and possible
arguments only when Office first installs. Ensure that any commands that run do not require a
restart that interrupts the Office installation at that point.
o Office security settings. These settings apply only to the initial installation of an Office
deployment. Subsequently, users can change most settings. We recommend using GPOs to
control most of the security that you can set here.
o Modify setup properties: From this subnode you can add setup properties to the initial Office
installation. Most of the setup properties were replaced from previous Office versions to the
various settings that you now can find directly in the OCT. Therefore, in most cases, you will not
add any setup properties.
• Features. You can use this node to customize installation of Office applications and features. The
available subnodes include:
o Modify user settings. This subnode has a separate pane of expandable objects representing the
various Office suite programs. You can change the default user settings for each program. In
addition, for some applications, you can change the computers settings, as well. These settings
apply to the initial Office installation, and, except for computer settings, the user can change
these at a later date.
Note: For changing and enforcing the user settings permanently, you can use a GPO.
To configure an application, expand the application’s folder and subfolders in the user settings
navigation pane until the setting that you want to configure appears in the details pane, and
then choose and double-click the setting. The actions available are Not Configured (the
default) Enabled, and Disabled. These actions apply in the same way in which a GPO setting
applies. However, unlike the GPO setting, they are not enforced.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-15
o Set feature installation states. From this subnode you can configure whether a given Office
suite program and any subcomponent of that program are installed. The states available are:
Run from My Computer
Run all from My Computer
Installed on First Use
Not Available
o The feature options are:
Hidden
Locked
Reset
Note: Hidden means that the user will not see the option, and refers to the features state in
the installation user interface (UI) only—not its actual installation state. In a silent installation, all
options are hidden by default.
• Additional content. Use this node to add or remove files, registry entries, or shortcuts when Office is
installed. The available subnodes include:
o Add files. From this subnode, you can specify the files to add to the target computer. These files
then are copied into the setup customization file when you save it and exit the OCT. Large files
can increase the size of the customization file, and subsequently increase the time that is required
to create them. If you want to revise a file that is included in the saved customization file already,
you must open the customization file in the OCT, remove the file from the Add files list, add the
revised version, and then resave the customization file. Users that remove, repair, or reinstall
Office have the custom files removed or reinstalled with Office. Setup does not reinstall a custom
file if the file has changed.
o Remove files. In this subnode you can create a list of files to remove from the target computer
during the Office installation.
o Add registry entries: Use this subnode to create a list of registry entries to add to target
computers. Do not use this subnode to add GPO-based registry keys, as GPO settings will prevail
in any case. Instead, use a GPO for such settings.
o Remove registry entries. From this subnode you can create a list of registry entries to remove
from target computers. Users that remove, repair, or reinstall Office have the custom registry
entries removed.
o Configure shortcuts. This subnode allows you to add shortcuts to files that are present already
on a target computer. However, there is a known issue with shortcuts that causes the following
error message: “Invalid start in folder. Please try again.” You can prevent this by typing a single
open bracket ([) in the Start in field.
• Outlook. Use this node to set the default profile, add email accounts, and specify Exchange settings.
The available subnodes include:
o Outlook profile. The default for this setting is to prompt users to create an Outlook profile the
first time that they run Outlook. Otherwise, you can choose to customize the profile. You can
modify the default profile, or modify a profile selected by name. You can create a new profile,
but you must supply a name for it here. Finally, you can create a profile by using an Outlook
profile file (.prf).
MCT USE ONLY. STUDENT USE PROHIBITED
12-16 Deploying Office 2016
o Add accounts. You can add accounts only when you modify the default profile directly above. If
you accept the default Outlook profile, there is nothing to select in this node. If you have
included a new or different profile, you then must add the account name of the user profile here,
and specify a default delivery location to a .pst file for new email messages.
o Export settings. You can export settings only when you modify the default profile location,
similar to the Add accounts option. If you change the default profile, this setting allows you to
export the Outlook profile settings that you have defined in a .prf file.
o Specify Send/Receive groups. You cannot configure settings here if you do not change the
default profile location.
After you create the .msp file, but before you use it for a customized Office 2016 deployment, copy it to
the \updates directory in the deployment share’s root. This causes Setup.exe to read the .msp file and the
Config.xml file when setup launches.
You use the Config.xml file to perform the following installation tasks:
• Customize Setup options, such as logging and the location of the .msp file and software updates.
You also can use the Config.xml file for maintenance operations, such as adding or removing features,
repairs, and removing installations. To do this, you must run Setup.exe again from the original source.
When setup first runs, it looks for a copy of Config.xml in the same folder in which Setup.exe resides. If it
does not find it, Setup uses the Config.xml files found in the core product folders that came from the
installation media. Each product folder has a default Config.xml file for that product, such as Word 2016.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-17
XML
XML is a markup language that users can read and that provides machine programming with a
representation of arbitrary data structures, such as those found in web services. It uses a structure of angle
brackets that contain an element that begins with < and end with />. These delimiters enclose words
representing a particular element with possible attributes, an equal sign, and the actual value, often in
quotes. For example, to set the name of the company you could use the following:
In this example, COMPANYNAME is the element, and the attribute value is Contoso. Some elements will
have an attribute named for the particular setting rather than the word Value. The Config.xml file adheres
to this format. The top-level element is the Configuration element, which is required. All other elements
must appear in this element.
Note: For more information about the Reference for Click-to-Run configuration.xml file
refer to: http://aka.ms/Hqgf9n.
When you use the OCT to customize settings, you do not have to configure any settings for a particular
language, because all settings configured in the OCT are language neutral. Office Setup installs only the
language-specific elements that you need for the products that you are installing. It does not install the
complete language pack; instead, you must install the complete language pack for every product in Office
2016 separately. However, this works only if there is an existing installation of an Office 2016 product on
the computer. For example, to add the Russian language pack, you would run the language pack setup
from the root of the network installation point for the Office 2016 Multi-Language Pack or Office 2016
Language Pack, and then specify the path of the Config.xml file on the command line by typing the
following:
In this example, if the English language pack is installed already, users also can use the Russian language.
You can view a list of languages that are installed for Office 2016, either during the initial installation or
during a separate installation of a language pack, by reviewing the registry in the following locations:
• HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\LanguageResources\HelpLanguage
• HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\LanguageResources\UILanguage
If you are not adding the entire language pack, you still can install the language pack during the setup
process by adding the <AddLanguage> element to the Config.xml file. Instead of editing the Config.xml
file, copy it, and then save it with a different name. You then can reference the edited copy on the
command line using the /config parameter, and then set the value of the Id attribute to the language tag
that corresponds to the language that you want to install. For example, the Russian language tag value
would be ru-ru. You can specify more than one language by including additional <AddLanguage>
elements and attributes. You specify which language to use for the Shell UI by setting the
<ShellTransform> attribute of the <AddLanguage> element. For example, the following element
would add Russian and French:
If you want every user to have Office 2016 in Russian and French, you would insert the following
elements:
Demonstration Steps
Run the OCT
1. On LON-DC1, open a Command Prompt window as administrator, and then navigate to the
E:\Labfiles\Office_Professional_2016 Source directory.
3. In the OCT, create a new setup customization file for Microsoft Office Professional Plus 2016 (64-bit).
4. Click the Install location and organization name node, and then provide Adatum as the
Organization name.
5. Click the Licensing and user interface subnode, and then ensure that the Use KMS client key
option is selected. Select both the I accept the terms of the license agreement, Display level:
None, and the Suppress modal check boxes.
7. Open Microsoft File Explorer, and then verify that AdatumOffice.msp displays in
E:\Labfiles\Office_Professional_2016\Updates\.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-19
Note: Except for the first and last elements, all other elements are commented out with the
<! – > tag.
2. Edit the first three commented-out elements to remove the commented-out tags. The code should
appear as follows:
3. In the File drop-down list box, click Save, and then click Exit.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Question: If conflicting settings are configured in both the Config.xml and the OCT, which
will have precedence?
MCT USE ONLY. STUDENT USE PROHIBITED
12-20 Deploying Office 2016
Lesson 3
Deploy Office 2016 by using Office 365
More often, businesses today are utilizing subscription-based software as a service (SaaS). SaaS provides
the infrastructure to support a service, thereby eliminating that responsibility from the organization.
Office 365 is a SaaS offering that allows users to install Office 365 ProPlus on as many as five separate
devices, with only one user subscription. In this lesson, you will see how Office 365 ProPlus uses the Click-
to-Run installation, and learn about the methods for managing those installations. You also will examine
coexistence issues with respect to Office 365 ProPlus.
Lesson Objectives
After completing this lesson, you will be able to:
The Configuration.xml file specifies the installation instructions for Click-to-Run, including:
You also can use GPOs to enforce user and computer settings for Click-to-Run in Office 365 ProPlus
installations. When you use GPOs, the installation instructions are applied whenever someone uses
Click-to-Run.
The default installation option for Office 365 ProPlus is for subscribed users to install the program on their
devices by using Click-to-Run from the Office 365 website. To deploy a customized Office 365 ProPlus
installation, such as providing an on-premises copy of the Office 365 ProPlus installation files, you use the
ODT. After you download the ODT, you can run the setup.exe program from the command line with the
following parameters:
• /download: Enables you to generate a Click-to-Run for a local Office 365 installation source.
Each of these parameters modifies the Configuration.xml file, which you then use during the Office 365
ProPlus deployment. For example, you can use the setup.exe /configure parameter to create a
Configuration.xml file that installs Office 365 ProPlus from an on-premises source on a share named
OfficeC2R on LON-SVR1, and then to accept and not display the license agreement, as shown in the
following configuration file example:
<Configuration>
<Add SourcePath="\\LON-SVR1\OfficeC2R" OfficeClientEdition="32">
<Product ID="O365ProPlusRetail" >
<Language ID="en-us" />
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" />
</Configuration>
Note: You can download the Office 2016 Deployment Tool for Click-to-Run from the
Microsoft Download Center at: http://aka.ms/Xbrsbe.
When you start the installation, the streaming starts immediately. The IntegratedOffice.exe process moves
to System Context when 10 percent of content is streamed, and Office programs could be launched at
around 15 percent. This usually is within two minutes of starting the installation. The streaming data is
cached as it comes in, and Office caching focuses on any user-launched programs and features. Finally,
when about 90 percent of the data has been streamed, Office installs add-ins, licensing, and other
features.
Although Office 365 ProPlus uses application virtualization, other system objects can interact with it, and
you will not have to sequence add-ins into Office. Previous Office versions required this. Office 365
ProPlus uses application virtualization, which means that you can run it alongside other Office versions,
such as Office 2010. This can be helpful when you have an older, customized utility that is based on an
earlier version, yet you still need to run Office 365 ProPlus.
When users attempt to perform Click-to-Run installations themselves, if they have a standard user account
then they cannot install and configure the software by default. Rather than making all of your users local
administrators, you can create a deployment package to install Office 365 ProPlus for those users.
When you want Office 365 ProPlus to install directly from an on-premises location, Click-to-Run
integrates with existing IT service-management tools and processes. This enables you to manage
deployments by using products such as Configuration Manager 2012 or MDT 2013. The ODT builds the
Configuration.xml file with the SourcePath removed, and no Office build or folder is present where the
setup.exe file is located. Your deployment product then calls the Office 365 streaming service, and installs
ProPlus according to the version number, architecture, language, and other parameters that you have
assigned in the Configuration.xml file that you built with the ODT.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-23
Automating updates
Updates in Office 365 ProPlus occur by default
and are received from Office 365 when available.
The update service is a scheduled task that runs
daily. You also can configure updates to look on-
premises at a defined network location, such as
with a Universal Naming Convention (UNC) or
HTTP. You can provide the source files for update,
and then the update service will check for newer
versions and copy them to that location. If pulling
files from the Internet to the client will not work
for your organization due to bandwidth
requirements, you can install them from the
distribution share.
Office 365 manages updates differently from Office 2016, because of its ability to stream. Every month,
Microsoft provides a new build of Office 365 ProPlus at the Office 365 website. When a device that runs
Office 365 ProPlus detects that a new build is available, the difference—or delta—between the new and
the existing build streams in the background. Office 365 then installs the deltas when Office processes are
not running. Therefore, with the default Office 365 ProPlus configuration, the office installation is always
up-to-date. These monthly builds might encompass security updates, other updates, and functionality
improvements. All updates are cumulative, so each build contains all the other previous builds.
Administrators can customize an organization’s update configuration by controlling whether the Windows
operating system searches for and applies updates automatically, and from which source it retrieves the
automatic updates. These updates run under the system context, so users do not need local administrative
rights on their devices to run the updates. Office 365 ProPlus updates are different, from Windows
updates and Windows Update does not provide them. If you need to use a centralized administration
update product (such as Windows Server Update Services (WSUS) or Configuration Manager) to deploy
updates, you can do so for Office 356 ProPlus by configuring the update source through the ODT, which
builds the .xml file. In this case, Office 365 devices will receive the update builds from your WSUS or
Configuration Manager system.
The following table describes the update functionality method and the .xml file code that is necessary to
use the functionality.
Note: Update functionality is disabled during setup, and the client does not check for
updates until installation completes.
MCT USE ONLY. STUDENT USE PROHIBITED
12-24 Deploying Office 2016
Coexistence issues
Office 2016 and Office 365 ProPlus are similar in
many ways. They both have the same system
requirements, and Microsoft still recommends the
32-bit version for most users. The functionality of
the various programs that make up the Office
suite are the same as well.
For organizations that are deploying both Office 2016 and Office 365 ProPlus, you should ensure users
who are using the Office 365 ProPlus version have the required subscription, which means that they need
an account in Office 365. You can integrate Office 365 with AD DS to provide users with a single sign-on
(SSO) experience, but this functionality is beyond this lesson’s scope. Additionally, as mentioned before,
when a device does not connect at least every 30 days to check activation, the ProPlus version will switch
to a reduced functionality mode. In this mode, when users open a ProPlus product such as Word, a pop-
up window will display informing them that the product has been deactivated and they are required
either to provide a key, or sign in to Office 365.
You can install Office 365 ProPlus on computers that already have Office 2016 installed, providing the
Office 2016 architecture is not 64-bit. You cannot install Office 365 ProPlus on devices that already have
64-bit Office 2016 installed, and if you try you will get an error message if you try to use the Click-to-Run
installer. If you install both an Office 2016 volume license version and Office 365 ProPlus on the same
Windows 10 computer, only one version of the two will be active.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Lesson 4
Managing Office settings
Managing Office 2016 includes more than just installation and deployment. In this lesson, you will
learn about post-deployment tasks and management functions. This includes using new Group Policy
administrative templates for Office 2016, and adding and removing Office 2016 products after the initial
installation.
Lesson Objectives
After completing this lesson, you will be able to:
On the Office 365 admin center Active Users page, you can select an individual user by clicking their
hyperlinked name. When their named page opens, clicking the licenses node in the console tree reveals
the licenses assigned to this user. By default, all users have the full complement of products for the
particular subscription plan of Office 365. However, as an administrator, you can limit these. To prevent
users from using Click-to-Run from the Office 365 portal, clear the Office 365 ProPlus check box, which
will make Office 365 ProPlus unavailable to that user.
