Azure Sentinel is a cloud SIEM and SOAR. It is therefore used for the supervision of a customer environment, from which it...
Creating own Windows 10 imageLukas Beran
If you want to save your time when deploying Windows 10, or if you want to deploy Windows 10 to more computers, it’s very useful to create your own Windows 10 image.
For the creation we will use available tools from Microsoft – Windows ADK for Windows 10 and Microsoft Deployment Toolkit 2013 Update 1. The advantage is that the supported system is not only Windows 10, but also Windows 7 to Windows 10 and Windows Server 2008 R2 to Windows Server 2012 R2.
Image creation strategy
When you create a new image, you need to know is you want to support both architectures (x86 and x64) or just one of them. Today it’s recommended to support only one 64bit architecture unless you have a good reason to use 32bit. Because if you support more architectures, you need more images which you need to store and update/patch.
Second thing is what you want to add to your image. In general, we have three options:
- Thin image contains only drivers which are required for the installation (network, storage) + Windows Updates. This image does not contain any additional drivers or applications.
- Hybrid image which contains in addition to thin image basic business (LoB) applications, productivity applications (Office, Adobe Reader, …) and optionally applications which use all users.
- Thick image contains additional drivers and applications.
Generally it’s recommended to use thin image, because this image is smaller (faster installation) and easier for updating and patching. Image should be general – the same image for all users.
Create your own image
Now you need ADK for Windows 10 and MDT installed on your computer.
Create new deployment share
Run Microsoft Deployment Toolkit and in Deployment Workbench add new Deployment Share. This share is a network path from which WinPE (preinstallation environment) will download installation image if you choose network installation.
In the configuration wizard select a path to the deployment share.
Set a name of the share and description.
In the option part we can choose what we want to show in Deployment Wizard. Here you can find some basic options and additional options you can set in Rules (more info bellow). Next step is just a summary.
Adjust setting of the deployment share
By right clicking the deployment share we can change more settings in the Properties tab.
On the tab General should be predefined a path to the local deployment share folder and the network path. You also need to setup rights for this share (NTFS and share rights). Another important thing is a selection of supported architecture (x86 and/or x64).
On the tab Rules is a setting of Deployment Wizard. This wizard is shown when user boots from the image. Some of the settings are for servers and some of them are for desktops. Using those rules you can set default values or you can enforce some specific values. You can for example offer to set any keyboard, but you set that the default value is English keyboard. Here are predefined values you set in the wizard and you can add additional options. List of all available options is on Technetu.
I use for my image following:
TimeZoneName=Central Europe Standard Time
In the bottom part of the Rules tab is Edit Bootstrap.ini button where you can set parameters of WinPE environment. Here is important to set network path to the deployment share and credentials for the share.
My configuration looks like:
Adding a content to the image
Now we can add a content to our image. First is of course operating system which we want to deploy. In the share right click Operating Systems folder and choose Import Operating System. In the first step select type of the system – either Full Source, own source (WIM file) or WDS image. I’m choosing the first option and selecting ISO.
We add applications to the folder Applications again by right clicking and New Application.
In the following steps of the wizard we set name of the application, path and command line parameters including a name of the executable file, for example setup.exe /silent ). Here is important that the app has to be installable without any user interaction – every request for interaction will interrupt the installation process.
Drivers are added to folder Out-of-Box Drivers. Here it’s important to add only drivers which are needed for the installation process, so only network and storage drivers if they are not included in the operating system.
In the folder Packages are only language packs and updates.
Taks sequences are important part of the deployment process. It directly defines all steps of the deployment. By right clicking we can add new sequence. Then we set a name and ID of the sequence. In the next step we choose one of the predefined sequences which meets our criteria. I choose Standard Client Task Sequence because I want to install desktop operating system.
In the next step we select operating system. Because I have only one operating system, I have no choice 🙂
In the next step we can add a activation key. I don’t add anything because I install Enterprise edition with KMS activation.
In the next step we can setup the operating system. I fill user name, organization and Internet Explorer homepage.
In the last step we can optionally set a password for the local admin.
When we open the task sequence, we can see all steps of the installation process. And of course we can edit these steps or add new steps to the sequence. Typically we can set different disk partitioning.
Generating the image
Now we can generate our first image. Right click the share and choose Update Deployment Share. On the first screen is a option if we want to update our image or completely regenerate. If we do just small changes to the image, we can choose the first option which is much faster. But if we did bigger changes, it’s always better to regenerate the image.
Deploying the image
Now we can deploy the image. Copy WinPE ISO from folder Boot in our share, in my case it’s LiteTouchPE_x64.iso. Advantage is hat this image is only PE (preinstallation environment) so it has only 300 MB. Operating system image with applications, drivers etc is on the network share and it will be downloaded during the installation process.
After the image has booted up, we can choose keyboard layout and configure IP address. Now we can start the deployment wizard. Options depend on what we set in Rules. In the first step we choose task sequence with the operating system we want to install. In the next step we set computer name, confirm language settings and choose applications which I want to install. Then the installation process starts.
If we deploy both architectures (x86 and x64), it’s important to know that from x86 WinPE we can install x86 and x64 operating system, but from x64 WinPE we can install only x64 operating system.
If you know that you will not deploy one of the architectures, you can disable generating WinPE for this architecture.
Different architectures can have different settings. You can switch settings on Windows PE tab.
You can add additional files and scripts to the boot image.