OS Deployment

Operating System (OS) Deployment allows users to create operating system images and deploy them to target computers. Its task sequences help facilitate the deployment of operating system images and other Microsoft Configuration Manager software packages.

Share tech news, updates, or what's on your mind.

Sign up to Post

Does anyone have something that will allow the below step #4 ?

 1. currently a library has 20 Window 10 Pro PCs
 2. every night a software like one of the below software packages are run to REFRESH the PC back to the original IMAGE
         ** https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter
         ** https://horizondatasys.com/reboot-restore-rx-pro/
         ** https://centuriontech.com/enterprise/
 3. about four times a year I manually update each of the 20 Window 10 Pro PCs with a new version
     of special locally installed LIBRARY software / etc that is not already on WSUS, Ninite, etc
 4. instead of doing the above #3 I would like to just update ONE PC,
     having the image easily CLONED to the other PCs
         ** I am willing to have everything on a HyperV VM on each PC if needed
Does anyone have any real experience with Windows 10 Pro sysprep?

I just imaged an entire machine.   When I completed the image I ran the sysprep tool and enabled audit mode.   After boot the machine BSOD'ed.   Am I supposed to run sysprep first, put it in audit mode, reboot and THEN install all the applications and drivers?  Also am I not allowed to reboot the machine?  I already ruined 1 unit I dont want to ruin another one.  

Can I undo what I did by putting the machine back to out of box mode clicking shutdown to reset what I did get back to windows and then proceed from there?  Or can you only sysprep the unit once?

I got in trouble by following a YouTube video which I thought would work now I feel pooched.   I got to get this image created by the end of day.

I do not know how audit mode works vs out of box mode.   Basically I want to put the machine so I can setup all the drivers and apps, and then make a macrium golden image of the machine before I shut it down.
I am hiring an INTERN to just do MDT PC deployments and do not want to grant this users "Domain Admin" rights, but it looks like I need to based on testing via my Windows Server 2016 AD.

Any suggestions on how to allow above, without giving "Domain Admin" rights ?
Hello everybody,

I have already posted a question about how to depolying and upgrading (Inplace-Upgrade ) Windows 10 and I've already got a solution (a reply) for (Inplace-Upgrade) but not about the "from scratch" Windows 10 deployment.

I'm going to use Microsoft's available free tools WDS and MDT and ADK (No SCCM abailble) to fully and 100% automate the installation process to the cleints but I'm confused about the procedural steps to run in order to accomplish this task/s. If you please could help me out with this process that would be great.

Thank you,
Trying to run sysprep on a Windows 10 ENT 2019 LTSC image and keep getting this error

2019-07-25 08:13:06, Error                 SYSPRP Package AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.

2019-07-25 08:13:06, Error                 SYSPRP Failed to remove apps for the current user: 0x80073cf2.

I believe if I uninstall or disable this, sysprep will run, but I'm not successful at doing either an uninstall or disable

I've uploaded my sysprep log files for reference.

ERROR: Unable to generate catalog on J:\DeploymentShare\Operating Systems\WS2K12R2-F\Sources\install.wim: System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.ComponentStudio.ComponentPlatformImplementation, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
File name: 'Microsoft.ComponentStudio.ComponentPlatformImplementation, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
   at Microsoft.ComponentStudio.ComponentPlatformInterface.Cpi.CreateOfflineImageInstance(OfflineImageInfo imageInfo)
   at Microsoft.ComponentStudio.ComponentPlatformInterface.OfflineImageCatalog.Serialize(OfflineImageInfo imageInfo)
   at Microsoft.ComponentStudio.ComponentPlatformInterface.OfflineImageInfo.CreateCatalog()
   at Microsoft.BDD.Catalog.Program.DoCatalog()

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

Non-zero return code from catalog utility, rc = 2002

Open in new window

We have 1803 win 10 on network and I guess we should update to 1903. I’ve been advised to not use WSUS, rather script it but I can’t find any info or links on downloading the update or command line options to install. Any ideas?
We're using SCCM 1710 to deploy 64-bit Windows 10 2016 LTSB (version 1607) .