MCT USE ONLY. STUDENT USE PROHIBITED
12-26 Deploying Office 2016
The Service Settings page contains the Updates tab, which allows you to choose how new features and
updates are delivered to your organization. You can choose between Standard release and First release.
• Standard release delivers new features and updates to all Office 365 users when they are released to
the general public by Microsoft. This is the default selection.
o Deliver early updates and new features to your entire organization before they are released to
the general public.
o Select specific people to get early updates and new features before they are released to the
general public.
On the lower part of the page, clicking the Install button starts Click-to-Run for the user’s device. If your
organization’s administrator unchecks the Office 365 ProPlus check box, as described above, this Install
button is not available to individual users.
By default, all of the Office 365 ProPlus products are installed, including Word, Excel, PowerPoint,
OneNote, Access, Publisher, Outlook, Lync, and InfoPath. To exclude some of these products, uncheck the
Office ProPlus check box, and then deploy Office 365 ProPlus centrally (as described previously) and use
the ExcludeApp element in the Configuration.xml file that you create when you install the ODT.
• Make a standard Office 2016 configuration on users’ computers that provides for uniformity and ease
of management.
You can even hide various options and settings that users typically do not need, and which can be
confusing to users to run. The Office 2016 administrative template is installed in the User Configuration
\Policies\Administrative Templates node. Within this node are several main node folders:
Each of these subnode folders has several subnodes with individual settings that apply to particular
functionality for that Office 2016 product. In some cases, a main node might have a dozen or more
subnodes, some with scores of individual settings. For example, the Microsoft Office 2016 node has almost
40 subnodes, and some these subnodes have additional subnodes that reside under them.
After the download completes, run the AdminTemplates_xxbit.exe (where xx is the architecture: 32 or 64).
This extracts the .ADMX xml files that house the settings, and the .ADML files, which contain the language
for that particular setting. Additionally, the \Admin folder contains the OCT files.
MCT USE ONLY. STUDENT USE PROHIBITED
12-28 Deploying Office 2016
The .ADMX files are language neutral, and you must add the corresponding .ADML language files so that
an administrator can read the setting in the Group Policy Editor’s administrative template. For example, to
use the U.S. English files in the Office 2016 administrative templates, you would add the en-US folder to
the following location: %systemroot%\sysvol\domain\policies\PolicyDefinitions. The PolicyDefinitions
folder would then contain all of the Office 2016 administrative template’s .ADMX files, and the en-US
folder will have all of the Office 2016 administrative template’s .ADML files in it.
After you do this, you can open any GPO in the Group Policy editor and view the User
Configuration\Policies\Administrative Templates folder. On the Administrative Templates node, it will say
Administrative Templates: Policy definitions (ADMX) retrieved from the Central Store, and the folders
below it are named for the various Microsoft Office 2016 products.
When users first run Microsoft Office, they have the option to run the First Run movie, and then Office
runs the First things first informational package. You can use the Group Policy Office 2016 Administrative
Templates to suppress this behavior.
Setting Value
To disable the “First things First” information browse go to User Configuration\Administrative Templates
\Microsoft Office 2016\Privacy\Trust Center and enable the Disable Opt-in Wizard on first run setting.
Note: In total, there are several hundred possible Office 2016 administrative template
settings. Nearly all of these settings appear in the OCT as well. This means that you can configure
the settings initially without enforcing them, and then use only the OCT, and not set the Group
Policies.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-29
Additional Reading: For more information about New Group Policy and OTC settings,
refer to: http://aka.ms/K5doui.
setup.exe /admin
3. In the Select Product window, click the Open an existing Setup customization file option, and then
click OK.
4. In the Open window, find your .msp file. Select it, and then click the Open button.
5. In the console tree, choose an area of customization, choose the option that you want to customize,
and then customize the installation in the details pane .For example, to remove Access 2016 from the
installation:
a. In the Features section of the console tree, click Set feature installation states.
b. In the details pane, expand Microsoft Office, click the Microsoft Office Access drop-down
arrow, and then on the context menu, click Not Available.
6. After you finish customizing the installation, on the File menu, click Save.
7. You also can choose Save As, then specify a new, unique name for the customization file by using an
.msp file-name extension, and then choose Save. For example, in a previous demonstration, we saved
the customized setup file as adatumOffice.msp. You could save this file as
adatumOfficeNoAccess.msp.
8. Now you can deploy and apply the .msp to users' computers by using your selected deployment
method.
To add Office 2016 components, you can reverse step five in the preceding procedure, and then select
Run from My Computer rather than Not Available.
When using the ODT to deploy Office 365 ProPlus, you can customize the Configuration.xml file to
remove specific Office programs. To do this, you make a new Configuration.xml file or modify an existing
file, and then use the ExcludeApp element to identify the program for removal. If you are removing more
than one program, you can add additional ExcludeApp elements for those programs. This list of
programs to remove goes in the Add section of the Configuration.xml file, and not the Remove section.
MCT USE ONLY. STUDENT USE PROHIBITED
12-30 Deploying Office 2016
When you finish, save the Configuration.xml file, and then run the ODT on the user’s computer by using
the setup.exe /configure command and the Configuration.xml file.
You also can add Office 365 ProPlus programs to an existing Office 365 ProPlus installation by modifying
the Configuration.xml that you created previously to delete the ExcludeApp elements. When you use the
setup.exe /configure command with this configuration.xml file again, it will install all programs that are
not in an ExcludeApp element.
Question: How can you prevent users from using Click-to-Run from the Office 365 portal?
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Lesson 5
Introducing Windows Store for Business
Managing line of business (LOB) applications distribution has always been difficult in large organizations.
Different departments need access to various LOB apps. Information technology (IT) departments often
are required to manage hundreds of apps. Windows Store for Business provides a central place for you to
manage and distribute apps for the entire organization.
Lesson Objectives
After completing this lesson, you will be able to:
Note: At the time of this writing, apps in the Windows Store for Business are free. Over
time as paid apps become more available there will be more options.
The store is backed by Azure Active Directory (Azure AD). Organizations must have an Azure AD tenant in
order to access the Windows Store for Business. You can purchase apps for users individually or in volume.
Windows Store for Business has thousands of apps separated into multiple categories. You can manage
apps in the portal through a private store dedicated to your organization. Windows Store for Business also
provides a way for external or in-house developers to upload apps that are commissioned by your
organization. You can purchase apps for users individually or in volume.
MCT USE ONLY. STUDENT USE PROHIBITED
12-32 Deploying Office 2016
Software requirements
For administration of the store, you need a
compatible browser. Supported browsers include:
• Microsoft Edge
Note: Other current browsers might work, but you will need to test compatibility.
Note: Users consuming the apps must be running Windows 10, version 1511 or later.
Organizational requirements
To use Windows Store for Business, you must have an Azure AD tenant, and the first person to sign into
the Windows Store for Business must be the global admin for that organization’s Azure AD tenant. The
global admin can then give access to the organization’s users.
Employees accessing online apps from the store directly require valid Azure AD accounts. If you use a
management tool to distribute and manage online-licensed apps, then all employees will need Azure AD
accounts.
Note: Azure AD accounts are not required for employees to use offline-licensed apps.
Offline-licensed apps are discussed later in this module.
Proxy requirements
If your organization does not allow computers to connect directly to the internet and instead requires
them to connect through a proxy, then the following URLs must be accessible:
• login.live.com
• login.windows.net
• account.live.com
• clientconfig.passport.net
• windowsphone.com
• *.wns.windows.com
• *.microsoft.com
• *.msftncsi.com/ncsi.txt
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-33
Licensing of apps is an important part of the application life cycle. Licensing ensures that you are in
compliance and that your users are running valid instances of software.
Windows 10 Apps in Windows Store for Business do not have to support all platforms, but must support
at least one of the following Windows 10 platforms:
• Windows 10 desktops
• Windows 10 phones
• Windows 10 Xbox
• Windows 10 servers
• Windows 10 HoloLens
When a user click on the tile for an app, the web page describing that app will have a field named works
on that lists the types of devices on which this app will run.
Licensing apps
There are two ways to license apps: online, and offline. Online licensing is the default licensing mode. In
the online licensing mode, users and devices are required to connect to the Windows Store for Business
and download the app and its license. This requires the users to have a valid account to connect to the
Windows Store for Business.
Offline licensing allows you to cache apps and their licenses, and then distribute them throughout your
environment. This allows you to deploy apps to users and devices when they are not connected to the
Windows Store for Business
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Lesson 6
Distributing apps using the Windows Store for Business
Acquiring apps is the first step in using the Windows Store for Business. Distributing the apps is the next
step. Windows Store for Business provides mechanisms to store and distribute apps to your organization’s
users. This lesson will examine the storage and distribution options for the Windows Store for Business.
Lesson Objectives
After completing this lesson, you will be able to:
• Assign it to people. This option allows you to assign the app directly to a user or group. Those users
will receive an email with a link to install the app on their devices.
• Distribute later. This option adds the app to your inventory, from where you can add it to the
private store, or assign it later.
Note: It can take up to 12 hours for an app to appear in the private store after assignment.
You can add or remove an app from your private store at any time by using the Action menu on the
Inventory page.
MCT USE ONLY. STUDENT USE PROHIBITED
12-36 Deploying Office 2016
3. Choose the tool that you wish to synchronize with Windows Store for Business, and click Activate.
Each management tool will have its own method of distributing apps from your inventory.
Reference Links: For more information about management tools for Windows Store for
Business, refer to: http://aka.ms/Weegwq.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-37
• You want to add Windows Store for Business apps to your custom deployment image, or deploy
them with either Deployment Image Servicing and Management (DISM), or Windows Imaging and
Configuration Designer (Windows ICD).
• Your users do not have Azure AD accounts, and you want to deploy offline apps to these users.
1. Sign in to the Windows Store for Business with an account that has app purchasing rights.
4. Click the Shop tab on the menu bar, and search for offline apps. All offline apps that you purchase
will be added to your inventory.
• Use Windows ICD to create provisioning packages that can be applied to deployments.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Objectives
After completing this lab, you should be able to:
Lab Setup
Estimated Time: 75 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer start Hyper-V Manager.
2. In Hyper-V Manager, click 20695C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Sign in by using the following credentials:
o Password: Pa$$w0rd
o Domain: Adatum
5. Repeat steps 2 through 4 for 20695C-LON-CL2, after LON-DC1 is at the sign in screen.
MCT USE ONLY. STUDENT USE PROHIBITED
12-40 Deploying Office 2016
Dan Drayton
From: Kari Tran [ktran@Adatum.com] Sent: 22 July 2:30 PM To: Dan Drayton [ddrayton@adatum.com]
Subject: Automated Office Professional 2016 deployment
Dan,
Go ahead and use the Office Customization Tool to create a test deployment of the volume license
version of Office 2016 Professional we bought. I need you to create a customization that does not install
Access or Publisher. These applications are not required for employees.
For the time being, we are going to continue deploying apps to the client systems post-installation.
As for the rest of the features, I like the idea of eliminating the First run movie, and since we’re using KMS,
not having the users accept the EULA or activate Office.
Thanks,
Kari
Task 1: Create a customized Office 2016 deployment file by using the OCT
1. On LON-DC1, open a Command Prompt window as administrator, and then navigate to the
e:\Labfiles\Office_Professional_2016 directory.
2. At the command prompt, type setup.exe /admin. This opens the OCT.
3. Ensure that the Create a new Setup customization file for the following product option is
selected for the Product name Microsoft Office Professional Plus 2016 (64-bit).
5. Select the Licensing and user interface subnode, and then click the Use KMS client key radio
button.
6. Select the I accept the terms of the license agreement. Display level: Basic check box, select the
Completion notice check box, and then clear the No cancel check boxes.
7. In Office Security settings, ensure that the Unsafe ActiveX initialization has the Do not prompt
and disable all controls option selected.
8. In the Modify setup properties item, add the HIDEUPDATEUI item with a value of TRUE.
9. In the Features area, in the Modify user settings item, in the Privacy/Trust Center, under
Microsoft Office 2016, enable the Disable Opt-in Wizard on first run property.
10. Under Microsoft Office 2016, in First Run, enable both the Disable First Run Movie and Disable
Office First Run on application boot properties.
11. In the Set feature installation states item, select Microsoft Office 2016, and then set Microsoft
Access and Publisher to Not Available.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-41
13. Open File Explorer, and then verify in E:\Labfiles\ Office_Professional_2016\Updates that
AdatumOffice.msp displays.
Results: At the end of this exercise, you should have created a customized Office 2016 deployment file.
Task 1: Connect to network share as an authorized user and deploy Office 2016
1. Switch to LON-CL2.
3. Type the following commands, pressing Enter at the end of each line:
Note: The Microsoft Office installation window opens and begins to install Office 2016.
Since you used the Basic option in the OCT, the progress displays without the ability to cancel.
After approximately 15 minutes, the installation will complete.
5. Open Word 2016 to verify the First things first window does not run.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: At the end of this exercise, you should have successful installed Office 2016 from the .msp file.
Question: In the lab, you altered settings in the OCT and saved them as an .msp file. You
then altered settings in the Config.xml file. What would be the result of the installation if the
Config.xml settings that you specified differ from the settings that you saved in the .msp file?
Question: Why did you copy the AdatumOffice.msp file to the Updates directory in the
second exercise?
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications 12-43
Review Question
Question: What are the key differences between the OCT and the Office Deployment Tool?
Tools
Office Deployment Tool for Use to make customized Free download from the
Click-to-Run installation settings for the Microsoft Download
Office 365 ProPlus and Center at:
associated subscription http://aka.ms/C9la91.
products.
Group Policy Administrative Use to enforce a wide variety Free download from the
Templates for Office 2016 of settings for Office 2016 and Microsoft Download
associated products. Center at:
http://aka.ms/C9la91.
MCT USE ONLY. STUDENT USE PROHIBITED
12-44 Deploying Office 2016
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-1
2. In the Configuration Manager console, click Administration, click Client Settings, and then click
Default Client Settings.
o Hardware inventory schedule: Click Schedule in the Configure Client Setting dialog box,
configure the Simple schedule to Run every 1 days, and then click OK to close the Configure
Client Setting dialog box.
7. Switch to LON-CL1.
11. In the Configuration Manager Properties dialog box, click the Actions tab.
12. Select Hardware Inventory Cycle, and then click Run Now. A message displays that specifies that
the selected cycle will run and might take several minutes to finish. Click OK.
2. In the Assets and Compliance workspace, click Devices. In the Details pane, make note of the Client
and Client Activity columns for LON-CL1. The Client column should show Yes and the Client
Activity should show Active.
3. Click LON-CL1. On the Home tab, in the Device group, click Start, and then click Resource Explorer.
The Resource Explorer window opens.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Assessing the network environment for supporting operating system and application deployment
4. Expand the Hardware node. Take note of the hardware inventory collected for the client. Specifically
review the following nodes:
o Disk Partitions
o Installed Applications
o Operating System
5. Close the Resource Explorer window.
Results: After completing this exercise, you should have collected hardware inventory from the client
computers and reviewed the information about your client computers’ configuration.
2. Click Start, click All Apps, expand Microsoft Assessment and Planning Toolkit, and click the
Microsoft Assessment and Planning Toolkit. Wait for MAP to start. It might take approximately 30
to 60 seconds.
