Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Solved
Windows 10 Custom Image Build Tips & Tricks?
Posted on 2016-09-23
Hello EE, I am starting to work on my gold image for Windows 10 Enterprise x64 (VM) and was hoping to get some help on any tips or tricks you all may have run into?
I am starting with SW_DVD5_WIN_ENT_10_1511.1_
I would like to remove as much of the apps as possible without breaking the Microsoft Store if it was ever needed down the line.
I see some PowerShell scripts out there which seem to accomplish this, any solid ones you know working well for you?
Does this need to be done in Audit Mode or sign on with a local admin account okay to build the custom profile?
All I really want to do is install Office 2016 and run Windows Updates on it, get a good base to work with.
WSUS environment, not sure is it is even pushing out Windows 10 Updates yet, so would it be bad idea to update it direct over internet before capture and then use it in WSUS environment?
Reading about some nasty with the Anniversary Update for Windows 10 and WSUS.
Plan is to capture and deploy via MDT 2013 (I have version 6.2.5019.0 is this updated enough)?
Just hoping to get some insider scoop on anything to look out for, appreciate any feedback or insight.
Thank you,
I am starting with SW_DVD5_WIN_ENT_10_1511.1_
I would like to remove as much of the apps as possible without breaking the Microsoft Store if it was ever needed down the line.
I see some PowerShell scripts out there which seem to accomplish this, any solid ones you know working well for you?
Does this need to be done in Audit Mode or sign on with a local admin account okay to build the custom profile?
All I really want to do is install Office 2016 and run Windows Updates on it, get a good base to work with.
WSUS environment, not sure is it is even pushing out Windows 10 Updates yet, so would it be bad idea to update it direct over internet before capture and then use it in WSUS environment?
Reading about some nasty with the Anniversary Update for Windows 10 and WSUS.
Plan is to capture and deploy via MDT 2013 (I have version 6.2.5019.0 is this updated enough)?
Just hoping to get some insider scoop on anything to look out for, appreciate any feedback or insight.
Thank you,
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
2-
2
7 Comments
Active today
First, my bias. I am already a big fan of "thin" images. Given your environment and plans (as much as has been revealed anyways), I definitely would recommend that route.
In essence, don't customize the image (or do so only minimally.) Now that Windows 10 uses cumulative updates, you are always one or two updates behind max. Let MDT do that with a task sequence instead of embedding it in the image.
Same with Office. I install with a task sequence. This is true for MSI based installed or C2R, but either way, you either end up having to re-image often to make sure it is reasonably up-to-date, or end up having to install updates in the task sequence anyways. So why bother with a heavy image for something that requires a task sequence after the fact anyways.
I'd go ahead and use the AU as the base image. As for "nasty" ...there are some isolated instances of people not being able to install the AU via WSUS, and >95% of those have been user error when I've been able to look at their setup. There is one rare instance where the update engine crashes, but again, this is only updating from 1511 to 1607, and is not a bug with 1607 itself, but with the update process. And was supposed to be fixed with the latest 1511 CU (which can only be negatively confirmed if the same crash occurs going forward.)
Regardless, not a reason to avoid starting with AU/1607.
Hope that answers your questions so far.
In essence, don't customize the image (or do so only minimally.) Now that Windows 10 uses cumulative updates, you are always one or two updates behind max. Let MDT do that with a task sequence instead of embedding it in the image.
Same with Office. I install with a task sequence. This is true for MSI based installed or C2R, but either way, you either end up having to re-image often to make sure it is reasonably up-to-date, or end up having to install updates in the task sequence anyways. So why bother with a heavy image for something that requires a task sequence after the fact anyways.
I'd go ahead and use the AU as the base image. As for "nasty" ...there are some isolated instances of people not being able to install the AU via WSUS, and >95% of those have been user error when I've been able to look at their setup. There is one rare instance where the update engine crashes, but again, this is only updating from 1511 to 1607, and is not a bug with 1607 itself, but with the update process. And was supposed to be fixed with the latest 1511 CU (which can only be negatively confirmed if the same crash occurs going forward.)
Regardless, not a reason to avoid starting with AU/1607.
Hope that answers your questions so far.
Active today
About the update problems: 1607 has received a cumulative update recently, that should have addressed the problem with WSUS. Before, on 1607, the update service was crashing regularly, when using it with WSUS during detection and/or download of cumulative updates, while other updates worked just fine. If the problem is really solved, we can only tell after the next patchday when another CU is offered.
App removal can be done using powershell, read https://technet.microsoft.com/en-us/library/dn376476.aspx
App removal can be done using powershell, read https://technet.microsoft.com/en-us/library/dn376476.aspx
Hi Cliff Galiher and McKnife,
Thank you for the feedback. I guess I have always been a fan of trying to keep my image as thin as possible but yet at the same time having all the main software needs that I know all my users require, and have the image updated with Windows Updates as much as possible. My train of thought for this is that I want to eliminate the amount of time needed to deploy a image and with Task Sequences for the Windows Updates and software such as MS Office to me this seems like an added amount of time involved for each machine deployed, granted I have never had luck when attempting TS for Windows Updates, which is probably why I have gone this route.
C2R... I am not familiar with.
I will be working with Office 2016 and was reviewing this;
https://www.microsoft.com/en-us/download/details.aspx?id=49030
And this;
https://www.microsoft.com/en-us/download/details.aspx?id=49117
I would prefer to use the AU as the base, does this just require updating my base to the AU version, or is there a newer ISO I can grab somewhere?
