As stated before, MDT needs an operating system before it can start deploying Windows. In addition to that, deployment tasks are needed to coordinate the deployment activities. One tenet put forth by Microsoft is to use MDT to create a “reference image” to be customized and captured as a custom image (WIM) later.
Having MDT create the reference image as much as possible will save a great deal of working updating Windows and installing applications. If it is preferred that all of the work for creating a reference image be done manually, that is possible too. A virtual machine is the best choice for creating a reference image for mass deployment. Virtual machines allow the creation of a true hardware-neutral installation of Windows. No hardware-specific driver or applications are installed, with the exception of things like VMware tools and the Hyper-V client software. Those can be removed prior to capture.
No install of Windows is very useful, out of the box, without additional software. In businesses, software such as Microsoft Office, Adobe Reader, and antivirus software are used to provide functionality. MDT can install applications as part of a deployment task in addition to connecting to a WSUS server for updates. WSUS offers a closer point for updates rather than going all the way to Microsoft Update over the Internet.
To add applications to MDT for installation with a deployment task…
Open the MDT Deployment Workbench and go to the Applications folder. Like the operating systems folder, I like to organize the Applications folder by manufacturer, product, and version. This approach is completely optional and not required. To create folders, just right-click the Applications folder and choose “New Folder.” Folders can be nested inside of one another.
To import applications into their respective folders, right-click that for and choose “New Application.” A wizard will start, prompting for information. For example, Microsoft Office 2016 Pro Plus.
The first step is to choose the type of application source files, though other options exist to use application files on a network share, and to create an application bundle (more on that later).
Next, the wizard asks for the application’s details. Only the application name is required. It is best to be as descriptive as possible.
Where the source files are located on the file system is the next question. Provide the correct location and choose “Next.”
The next step is to choose the name for the application’s destination directory in the deployment share. The application name and version from the details page are provided as a default. If that should be changed, now is the time to do it, not later.
The “Command Details” page asks for the silent install command for the application and provides the working directory in the deployment share. Microsoft Office’s silent install command is simple, “setup.exe.” However, Office has a customization tool, which is available by running “setup.exe /admin”, that allows an MSP modification package to be created with installation settings and customizations. MDT is aware of this and provides an option to run this customization tool from the application’s property sheet. Placing the final product of the customization tool, an MSP file, in the Updates folder of the Office install directory will have it used each time Office is installed from that location.
Finish the rest of the wizard with the Summary and Progress screens and Office will be imported into the Applications folder on MDT. After that, further customization can be made to the application. Microsoft Office has the unique “Office Products” tab which is specific to that application.
Many other applications can be added to MDT this way. I’ve had the best results with the MSI version of applications, but those are not always available. To get started with a fully functional install of Windows for my users, I include the following applications. Download link in the name and the silent install commands are in parenthesis.
Microsoft Office (setup.exe)
Microsoft Visual C++ 2005-2012 Redistributable x86 and x64 (vcredist_x64.exe /Q)
Mozilla Firefox (FirefoxSetup.exe -ms)
Google Chrome Enterprise (msiexec /q /I googlechromestandaloneenterprise.msi)
Adobe Reader (msiexec /qb /i AcroRdrDC1500720033_en_US.msi TRANSFORMS=AcroRdrDC1500720033_en_US.mst)
Note: Adobe Reader uses a transforms (MST) file to supply the unattended installation parameters. That file is created with the Adobe Customization Wizard, a separate application that must be downloaded and installed from Adobe. Also, Adobe doesn’t provide the full installer for Reader and other products from its regular download location. To get the full versions, one must apply for a free license to distribute Adobe products in the enterprise. Don’t use the regular consumer download location for Adobe products. Apply for the distribution license here.
Other applications like Flash-player, Shockwave, Java, and Adobe AIR change often. I do not usually include those in the reference image unless an installed application specifically require it. There is a good question around whether or not Flash-player should be included given its common security vulnerabilities. Those applications I choose deploy with the finished image along with the antivirus software. It is not that much of a task to add/update the install packages for Flash-player and such as they become available.
With this all in place, deployment tasks can be created to create a reference image of Windows 10 and Office 2016.