3. In the Microsoft Assessment and Planning Toolkit dialog box, in the Create or a select a
database section, click Create an inventory database. In the Name text box, type Client
Assessment, and in the Description section, type Initial assessment of Adatum clients. Click OK.
4. In the console tree, select Overview, and in the Where to start section, click Perform an Inventory.
The Inventory and Assessment Wizard starts.
5. On the Inventory Scenarios page, under Choose your scenario, select the Windows computers
check box, and then click Next.
6. On the Discovery Methods page, in the Select which methods to use to discover computers
section, ensure that Use Active Directory Domain Services (AD DS) is selected, and then click Next.
7. On the Active Directory Credentials page, enter the following information in the text boxes, and
then click Next:
o Domain: Adatum.com
o Password: Pa$$w0rd
8. On the Active Directory Options page, ensure that Find all computers in all domains, containers,
and organizational units is selected, and then click Next.
12. On the Summary page, click Finish. The Status window opens. In the Status window, click the Details
down arrow. Observe that after some time, data starts to appear in the Computer Discovery and
Collector Status sections. Note that some failures might occur for various reasons, such as the
machine has not been started. Click Close when the assessment is complete.
2. Click the Desktop node in the console tree, and then click the Windows 10 Readiness item. Observe
the Details section and the number of Ready for Windows 10 computers.
3. While viewing the Windows 10 Readiness summary, click Generate Windows 10 Readiness Report
in the Options pane. Click Close in the Status window after the report generates.
Note: It might take a few minutes for the Generate Windows 10 Readiness Report link to
display.
4. Click the View drop-down list box at the top of the console, and then select Saved reports.
5. Open the Microsoft Excel worksheet report that is named Windows10Assessment and that includes
the date of the process. Examine the various workbooks, and then close Excel.
Results: After completing this exercise, you should have determined how many of the client computers
are ready for a Windows 10 upgrade.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
1. Would High Touch with Retail Media, High Touch with a Standard Image, lite touch, or zero touch
deployment be applicable for this scenario?
High Touch with Retail Media would be applicable, since you cannot use High Touch with a Standard
Image for an upgrade, and each user has a different set of applications.
2. Which deployment technologies would you consider to implement the client-upgrade plan?
You should consider Windows SIM for the answer file, and the retail media technology for the setup
program.
o Windows SIM
Results: After completing this exercise, you should have planned an operating system deployment
strategy for the Miami remote office.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-6 Determining operating system deployment strategies
1. Would High Touch with Retail Media, High Touch with a Standard Image, lite touch, or zero touch
deployment be applicable for this scenario?
A lite touch strategy would be applicable, since Configuration Manager is unavailable, and there are
more than 300 devices to which to deploy.
2. Which deployment technologies would you consider to implement the server-upgrade plan?
Windows ADK, MDT 2013 Update 1, Windows Deployment Services, and an image containing the
bare operating system without applications.
3. What are the requirements for implementing this deployment technology?
o MAP tool
Results: After completing this exercise, you should have planned an operating system deployment
strategy for the Montreal regional office.
1. Would High Touch with Retail Media, High Touch with a Standard Image, lite touch, or zero touch
deployment be applicable for this scenario?
A zero touch deployment strategy would be applicable, because Configuration Manager is available,
and there are more than 500 devices to which you must deploy.
2. Which deployment technologies would you consider to implement the server upgrade plan?
o MAP
Results: After completing this exercise, you should have planned an operating system deployment
strategy for the U.S. offices.
3. Double-click adksetup.exe.
4. In Windows Assessment and Deployment Kit - Windows 10, on the Specify Location page,
click Next.
7. On the Select the features you want to install page, make sure only the following features are
selected, and then click Install:
o Deployment Tools
Task 2: Verify the results of the installation, and identify the tools that have
been installed
1. Open File Explorer.
3. Take note of the various features that have been installed, including:
o Deployment Tools
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have installed the Windows ADK on LON-CL1.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-9
7. Point to the lower-left corner of the screen, and then click the Start charm.
10. On the Do you want to use this computer to run an ACT Log Processing Service page, ensure
that Yes is selected, and then click Next.
11. On the Configure Your ACT Database Settings page, next to SQL Server, select (local)\ADK, and
then click Connect.
12. On the Configure Your ACT Database Settings page, next to Database, type ACTDB, and then
click Next.
13. On the Configure Your ACT Database Settings page, click Next.
14. On the Configure Your Log File Location page, next to Path, type C:\ACTLogs.
15. On the Configure Your Log File Location page, next to Share as, ensure that ACTLogs is entered,
and then click Next.
16. On the Configure Your ACT Log Processing Service Account page, ensure that Local System is
selected, and then click Next.
17. On the Congratulations page, clear all check boxes, and then click Finish. The Microsoft Application
Compatibility Manager console opens.
18. On the Tools menu, click Settings.
19. In the Settings box, on the Settings page, verify that LON-DC1\ADK is configured as the SQL
Server, and that ACTDB is configured as the Database.
20. Under Log Processing Settings, verify that the This computer is configured as a Log Processing
Service check box is selected.
21. Verify that the Log Processing Service Account is configured as a Local System Account.
24. Under Community Settings, verify that the Yes, I want to join the ACT Community check box is
selected.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-10 Assessing application compatibility
27. In the Task Manager window, click More details, click the Services tab, and locate the
ACTLogProcessor service.
28. Verify that the ACT Log Processing Service has a Status of Running. If it does not, right-click the
service, and then click Start.
2. On the File menu, click New to create a new data collection package.
3. In the Create a data collection package window, click Inventory collection package.
4. On the Set up your inventory package page, in the Package Name section, in the Name box, type
SalesInventoryPKG.
5. On the Set up your inventory package page, in the Label box, type Sales Inventory, and then click
Create.
6. In the Save Data Collection Package window, delete the text in the address box, type
\\LON-DC1\Labfiles, press Enter, and then click Save.
7. On the Next steps for your inventory collection package page, click Finish.
8. In the Microsoft Application Compatibility Manager, on the File menu, click New to create a new
data collection package.
9. In the Create a data-collection package window, click Runtime analysis package.
10. On the Set up your runtime analysis package page, in the Package Name section, in the Name
box, type SalesRuntimePKG.
11. On the Set up your runtime analysis package page, in the Label box, type Sales Runtime, and
then click Create.
12. In the Save Data Collection Package window, delete the text in the address box, type
\\LON-DC1\Labfiles, press Enter, and then click Save.
13. On the Next steps for your runtime analysis collection package page, click Finish.
3. In File Explorer, in the address box, type \\LON-DC1\Labfiles, and then press Enter.
2. In the Application Compatibility Manager window, in the navigation pane, click Analyze.
3. In the details pane, under the Windows 10 Reports\Computers node, verify that LON-CL1 has
reported information.
6. Click the Devices node, and verify that devices are reported.
Note: It might take a few minutes for the device list to populate. You might see just a few
devices initially. You can come back to this node later to see all devices detected.
7. Under Windows 10 Reports, in the navigation pane, click Applications, and then select Microsoft
Office Excel Viewer.
10. In the Category List window, under Categories, click Add, type Sales, and then press Enter.
11. In the Category List window, under Subcategories, click Add, type Customer Service, and then press
Enter.
13. In the Assign Categories window, select the Customer Service check box, and then click OK.
16. In the Set Deployment Status window, click Ready to Deploy, and then click OK.
Results: After completing this exercise, you should have analyzed applications for potential compatibility
issues.
2. Click to the Start menu, type Compatibility, and then click Microsoft Compatibility Monitor.
3. In the User Account Control window, type Adatum\Administrator as the username and Pa$$w0rd
as the password, and then click Yes.
5. In the Compatibility Monitor window, click the Advanced Tools icon, and then click Monitor and
Launch Standard User Analyzer.
6. In the Standard User Analyzer window, under the App Info tab, click Browse.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-12 Assessing application compatibility
7. In the Browse for Application window, expand This PC, expand Local Disk (C:), expand Program
Files (x86), click StockViewer, and then double-click StockViewer.exe.
8. In the Standard User Analyzer window, under the App Info tab, clear the Elevate check box, and
then click Launch.
10. In the User Account Control window, type Adatum\Administrator as the username and Pa$$w0rd
as the password, and then click Yes.
13. Click the Tools menu, and then click Options. When you see the Stock Viewer dialog box, click
Continue.
14. Click the Tools menu, and then click Show Me a Star. When you see the Unsupported Version
dialog box, click OK.
3. In the Mitigation menu, click Apply Mitigations, and then in the Mitigate AppCompat Issues
dialog box, click Apply.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After completing this exercise, you will have mitigated application compatibility issues by using
Microsoft Application Compatibility Toolkit (ACT).
MCT USE ONLY. STUDENT USE PROHIBITED
L4-13
PC Replace X
64 bit
64 bit
64 bit
64 bit
Remote store X
Encrypted
Compressed X
Hard-link
Application settings to
be migrated
No
MigUser.XML X
Results: After completing this exercise, you will have planned for user state migration.
3. At the command prompt, type the following command, and then press Enter:
4. At the command prompt, type F:, and then press Enter. Type the following command and press Enter:
The creation of the Config.xml file will begin. This can take several minutes to complete.
5. At the command prompt, type notepad config.xml, and then press Enter.
6. To exclude Shared Video, under the Documents node, modify the line to match the following code:
7. Under the Documents node, modify the line to match the following code:
8. Under the Documents node, modify the line to match the following code:
2. Maximize the Notepad window. This is a custom XML file that migrates a specific folder called
ResearchApp to the destination computers.
3. Change the variable <Foldername> to ResearchApp. The entire line should read as follows:
Results: After completing this exercise, you will have created and customized XML files to use with the
User State Migration Tool (USMT).
MCT USE ONLY. STUDENT USE PROHIBITED
L4-16 Planning and implementing user state migration
2. Right-click on the Desktop, click New, and then select Text document. Name the text file
Allies file.txt.
3. Open Windows Explorer, and then navigate to the C:\Users\Public\Public Pictures folder.
4. Click New folder on the toolbar, and then name the folder Our pictures.
2. From the Start menu, type cmd, and then press Enter.
3. At the command prompt, type Net Use F: \\LON-DC1\USMT, and then press Enter.
5. At the command prompt, type the following, and then press Enter:
3. Open File Explorer, and then navigate to the C:\Users\Public\Public Pictures folder.
4. Verify that the Our pictures folder has not been migrated.
9. From the Start menu, type cmd, and then press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L4-17
10. At the command prompt, type the following, and then press Enter:
Net user
11. Verify that DBService is listed, while LocalAdmin is not, in the list of local users on LON-CL1.
12. If DBService is not listed, then right-click the Windows button on the taskbar and click Computer
Management. Expand Local Users and Groups and click Users. DBService should be listed here.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Results: After completing this exercise, you will have captured and restored user state by using USMT.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L5-19
Answers might vary. However, hybrid images seem to be the best solution, because there are
applications that apply to multiple users.
• How will you address the applications that your users utilize within the company?
Answers will vary, but could include installing Microsoft Office in the images and installing all other
applications during or after the operating system deployment.
Answers will vary, but could include one Windows image file (.wim file) for Windows 8.1 64-bit and
one .wim file for Windows 10 64-bit operating systems. A .wim file for Windows 7 32-bit operating
system needs to be available for the Sydney location. Each .wim file contains multiple images, one for
each language pack. When you must reimage current systems, you will upgrade them to Windows 10.
Answers will vary, but could include using only hardware that supports Plug and Play, unless there are
no alternatives. Stage any common drivers in the Plug and Play store and make any other drivers
available during installation. Additionally, you should replace any systems that do not support Plug
and Play when you require a new image.
Answers will vary, but could include language packs, common applications, and Plug and Play drivers.
Answers will vary, but could include installing boot-critical drivers in the image and installing other
Plug and Play drivers during operating system deployment.
• How will you address storage considerations for the image-management strategy?
Answers will vary, but could include reducing the number of images in use and taking advantage of
the single instancing in .wim files.
Answers will vary, but should include a combination of offline and online servicing.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-20 Determining an image management strategy
Results: After completing this exercise, you should have identified requirements and then planned an
image management strategy.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-21
2. In the Administrator: Deployment and Imaging Tools Environment window, create the directory
structure by typing the following command, and then pressing Enter:
5. In the navigation pane, expand Allfiles (E:), expand WinPE64, expand Media, and then click
Sources.
Note: Note the size of the Boot.wim file. It will be 212,277 kilobytes (KB).
Note: To avoid syntax errors, copy and paste the commands into the Windows PowerShell
command prompt from the E:\Labfiles\Mod06\Mod06_DISM_Powershell.txt file.
Note: The version of Deployment Image Servicing and Management (DISM) tool installed
with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 is not the
same as the version in the default Windows PowerShell console (version: 6.3.9600.16384). You
must add the correct DISM module for the current version of Windows ADK. The reason this is so
is the version that is in Windows PowerShell is for Windows Server 2012 R2, while the version in
the latest Windows ADK is for Windows 10.
2. In the Administrator: Windows PowerShell window, type the following cmdlet, and then press Enter:
3. In the Administrator: Windows PowerShell window, mount the Boot.wim image by typing the
following command, and then pressing Enter:
Note: The third-party drivers you injected into the image will be listed. Confirm that the
last one on the list has a Published Name of oem9.inf.
2. To add support for the Windows PowerShell command-line interface to the Windows PE image, type
the following commands, and then press Enter after each:
Note: To avoid syntax errors, copy and paste the commands from the
E:\Labfiles\Mod06\Mod06_DISM_Powershell.txt file into the Windows PowerShell command
prompt.
Note: After each Windows PowerShell cmdlet, ensure that the operation completes
successfully.
2. Use File Explorer to view the contents of the E:\Winpe64\media\Sources folder. Note the new size
of the Boot.wim file.
MD E:\BootISO
MakeWinpeMedia /iso E:\Winpe64 E:\BootISO\WinPEx64.iso
2. Use File Explorer to open the E:\BootISO folder, and then ensure that the WinPEx64.iso file was
created.
Results: After completing this exercise, you should have customized the Windows Preinstallation
Environment (Windows PE) image and created an .iso file of the image.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-24 Preparing for deployments by using the Windows ADK
3. On LON-CFG, on the taskbar, click File Explorer. Right-click Floppy Disk Drive (A:), and then click
Format.
5. In the Format Floppy Disk Drive (A:) warning window, click OK.
6. In the Format Floppy Disk Drive (A:) Format Complete window, click OK.
9. Open the Start screen, and then type Windows System. Locate and click Windows System Image
Manager from the list.
10. In Windows System Image Manager, click File, and then click Select Windows Image.
11. In the Select a Windows Image dialog box, browse to the E:\sources folder, select install.wim, and
then click Open.
12. In the Windows System Image Manager message box, click Yes. The catalog creation will take a
few minutes.
13. In the Answer File pane, right-click Create or open an answer file, and then click Open Answer File.
14. In the Open dialog box, browse to the E:\Labfiles\Mod06 folder, select
Autounattend_x64_BIOS_sample.xml, and then click Open.
15. In the Windows System Image Manager pop-up window, click Yes to associate the answer file with
the image.