Also, I am unable to verify if customizing the image requires Audit Mode or not? I have been seeing some really odd behavior when going into Audit Mode.
Windows Updates are saying fully up to date yet I can visibly tell I am not on AU 1607.
Edge and apps do not work, not a big deal for me yet as I want to keep it as lean as possible, just the Windows Updates and MS Office 2016.
It also appears that if I shutdown the VM when in Audit Mode, it will do some strange behavior like be in a startup repair loop, or it will have the administrator account disabled and I can no longer access the VM.
I will hopefully have more feedback on my experience with this over the weekend, and appreciate any and all feedback.
Thank you for your time and efforts.
Thank you for the feedback. I guess I have always been a fan of trying to keep my image as thin as possible but yet at the same time having all the main software needs that I know all my users require, and have the image updated with Windows Updates as much as possible. My train of thought for this is that I want to eliminate the amount of time needed to deploy a image and with Task Sequences for the Windows Updates and software such as MS Office to me this seems like an added amount of time involved for each machine deployed, granted I have never had luck when attempting TS for Windows Updates, which is probably why I have gone this route.
C2R... I am not familiar with.
I will be working with Office 2016 and was reviewing this;
https://www.microsoft.com/en-us/download/details.aspx?id=49030
And this;
https://www.microsoft.com/en-us/download/details.aspx?id=49117
I would prefer to use the AU as the base, does this just require updating my base to the AU version, or is there a newer ISO I can grab somewhere?
Also, I am unable to verify if customizing the image requires Audit Mode or not? I have been seeing some really odd behavior when going into Audit Mode.
Windows Updates are saying fully up to date yet I can visibly tell I am not on AU 1607.
Edge and apps do not work, not a big deal for me yet as I want to keep it as lean as possible, just the Windows Updates and MS Office 2016.
It also appears that if I shutdown the VM when in Audit Mode, it will do some strange behavior like be in a startup repair loop, or it will have the administrator account disabled and I can no longer access the VM.
I will hopefully have more feedback on my experience with this over the weekend, and appreciate any and all feedback.
Thank you for your time and efforts.
Active today
Office 2016 can come as an MSI or as C2R depending on the exact version you ran. And maintenance matters. C2R for example doesn't update via windows update at all.
There are 1607 ISOs available. I don't know your specific licensing (reimaging rights imare not universal) so I can't tell you where to find your ISOs based on your licensing model. But they are in all the usual places.
Again, I would not remove apps as part if the image creation process. Do So as a task during deployment of your image. In part, you can spend time removing apps just to have an update re-add them. Microsoft even has a blog post on this behavior.
There are 1607 ISOs available. I don't know your specific licensing (reimaging rights imare not universal) so I can't tell you where to find your ISOs based on your licensing model. But they are in all the usual places.
Again, I would not remove apps as part if the image creation process. Do So as a task during deployment of your image. In part, you can spend time removing apps just to have an update re-add them. Microsoft even has a blog post on this behavior.
Active today
Just a small comment on "Edge and apps do not work" - they do work. Your screenshot shows a message indicating that you test to run those as built-in administrator. Since that is the mightiest account there is and UAC is always off for it, disregarding the system's UAC setting, Microsoft has disabled apps for it by default. For normal users, those would work, normal behavior.
Hi Cliff Galiher & McKnife,
I have taken your advice not to customize the OS and use Task Sequences to apply customizations. I am just testing the waters here and followed this guide below;
http://deploymentresearch.com/Research/Post/496/Building-a-Windows-10-Reference-Image-using-MDT-2013-Update-1
Everything appears to work out okay, .wim is captured and VM shutsdown without error.
When I boot up the VM these are the errors\options I get;
The Startup Settings, non of these options seem to do anything, I have tried all 9 and it will just get me back to the error windowstrustedrt.sys error.
My best guess here is something to do with the partitions and how they were assigned but not sure.
I made sure to keep the VM in host -only mode for this process so it would not get out on the internet.
Thank you,
I have taken your advice not to customize the OS and use Task Sequences to apply customizations. I am just testing the waters here and followed this guide below;
http://deploymentresearch.com/Research/Post/496/Building-a-Windows-10-Reference-Image-using-MDT-2013-Update-1
Everything appears to work out okay, .wim is captured and VM shutsdown without error.
When I boot up the VM these are the errors\options I get;
The Startup Settings, non of these options seem to do anything, I have tried all 9 and it will just get me back to the error windowstrustedrt.sys error.
My best guess here is something to do with the partitions and how they were assigned but not sure.
I made sure to keep the VM in host -only mode for this process so it would not get out on the internet.
Thank you,
Active today
Fairly straightforward error. Drivers are missing. You need to include VMWare drivers in your task sequence (or not use VMWare Workstation to capture your image.) I see a lot of problems with VMWare Workstation these days, so my inclination is to recommend Hyper-V (windows 10 has client Hyper-V after all) or at least VMWare ESX. Workstation just does too many funky things with drivers to make networking work.
Featured Post
Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
- Virtualization
- Windows 10
- Windows Server 2016
- Windows Server 2012
- Hyper-V
- Windows, Azure, *Clustering
Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
- Veeam
- Windows Server 2016
- Azure
- Hyper-V
- Windows 10
- Windows, *Nano Server
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders.
Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility.
Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses
Course of the Month8 days, 18 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
734 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.