At the very end, we enable BitLocker (successfully).  We've found that the DRA protector is not enabled b/c the volume identifier is still unknown.  We define the identifier via GPO.  This GPO is applied to the OU where this newly imaged computer is dropped during the deploy process.  

We discovered that if we run "manage-bde.exe -si c:", the identifier is assigned, and the DRA protector is then listed when you run a "manage-bde -status".

So we're trying to add a "Run command line" task to do the "manage-bde.exe -si c:" after the enable BitLocker task.

No matter what syntax we try (based on various suggestions we've found here and there), the task always fails with an "Element not found" error.  The error code is 0x80070490.

We've added a pause to our task sequence after the "Enable BitLocker" ask so we can test different ideas.  So far we're finding lots of ways to not create a light bulb.

We're also finding that at this stage of the deploy, "gpresult /r" does not work in the command prompt. We're thinking this could mean that BitLocker is not aware of the identifier GPO settings at this stage.

Is there a way to set the volume identifier during the OS deploy so the DRA protector is added to the disk?

Is there another way to add the DRA protector?

Any help is greatly appreciated!!

I'm working in medium company with 400 users. I'm looking for a tool to deploy pc and get an inventory of devices, workstations, servers, applications, etc.

What can you suggest? (SCCM is too expensive for us)



We have a case where we need to capture Windows 10 Enterprise from a bare-metal system / physical machine (Dell OptiPlex 5050) and redistribute it with MDT to other OptiPlex 5050 machines. Normally we do this with a VM, but in this case it is impossible, because there are specific drivers and settings done on this machine for very specific hardware peripherals that are connected in a production environment.

The system was initially a Windows 10 1609 build with all the hard- and software requirements needed for the production environment. We would like to refresh the image now and redeploy it to dozens of other machines. The reference computer was upgraded to 1803 and some software components where upgraded (webbrowsers, ...)
The capture worked with MDT and the image was successfully saved to e WIM file on the deployment share in a folder Captures.

The standard procedure was to import the WIM file as a custom Operating System build. There is a specific task sequence created to redistribute this custom image.
The deployment on the target machine (Optiplex 5050) works just fine, but after the action 'Install Operating System' completes, the system reboots twice and displays the message:

Your PC couldn't start properly
After multiple tries, the operating system on your PC failed to start, so it needs to be repaired.
Error code: 0xc0000001

Pressing F1 reboots the system and presents the following message:

The boot configuration data …
I have Microsoft Deployment Toolkit setup on my home Windows 2016 Standard Server test lab and can deploy, but it always requires me to manually enter the Windows 10 Pro after the deployment is finished.

How can I setup to automatically get whatever OEM key my existing brand new DELL Windows 10 Pro PCs have instead of wiping that key out ?

Maybe something like the https://www.reddit.com/r/sysadmin/comments/6cam2k/how_would_you_got_about_deploying_an_image_to_200/ script talks about ?
I have 2 vms running on esxi 5.5.0 Server1 and Server2. Server1 had problems so we restarted the server. We found that when server1 that is restarted it just continues to boot os but unable to do so. We restarted server2, also noticing that server1 one was able to boot as well. After a while both were ok. Both server are windows server 2012

I need to find the root cause of this issue what should i be looking at? What should i do to solve this issue?

I have a Windows 10 1709 image which I have successfully sysprepped and been rolling out to users.

I have now restored the 1709 reference image I create BEFORE running sysprep and updated to 1803, updated my companies software etc and then created a new 1803 reference image

BUT when I now try and run sysprep.exe /generalize /oobe /shutdown /unattend:unattend.xml I get the following error:-

"Sysprep was not able to validate your Windows installation.  Review the log file at %WinDir%\System32\Sysprep\Panther\Setupact.log for details.  After resolving the issue, use Sysprep to validate your installation again"

Attached is the setupact.log but I cannot see what problem is OR how to solve it?