16. In the Windows System Image Manager, click File, and then click Save Answer File As.
17. In the Save As dialog box, click This PC, double-click Floppy Disk Drive (A:), in the File name field,
type Autounattend, and then click Save.
2. Expand UserData, right-click ProductKey, click Delete, and then click Yes.
Note: In the list of component names, note that after amd64_Microsoft-Windows, the
rest of the component name is alphabetically listed.
14. Select OOBE, in the HideEULAPage line, click the drop-down list, and then select true.
15. In the NetworkLocation line, click the drop-down list, and then select Work.
16. Expand UserAccounts, select AdministratorPassword, right-click the Value label, and then select
Write Empty String.
17. Expand LocalAccounts, and then select LocalAccount. In the DisplayName field, type your full
name. In the Group field, type Administrators, and then in the Name field, type your first name.
18. Expand LocalAccount[Name=”yourname”], select Password, and then in the Value field, type
Pa$$w0rd.
19. In the Windows Image pane (directly beneath Components), expand Packages, expand Foundation,
right-click amd64_Microsoft-Windows-Foundation-Package_10.0.10586.0, and then click Add to
Answer File.
20. In the Answer File pane, expand Packages, expand Foundation, and then select amd64_Microsoft-
Windows-Foundation-Package_10.0.10586.0.
Note: You will see warnings that say The setting has not been modified. It will not be
saved to the answer file. You will also see a warning that the Setting NetworkLocation has
been deprecated in the Windows image. You can ignore these warnings.
2. In the Windows System Image Manager, click File, and then click Save Answer File.
3. In the Windows System Image Manager, click File, and then click Close Answer File.
4. In the Microsoft-Windows-Shell-Setup Properties pane, in the Settings section, set the value of
CopyProfile to true.
5. Click File, and then click Save answer file as.
6. In the Save As dialog box, ensure you are still saving to the Floppy Disk Drive (A:). In the File name
field, type CopyProfile, and then click Save.
7. Click File, and then click Exit to close Windows System Image Manager.
8. In the 20695C-LON-CFG window, click Media, point to Diskette Drive, and then click Eject
Reference.vfd.
Results: After completing this exercise, you should have created an answer file on a virtual floppy disk by
using Windows System Image Manager (Windows SIM), added components and packages to the answer
file, and validated and saved the answer file.
2. In the 20695C-LON-REF1 window, click Media, point to Diskette Drive, and then click Insert Disk.
4. In the 20695C-LON-REF1 window, click Media, point to DVD Drive, and then click Insert Disk.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L6-27
6. Start 20695C-LON-REF1.
2. Sign in to LON-REF1 by using the local account you provided in the answer file. If the Networks
configuration window opens, click No.
3. In the Start search bar, type Hyper-V. The search results should include the Hyper-V Manager
feature you added.
7. Read the listings in the System window. In Computer name, domain and workgroup settings, you
should see that the Computer name is Reference and the Workgroup is imaging.
9. In Computer Management, expand Local Users and Groups, and then select the Users container.
Note: Your user account displays the full name and description that you entered in the
answer file.
10. Double-click your user account, and then click the Member Of tab. You should see that your account
is a member of the Administrators group. Click Cancel to close the window.
11. In Computer Management, click Disk Management. You should see the System partition is 350
megabyte (MB).
12. Close all open windows.
13. In the 20695C-LON-REF1 window, click Media, click DVD Drive, and then click Eject
Win10TH2Ent_Eval.iso.ISO.
Results: After completing this exercise, you should have mounted the Windows 10 media, performed an
unattended installation, and verified that the answer-file settings were applied.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-28 Preparing for deployments by using the Windows ADK
Exercise 3: Customizing your image in the audit mode and preserving the
profile changes by using Sysprep
Task 1: Boot into the audit mode and configure changes as required
1. On LON-REF1, right-click the Start button, and then click Run.
2. Type \\LON-CFG\E$\Software, click OK, and in the Enter network credentials dialog box, type
Adatum\Administrator in the User name field, and then type Pa$$w0rd in the Password field.
3. Select the Remember my credentials check box, and then click OK.
4. Double-click the Office Viewers folder, double-click the PPTViewer folder, and then double-click
PowerPointViewer.exe.
6. Select the Click here to accept the Microsoft Software License Terms check box, and then click
Continue.
7. In the Microsoft PowerPoint Viewer Setup window, click Next, and then click Install.
10. Right-click the Start button, and then select Command Prompt, (admin).
11. In the User Account Control dialog box, click Yes.
12. In the Administrator: Command Prompt window type the following and then press Enter:
CD Sysprep
13. In the Administrator: Command Prompt window type the following and then press Enter:
14. After the reboot, LON-REF1 will sign in as the Administrator automatically, by using a blank
password. This will take 5–10 minutes to complete. Ignore the Sysprep dialog box for the time being.
19. In the System Properties dialog box, click Advanced, and then in the User Profiles section, click
Settings.
20. Select the profile for your user account, and then click Delete. In the Confirm Delete dialog box,
click Yes.
25. In the Local Users and Groups pop-up window, click Yes, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L6-29
26. Close all open windows, including the System Preparation Tool 3.14 dialog box.
27. Click the Start button, and then click All Apps.
28. Locate and right-click Microsoft PowerPoint Viewer, and then click Pin to Start. Verify that it
appears on the Start screen.
29. Return to All Apps. Expand Windows Accessories, right-click Snipping Tool, expand More, and
then click Pin to taskbar.
30. Press the Esc key to go to the desktop, and then verify that the Snipping Tool appears on the taskbar.
Task 2: Run Sysprep with the /generalize, /oobe, /shutdown, and /unattend switches
1. On LON-REF1, right-click the Start button, and then select Command Prompt (admin).
2. At the Administrator: Command Prompt window, type the following, and then press Enter:
CD C:\Windows\System32\Sysprep
3. At the Administrator: Command Prompt window, type the following command, and then press Enter:
Note: After completing this step, you might see an error message that states A fatal error
occurred while trying to sysprep the machine. This is due to a corrupt CopyProfile.xml file
being saved to the floppy disk. To address this issue, redo the “Create an answer file to preserve
the profile” lab task from Exercise 1. Save the answer file to the floppy disk as indicated.
Results: After completing this exercise, you should have the Windows 10 reference system generalized
and ready for imaging.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-30 Preparing for deployments by using the Windows ADK
2. In the 20695C-LON-REF1 window, click Media, point to DVD Drive, and then click Insert Disk.
4. Start 20695C-LON-REF1. When prompted, hit a key to start from the DVD.
Select disk 0
List partition
Select partition 2
Assign letter R
Exit
Task 3: Use DISM to capture the reference image to the shared network folder
1. At the command prompt, type the following command, and then press Enter:
2. When prompted, type the password Pa$$w0rd. Ensure that the command completes successfully.
3. At the command prompt, type the following command, and then press Enter:
Note: For a few minutes, the cursor will continue to sit at the prompt, but then the image
save will begin. At that point, you can shut down the virtual machine. Also, be careful if you copy
and paste the above command, as the quotation marks around the “Adatum Windows 10” might
be changed in the command prompt window.
Results: After completing this exercise, you should have booted the reference machine into your
customized Windows PE image, used Diskpart to assign a drive letter, and used DISM commands to
capture the image to the shared network folder.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L6-31
2. On the Windows ICD Start page, click the New provisioning package icon.
3. In the New Project Wizard, on the Enter project details page, in the Name field, type LabDPP.
5. In the Browse for Folder dialog box, select the Allfiles (E:) drive, and then select Images.
6. Click Make New Folder, and in the text box, type WICD. Ensure that WICD is selected, and then click
OK. In the Description area, type Provisioning Package for Lab D, and then click Next.
7. On the Choose which settings to view and configure page, select Common to all Windows
desktop editions, and then click Next.
8. On the Import a provisioning package (optional) page, click Finish. This creates the new LabDPP
project and the LabDPP customization page will open.
2. Expand the Deployment Assets console tree item, and then select Driver Set.
3. In the Drivers Set details pane, click Browse, in the Browse For Folder window, navigate to Allfiles
(E:)\Software\Drivers\point64, and then click OK.
4. In the Driver Set details pane, in the Name field, type IntelliPoint Drivers, and then click Add.
5. In the Runtime settings console tree item, select and expand Folders, and then select
PublicDocuments.
6. In the details pane, click Browse. In the Open dialog box, navigate to Allfiles (E:)\Labfiles\Mod06,
select Mod06_DISM_Powershell.txt, and then click Open.
7. In the Relative path to directory on target device field, type AdatumData, and then click Add.
2. In the Build window, under Owner, in the OEM drop-down list, change the value to IT Admin, and
then click Next.
3. On the Select security details for the provisioning package page, click Next.
4. On the Select where to save the provisioning package page, in the text box, type
\\lon-cfg\e$\images\labDpp.ppkg, and then click Next.
5. On the Build the provisioning package page, click Build, and then click Finish.
6. In the Windows Imaging and Configuration Designer console, click the File menu item, and then
select Close project in the context menu.
Results: After completing this exercise, you should have created a provisioning image and stored it in a
networkshared folder location.
2. In the New Project Wizard, on the Enter project details page, in the Name field, type LabDBuild.
3. In the Project folder location, click Browse.
4. In the Browse for Folder dialog box, select the Allfiles (E:) drive, and then select Image.
7. In the Description area, type Create a Windows 10 Desktop image for Lab D, and then click Next.
2. While still in the New Project Wizard, on the Select image page, click Browse, and in the Open
dialog box, select Allfiles (E:)\Sources. Select the Install.wim file, and then click Open.
3. Note that there is only one available image on install.wim. Click Next.
3. Select the labDpp.ppkg file that you created earlier, click Open, and then click Finish.
Task 4: Create a Full Flash Update (FFU) image and save it to LON-CFG
1. In the Windows ICD console, from the ribbon, click the Create menu, and then select Clean install
media. This will open the Build Wizard.
2. On the Select the image format to build page, select FFU, and then click Next.
3. On the Select where to save the files page, in the text box, type E:\Images\WICD\LabDBuildIMG
\LabDBuild.ffu, and then click Next.
4. On the Build the Windows image page, make note of the selected options, and then click Build.
5. The build step begins. Note the progress bar on the Build the Windows image page. It will take
several minutes to build the FFU file.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L6-33
9. Examine the folder contents. You should see the LabDBuild.ffu file. You can export the .ffu file to a
USB removable drive or a secure digital card (SD card) for deployment to a Windows 10 desktop.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have created the Windows 10 FFU image to meet the
deployment requirements for the IT department.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L7-35
Task 1: Read the supporting documentation and complete the design table
• Based on the information in the email you should be able to complete the Windows DS Configuration
Job Aid that is located in the exercise scenario in the student manual.
Windows DS AD Y
installation mode
Stand-alone N
Option 67 Y boot\x64\pxeboot.com
Require administrator N
approval
Should multicast be No
supported and if yes,
how should it be Yes 1 speed N
configured
2 speeds N
3 speeds Y
DHCP multicast N
scope
Windows DS default Y
Results: After completing this exercise, you should have filled out the table that leads to a design concept
for the Windows DS deployment to support multiple subnets within the organization. Be sure that the
plan also covers Windows DS configuration requirements.
3. Run the following command to install the Windows DS role and the management tools:
3. Click Next.
4. Ensure that Integrated with Active Directory is selected, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L7-37
6. Ensure that both check boxes are selected, and then click Next.
7. Click the Respond to all client computers option, and then click Next.
8. Notice if an error message appears before you click Finish. If you received a message stating “The
service did not respond to the start or control request in a timely fashion”, then right-click
LON-DC1.Adatum.com, click All Tasks, and then click Start. Click OK.
10. Click the AD DS tab, and then click the The following location option. Click Browse, expand
Adatum and then click the London Clients OU, and then click OK.
11. Click the Multicast tab, and then in the Transfer settings area, click the Separate clients into three
sessions (slow, medium, fast) option.
2. In the 20695C-LON-DC1 window, click Media, point to DVD Drive, and then click Insert Disk.
3. Browse to D:\Program Files\Microsoft Learning\20695\Drives, select Win10TH2Ent_Eval.iso, and
then click Open.
4. In the Windows Deployment Services console, in the console tree, expand LON-DC1.Adatum.com.
6. In the Add Image Wizard, on the Image File page, click Browse.
7. In the Select Windows Image File dialog box, in the navigation pane, expand This PC, double-click
DVD Drive (D:), double-click sources, and then double-click boot.wim.
12. In the Windows Deployment Services console, right-click Install Images, and then click Add Image
Group.
13. In the Add Image Group dialog box, in the Enter a name for the image group text box, type
Windows 10, and then click OK.
14. In the Windows Deployment Services console, right-click Windows 10, and then click Add Install
Image.
15. In the Add Image Wizard, on the Image File page, click Browse.
16. In the File name text box, type D:\sources\install.wim, and then click Open.
2. In the Create Multicast Transmission Wizard, on the Transmission Name page, type London
MultiCast. Click Next.
5. In the Windows Deployment Services console, in the console tree, expand Multicast Transmissions,
click London Multicast, and then check that no clients are connected.
3. Click BIOS in the Hardware section, and then in the Startup Order list, click the Legacy Network
Adapter.
4. Click Move Up twice or until Legacy Network Adapter is at the top of the list.
5. Click OK.
6. In the 20695C-LON-REF1 window, click Action, and then click Start.
10. On the Select the operating system you want to install page, click Next.
11. On the Where do you want to install Windows page, click OK to dismiss the Windows Setup
dialog box, and then click Next.
12. When the Installing Windows page appears and the installation begins, switch to LON-DC1.
13. In the Windows Deployment Services console, click the Refresh button on the toolbar. Notice that
one client is connected.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have deployed and configured Windows DS to support
the imaging environment. You will have also performed a Windows DS multicast deployment of
Windows 10.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L8-41
Question Answer
What is your imaging and source-file Use the Windows 10 source files on LON-DC1 to
strategy? create a custom Windows 10 image on the
deployment server
Will you deploy the image from You will create custom images
Windows media, or will you create
custom images?
How will you deploy applications? You will not deploy any at this time
Question Answer
What deployment scenarios are you The current scenario is to deploy to new computers
planning? only
Results: Students will have a plan that outlines how they will configure MDT at the London location
2. In the File Explorer address bar, type \\LON-DC1\Labfiles\MDT2013, and then press Enter.
3. Right-click MicrosoftDeploymentToolkit2013_x64.msi, and then click Install.
4. In the Microsoft Deployment Toolkit 2013 Update 2 (6.3.8330.1000), on the Welcome page, click
Next.
5. On the End-User License Agreement page, select the I accept the terms in the License
Agreement check box, and then click Next.
8. On the Ready to Install Microsoft Deployment Toolkit 2013 Update 2 (6.3.8330.1000) page,
click Install.
9. On the Completed the Microsoft Deployment Toolkit 2013 Update 2 (6.3.8330.1000) Setup
Wizard page, click Finish.
2. Right-click adksetup.exe, and then click Run as administrator. When prompted to add or remove
features, click Continue.
3. On the Select the features you want to change page, select the check boxes next to Deployment
Tools, Windows Preinstallation Environment (Windows PE), and User State Migration Tool
(USMT). Deselect the check box for Volume Activation Management Tool (VAMT), and then click
Change.
