The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…


    Mikael Nystrom

    Mikael Nystrom

    OS Deployment Geek, Virtualization and System Center

    Mikael Nystrom is a Microsoft MVP and Principal Architect at TrueSec

  • Archives

  • Meta

Archive for the ‘MDT’ Category

Deployment Fundamentals, Vol. 6: Deploying Windows 10 Using Microsoft Deployment Toolkit (and some PowerShell)

Posted by Mikael Nystrom on January 6, 2016

Yes, the book is finally done and it is up on Amazon. The book follows all the others by being a build-while-you-read book, it includes a complete set of PowerShell scripts that will build your entire lab environment (The script has been changed, so it will be easier to use them at customer sites or other test/lab environments if needed). The focus of the book is as you could guess by the title to deploy Windows 10 using MDT and LiteTouch. The versions we did use in the book are Windows 10 1511, MDT 2013 Update 2 and the new ADK. It has been hard work, late nights, but darn I still love writing books… You can find the book on as well as other sites. oh, btw, the book also includes a complete hydration kit that uses MDT and PowerShell to build your complete lab environment.


Happy reading and deploying


Posted in Book, Deployment, MDT | Tagged: , , , | 15 Comments »

OSD Deployment – Deploying Intel NUC and getting drivers and settings assigned using the AliasUserExit.vbs – Converting Product into %ModelAlias%

Posted by Mikael Nystrom on November 24, 2015

I have been deploying the small and cool Intel NUC’s for a long time, they just have one problem, it is a small problem, but….

There is no Make/Model, actually, the entire SMBBios is empty, now that makes it a bit hard to figure what model we are deploying and therefore it is hard to determine what drivers that needs to be deployed. On some older  NUC’s there could be settings.

This is what we get from PowerShell – Win32_ComputerSystem,Win32_ComputerSystemProduct,Win32_BIOS and Win32_BaseBoard


As you can see Make and Model are kind of “nothing”, but SMBIOSBIOSVersion is RYBDWi35.86A.0350.2015.0812.1722 and that is basically the name of the motherboard, but slightly better, why don’t we use the Win32_BaseBoard and grab product, that seems just to be the perfect match here. And hold it… Win32_BaseBoard is already inventoried by the ZTIGather process, so the only thing we need to do is to set ModelAlias to Product, that seems pretty easy…

The “old” AliasUserExit to the rescue (once more)

The AliasUserExit script runs as a part of the ZTIGather process in MDT/ConfigMgr. This script has a section for Models where either Make is “Intel” or “”, in that case we grab the Product from the gather process and store that in %ModelAlias%.

Script can be found here: and inside the VBscript it explains how to use it

Verify that it works:

Running cscript ZTIGather.wsf /inifile:Customsettings.ini we get this on a DN2820FYK.
Note: In this case someone manually added/modified the SMBios using the Intel Toolkit to say that the Model is DN2820FYKH, but it is actually DN2820FYK
Running cscript ZTIGather.wsf /inifile:Customsettings.ini we get this on a NUC5i7RYB.
Note: In this case the BIOS is “normal”, that is it is totally blank
Running cscript ZTIGather.wsf /inifile:Customsettings.ini we get this on a D53427RKE.
Note: In this case the BIOS does contain vales, older NUC’s could have them set..

Posted in ConfigMgr, Drivers, MDT, OS Deployment, OSD, RealWorld | Tagged: , , , , , | 6 Comments »

OS Deployment – Adding a Wizard to control the Task Sequence behavior when you create a Reference Image

Posted by Mikael Nystrom on November 17, 2015

If you are in the business of doing Reference Imaging you want that process to be as automated as possible, but now and then you need to verify that different part of the task sequence works, lets say that you need to verify that an application you added to that task sequence get installed correctly, at time you don’t really like to run trough the entire Windows update process. Easy fix, you open the Task Sequence and disable it, but what if you could do some thing like this instead…A quick Note before you begin: This is not supported, since includes a modification a ZTIConfig.vbs and credit goes to Keith Garner for the explaining how to do that modification. Thanks!

I have done demos on this topic for some time now and I have promised to post this, so for all of you attending MMS in MN, TechDays and other various events, here you have it.


If that is what you want, here it is.

Adding the Suspend Step

The Suspend Step is a function that is built-in to MDT, but you need to add it. After you have done that the task sequence will suspend at that step and you can perform manual tasks, or test and verify that things works as expected. When you are done, just hit the “Resume Task Sequence” icon that will be on the desktop. Extremely useful, but instead of enable/disable by modifying the task sequence, it is nice to have that as checkbox.

Open your Task Sequence and browse to: State Restore \ Custom Tasks (My folder has been renamed to “Custom Tasks Post WU) and add a Run Command Line using the following settings:

  • Name: Suspend
  • Command Line: cscript.exe “%SCRIPTROOT%\LTISuspend.wsf”

The Suspend Step has been added.

