====== WDS ======
===== Смена каталога установки =====
wdsutil /Uninitialize-Server
robocopy \e \move "C:\RemoteInstall" "F:\RemoteInstall"
wdsutil /Initialize-Server /REMINST:"F:\RemoteInstall"
https://learn.microsoft.com/en-us/answers/questions/47469/wds-changing-the-default-remote-installation-folde
===== Альтернативы =====
https://www.iventoy.com (сырой)\\
https://fogproject.org\\
https://www.vercot.com/%7Eserva/an/WindowsPXE1.html
[[https://www.youtube.com/watch?v=1pa4Y64y2Go&list=PLW4lSQGHMQTQW4Ugy9pzUleLjB4jQ2sY0&pp=iAQB|Heikki Koivisto - PXE boot playlist]] on Youtube
====== MDT ======
===== Установка =====
MDT: https://www.microsoft.com/en-us/download/details.aspx?id=54259\\
ADK: https://learn.microsoft.com/ru-ru/windows-hardware/get-started/adk-install
===== Настройка =====
===== Создать Deployment Share =====
Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
$shares = Get-MDTPersistentDrive
### VAR
# Common
$mdtServerName = "vmws-wsus1"
# Share - Create
$shareName = "Capture Share"
$shareDisk = 'D:'
# Share - User for access
$shareUser = "domain.ru\sa_wds"
# Create share
$shareFolder = $shareName -replace '\s'
$shareNum = "DS" + (((($shares.name |sort |select -last 1) -replace '\D') -as [int]) + 1).tostring("000") # Next free number
mkdir -Path "$shareDisk\$shareFolder" -Force
New-SmbShare -Name "$shareFolder`$" -Path "$shareDisk\$shareFolder" -FullAccess Администраторы
new-PSDrive -Name $shareNum -PSProvider "MDTProvider" -Root "$shareDisk\$shareFolder" -Description "MDT $shareName" -NetworkPath "\\$mdtServerName\$shareFolder$" -Verbose | add-MDTPersistentDrive -Verbose
# Set permissions to share user
icacls.exe "$shareDisk\$shareFolder" /grant ""$shareUser":(OI)(CI)(M)"
Grant-SmbShareAccess -Name "$shareFolder$" -AccountName $shareUser -AccessRight Full -force
===== Добавить приложение =====
Здесь - в режиме "Application without source or elsewhere on the network", т. к. дистрибутив лежит в общей папке в сети
Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
function Add-MDTApp ($shareName,$appName,$cmd,$dir) {
$share = Get-MDTPersistentDrive |? description -match $shareName
New-PSDrive -Name $share.name -PSProvider MDTProvider -Root $share.path
Import-MDTApplication -Path "$($share.name):\Applications" -enable "True" -Name $appName -ShortName $appName -Version "" -Publisher "" -Language "" -CommandLine $cmd -WorkingDirectory $dir -NoSource -Verbose
}
Add-MDTApp -shareName "Capture Share" -appName "Office 2016 Standard" -cmd "setup.exe" -dir "\\vmws-wsus1\Soft\Office\2016"
===== Добавить/удалить каталог =====
Добавить
Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
New-PSDrive -Name "DS002" -PSProvider MDTProvider -Root "D:\CaptureShare"
new-item -path "DS002:\Applications" -enable "True" -Name "Test" -Comments "Comment" -ItemType "folder" -Verbose
new-item -path "DS002:\Applications\Test" -enable "True" -Name "Another" -Comments "Comment" -ItemType "folder" -Verbose
Удалить
Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
New-PSDrive -Name "DS002" -PSProvider MDTProvider -Root "D:\CaptureShare"
remove-item -path "DS002:\Applications\Test" -verbose -recurse
===== Драйверы =====
Configure the Inject Drivers task sequence step action with the following settings:\\
Choose a selection profile: Nothing\\
Install all drivers from the selection profile
The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting.
For more information, please refer to:\\
[[https://web.sas.upenn.edu/jasonrw/2016/09/25/mdt-and-drivers/comment-page-1/|MDT and Drivers]]\\
[[https://www.deploymentresearch.com/mdt-2013-lite-touch-driver-management/|MDT Lite Touch Driver Management]]
===== Задачи =====
==== Конвертация ESD в WIM ====
Если в ISO образ install.esd, то его нужно сконвертировать в install.wim для импорта в MDT.