4. When the installation is complete, on the Welcome to the Assessment and Deployment Kit -
Windows 10 page, click Close.
Results: After completing this exercise, you should have installed MDT 2013 Update 2 and Windows ADK
for Windows 10 on the technician server.
2. In the Deployment Workbench console, right-click Deployment Shares, and then click New
Deployment Share.
3. In the New Deployment Share Wizard, on the Path page, take note of the default path, and then click
Next.
4. On the Share page, take note of the default share name, and then click Next.
5. On the Descriptive Name page, click Next.
4. In the Deployment Workbench, expand Deployment Shares, and then expand MDT Deployment
Share (C:\DeploymentShare). Right-click the Operating Systems folder, and then click Import
Operating System.
5. In the Import Operating System Wizard, on the OS Type page, select the Full set of source files
option, and then click Next.
6. On the Source page, in the Source directory text box, type D:\, and then click Next.
7. On the Destination page, in the Destination directory name text box, type Windows10x64, and
then click Next.
2. In the New Folder Wizard, on the General Settings page, in the Folder name text box, type
Intellipoint Drivers, and then click Next.
6. In the Import Driver Wizard, on the Specify Drivers page, in the Driver source directory text box,
type \\LON-DC1\Labfiles\Drivers\point64, and then click Next.
2. On the General Settings page, in the Folder name text box, type Windows 10, and then click Next.
5. Right-click the Windows 10 folder, and then click New Task Sequence.
6. In the New Task Sequence Wizard, on the General Settings page, in the Task sequence ID text box,
type LON-001.
7. In the Task sequence name text box, type Deploy Windows 10, and then click Next.
8. On the Select Template page, select the Standard Client Task Sequence from the task sequence
templates drop-down list box, and then click Next.
11. On the OS Settings page, in the Full Name text box, type adatum\Administrator. In the
Organization text box, type Adatum, and then click Next.
12. On the Admin Password page, in the Administrator Password and Please confirm Administrator
Password text boxes, type Pa$$w0rd, and then click Next.
15. Expand Task Sequences, click the Windows 10 node, right-click the Deploy Windows 10 task
sequence, and then click Properties.
16. In the Properties dialog box, click the Task Sequence tab.
17. Expand Preinstall, click Inject Drivers, and then from the Choose a selection profile drop-down list
box, click the Nothing selection.
Task 5: Modify the customsettings.ini file to store log files, and skip unused pages in
the deployment wizard
1. Right-click the MDT Deployment Share (C:\DeploymentShare), and then click Properties.
2. In the Properties dialog box, on the Rules tab, change the SkipComputerBackup=NO entry to
SkipComputerBackup=YES, and change the SkipBitLocker=NO entry to be SkipBitLocker=YES.
3. Add the following lines to the [Default] section, and then click OK:
o SkipUserData=YES
o SLShare=\\Lon-DC1\Labfiles\DeployLogs
2. In the Windows PowerShell window, type the following command, and then press Enter:
4. Open Server Manager, click the Tools drop-down list box, and then click Windows Deployment
Services.
5. In the left pane of the Windows Deployment Services snap-in, expand Servers.
8. On the Install options page, click Integrated with Active Directory, and then click Next.
9. On the Remote Installation Folder Locations page, choose the default path c:\RemoteInstall, and
then click Next.
11. On the PXE Server Initial Settings page, click the Respond to all client computers (known and
unknown) option, and then click Next.
12. When the configuration completes, clear the Add images to the server now check box, and then
click Finish.
13. In the Windows Deployment Services snap-in, in the details pane, right-click Install Images, and then
click Add Install Image.
14. In the Add Image Wizard, in the Create an image group named text box, type MDTImage, and
then click Next.
15. On the Image file page, click Browse, and in the Select Windows Image File pop-up window, browse
to C:\DeplaymentShare\Operating Systems\Windows10x64\Sources. Select Install.wim, click
Open, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-46 Implementing operating system deployment by using the MDT
17. On the Summary page, click Next, and then click Finish.
2. In the Properties dialog box, on the General tab, clear the x86 check box, and then select the
Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows
Deployment Services) check box.
3. Click the Windows PE tab and ensure that the Platform drop-down list box displays x86. Clear the
Generate a Lite Touch bootable ISO image check box, and then click OK.
4. Right-click MDT Deployment Share (C:\DeploymentShare), and then click Update Deployment
Share.
5. In the Update Deployment Share Wizard, on the Options page, click Next.
6. On the Summary page, click Next.
8. Return to the Windows Deployment Services, and click the Multicast Transmission folder. Ensure
that a multicast transmission named MDT Share DeploymentShare$ auto-cast transmission has
been created.
Results: After completing this exercise, you should have ensured that the deployment share is ready
to use.
2. In the Settings for 20695C-LON-REF1 window, click Media, point to DVD Drive, and then click
Insert Disk.
3. Browse to the D:\Program Files\Microsoft Learning\20695\Drives folder, select
LiteTouchPE_x64.iso, and then click Open.
4. Start 20695C-LON-REF1.
5. In the MDT window, click Run the Deployment Wizard to install a new Operating System.
6. In the User Credentials dialog box, in the User Name text box, type Administrator. In the
Password text box, type Pa$$w0rd, in the Domain field, type Adatum, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L8-47
7. In the Windows Deployment Wizard, on the Task Sequence page, select the Deploy Windows 10
option, and then click Next.
8. On the Computer Details page, in the Computer name text box, type Reference, and then
click Next.
10. On the Capture Image page, select the Capture an image of this reference computer option, and
then click Next.
11. On the Ready page, click Details, review the settings, and then click Begin.
Task 2: Review the deployment summary, and verify the capture of the reference
computer
1. On LON-REF1, verify that the Deployment Summary window displays Success - Operating system
deployment completed successfully, and then click Finish.
5. In File Explorer, expand drive C, expand DeploymentShare, and then expand Captures.
7. Switch to LON-DC1.
9. In File Explorer, expand drive E, expand Labfiles, expand Deploylogs, and then expand Reference.
Note the deployment logs that display.
10. Close all open windows, and then sign out of all virtual machines.
2. In the Virtual Machines list, right click 20695C-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Results: After completing this exercise, you should have deployed and captured a reference computer.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L9-49
2. Click the Administration workspace, expand the Site Configuration folder, and then click the
Servers and Site System Roles node.
3. In the details pane, select \\LON-CFG.adatum.com and then in the preview pane, right-click the
Distribution point role. Click Properties.
4. In the Distribution point Properties dialog box, on the PXE tab, select the Enable PXE support for
clients check box. In the Review Required ports for PXE dialog box, click Yes.
5. Select the Allow this distribution point to respond to incoming PXE requests and Enable
unknown computer support check boxes.
7. In the Password and Confirm password boxes, under Require a password when computers use
PXE, type Pa$$w0rd.
8. Next to the User device affinity box, select Allow user device affinity with manual approval.
10. Click the Monitoring workspace, expand Distribution Status, and then click Distribution Point
Configuration Status.
11. Right-click \\LON-CFG.Adatum.com, and then click Refresh. Repeat periodically until the PXE
column displays Yes.
2. Click the Administration workspace, expand Site Configuration, and then click Servers and Site
System Roles.
3. In the results pane, right-click \\LON-CFG.Adatum.com, and then click Add Site System Roles.
4. In the Add Site System Roles Wizard, on the General page, click Next.
8. In the Storage Folder Settings dialog box, in the Storage folder box, type E:\UserState, and then
click OK.
11. On the Summary page, click Next, and then on the Completion page, click Close.
3. In the Software Distribution Component Properties dialog box, click the Network Access
Account tab.
6. In the Windows User Account dialog box, in the User name box, type Adatum\NetworkAccess, in
the Password box, type Pa$$w0rd, and then in the Confirm password box, type Pa$$w0rd.
7. Click Verify, and in the Network share box, type \\LON-CFG\SMS_S01, and then click Test
connection. In the Configuration Manager dialog box, click OK, and then in the Windows User
Account dialog box, click OK.
Results: After this exercise, you should have enabled PXE on the distribution point and configured the
Network Access account to support Configuration Manager operating system deployment.
2. In the Import New Driver Wizard, on the Locate Driver page, click Browse.
3. In the Select Folder dialog box, in the Folder box, type \\LON-CFG\Software\Drivers\HyperVx64,
and then click Select Folder.
4. On the Locate Driver page, click Next. Wait for the driver validation to complete.
5. On the Driver Details page, remove the check mark next to Hide drivers that are not digitally
signed.
6. Click Categories, and then in the Manage Administrative Categories dialog box, click Create.
7. In the Create Administrative Category dialog box, type 64-bit Drivers, and then click OK.
8. In the Manage Administrative Categories dialog box, click Create.
9. In the Create Administrative Category dialog box, type Hyper-V Drivers, and then click OK.
13. In the Create Driver Package dialog box, in the Name box, type Hyper-V Drivers, and in the Path
box, type \\LON-CFG\E$\Source\Drivers, and then click OK.
16. On the Summary page, click Next, and then on the Completion page, click Close.
2. Right-click the Hyper-V Drivers package, and then click Distribute Content.
4. On the Content Destination page, click Add, and then click Distribution Point.
5. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
7. On the Summary page, click Next, and then on the Completion page, click Close.
Note: Repeat this step periodically until Content Status shows Success. This should take
about one minute.
2. Click the Customization tab, and then select the Enable command support (testing only)
check box.
3. Click the Optional Components tab, and then in the Components section, click new (sun icon).
4. In the Select optional components window, select Windows PowerShell (WinPE-PowerShell), and
click OK twice.
5. Click the Data Source tab, and then verify that the Deploy this boot image from the PXE-enabled
distribution point check box is selected.
8. In the Update Distribution Points Wizard, on the Summary page, click Next. Wait for the completion,
and then on the Completion page, click Close.
9. In the navigation pane, click Boot Images, right-click Boot image (x64), and then click Properties.
10. Click the Customization tab, and then select the Enable command support (testing only)
check box.
11. Click the Optional Components tab, and then in the Components section, click new (sun icon).
12. In the Select optional components window, select Windows PowerShell (WinPE-PowerShell), and
click OK twice.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-52 Managing operating system deployment
13. Click the Data Source tab, and then verify that the Deploy this boot image from the PXE-enabled
distribution point check box is selected.
14. Click the Drivers tab, and then click new (sun icon).
15. In the Select a driver dialog box, remove all selections, select Microsoft Hyper-V Network
Adapter, and then click OK.
16. In the Boot Image (x64) Properties dialog box, click OK.
18. In the Update Distribution Points Wizard, on the Summary page, click Next, and then on the
Completion page, click Close.
3. On the Content Destination page, click Add, and then click Distribution Point.
4. In the Add Distribution Points dialog box, select LON-CFG.ADATUM.COM and then click OK.
6. On the Summary page, click Next, and then on the Completion page, click Close.
Note: Perform this step for the other package. Repeat this step periodically until both
packages show a status of Success. This should take about one minute.
4. On the Content Destination page, click Add, and then click Distribution Point.
5. In the Add Distribution Points dialog box, select the LON-CFG.Adatum.com check box, and then
click OK.
7. On the Summary page, click Next, and then on the Completion page, click Close.
8. Right-click the User State Migration Tool for Windows 10 package, and then click Refresh.
Note: Repeat this step until the package shows a status of Success. This should take about
one minute.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L9-53
Results: After this exercise, you should have configured the boot images and created the driver package
that is required for operating system deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-54 Managing operating system deployment
2. On the ribbon, in the Create group, click Add Operating System Image.
3. In the Add Operating System Image Wizard, on the Data Source page, in the Path box, type
\\LON-CFG\e$\Sources\Install.wim, and then click Next.
4. On the General page, in the Name box, type Windows 10 Enterprise (x64) Evaluation and then
click Next.
5. On the Summary page, click Next, and then on the Completion page, click Close.
4. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
5. On the Content Destination page, click Next.
6. On the Summary page, click Next, and then on the Completion page, click Close.
7. Right-click the Windows 10 Enterprise (x64) Evaluation image and then click Refresh. Repeat
periodically until the status shows Success. This should take around five minutes.
2. In the details pane for the 20695C-LON-REF1 virtual machine, click the Networking tab, and then in
the Adapter column, find the media access control (MAC) address. You might need to expand the
Adapter column to fully see the MAC address. Write down the MAC address.
4. Click the Assets and Compliance workspace, right-click the Devices node, and then select Import
Computer Information.
5. On the Select Source page of the Import Computer Information Wizard, select Import single
computer, and then click Next.
6. On the Single Computer page, type the following information, and then click Next:
7. On the Data Preview page, verify the name and MAC address, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L9-55
8. On the Choose Target Collection page, select Add computers to the following collection, and
then click Browse.
9. In the Select Collection window, select the Adatum production image collection, and then click OK.
11. On the Summary page, verify your selections, and then click Next.
12. On the Confirmation page, click Close.
13. Click the Device Collections node, right-click the All Systems collection, and then select Update
Membership. When prompted, click Yes.
14. Right-click the Adatum production image collection, and then select Update Membership. When
prompted, click Yes.
15. Click the Adatum production image collection, and then press F5 after ten seconds.
16. When the Member Count column changes to 1, right-click the Adatum production image
collection, and then select Show Members. You should now be able to see the computer you have
added.
Results: After completing this exercise, you will have imported a pre-created image into Configuration
Manager and distributed that image to the distribution point. You will have created a computer object for
LON-IMG and placed it in the Adatum production image collection.
3. In the Create Task Sequence Wizard, on the Create New Task Sequence page, click the Install an
existing image package option, and then click Next.
4. On the Task Sequence Information page, in the Task sequence name box, type Deploy Windows
10 Enterprise (x64) Evaluation, and then click Browse.
5. In the Select a Boot Image dialog box, click Boot image (x64) 10.0.10240.16384 en-US, and then
click OK.
8. In the Select an Operating System Image dialog box, click Windows 10 Enterprise (x64)
Evaluation en-US, and then click OK.
9. Remove the check mark next to Configure task sequence for use with BitLocker.
10. Click the Enable the account and specify the local administrator password option. In the
Password box, type Pa$$w0rd, in the Confirm password box, type Pa$$w0rd, and then click Next.
11. On the Configure Network page, select the Join a domain option.
12. In the area next to Domain, select Browse, click Adatum.com, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-56 Managing operating system deployment
13. In the area next to Domain OU, click Browse, select London Clients, and then click OK.
15. In the Windows User Account dialog box, in the User name box, type Adatum\Administrator,
in the Password box, type Pa$$w0rd, in the Confirm password box, type Pa$$w0rd, and then
click OK.
18. On the State Migration page, remove all the check marks, and click Next.
19. On the Include Updates page, click Next.
4. In the Deploy Windows 10 Enterprise (x64) Evaluation Task Sequence Editor window, click OK.
Results: After this exercise, you will have created and edited a task sequence to deploy an existing image.
2. In the Deploy Software Wizard, on the General page, in the area next to Collection, click Browse.
When prompted, click OK.
3. In the Select Collection dialog box, select Adatum production image, and then click OK.
5. On the Deployment Settings page, next to Purpose, verify that Available is selected, and under
Make Available to the following, select Only media and PXE, and then click Next.