Adding Conditions to the Steps.

We need a couple of Properties that we can use, let us use SuspendTS, DisableApps and DisableWSUS, add the following settings to the following steps in the Task Sequence.

For the Windows update steps, add the following Task Sequence Variable.

  • Variable: DisableWSUS
  • Condition: not equals
  • Value: NO

One of the Windows Update Step has the condition set, don’t forget to set them both.

For the Application install group steps, add the following Task Sequence Variable.

  • Variable: DisableApps
  • Condition: not equals
  • Value: NO

The group that install all the Applications has the correct condition set.

For the Suspend Task Sequence step, add the following Task Sequence Variable.

  • Variable: SuspendTS
  • Condition: equals
  • Value: YES

The Suspend Step Condition changed according to the list above.

Create an Application Bundle

We need a application bundle, the application bundle will actually not install anything at all, instead it is going to be the place holder for the HTML code. I recommend that you have all the “applications” you don’t want to see in a set of folders and this application in an other folder, or directly in the root, because this application should be seen, so you can “fill out the form”.

Create the Application Bundle using the following settings:

  • Application Type: Application Bundle
  • Application Name: Deployment Settings

The application Bundle has been created in the Config Folder.

Add HTML code to the Application Bundle

Open the Application Bundle and the the following HTML code to the comments field

<td>Enable Suspend Task Sequence</td>
<td><INPUT type="checkbox" Name="SuspendTS" value="YES" /></td>
<td>Disable  Windows Update</td>
<td><INPUT type="checkbox" Name="DisableWSUS" value="NO" /></td>
<td>Disable Application Install</td>
<td><INPUT type="checkbox" Name="DisableApps" value="NO" /></td>

Note:Make sure that your " are real " and not the “Word edition”

HTML has been added to the Comments filed.

Enable HTML code to run in the Comments field

Time for the unsupported part, the change you are about to do will stop the Wizard from parsing the comments field as text.

In scripts folder, find the file named ZTIConfig.vbs, make a copy of it, open the ZTIConfig.vbs and find the following line (around Line 700)

sComments = EncodeXML(oItem.SelectSingleNode("./Comments").Text)

and replace it with this

sComments = oItem.SelectSingleNode("./Comments").Text

Save the file.

Modify your CustomSettings.ini

We need to be able to select applications, so make sure your customsettings.ini shows:

  • SkipApplications=NO
  • SkipSummary=NO

The setting SkipSummery can later be set to YES, the setting I suggest is just so that you can see that Variables are set correctly with the need to run trough the entire deployment when testing this.

CustomSettings.ini has been modified.

Hide all other applications

When running the wizard, I don’t need to see all the applications, since the have been added to my task sequence. So you can either open each and every application and enable the “Hide this Application” checkbox, or you can (if you have all the applications in folders, just disable the folder.


Create Your Reference Image using the new “Wizard”

Boot the VM, select your Task Sequence and enable/disable the item.

Note: You don’t really need to select the application, it is just used as place holder for the HTML code, I have however made the application a default application to avoid confusion as a MnadatorApplications001={GUID}

All item have been Selected.

All values have been set correctly.

Have Fun!


Question: Do I need to select the application:
Answer: No

Question: Why don’t you add a Wizard Page instead?
Answer: Because that is more complicated if you don’t know exactly how the wizard works, this method is in most cases good enough and can be done even if you don’t have any experience in modifying the Wizard, you can as an example just add a dropdown box to be able to select certain items

Question: Do you have any other example on how to use this?
Answer: Yes, a ton of them

Question: If I don’t need to wizard thing anymore, how to I disable it?
Answer: Since it is an application, disable the application

Posted in MDT, OS Deployment, OSD, Reference Image, Unsupported | Tagged: , , , , | 6 Comments »

OS Deployment using MDT – Inside the Validation Step

Posted by Mikael Nystrom on September 30, 2015

So, you are about to deploy Windows (client or server) using Microsoft Deployment Toolkit. Before you do that, maybe you should change the Validate Action, why? Because the default values does not make sense to everyone, that’s why.

The Validate Action

The Validate Action is a step in the Task Sequence that verifies that the machine you are about to install are good enough to be deployed. the defaults are a bit “wrong” for most customers IMHO.

The Defaults:

  • Check if the Machine has at least 768 MB of RAM
  • Check that the minimum CPU speed is at least 800 MHz
  • Don’t check disk space
  • Check that if there is a Operating System installed, it is a Client OS

Consider this:

Ensure minimum memory

768 MB is just wrong, a Windows 10 machine will need at least 2 GB (x86) or 4 GB (x64), so that means you should set them to 2048 or 4096, no, not at all. You need to calculate on the GPU RAM as well, since that is most likely “stolen” from RAM. So a 4 GB machine is 4096 MB – 512 MB (GPU Memory = 3584, set it to 3500. A 2 GB machine is 2048 MB – 512 MB = 1536 MB, set it to 1530.