$imgFrom = "E:\sources\install.esd"
$imgTo = "d:\temp\windows10_22h2_ent.wim"
# Выяснить, что в образе
Get-WindowsImage -ImagePath $imgFrom
# Конвертировать, указав SourceIndex
$sourceIndex = 2
Export-WindowsImage -SourceImagePath $imgFrom -DestinationImagePath $imgTo -SourceIndex $sourceIndex -CheckIntegrity -CompressionType max
==== Удаление встроенных приложений ====
Размещение задачи: После задачи Restore User State task в группе State Restore.\\
Размещение скрипта в файловой системе: DeploymentShare\Scripts\\
Добавить задачу Powershell Script и вписать имя скрипта в строку "Powershell Script".
{{:service:pasted:20231211-102405.jpeg?400}}
Добавить параметр ''HideShell=YES'' в customsettings.ini в свойствах DeploymentShare.
https://community.spiceworks.com/topic/2272584-how-to-use-mdt-to-remove-windows-10-apps
==== Обновление со WSUS из определённой группы ====
В customsettings.ini объявить свойство в разделе ''[Settings]''.\\
Затем присвоить ему значение в ''[Default]''.\\
:!: Группу лучше писать на латинице и без пробелов, потому что группа под названием "Тестовая группа" не работала.
[Settings]
Priority=Default
Properties=WSUSGroup
[Default]
WSUSGroup=wds
В DeploymentShare, в каталоге Scripts отредактировать файл ''ZTIWindowsUpdate.wsf'', вставив в раздел Configure Windows Update settings строки
If oEnvironment.Item("WSUSGroup") <> "" then
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
End if
Финальный вид раздела:
'//----------------------------------------------------------------------------
'// Configure Windows Update settings
'//----------------------------------------------------------------------------
If oEnvironment.Item("WsusServer") <> "" then
' Configure the WSUS server in the registry. This needs to be a URL (e.g. http://myserver).
oLogging.CreateEntry "Configuring client to use WSUS server " & oEnvironment.Item("WsusServer"), LogTypeInfo
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer", oEnvironment.Item("WsusServer"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer", oEnvironment.Item("WsusServer"), "REG_SZ"
If oEnvironment.Item("WSUSGroup") <> "" then
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
End if
End if
[[https://peppercrew.nl/2015/10/add-wsus-target-group-option-to-mdt-deployments-2/|Add WSUS Target Group option to MDT deployments]]\\
[[https://learn.microsoft.com/fr-fr/security-updates/windowsupdateservices/21741548|Configure Clients in a Non–Active Directory Environment]]
После окончания настройки ПКМ на Deployment Share -> Update Deployment Share -> Completely regenerate boot images.\\
На WDS импортировать wim-файл как загрузочный.
==== Смена редакции Windows ====
State Restore -> After Opt In to CEIP and WER
Convert to Enterprise
https://winitpro.ru/index.php/2020/10/12/upgrade-redakcii-windows-10/
===== Литература =====
Документация по MDT: https://learn.microsoft.com/ru-ru/mem/configmgr/mdt/\\
Создание эталонного образа: https://learn.microsoft.com/ru-ru/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image\\
[[https://www.youtube.com/playlist?list=PLNk1_iq1vyJkiduaoV_niMw_kC5J3_M1T|Большая инсталляция с кучей софта]]\\
Как установить Windows 11 22H2 (WDS + MDT) - [[https://www.youtube.com/watch?v=wIp2YTNVjHk|видео]], [[https://www.dannymoran.com/deploy-windows-11-with-mdt-and-wds/|статья]].\\
Справка по параметрам MDT (customsettings.ini): https://learn.microsoft.com/en-us/mem/configmgr/mdt/toolkit-reference\\
===== Проблемы =====
==== Оснастка Deployment Workbench вылетает при заходе на вкладку Windows PE в свойствах установочной шары ====
Решение - создать каталог ''x86\WinPE_OCs''.
mkdir 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs'
==== При загрузке образа по сети ошибка The value for the attribute is not valid : language, Code 80040049 ====
Script: X:\Deploy\Scripts\LiteTouch.wsf
Line: 2
Char: 13
Error: The value for the attribute is not valid : language
Code: 80040049
Source: Windows Script Host
[[https://learn.microsoft.com/en-us/answers/questions/1374595/i-have-an-error-running-litetouch-wsf|Решение 1]]:
- Install the most recent ADK from Microsoft.
- For the PE add-on, the most recent one that Microsoft is providing is a faulty one.