2. In the Virtual Machine Connection window, select Action, and then click Start.
3. When LON-REF1 boots, click inside the Virtual Machine Connection window, and when prompted,
press F12.
Note: Wait for the boot image to be staged and for the machine to boot into the Windows
Preinstallation Environment (Windows PE).
4. In the Welcome to the Task Sequence Wizard window, in the password box, type Pa$$w0rd, and
then click Next.
5. In the Task Sequence Wizard window, verify that the task sequence you created earlier is displayed
and selected, and then click Next.
6. Monitor the deployment. The task sequence will take approximately 15 minutes to complete.
7. After the deployment is complete, sign in to LON-REF1 as Adatum\Administrator with the password
Pa$$w0rd, and then verify that the computer is named LON-REF1.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After this exercise, you will have deployed the task sequence and installed the operating system
image on LON-REF1.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L10-59
3. Right-click cmtrace.exe, and then click Copy. Close Windows Explorer. On the empty desktop of
LON-CL3, right-click and select Paste.
4. Double-click the cmtrace.exe icon on the desktop. In the Configuration Manager Trace Log Tool
window, click Yes. Close the Configuration Manager Trace Log Tool.
5. Right-click the empty space of the desktop, select New, select Folder, and then in the New Folder
icon text box, type Projects.
6. Right-click the empty space of the desktop, select New, and then select Shortcut. In the Create
Shortcut window, type C:\Windows\Notepad.exe in the text box, and then click Next.
7. In the Type a name for this shortcut text box, type Notepad, and then click Finish.
8. Open the Projects folder on the desktop, and in the Address bar, type C:\Windows\CCM\Logs, and
then press Enter. Right-click the CcmExec.log log, and then click Copy. Click the back arrow, and
then, in the empty space of the window, right-click and select Paste. This will add the CcmExec.log
file to the Projects folder on the desktop. You now should have three icons on the desktop: a folder
named Projects, the ccmtrace.exe tool, and a shortcut to Notepad.
9. Shut down LON-CL3. Do not revert it, as you will use it in Exercise 3.
2. Expand Adatum.com, and then select the Users folder. Right-click the Users folder, point to New,
and then click User.
3. In the New Object – User window, in the Full name and User logon name text boxes, type
CMDomainJoin, and then click Next.
4. In the Password and Confirm Password text boxes, type Pa$$w0rd. Clear the User must change
password at next logon check box, click Next, and then click Finish.
6. On the taskbar, right-click the Windows PowerShell icon, and then select Run as Administrator.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-60 Integrating MDT and Configuration Manager for operating system deployment
7. In Windows PowerShell, type the following cmdlets, and press Enter after each one:
3. In the Software Library workspace, expand Operating Systems, and then click the Task Sequences
node.
4. Right-click Task Sequences. You should see the following items in the list:
o Folder
5. On the End-User License Agreement page, select I accept the terms in the License Agreement,
and then click Next.
7. On the Customer Experience Improvement Program page, ensure that I don’t want to join the
program at this time is selected, and then click Next.
8. On the Ready to Install Microsoft Deployment Toolkit 2013 Update 2 (6.3.8330.1000) page,
click Install.
9. On the Completed the Microsoft Deployment Toolkit 2013 Update 2 (6.3.8330.1000) Setup
Wizard page, click Finish.
2. On the Options page of the Configure ConfigMgr Integration window, ensure that the following
settings are selected, and then click Next:
o Install the MDT console extensions for System Center Configuration Manager
o Add the MDT task sequence actions to a System Center Configuration Manager server
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L10-61
2. In the Deployment Workbench console, right-click Deployment Shares, and then click New
Deployment Share.
3. In the New Deployment Share Wizard, on the Path page, in the Deployment share path text box,
type E:\DeploymentSource, and then click Next.
4. On the Share page, in the Share name text box, type DeploymentSource$, and then click Next.
9. Expand the Deployment Shares node in the Deployment Workbench console, right-click MDT
Deployment Share (E:\DeploymentSource), and then select Properties.
10. In the MDT Deployment Share (E:\DeploymentSource) Properties window, select the Monitoring tab.
11. Select Enable monitoring for this deployment share, and then click OK.
3. In the Software Library workspace, expand Operating Systems, and then select the Task
Sequences node.
4. Right-click Task Sequences. You should see a new Create MDT Task Sequence item in the list.
2. In the right pane, right-click Default Client Settings, and then select Properties.
3. Click the Computer Agent node in the console tree. In the Organization name displayed in
Software Center text box, type Adatum, and then click OK.
2. Right-click S01 – Adatum Site, click Configure Site Components, and then click Software
Distribution.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-62 Integrating MDT and Configuration Manager for operating system deployment
3. In the Software Distribution Component Properties window, click the Network Access Account tab,
and then click Specify the account that accesses network locations. Click the New button, which
looks like a sun, and then select New Account.
4. In the Windows User Account window, in the User name text box, type ADATUM\NetworkAccess,
and in the Password and Confirm password text boxes, type Pa$$w0rd, and then click Verify.
5. In the Network share text box, type \\LON-DC1\SYSVOL, and then click the Test connection bar.
You should receive a Configuration Manager pop-up window with the following message: “The
connection was successfully verified”.
Results: After completing this exercise, you should have installed MDT and integrated it with
Configuration Manager.
2. Right-click MSDaRT100.msi, and then choose Install. Answer the wizard by using the default
settings, as follows:
a. On the Welcome to the Microsoft DaRT 10 Setup Wizard page, click Next.
c. On the Microsoft Update page, click I don’t want to use Microsoft Update, and then click
Next.
g. After you receive the message You have successfully completed the Microsoft DaRT 10
Setup Wizard, click Finish.
3. Using File Explorer, navigate to the C:\Program Files\Microsoft DaRT\v10 folder, right-click
Toolsx64.cab, select Copy. Navigate to C:\Program Files\Microsoft Deployment Toolkit
\Templates\Distribution\Tools\x64, and then in the empty space, right-click and select Paste.
4. Navigate to the C:\Program Files\Microsoft DaRT\v10 folder, right-click Toolsx86.cab, and then
select Copy. Navigate to C:\Program Files\Microsoft Deployment Toolkit\Templates
\Distribution\Tools\x86, and then in the empty space, right-click and select Paste.
Task 2: Run the Create Boot Image using MDT wizard to create a customized MDT
boot image
1. On LON-CFG, create a folder named CMSources on the E drive. Right-click the CMSources folder
and click Properties.
2. In the CMSources Properties window, click the Sharing tab, and then click the Advanced Sharing
button.
3. In the Advanced Sharing window, select Share this folder, and then click the Permissions button.
4. In the Permissions for CMSources window, click Add and in the Enter the object names to select
box, type Authenticated Users.
5. Click Check Names, and verify that Authenticated Users is displayed underlined. Then click OK.
6. In the Permissions for CMSources window, select Authenticated Users and then select the Allow
check box next to Full Control. Click OK twice and then click Close.
7. Create the following subfolders in the CMSources folder: OSD and Software.
8. Next, create the following subfolders in the OSD folder:
o OSD\BootImages
o OSD\DriverPackages
o OSD\DriverSources
o OSD\MDT 2013
o OSD\OSImages
o OSD\MDTSettings
9. In the Software folder, create a subfolder named Microsoft. Finally, in the OSD\BootImages folder,
create the following subfolders: WinPE10x64 and WinPE10x64-MDT.
10. In the Configuration Manager console, click the Software Library workspace.
11. In the Software Library workspace, expand Operating Systems, and then select the Boot Images
node.
12. Right-click Boot Images, and then select Create Boot Image using MDT.
13. On the Package Source page, in the Package source folder to be created (UNC path) text box,
type \\LON-CFG\CMSources\OSD\BootImages\WinPE10x64-MDT, and then click Next.
14. On the General Settings page, in the Name text box, type Lab10 MDT Boot Image, and then in the
Comments text box, type MDT Boot Image for Lab 10. Click Next.
15. On the Options page, select x64, and then in the Scratch Space drop-down list box, select 512 MB,
and click Next.
16. On the Components page, ensure that the following check boxes are selected, and then click Next:
o Windows PowerShell
18. On the Summary page, click Next. A progress bar will appear. It will take approximately 8 to 10
minutes to create the boot image.
20. In the Boot Images details pane, right-click Lab10 MDT Boot Image, and then select Distribute
Content.
21. The Distribute Content Wizard will appear. On the General page, click Next.
22. On the Specify the content destination page, click the Add drop-down arrow, and then select
Distribution point. In the Add Distribution Points window, select the check box next to
LON-CFG.ADATUM.COM, click OK, and then click Next.
26. At the bottom of the Summary pane, the Lab10 MDT Boot Image Content Status circle should be
green.
Note: It could take a few minutes for the Lab10 MDT Boot Image Content Status circle to
change from yellow to green.
27. In the details pane, right-click Lab10 MDT Boot Image, and then select Properties.
28. In the Lab10 MDT Boot Image Properties window, select the Data Source tab, select the Deploy this
boot image from the PXE-enabled distribution point check box, and then click OK.
29. In the taskbar, open File Explorer. Navigate to C:\SMSPKGSIG\. After a few minutes, a new folder
named for the Image ID found in the Lab10 MDT Boot Image column, which is in the details pane,
should appear.
2. In File Explorer, select the Allfiles (E:) drive, and then select CMSources\OSD\OSImages under it.
3. Right-click in the empty space of the OSImages folder, and then click Paste. After the copying
completes, rename install.wim to Win10TH2Entx64-Eval.wim. Close File Explorer.
4. In the Configuration Manager console, select the Software Library workspace, and in the console
tree, expand Operating Systems, and then select Operating System Images.
5. Right-click Operating System Images, and then select Add Operating System Image. The Add
Operating System Image Wizard opens.
6. On the Data Source page, in the Path text box, type \\LON-CFG\CMSources\OSD\OSImages
\Win10TH2Entx64-Eval.wim, and then click Next.
7. On the General page, in the Name text box, type Win10Ent x64 Eval, and then click Next.
10. In the details pane of Operating System Images, right-click Win10 x64 Eval, and then select
Distribute Content. The Distribute Content Wizard opens.
12. On the Content Destination page, click the Add down arrow, and then select Distribution Point.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L10-65
13. In the Add Distribution Points window, select LON-CFG.ADATUM.COM , click OK, and then
click Next.
16. After approximately one minute, with Win10Ent x64 Eval still selected in the details pane, click the
Refresh icon on the ribbon. The Content Status circle at the bottom of the screen should be green
when completion is successful. If it is yellow, wait a few more minutes, and then click Refresh.
Continue to do this until it is green. It can take as long as five minutes.
2. In File Explorer, navigate to E:\CMSources\OSD\DriverSources, and then in the empty space of the
details pane, right-click and click Paste.
3. Return to the Configuration Manager console, and in the Software Library workspace, navigate to
Operating Systems\Drivers. Right-click the Drivers node, and then click Import Driver.
4. In the Import New Driver Wizard, on the Specify a location to import driver page, below the
Import all drivers in the following network path (UNC) option, in the Source folder text box,
type \\LON-CFG\CMSources\OSD\DriverSources\HyperVx64, and then click Next.
5. On the Specify the details for the imported driver page, clear Hide drivers that are not digitally
signed. Click Categories, and then in the Manage Administrative Categories window, click Create.
6. In the Create Administrative Category text box, type Hyper-V Drivers, click OK twice, and then
click Next.
7. On the Select the packages to add the imported driver page, click Next.
8. On the Select drivers to include in the boot image page, click Next.
9. On the Summary page, click Next.
Results: After completing this exercise, you should have created the MDT boot image.
2. In the Software Library workspace, expand Operating Systems, and then select the Task
Sequences node.
3. Right-click Task Sequences, and then select Create MDT Task Sequence.
4. The Create MDT Task Sequence Wizard opens. On the Choose Template page, in the drop-down list
box, select Client Task Sequence, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-66 Integrating MDT and Configuration Manager for operating system deployment
5. On the General page, in the Task Sequence name text box, type MDT Client Upgrade, and in the
Task sequence comments text box, type MDT Task Sequence to upgrade a Windows 7 client to
Windows 10 with migrated user state, and then click Next.
6. On the Details page, click Join a domain, and then in the Domain text box, type Adatum.com.
Click Set.
7. In the Windows User Account window, in the User Name text box, type Adatum\CMDomainJoin,
and then in the Password and Confirm Password text boxes, type Pa$$word. Click OK. In the
Organization name text box, type Adatum, and then click Next.
9. On the Boot Image page, ensure that Specify an existing boot image package is selected, and
then click the Browse button next to it.
10. In the Select a Package dialog box, select Lab10 MDT Boot Image en-US, click OK, and then
click Next.
11. On the MDT Package page, select Create a new Microsoft Deployment Toolkit Files package,
and in the Package source folder to be created (UNC Path) text box, type \\LON-CFG\CMSources
\OSD\MDT 2013, and then click Next.
12. On the MDT Details page, in the Name text box, type MDT 2013 Update 2 Toolkit, and then
click Next.
13. On the OS Image page, with Specify an existing OS image selected, click Browse. In the Select a
Package window, click Win10Ent x64 Eval en-US, click OK, and then click Next.
14. On the Deployment Method page, ensure that Perform a “Zero Touch Installation” OS
deployment, with no user interaction is selected, and then click Next.
15. On the Client Package page, ensure that Specify an existing ConfigMgr client package is selected,
and then click Browse.
16. In the Select a Package window, select Microsoft Corporation Configuration Manager Client
Package, click OK, and then click Next.
17. On the USMT Package page, ensure that Specify an existing USMT package is selected, and then
click Browse.
18. In the Select a Package dialog box, select Microsoft Corporation User State Migration Tool for
Windows 8 10.0.10240.16384, click OK, and then click Next.
19. On the Settings Package page, select Create a new settings package, and in the Package source
folder to be created (UNC Path) text box, type \\LON-CFG\CMSources\OSD\MDTSettings, and
then click Next.
20. On the Settings Details page, in the Name text box, type Windows 10 x64 Settings, and then click
Next.
22. On the Summary page, observe the selections that you made, and then click Next.
23. A progress bar will appear, and then on the Confirmation page, click Finish.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L10-67
2. The MDT Client Upgrade Task Sequence Editor opens. Do not click OK until you complete all the
steps that are listed below.
3. In the Initialization group, select the first Format and Partition Disk (UEFI) step, and then in the
Volume list, delete the following three volumes:
a. Click Windows RE Tools (Recovery), and then click the red X symbol directly above the
Volume list.
b. Click EFI (EFI), and then click the red X symbol directly above the Volume list.
c. Click MSR (MSR), and then click the red X symbol directly above the Volume list.
4. Repeat steps 3a through 3c for the Format and Partition Disk (UEFI) step that you find in the Script
does not exist or no partitions group.
5. Note the Capture User State item in the State Capture, Online USMT node. Click Capture User
State. Note the Properties pane of the Capture User State step, and then perform the following:
a. Ensure that Capture all user profiles by using standard options is selected.
6. In the PostInstall group, select Apply Windows Settings, and then configure the following:
o Select Enable the account and specify the local administrator password, and then type
Pa$$w0rd in the Password and Confirm Password text boxes.