Ensure minimum processor speed (MHz)

This is a bit tricky, depending on power saving features and the fact the machine is virtual, this could block OS install, even if it is correct. But, there is very few machines with 4GB of ram with a slower CPU then 800 MHz anyway, so checking memory. should be fine.

Check to ensure specified image size will fit (MB)

This check does not happen unless you check it, and maybe you should, if you are using Multicast the image will first be copied to the disk and then it will perform the install, in that case you actually “need” space, consider to change that.

Ensure current OS to be refreshed is

This checks the OS on the disk before installing/refresh, well it make sense in most cases, however, when you are playing and testing you could have a laptop that is used for both client and server OS test, in that case you need to uncheck.

Below you can see the default values.

Modified values.

Here is the result if the validation fails, due to insufficient memory.

Check BIOS

One other fun thing is the Check BIOS action, when I ask around I usually get something like – Well it checks the bios, you know. Not really, it is a script that runs to gather information a bout the bios, that is correct. It then uses that information against a XML file to see if it is a match, it there is a match, it will then block OS install. But the question is, what does it really check?

When opening the VBscript it seems that it checks, Manufacturer, Model and date of Bios


and if it does find a match it will tell you the following…


and that’s very nice to know, if you are deploying Windows Vista…


Let us see what it looks for…


Ok, hmm, If you have BIOS version XX ROM BIOS Version 1.23, the Vendor is Wyssyg Computers and the Model is WYSIWYG Super Cool Computer 2007 with a BIOS date of 20060801000000.000000+000 it will then block the install. Not sure that has ever happened, but hey, nothing is impossible…

What you could do is to add computers to the XML file to block installation if you know that a certain model/bios will not work correctly.


Posted in MDT, OS Deployment | Tagged: , , | 4 Comments »

Nice to Know – The MDT documentation is gone???

Posted by Mikael Nystrom on September 30, 2015

Well, no. But it is no longer available as a .CHM file when you install MDT 2013 Update 1. You will instead find it on TechNet. The idea is that the team should be able to update the documentation easier.

MDT 2013 Documentation



Posted in MDT | Tagged: | 2 Comments »

Back to Basic – CustomSettings.ini – Converting Desktop and Laptop computer types into Roles

Posted by Mikael Nystrom on May 22, 2015

So, someone asked me(you know who you are) if it is possible to convert something like a computer types into a role, and yes that is possible and some times a pretty smart thing to do. If you have basically to kind of roles in your org and they are based on the fact that the computer is a Laptop (like a field engineer) or a Desktop (like a standard office user), well then it should work.

Converting Computer types into Roles:

In the Priorityline we have ByDesktop,ByLaptop,Role and Default

We use [ByDesktop] to return a value of yes/no and we store that in IsDesktop-Yes if it is a desktop and then we send it to a section with the name of IsDesktop-Yes. In the section [IsDesktop-True] we assign it the Property Role001 to ComputerIsDesktop. Now we can create a role in customsettings.ini, or we could create a Role in the MDTdatabase if you would like that instead and then assign all settings to that. In this case we will create a Role section called [ComputerIsDesktop] and in that role we will define all settings for that role, in this case it will be an application and then we repeat that story for a laptop.

Sample CustomSettings.ini file

Output from testing the customsettings.ini file and as you can see it has been assigned the role correctly and since it is a laptop it will get the laptop app.

You can download the sample ini files here:

The UserAlias Userexit script is here:

Instructions on how to test customsettings.ini is here:

Posted in ConfigMgr, MDT, OSD | Tagged: , , , | 1 Comment »

Back to Basic – CustomSettings.ini – Converting Model and ModelAlias into Roles

Posted by Mikael Nystrom on May 22, 2015

So, someone asked me(you know who you are) if it is possible to convert something like a computer model into a role, and yes that is possible and some times a pretty smart thing to do. It becomes really great if you are using the ModelAlias Userexit script and you would like to use the database to define settings. The database has support for make and model, but since you are using modelalias instead of make and model, well then you can define settings as a role instead. The only thing you need to do is to convert the ModelAlias value into a Role and you are done. In this post I will describe two scenarios, one when you convert model into a role and the other is when you turn the modelalias into a role.

