Creating an imaging server with windows 2016 and Windows 10

Creating an imaging server with windows 2016 and windows 10.

A little Background

At my work I do quite a bit of reformatting. This means I have to manually install and setup each computer which can be fairly time consuming. My first attempt to speed this up was to use scripts and GPOs and it worked quite well except for those that needed more software and more complex setups. Plus I still had to sit there and accept all the EULAs and Settings at setup, so I was wasting time.
To counter this I did what any aspiring sysadmin would do: setup and test the potential solution in my own homelab. This allowed me to setup the solution without any restrictions and mess up without any real consequences except maybe be down for a few hours. 

My Setup

Previously I setup my AD domain (, my dns, my DHCP so if you don't have those you may want to set those up now. In addition I spun up a new Windows 2016 with the desktop experience (the service for imaging won't work on core), and a windows 10 VM in audit mode, you will also want a windows 10 machine to install the ADK.

Setting up windows 10

For this you will want to download the windows 10 ISO and spin up a virtual machine in proxmox. Go through the install process until you hit it asking for the customization features like asking for language. That is when you want to hit Ctrl+shift+F3, which will boot you into audit mode. Audit mode will allow you to make changes to the default profile which allows you to install stuff like common software and drivers. 
After entering audit mode, change any setting you would like to, although some might be changable in the unattend.xml. Also at this stage install software like Microsoft Office, media players and other software (Go to nanite to package and install the most common software all at once).
Keep this running, we have a few changes we will make later. 

Setting Up Unattend.xml

On your other windows 10 machine install Windows 10 ADK.  You will want to keep all the default settings, although if you are strapped for space you can only install the the deployment tools, taking about 7GB.

****NOTE: You may need to convert your .esd to .wim for the next part please follow the tutorial here (External Link)****

Open the "Windows System Image Manager"  and right click select windows image and select windows image.  Navigate to your install.wim and press open. then in the middle pane right click and select "Create New Answer File ". 

I followed this article to create my configuration, but if your file should look similar to this:

Before you save it click the Tools menu item and make sure hide sensitive information is checked. Then save it to an easy accessible place, preferably network share.

Finalizing the image with sysprep 

Okay, we're almost done with setting up the windows 10 image. The first thing you want to do is copy the Autounattend.xml to "C:\windows\system32\sysprep\". Open an administrator command prompt and paste this command in:

Here's a breakdown of the script
Command option Description
/generalizeThis is probably the most important command. What this does is makes it so the image is hardware independent so it removes any drivers or identifying information unique to the current computer.
/unattendThis one is self explanatory, tells sysprep where to look for the unattend file
/shutdownShutsdown the computer after the sysprep process is done there's also a reboot option
/oobeStands for Out of the box experience, basically like running it the first first time but with all your customizations.

Setting up WDS on Windows server 2016

Remember you will need a server with the desktop experience or otherwise it will not work.

Opne server Manager and click Manage->add roles or features. Click next-> role based installation-> select your server->Near the bottomm select Windows Deployment services -> ->next -> install .

Now go to your server and open Server manager and click tools-> windows deployment services. Right Click servers and add server. You will go through the process of adding your server. When that's done you will have several options under the server go to boot images. Right click and select add boot image. You will add the boot image from the windows install iso. The easiest way i found to do this is mount the image in a desktop and copy the Boot.wim from the sources folder to a network share. Then point to that when you add the boot image.

****NOTE: The Boot.wim allows the computer to actually boot****
Fill in the image name and description to your liking. Click next and select the operating system you want. After that is done right click the new boot image and select create capture image. Fill in the image name and description and select a location for the capture image to be saved. When it fininshes make sure you have checked Add to deployment server and then click finish.Go through the motions once again.

Capturing the image

Go ahead and boot up the windows 10 but make sure it boots to the network. It should automatically boot to network, but if not go ahead and add it to your dhcp as the boot server being the WDS server.

Highlight the boot image that you created in the previous setup, and press enter. Then do Next -> Select the volume (usually D: because C: is used to boot up in this instance) -> fill in name and description-> next->  select a location just the d drive usually works-> check upload to deployment server->fill in the ip address in the server name and click connect-> for the username make sure you have the domain\username format and your password is just your password -> Select group name -> next  This will take a while since it is backing everything up.

Testing the image

After it is done capturing it will reboot. Shutdown for now. Go to your windows server and under the install images -> imagegroup1 you should see the image you just captured. If not go and double check all the steps. Since everything is working it is now time to test deployment.

Boot up the windows 10 or even better use another computer ( I used a VM with no disk or OS on it). Make sure it network boots.You will select the boot image that you didn't use last time to start the setup. Once that boots there should be a selection of images you can choose from or just one if this is your first time. Select the one you want and click next, it will look like you are setting it up for the first time but what it really is doing is copying everything to the hard drive. For some reason my computer asks me to accept the EULA and mark the privacy settings, but with everything else is there so no problem.

After the imaging process you will be left on the login screen. You will notice that since we already added to join a domain in the unattend file, we can login directly to the domain. Go ahead and login with a domain account and make sure you can run the programs you installed in the setup phase. If you changed settings make sure it stuck, otherwise go through the steps and see if you missed one. You have now set up a functional imaging server.

Why go through all this trouble?

You may be thinking why go through all this trouble in creating an image and syspreping and then spend some time testing it. The great thing about this process is it is great for larger environments. If you have over 30 computers you don't have to do each computer individually but instead automate it through this process. Also through this process, you no longer have to worry about whether you installed software on one computer or not.
This process also conserves bandwidth. Instead of downloading the windows iso multiple times in addition to the programs, you just do it once. You can also control it so it'll always use the newest windows version so it won't download the update every time you install.
This process probably isn't useful for anyone with less than 20 computers. But it is a question on whether going through the process will save time for you or will it be more effort than its worth.


Popular posts from this blog

Converting a Cisco IronPort to a overkill home router.

Enhancing connectivity from AWS to my on-premise network

My Journey Towards High Resilancy