7. In the PostInstall group, select Apply Network Settings, and then click Browse beside Domain OU.
In the Browse for a Container dialog box, click London Clients, and then click OK (only in the
Browse for Container dialog box).
9. In the Task Sequences Details pane, right-click MDT Client Upgrade, and then select Distribute
Content.
10. The Distribute Content Wizard opens. On the General page, click Next.
11. On the Content page, click Next.
12. On the Specify the content destination page, click the Add drop-down arrow, and then select
Distribution point. In the Add Distribution Points window, select LON-CFG.ADATUM.COM, click
OK, and then click Next.
2. Right-click the Device Collections node, and then select Create Device Collection.
3. The Create Device Collection Wizard opens. In the Name text box, type Clients to Upgrade, and
then in the Comment text box, type Clients that are scheduled to be Upgraded via the MDT
Client Upgrade task sequence.
4. In the Limiting collection area, click Browse, and in the Select Collection window, select the All
Systems collection, click OK, and then click Next.
5. On the Membership Rules page, click the Add Rule drop-down list box, and then select Direct
Rule.
6. The Create Direct Membership Rule Wizard opens. On the Welcome page, click Next.
7. On the Search for Resources page, ensure the Resource class drop-down list box displays System
Resource and that the Attribute name drop-down list box displays Name (both of these are the
defaults). In the Value text box, type LON-CL3, and then click Next.
8. On the Select Resources page, select LON-CL3, and then click Next.
10. On the Completion page, click Close. You will return to the Create Device Collection Wizard.
14. On the Device Collections tab, right-click All Unknown Computers, and then select Properties.
15. In the All Unknown Computers properties dialog box, click the Collection Variables tab.
16. Click the New icon (looks like a sun), and then in the Name text box, type OSDComputerName.
Clear Do not display this value in the Configuration Manager console, and then click OK twice.
2. The Deploy Software Wizard opens. On the General page, beside Collection, click Browse. Click OK
when prompted.
3. In the Select Collection window, select Clients to Upgrade, click OK, and then click Next.
6. On the User Experience page, ensure that the following check boxes are selected, and then
click Next:
9. On the Summary page, review your selections, and then click Next.
2. In Hyper-V Manager, click 20695C-LON-CL3, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
10. In the Machine Policy Retrieval & Evaluation Cycle window, click OK.
11. Close the Configuration Manager Properties window and Control Panel.
12. When you receive a notification that states “New software is available”, click the notification. This
opens the Software Center.
13. Click the Available Software tab, select MDT Client Upgrade, and then click Install Selected.
14. In the Software Center dialog box, click Install Operating System.
15. The MDT Client Upgrade begins. It will take approximately two hours to run. Due to the limited time
for this lab, you can revert 20695C-LON-CL3 at this time.
Results: After completing this exercise, you should have created and deployed an MDT task sequence.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-70 Integrating MDT and Configuration Manager for operating system deployment
2. In the Software Library workspace, expand Operating Systems, and then select the Task
Sequences node.
3. Right-click Task Sequences, and then select Create MDT Task Sequence.
4. The Create MDT Task Sequence Wizard opens. On the Choose Template page, in the drop-down list
box, select Client Task Sequence, and then click Next.
5. On the General page, in the Task Sequence name text box, type MDT UDI, and in the Task
sequence comments text box, type MDT UDI Task Sequence used to deploy Windows 10 to a
new computer, and then click Next.
6. On the Details page, click Join a domain, and then in the Domain text box, type Adatum.com.
Click Set.
7. In the Windows User Account window, in the User Name text box, type Adatum\CMDomainJoin,
and then in the Password and Confirm Password text boxes, type Pa$$word. Click OK. In the
Organization name text box, type Adatum, and then click Next.
9. On the Boot Image page, ensure Specify an existing boot image package is selected, and then
click the Browse button next to it.
10. In the Select a Package window, select Lab10 MDT Boot Image en-US, click OK, and then
click Next.
11. On the MDT Package page, click Specify an existing Microsoft Deployment Toolkit Files
package, and then click the Browse button that is next to it.
12. In the Select a Package window, select the MDT 2013 Update 2 Toolkit package, click OK, and then
click Next.
13. On the OS Image page, with Specify an existing OS image selected, click Browse. In the Select a
Package window, click Win10Ent x64 Eval en-US, click OK, and then click Next.
14. On the Deployment Method page, select Perform a “User-Driven Installation”, and then
click Next.
15. On the Client Package page, ensure that Specify an existing ConfigMgr client package is selected,
and then click Browse.
16. In the Select a Package window, select the Microsoft Corporation Configuration Manager Client
Package item, click OK, and then click Next.
17. On the USMT Package page, ensure that Specify an existing USMT package is selected, and then
click Browse.
18. In the Select a Package window, select the Microsoft Corporation User State Migration Tool for
Windows 8 10.0.10240.16384 item, click OK, and then click Next.
19. On the Settings Package page, select Specify an existing settings package, and then click Browse.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L10-71
20. In the Select a Package window, select the Windows 10 x64 Settings item, click OK, and then
click Next.
22. On the Summary page, observe the selections that you made, and then click Next.
23. A progress bar will appear, and then on the Confirmation page, click Finish.
2. The MDT UDI Task Sequence Editor window opens. Do not click OK until you complete all the steps
that are listed below.
3. In the Initialization group, select the first Format and Partition Disk (UEFI) step, and then in the
Volume list, delete the following three volumes as:
a. Select Windows RE Tools (Recovery), and then click the red X symbol directly above the
Volume list.
b. Select EFI (EFI), and then click the red X symbol directly above the Volume list.
c. Select MSR (MSR), and then click the red X symbol directly above the Volume list.
4. Now repeat steps 3a through 3c for the Format and Partition Disk (UEFI) step that you find in the
Script does not exist or no partitions group.
5. In the PostInstall group, select the Apply Windows Settings step, and then configure the following:
o Select Enable the account and specify the local administrator password, and then type
Pa$$w0rd in the Password and Confirm Password text boxes.
6. In the PostInstall group, select the Apply Network Settings step, and then click Browse beside
Domain OU. In the Browse for a Container dialog box, click London Clients, and then click OK
(only in the Browse for Container dialog box).
Task 3: Configure the UDIWizard_Config.xml file to control the UDI Wizard behavior
1. On LON-CFG, on the Start screen, click the circled down arrow, and then click UDI Wizard Designer.
2. In the UDI Wizard Designer, click Open, and then browse to E:\CMSources\OSD\MDT 2013\Scripts.
Select the UDIWizard_Config.xml file, and then click Open.
3. Expand StageGroup: New Computer, and in the Stage: NEWCOMPUTER section, select the Install
Programs page.
4. On the ribbon of the UDI Wizard Designer, click Configuration Manager. The Site Settings window
opens.
5. In the Site Settings window, type LON-CFG.adatum.com as the Site Server Name, and then click
Validate Site. The Site Code should now be listed as S01. Next to the Application Collection field,
type MDT UDI Apps Ref, and then click OK.
6. In the Stage: NEWCOMPUTER section, select the Welcome page, and click the Configure tab at the
top of the preview pane.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-72 Integrating MDT and Configuration Manager for operating system deployment
7. In the Welcome Page window under the Message heading, click right before the word Deployment
and type Adatum OS following by a space. The entire sentence should read: Welcome to the
Adatum OS Deployment Wizard. Click the Flow tab.
8. In the Stage: NEWCOMPUTER section, right-click the BitLocker page, and then click Remove Item.
When prompted, click Yes.
9. Repeat the actions in previous step to remove the following pages: Select Target, Administrator
Password, and User Device Affinity. You should have seven pages left in the Stage:
NEWCOMPUTER section.
10. In the Stage: NEWCOMPUTER section, select the Volume page, and click the Configure tab at the
top of the preview pane. Click the down arrow next to the Image Combo Behavior heading.
11. In the Image Combo Box Values box, right-click the Windows 7 RTM images item, and click Select
an Operating System Image.
12. In the Select Operating System Image window, select Win10Ent x64 Eval, and in the Display Name
text box, type Windows 10 Enterprise x64 Eval. Then click OK.
13. Under the User Data and Settings section, click the down arrow next to User Data Combo
Behavior. Select Format: Clean all data on the target volume during install, and then click
Unlocked. It should now read Locked. Click the Flow tab.
14. In the Stage: NEWCOMPUTER section, select the New Computer Details page, and click the
Configure tab at the top of the preview pane. Click the down arrow next to the Network Details
heading.
15. In the Domain or Workgroup Radio Buttons section, click Domain, and then click Unlocked. It
should read Locked.
16. Click the down arrow next to the Domains and OUs heading, and then click Add Domain.
17. In the Create or Edit Domain Information window, type adatum.com in the Domain Name text box
and in the Friendly name text box, type Adatum. Then click OK.
18. Right-click the Adatum/adatum.com item and select Search Domain for OUs. In the Add OU from
Domain window, select London Clients and then click OK.
19. Right-click Adatum/adatum.com, and then click Search Domain for OUs. In the Add OU from
Domain window, select Computers, and then click OK.
20. In the Domain Join Credentials section, click the down arrow next to Domain Join Credentials.
Click the Unlocked button next to the User Name text box and Password text box. They should
both now read Locked. Click the Flow tab.
21. In the Stage: NEWCOMPUTER section, select the Language page, and click the Configure tab at
the top of the preview pane. Click the down arrow next to the Region and Language Defaults
heading.
22. In the Time Zone Combo Box, click the down arrow under the default value field, select (UTC)
Coordinated Universal Time, and then click Unlocked. It should read Locked. Click the Flow tab.
23. In the Stage: NEWCOMPUTER section, select the Install Programs page, and click the Configure
tab at the top of the preview pane. Under the Software and Groups heading, right-click General
Software, and click Remove Item. When prompted, click Yes.
24. Click Add Group, and type Adatum Software in the Name text box. Then click OK.
25. Right-click the Adatum Software item, and then click Add Software to Group. In Add Software To
Group Wizard, ensure that I want to add a Package/Program is selected, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L10-73
26. In the Display Name text box, type Microsoft PowerPoint Viewer. In the Search for 32 Bit
Program section, click Select.
27. In the Search Packages window, click Search, and select the Microsoft PowerPoint Viewer item.
Then click OK.
28. In the Search for 32 Bit Program section, click the down arrow next to Program and select
Per-system unattended. Then click Finish.
29. Right-click the Adatum Software item, and then click Add Software to Group. In the Add Software
To Group Wizard, select I want to add an Application. Then click Next.
30. In the Display Name text box, type XML Notepad 2007. In the Search for Application section, click
Select.
31. In the Search Application window, click Search, and then select the XML Notepad 2007 item. Click
OK, and then click Finish.
32. In the Software and Groups section, select Microsoft PowerPoint Viewer.
33. On the ribbon of the UDI Wizard Designer, click Save As. The Save As dialog box opens. Click Save
and then when prompted, click Yes. Then click OK.
2. In the CustomSettings.ini – Notepad window, place the cursor right after SkipProductKey= Yes and
press Enter.
3. Type the following two lines of code and press Enter after each:
OSDJoinAccount=ADATUM\CMDomainJoin
OSDJoinPassword=Pa$$w0rd
[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=NO
SkipProductKey=YES
OSDJoinAccount=ADATUM\CMDomainJoin
OSDJoinPassword=Pa$$w0rd
Task 5: Update distribution points with the updated MDT 2013 Update 2 and
MDT settings packages
1. On LON-CFG, in the Configuration Manager console, within the Software Library workspace, expand
the Application Management node, and select Packages.
2. Select the MDT 2013 Update 2 Toolkit and Windows 10 x64 Settings packages by holding the Ctrl
key. Right-click one of the selected packages and select Update Distribution Points, and then when
prompted, click OK.
Results: After completing this exercise, you should have created a working UDI task sequence, which will
enable you to deploy Windows 10 to new computer.
2. The Deploy Software Wizard opens. On the General page, beside Collection, click Browse. When
prompted, click OK.
3. In the Select Collection window, select All Unknown Computers, click OK, and then click Next.
4. On the Deployment Settings page, under the Make available to the following heading, select
Only media and PXE. Then click Next.
6. On the User Experience page, ensure that the following check boxes are selected, and then
click Next:
o Show Task Sequence progress
9. On the Summary page, review your selections, and then click Next.
2. In the Settings for 20695C-LON-REF1 on host window, click the DVD Drive node under IDE
Controller 1.
3. In the Media section, select Image file and click Browse. Browse to D:\Program Files
\Microsoft Learning\20695\Drives. Select the MDT-UDI-BootMedia.iso file, and then click Open.
Then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L10-75
4. On the host computer, in Hyper-V Manager, click 20695C-LON-REF1, and then in the Actions pane,
click Start.
5. In the Actions pane, click Connect. Wait until the virtual machine starts.
7. On the Select a task sequence to run page of the Task Sequence Wizard, select MDT UDI, and then
click Next.
8. On the Edit Task Sequence Variables page of the Task Sequence Wizard, click Next.
Note: It will take a few minutes to download the MDT toolkit package.
9. On the Ready to start page of the Task Sequence Wizard, click Finish. The machine will reboot.
13. On the New Computer Details page, type LON-CL4 in the Computer Name text box.
14. Notice that the Domain Join Credentials have filled in automatically. They have been read from the
CustomSettings.ini file. Click Next.
15. On the Language page, click Next.
16. On the Install Programs page, select XML Notepad 2007, and then click Next.
17. On the Summary page, review your selections, and then click Finish. The deployment starts.
Note: If time permits, you can leave the virtual machines running to finish the deployment,
while your instructor starts on the next module. You should ask your instructor for guidance
regarding this.
18. On the Deployment Complete page, click the Welcome, Deployment Summary, and Applications
Installed tabs to verify the installation. Then click Start Windows.
19. Sign in by using adatum\administrator as the username and Pa$$w0rd as the password.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have deployed Windows 10 to a new computer by
using a UDI task sequence.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L11-77
Results: After completing this exercise, you should have a plan for Windows 10 customization.
2. Right-click the Mail tile, and then on the context menu, click Resize, Large.
3. Right-click the Calendar tile, and then on the context menu, click Resize, Wide.
4. Drag the Microsoft Edge tile and place it next to the Calendar tile.
5. Drag the Store tile and place it under the Calendar tile.
6. Drag the Weather tile and place it under the Store tile.
7. Drag the Skype video tile and place it under the Weather tile.
8. Drag the Phone Companion tile and place it next to the OneNote tile in the second column.
9. Right-click the Money tile, and then on the context menu, click Unpin from Start.
10. Right-click all the tiles with the small icons and no text on them, and then click Unpin from Start.
Five of these should exist.
11. On the Start menu, click All apps. Scroll down to the Windows Accessories group, expand it, and
then right-click Notepad. On the context menu, click Pin to Start.
12. Drag the Notepad tile next to OneNote tile in the second column.
13. Click the text Life at a glance, delete it, and then type Online apps in the box that appears.
14. Click the text Play and explore, delete it, type Adatum apps in the box that appears, and then press
Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-78 Activating clients and managing additional configuration settings
2. Right-click Windows PowerShell, and then on the context menu, click Run as administrator.
3. In the Windows PowerShell window, type the following command, and then press Enter:
5. In File Explorer, navigate to E:\Labfiles\, and then verify that you can see the AdatumLayout.xml
file.