So download this one and it should be working fine: https://go.microsoft.com/fwlink/?linkid=2120253 (10.1.19041.1)
[[https://learn.microsoft.com/en-us/answers/questions/1374595/i-have-an-error-running-litetouch-wsf?page=2#answers|Решение 2]] (я использовал это):
- Go here, follow these instructions: https://www.deploymentresearch.com/fixing-vbscript-support-in-windows-adk-sep-2023-update-build-25398/\\
This issue is now fixed using the latest LCU KB5031373 or newer for Server Operating Systems. [[https://learn.microsoft.com/en-us/windows-hardware/get-started/what-s-new-in-kits-and-tools?source=recommendations#windows-pe-known-issues
|More details here]].\\
[[https://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Update-ADK25398BootImageWithCU.ps1|Here is a PowerShell script]] that applies the official fix to an MDT Lite Touch boot image.
- Next, [[https://learn.microsoft.com/en-us/mem/configmgr/mdt/known-issues#hta-applications-report-script-error-after-upgrading-to-adk-for-windows-11-version-22h2|follow these instructions]], just for the section titled "HTA Applications report script error after upgrading to adk for windows 11 22H2"
- Go into MDT, right click your Deployment Share, choose Update Deployment Share, and choose to completely regenerate your boot image.
- Replace your image in WDS using the new boot image you just generated in Step 3 (it will be in ''\Boot'').
==== Не обновляется установочная шара ====
=== Making sure the deployment share has the latest x86 tools ===
=== Processing LiteTouchPE (x86) boot image ===
Building requested boot image profile.
System.Management.Automation.CmdletInvocationException: Unable to open the specified WIM file. ---> System.Exception: Unable to open the specified WIM file. ---> System.ComponentModel.Win32Exception: Системе не удается найти указанный путь
--- Конец трассировки внутреннего стека исключений ---
в Microsoft.BDD.Core.BDDWimFile..ctor(String wimPath, Boolean forUpdate)
в Microsoft.BDD.PSSnapIn.UpdateDeploymentPoint.UpdateBootImage(String template, String platform, String dpPath, Boolean createISO, String isoName)
в Microsoft.BDD.PSSnapIn.UpdateDeploymentPoint.ProcessRecord()
в System.Management.Automation.CommandProcessor.ProcessRecord()
--- Конец трассировки внутреннего стека исключений ---
в System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
в Microsoft.BDD.Wizards.UpdateProgress.WizardProcessing()
в Microsoft.BDD.Wizards.WizardProgress.InitiateWizardProcessing()
Решение: отключить образ x86.\\
Обходной путь (не проверял): ''cp -Recurse 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\' 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\'''
According to the official article, this is by design. The last supported version of 32-bit WinPE is available in the WinPE add-on for Windows 10, version 2004. The 32-bit versions of Windows PE (WinPE) in the WinPE add-ons for Windows 11 and Windows Server 2022 aren't supported.
https://learn.microsoft.com/en-us/answers/questions/988543/mdt-error-when-updating-ds
=== Не генерируется Unattend.xml ===
:!: В целом можно забить, т. к. этот файл устарел и лучше всё настраивать без него.
Выполнение операции "generate" над целевым объектом "Catalog".
Starting: "C:\Program Files\Microsoft Deployment Toolkit\Bin\Microsoft.BDD.Catalog40.exe" "D:\DeploymentShare\Operating Systems\Windows 11 23H2 x64\Sources\install.wim" 4 > "C:\Users\admin\AppData\Local\Temp\Microsoft.BDD.Catalog.log" 2>&1
����ࠡ�⠭��� �᪫�祭��: System.IO.FileNotFoundException: �� 㤠���� ����㧨�� 䠩� ��� ᡮ�� "Microsoft.ComponentStudio.ComponentPlatformInterface, Version=6.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" ���� ���� �� �� ����ᨬ��⥩. �� 㤠���� ���� 㪠����� 䠩�.
� Microsoft.BDD.Catalog.Program.DoCatalog()
� Microsoft.BDD.Catalog.Program.Main(String[] args)
Non-zero return code from catalog utility, rc = -532462766
=== Failure (5616): 15299: Verify BCDBootEx ===
Ошибка при разливке образа. Решение:
Поместить скрипт FixUEFIDetection.wsf в каталог Scripts в DeploymentShare
++++ FixUEFIDetection.wsf |
++++
Task Sequence -> Preinstall -> New Computer only -> создать задачу "Run Command Line" перед первой задачей Format and Partitions Disk и указать там на скрипт.
{{:service:pasted:20231219-080156.png}}
https://www.youtube.com/watch?v=W4Xfen6Slrk