Converting Model into a Role:

In the customsettings.ini file we have three sections in the priority line: ConvertModelToRole,Role,Default and one customproperty just for fun

  1. ConvertModelToRole – will set the Role001 into RoMo-“the return of the model”
  2. Role – will search for a section with the name of RoMo-“the return of the model”
  3. Default – set default values

Sample CustomSettings.ini file

The output when running ZTIGather.wsf to test the inifile.

Converting ModelAlias into a role:

In the customsettings.ini file we have four sections in the priority line: HardwareInfo,ConvertModelToRole,Role,Default

  1. HardwareInfo – will execute the modelalias userexit script and return a value from that script
  2. ConvertModelToRole – will set the Role001 into RoMo-“the return of the model alias user exit script result”
  3. Role – will search for a section with the name of RoMo-“the return of the model alias user exit script result”
  4. Default – set default values

Sample CustomSettings.ini file

The output when running ZTIGather.wsf to test the inifile.

You can download the sample ini files here:

The UserAlias Userexit script is here:

Instructions on how to test customsettings.ini is here:


Posted in ConfigMgr, MDT, OSD | Tagged: , , , | Leave a Comment »

Nice to Know – Windows 10 OS Deployment links

Posted by Mikael Nystrom on May 1, 2015

Here are the basic media you need to start Windows 10 OSD.

Windows ADK RC for Windows 10


(Note: it will be located at the last part of the page)

Windows 10 Insider Preview ISO April Update


Windows 10 Enterprise Insider Preview


MDT 2013 Update 1 Preview



Posted in MDT, OSD, Windows 10 | Tagged: , , | Leave a Comment »

My Sessions at Microsoft Ignite 2015

Posted by Mikael Nystrom on May 1, 2015

Banner for Ignite 2015

Hands-on Windows 10 Enterprise Deployment

Want to know how to prepare for Windows 10, or how to upgrade from Windows 7, 8, or 8.1 to Windows 10? Maybe you want to know how to build, customize, and deploy your own Windows 10 image? In this pre-day session we explore all of those areas, with hands-on labs to ensure that you’ll be ready for Windows 10 in your organization.

Sunday, May 3rd  – 9:00 am to 5:00 pm

Troubleshooting Windows 10 Deployment: Top 10 Tips and Tricks

Need help with troubleshooting Windows deployment issues? Johan and Mikael share lessons learned around handling device drivers in the deployment process, common deployment issues and their workarounds, parsing log files, WinPE and PXE troubleshooting, UEFI deployments. As a foundation, Microsoft Deployment Toolkit and Microsoft System Center Configuration Manager will be used. You can expect a lot of live demos, tips, and tricks in this session.

Wednesday, May 6th – 10:45 am to 12:00 pm

Expert-Level Windows 10 Deployment

Join us for a live demo on how to build a Windows deployment solution, based on Microsoft System Center Configuration Manager. In the session we are taking OS Deployment in Microsoft Deployment Toolkit and System Center Configuration Manager to its outer limits. Deployment tips, tricks, and hard core debugging in a single session. You can expect a lot of live demos in this session.

Thursday, May 7 7th – 9:00 pm to 10:15 pm

Windows 10 Deployment: Ask the Experts

Still have questions about Windows deployment, even after all the other sessions this week? For this session, we gather as many experts as we can find for a roundtable Q&A session, with plenty of “official” and “real-world” answers for everyone, troubleshooting and implementation advice, and probably a fair number of opinions and “it depends” answers as well.

Thursday, May 7 7th – 3:15 pm to 10:15 pm

Book signing in the Bookstore

If you for any reason would like to have a book written by me signed, I’ll be there and I will happily sign it for you:

Wednesday, May 6th – 12:30 pm

Posted in ConfigMgr, Deployment, Event, Ignite, MDT | Tagged: , , , , , , , | Leave a Comment »

Nice to Know – Reset the WSUS update Count during OSD, allows automatic reinstallation of patches that failed

Posted by Mikael Nystrom on March 30, 2015

No, this is NOT something new, its just that it needs to be spread more…

In MDT 2010, there were some improvements to the ZTIWindowsUpdate.wsf script, the reason as to cut down time, they did and at the same time ZTI was not as reliable as it used to be. The issue is very simple, the task sequence remembers all patches that has been installed, so it will never ever re-install a patch and that is great, unless a patch needs to be reinstalled and it might need to…

Alexey (with help from Keith) did create a script in mars 2010 that resets the counter. You can find the blog post here The script you download from my site, does the same thing, the script is just slightly polished…

How to use it?

  • Download, Unzip and store the script in the Scripts folder of the MDT share
  • Modify the task Sequence:
  • Add a “Run Command Line” with the following command
    • cscript.exe "%SCRIPTROOT%\ZTIWindowsUpdateReset.wsf"

It should look something like this:



Posted in MDT | Tagged: | 2 Comments »


Get every new post delivered to your Inbox.

Join 6,458 other followers