I’ve always been under the impression that you need Windows Deployment Services (WDS) in order to deploy Windows with the Microsoft Deployment Toolkit (MDT). But it turns out you need nothing more than a Samba share, TFTP server, and a few tweaks to DHCP to get a pretty solid set up.
This procedure involves generating a boot image with MDT and copying that image to a TFTP server. A client then PXE boots, loads that image into memory through memdisk and runs the task sequence to install Windows. You will of course require one Windows machine to configure the task sequences.
This guide only contains the barebones installation of Windows through a Deployment Share. You can add software and automate the process to provide a zero touch installation. More on that in a future post.
Below are the requirements:
To keep things simple, I will configure Samba, DHCP, and TFTP on the same computer. I will be using CentOS in this guide but these steps should be easily portable to other flavours of Linux.
This guide is based on a virtual environment using KVM. The CentOS computer will be configured with an IP address of 192.168.122.100/24. All other computers (Windows 10, deployment machine) are virtual and configured to use DHCP.
The CentOS computer has been installed with the CentOS minimal ISO. The latest updates have been installed.
Install samba and policycoreutils-python. The latter package will give us the semanage command for SELinux.
Create two user accounts; mdtread and mdtwrite. The mdtread account will used to connect to the deployment share during deployment. The mdtwrite account is what the Windows 10 computer will use to connect and make changes to the deployment share. These accounts are only needed for authentication so we won’t create a home directory (-M) or give them a shell (-s /sbin/nologin).
Create and configure the MDT Share for Samba. I create this as a hidden share so it does not appear in an explorer window. I remove everything in the default smb.conf except the [global] section.
Verify everything is ok with the Samba configuration file
Configure SELinux to allow Samba access to the mdt directory. Verify this with the ls commmand.
If you must enable NetBIOS, start and enable nmbd. This will allow you to resolve to the hostname of your Linux computer through NetBIOS, rather than DNS.
Verify Share Access
On your Windows 10 computer, verify you can access the share. Click on the Start menu and type \\192.168.122.100\mdt$
Install MDT and ADK
You will need to download and install the following:
- Microsoft Deployment Toolkit
- Windows 10 Assessment and Deployment Kit (I just install Deployment Tools and Windows PE)
A simple Google search will bring up the download links for this software.
Add Deployment Share to MDT
Once MDT and ADK are installed, open the Deployment Workbench.
Right click Deployment Shares and select New Deployment Share.
If you try to add the deployment share through its UNC path, you will receieve an error. This is because you haven’t been authenticated yet. What you can do to work around this is open the Credential Manager from the Control Panel and add new Windows credentials for your share (192.168.122.100, mdtwrite, <password>).
Follow the rest of the prompts. These can always be changed at a later stage. The Deployment Workbench will now copy some files to the MDT share.
Obtain Windows 10 ISO and Upload to Deployment Share
You will need a Windows 10 ISO to upload to the MDT share. Thankfully this can be downloaded quite easily from the Microsoft website, unlike previous versions of Windows.
If using a Mac or Linux computer, you can go here and select the edition and language to download.
Downloading from a Windows machine requires a few more steps. It’s nothing hard but we just need to trick the web server into thinking that we are using another operating system, otherwise we are presented wtith the Windows 10 installation media download. In Google Chrome, go to the Windows 10 download site. Open the Developer tools (CTRL + SHIFT + I). Click the three dots at the top right hand corner > More Tools > Network Conditions. Uncheck Select Automatically and select a non-Windows OS, such as Chrome - Mac. Hit the refresh button and you will be able to select the edition and language to download.
I download the English version. I haven’t verified this but I believe the difference between English and English International is the English version is US English. The English International version is British English and contains additional keyboard layouts.
Once the download has completed, mount the ISO.
Back in the Deployment Share, right click Operating Systems and select Import Operating System.
Make sure Full set of source files is checked and click next.
Browse to the drive where the ISO was mounted and click next.
Follow the rest of the prompts. The OS files will begin uploadeding to the Deployment Share. This may take a few minutes.
Now we want to create a task sequence. Right click Task Sequences and select New Task Sequence.
Give the Task Sequence an ID and Name and click next.
Make sure Standard Client Task Sequence is selected and click next.
Select the OS that you are deploying. Here I’m using Windows 10 Pro.
Follow the rest of the prompts. I only have individual activation keys, so I don’t specify them during the install.
We are now ready to generate the ISO that we can boot for deployment. Right click on the Deployment Share and select Update Deployment Share. Since this is a new Deployment Share, just click next through the prompts. The ISO that needs to be uploaded to the TFTP Server will be generated. This may take a few minutes.
Install TFTP Server.
Enable TFTP Server in its configuration file by changing the disable line from yes to no.
Download syslinux. We need to use memdisk to boot the ISO. I just pull syslinux from the CentOS repos.
Copy the necessary syslinux files to the tftpboot directory.
Copy the LiteTouch ISO to the tftpboot directory.
Create the boot menu.
Start the TFTP server and enable on startup.
Configure firewall to allow TFTP through.
Install the DHCP server
Configure the DHCP server
Start the DHCP service and enable on startup
Configure firewall to allow DHCP requests
When the Deployment Share was created, a few files and folders were created on it. We need to adjust some of the permissions so our mdtread user can access the share.
We are now ready to deploy Windows 10.
Network boot the computer and select Windows 10.
Select Run Deployment Wizard to install a new Operating System.
Enter the read only credentials of the Deployment Share.
Select the Windows 10 Deployment Task Sequence and follow the rest of the prompts. Follow the rest of the prompts. Windows 10 will now be installed.