2. In the Group Policy Management Console (GPMC), in the console tree, expand Forest: Adatum.com,
Domains, right click Adatum.com, and then on the context menu, click Create a GPO in this
domain, and Link it here.
3. In the New GPO window, in the Name box, type Adatum W10 Start menu, and then click OK.
4. In the console tree, under Adatum.com, you should see a new Adatum W10 Start menu Group
Policy Object (GPO). Right-click the GPO, and then on the context menu, click Edit. This opens the
Group Policy Management Editor. Maximize it by clicking the square icon in the upper-right corner of
the console.
5. In the console tree, expand User Configuration, expand Polices, expand Administrative
Templates, and then click Start Menu and Taskbar.
6. In the details pane, click the Setting heading bar to alphabetize the settings.
7. Scroll down, and then double-click Start Screen Layout. This opens the configuration pane for the
Start screen layout.
8. In the configuration pane, click Enabled, and then in the Start Layout File box below it, type
\\LON-DC1\e$\Labfiles\AdatumLayout.xml. In the Comment box, type A custom Start menu
developed on LON-CL1 with Notepad, and then at the bottom of the configuration pane, click OK.
Note: The file location must be a location to which all user accounts have read access.
2. Click the Administrator icon at the top of the Start menu, and then click Sign out.
3. After the sign-out is complete, sign back in to LON-CL2 as Adatum\Administrator with the
password Pa$$w0rd.
4. On LON-CL2, click the Start button. Examine the Start menu. It should have the custom Start menu
applied.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L11-79
5. Attempt to drag and unpin some of the tiles. You should be unable to do so.
6. Attempt to pin an app to the Start menu. You should be unable to do that, as well.
Task 2: Set a power plan to ensure that client computers do not hibernate
1. On LON-DC1, in Server Manager, on the Tools menu, click Group Policy Management.
2. In the GPMC, in the console tree, expand Forest: Adatum.com, expand Domains, expand
Adatum.com, right-click London Clients, and then click Create a GPO in this domain, and
Link it here.
3. In the New GPO window, in the Name box, type PowerSettings, and then click OK.
Note: In the console tree, under the London Clients node, you should see a new
PowerSettings GPO.
4. Right-click PowerSettings, and then click Edit. The Group Policy Management Editor opens.
Maximize it by clicking the square icon in the upper-right corner of the console.
5. In the console tree, expand Computer Configuration, expand Polices, expand Administrative
Templates, expand Windows Components, and then click File Explorer.
6. In the details pane, double-click the Show hibernate in the power options menu item.
7. In the Show hibernate in the power options menu window, click Disabled, and then click OK.
8. In the console tree, expand Computer Configuration, expand Preferences, expand Control Panel
Settings, and then click Power Options.
9. Right-click in the empty Power Options details pane, and then click New, Power Plan (At least
Windows 7).
10. In the New Power Plan (At least Windows 7) Properties window, in the Action list, ensure that
Update is selected, and then select High performance.
11. Select the Set as the active power plan check box.
12. In the list of items, click the plus sign (+) next to Sleep, and then click the plus sign (+) next to
Hibernate after.
13. Click On Battery (minutes), click Plugged in (minutes), and then ensure that both values are
set to 0 (zero).
14. In the list, click the plus sign (+) next to Display, click the plus sign (+) next to Turn off display after,
and then in the list that appears below this option, click Plugged in (minutes). Change the minutes
value from 15 to 0 (zero), and then click OK.
15. Close the Group Policy Management Editor and GPMC windows.
16. On LON-CL2, right-click Start, click Shut down or sign out, and then click Restart.
17. After LON-CL2 restarts, sign in as Adatum\Administrator with the password Pa$$w0rd.
18. Right-click Start, and then on the context menu, click Control Panel.
19. In Control Panel, click Hardware and Sound, and then click Power Options.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-80 Activating clients and managing additional configuration settings
20. You should have the High Performance power option selected. Click Change plan settings.
21. Note that the Turn off the display list is set to Never. This is applied from the zero minutes setting
that you configured in the GPO.
Results: After completing this exercise, you should have created a common Windows 10 Start menu and a
custom power plan.
3. On the Select server roles page, select the Print and Document Services check box. In the Add
Roles and Features Wizard dialog box that appears, click Add Features, and then click Next.
4. On the Select features page, click Next.
6. On the Select role services page, verify that the Print Server item is selected, and then click Next.
7. On the Confirm installation selections page, click Install. When the installation is complete, click
Close.
8. On LON-DC1, in Server Manager, click Tools, and then on the context menu, click Print
Management.
9. In the Print Management console tree, expand Print Servers, LON-DC1 (local), and then click
Printers.
10. Right-click Printers, and then click Add Printer. The Network Printer Installation Wizard opens.
11. In the Network Printer Installation Wizard, click Add a new printer using an existing port, and then
click Next.
12. On the Printer Driver page, ensure that the Install a new driver option is selected, and then
click Next.
13. On the Printer Installation page, in the Manufacturer section, scroll down, and then select KONICA
MINOLTA. In the Printer section, scroll down, select KONICA MINOLTA PS Color Laser Class
Driver, and then click Next.
14. On the Printer Name and Sharing Settings page, ensure that the Printer Name and Share name
boxes contain KONICA MINOLTA PS Color Laser by removing Class Driver, and then click Next.
16. When the wizard completes, on the Completing the Network Printer Installation Wizard page,
select the Add another printer check box, and then click Finish.
17. On the Printer Installation page, ensure that the Add a new printer using an existing port option
is selected. In the list next to it, select the LPT2: (Printer Port) item, and then click Next.
18. On the Printer Driver page, ensure that the Install a new driver option is selected, and then
click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L11-81
19. On the Printer Installation page, in the Manufacturer section, scroll down, select HP, accept the
first printer HP Color Laserjet 1600 Class Driver, and then click Next.
20. On the Printer Name and Sharing Settings page, ensure that the Printer Name and Share name
boxes contain HP Color Laserjet 1600 by removing Class Driver, and then click Next.
22. When the Completing the Network Printer Installation Wizard page appears, do not select any
check boxes, and then click Finish.
23. On LON-DC1, in Server Manager, on the Tools menu, click Group Policy Management.
Note: If you see a Group Policy Management dialog box, when you open the GPMC,
close the dialog box by clicking the red X. Then close the GPMC and reopen it.
24. In the GPMC, in the console tree, expand Forest: Adatum.com, expand Domains, right-click
Adatum.com, and then on the context menu, click Create a GPO in this domain, and Link it here.
25. In the New GPO window, in the Name box, type ClientUserPreferences, and then click OK.
26. In the console tree, under the Adatum.com node, you should see a new ClientUserPreferences
GPO. Right-click this GPO, and then on the context menu, click Edit. The Group Policy Management
Editor appears. Maximize it by clicking the square icon in the upper-right corner of the console.
27. In the console tree, expand User Configuration, expand Preferences, and then click Windows
Settings.
28. Click the Drive Maps node. This opens the configuration pane for the drive maps.
29. Right-click in the empty details pane, and then on the context menu, click New, Mapped Drive.
30. In the New Drive Properties dialog box, in the Action list, select Update.
34. In the Hide/show this drive section, select Show this drive.
35. Click the Common tab. In the Options common to all items section, select the Item-level
Targeting check box, and then click Targeting. The Targeting Editor appears.
36. In the Targeting Editor, select New Item in the list, and then on the context menu, click Security
Group.
37. Next to the Group box, click the ellipsis button (…).
38. In the Select Group window, in the Enter the object name to select box, type IT, and then click OK.
39. Verify that the User in group option is selected.
40. Select New Item in the list, and then on the context menu, click Computer Name.
41. Next to the Computer Name box, click the ellipsis button (…).
42. In the Select Computer window that appears, in the Enter the object name to select box, type
LON-CL1, and then click OK three times.
43. Right-click in the empty details pane, and then on the context menu, click New, Mapped Drive.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-82 Activating clients and managing additional configuration settings
44. In the New Drive Properties dialog box, in the Action list, click Update.
47. In the Drive letter section, ensure that the Use option is selected, and then in the list, select the drive
letter L.
48. In the Hide/show this drive section, select the Show this drive option.
49. Click the Common tab. In the Options common to all items section, select the Item-level
Targeting check box, and then click Targeting. The Targeting Editor appears.
50. In the Targeting Editor, in the New Item list, select Security Group.
51. Next to the Group box, click the ellipsis button (…).
52. In the Select Group window, in the Enter the object name to select box, type Marketing, and then
click OK.
54. Select the New Item list, and then click Computer Name.
55. Next to the Computer Name box, click the ellipsis button (…).
56. In the Select Computer window that appears, in the Enter the object name to select box, type
LON-CL2, and then click OK three times.
57. In the Group Policy Management Editor, expand User Configuration, expand Preferences, expand
Control Panel Settings, and then click Printers.
58. Right-click in the Printers detail pane, and then click New, Shared Printer.
59. In the New Shared Printer Properties dialog box, in the Share path box, type \\LON-DC1
\KONICA MINOLTA PS Color Laser.
60. Select the Set this printer as the default printer check box.
61. Click the Common tab, select the Item-level targeting check box, and then click Targeting.
62. In the Targeting Editor, in the New Item list, select User.
63. Next to the User box, click the ellipsis button (…).
64. In the Select User window that appears, in the Enter the object name to select box, type Holly,
click OK three times.
65. Right-click in the Printers detail pane, and then click New, Shared Printer.
66. In the New Shared Printer Properties dialog box, in the Share path box, type \\LON-DC1
\HP Color Laserjet 1600.
67. Select the Set this printer as the default printer check box.
68. Click the Common tab, select the Item-level targeting check box, and then click Targeting.
69. In the Targeting Editor, in the New Item list, select User.
70. Next to the User box, click the ellipsis button (…).
71. In the Select User window that appears, in the Enter the object name to select box, type Kari, and
then click Check Names.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L11-83
72. In the Multiple Names Found dialog box, select the first name, Kari Hensien, and then click OK four
times.
3. Examine the folders. You should not have the mapped drive.
Note: If you receive the message Windows couldn´t connect to the System Event
Notification Service service, click OK and retry step 5.
7. Click This PC and then examine the folders. You should have the mapped drive labeled as
IT Department Labfiles (L:).
8. Right-click Start in the lower left of the taskbar, and then on the context menu, click Control Panel.
9. In Control Panel, click Hardware and Sound, and then click Devices and Printers.
10. You should have the KONICA MINOLTA PS Color Laser on lon-dc1 printer in the Printers section.
KONICA MINOLTA PS Color Laser should have a green check mark showing that it is the default
printer.
11. Close all open windows, and then sign out of LON-CL1.
Note: If you receive the message Windows couldn´t connect to the System Event
Notification Service service, click OK and retry step 13.
15. Click This PC and then examine the folders. You should have the mapped drive labeled Marketing
Group Labfiles (L:).
16. Right-click Start in the lower left of the taskbar, and then on the context menu, click Control Panel.
17. In Control Panel, click Hardware and Sound, and then click Devices and Printers.
18. You should have the HP Color Laserjet 1600 on lon-dc1 printer in the Printers section. HP Color
Laserjet 1600 should have a green check mark showing that it is the default printer.
19. Close all open windows, and then sign out of LON-CL2.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-84 Activating clients and managing additional configuration settings
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have signed in as different users on LON-CL1 and
LON-CL2 and verified the preferences that you configured.
MCT USE ONLY. STUDENT USE PROHIBITED
L12-85
3. In the Search column, right-click the Command Prompt item, and then click Run as administrator.
4. In the Administrator: Command Prompt window, type E:, and then press Enter. At the command
prompt, type the following command, and then press Enter:
cd e:\Labfiles\Office_Professional_2016
5. At the command prompt, type the following command, and then press Enter:
setup.exe /admin
6. After the OCT opens, in the Select Product window, ensure that the Create a new Setup
customization file for the following product radio button is selected, and the Product name
window displays Microsoft Office Professional Plus 2016 (64-bit), and then click OK.
7. On the Welcome page, click the Setup node.
9. In the left pane, select the Licensing and user interface subnode.
10. In the details pane, verify that the default Use KMS client key radio button is selected.
11. Select the I accept the terms in the License Agreement check box. In the Display level drop-down
list box, select Basic.
14. In the left pane, select the Office Security settings node.
15. At the bottom of the details pane, click the Unsafe ActiveX initialization drop-down list box, and
then click Do not prompt and disable all controls.
16. In the left pane, click the Modify Setup properties item.
18. In the Add/Modify Property Value pop-up, in the Name text box, type HIDEUPDATEUI, in the
Value text box, type TRUE, and then click OK.
19. In the Features area of the console tree, select the Modify user settings item.
20. In the settings tree in the middle pane, select and expand Microsoft Office 2016, expand Privacy,
and then select Trust Center.
MCT USE ONLY. STUDENT USE PROHIBITED
L12-86 Deploying Office 2016
21. In the details pane, double-click Disable Opt-in Wizard on first run. In the Disable Opt-in Wizard
on first run Properties dialog box, click Enabled, and then click OK.
22. Return to the settings tree in the middle pane, and under Microsoft Office 2016, scroll to the last
folder, and then select First Run.
23. In the details pane on the right side, double-click Disable First Run Movie.
24. In the Disable First Run Movie Properties dialog box, click Enabled, and then click OK.
25. In the details pane on the right side, double-click Disable Office First Run on application boot.
26. In the Disable Office First Run on application boot Properties dialog box, click Enabled, and then
click OK.
27. In the left pane, select the Set feature installation states item, and then in the details pane, expand
Microsoft Office.
28. In the Microsoft Access node, click the disk icon. In the drop-down menu, click Not Available.
30. In the top bar menu, click File, and then click Save.
31. In the Save as pop-up window, in the File name text box, type \\LON-DC1\labfiles
\Office_Professional_2016\Updates\AdatumOffice.msp, and then click Save.
33. In the pop-up window that displays, Do you really want to quit now?, click Yes.
34. On the desktop, on the taskbar, click the File Explorer icon.
Results: At the end of this exercise, you should have created a customized Office 2016 deployment file.
4. In the Search column results, right-click Command Prompt, and then click Run as administrator.
5. At the command prompt, type the following commands, pressing Enter after each line:
Note: In a few moments, the Microsoft Office installation window opens and begins to
install Office 2016. Since you used the Basic option in the OCT, the progress displays without the
ability to cancel. After approximately 15 minutes, the installation will complete.
MCT USE ONLY. STUDENT USE PROHIBITED
Deploying Windows Desktops and Enterprise Applications L12-87
Note: Notice that under the letter ‘A’, Microsoft Access is not installed. Scroll down to the
letter ‘P’ section and notice that Microsoft PowerPoint 2016 is on the menu, but Microsoft
Publisher 2016 is not.
Note: You can begin typing, and the First things first window does not appear.
2. In the Virtual Machines list, right-click 20695C-LON-DC1, and then click Revert.
Results: At the end of this exercise, you should have successfully installed Office 2016 from the .msp file.
MCT USE ONLY. STUDENT USE PROHIBITED