Please help
While browsing to the data source for the operating system image within the "Software Library\Operating Systems" section of SystemCenter Configuration Manager 2016 (SCCM) I receive an error message that says "The specified UNC path does not contain a valid WIM file or you do not have permission to access it. Specify a valid path."

I get this same error message when trying to point to the WIM files for Windows 10, Server 2016, and Windows 7 operating systems.

What do I need to do to fix this issue so I can successfully point to these OS WIM files?

SCCM WIM UNC path error
I have been to many KB articles about CA root cert validation period and still have doubt about it and want to clear it. I am about to work on a root CA to increase the validity period as well to increases the issued certificate period.
We have a CA root server and this  server is issuing (no subordinate server in place) the certificate with five years . We now want to renew the CA 's root cert as well as the issued certs period to another 5 years.
My understanding from the EE, nothing I can do with issued certificates and they will expire what ever I do with root server. In this case , I first have to change the validity period in CApolicy.inf file and renew the certificate of CA root server to 10 years, hence this will increase the validation of CA's root certificate as desired (10 years or more).
But the old issued certificates to the clients are chained to old issued template, in this case, the old issued certificates will be expired soon even after changing the value of CAplicy.inf file .
To remediate the issue, the next step is that I have to create new issuing template and issue the certificates to client by GPO.
I have to issue the listed below commands to the server In order for me to set  the  AD's templates period to 5 years as we want otherwise the AD's templates will be staying with old's validation period?
certutil -setreg CA\ValidityPeriodUnits 10
certutil -setreg CA\ValidityPeriod Years
net stop certsvc && net start certsvc

In conclusion, I have to…
Hi All

I have a WIM file that I am trying to deploy via USB.

Please can someone assist me.

The PC that I am using has Windows 10 1803 with the ADK installed.

The WIM only has one image.
If I grab the User State Migration Tools(USMT) executables from the Windows 10 "Windows Assessment and Deployment Kit" can I use them also on Windows 7 boxes? We are working on a non-SCCM OS migration.
Hello experts - I'm looking for a solution to save me time when preparing PCs for deployment.  I work for an architecture firm and we use primarily Dell Precision PCs but each it built to order and there are no two exactly the same.  I have a standard set of software that all architectural users get.  Right now, I prepare each one manually which takes nearly a full day to get ready.  I'd like to explore other options but am not sure where to start.  Ideally I'd create a standard image containing all the software we normally use and deploy that to new machines without having to go through the install process for every application.  I'm not sure how that would work with each machine having slightly different hardware, windows licenses etc.  Where would be a good place to start with this?
We are looking for a simple yet effective way todo the following,

Scenario. We order 100 laptops, from manufacturer with Windows 10 OEM locally. We want to install 1 laptop with OEM Windows 10, patch, Office package etc and create a standard image. Then we want to deploy the same image to all other 99 laptops and activate each laptop using its unique OEM key thats inside the BIOS (nowadays they do this).

What tool is the simplest best way to Capture image and Deploy it over network in a great way? We can use a Win server, NAS or whatever to store the server centrally.

Hi Experts,

I have to boot this device via LAN or USB.
But this is not possible until now.

The device is : Lenovo Miix 720

Can you help me out ?
I get always this error....
Hello Everyone !

I have to create a W10 1703 template on my vCenter infrastructure.
To do this, I just repeated the same process than for the 1607 version.

1/ Create a VM and deploy our W10 1703 image
2/ Add the VM in WORKGROUP
3/ Convert in template
4/ Deploy a machine from this template with the associated customization

We have to use custom sysprep answer file (unattended file). I tried with the customization used by 1607 version but it doesn't work.

 UnattendedFile.xml :
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      semaphore timeout period has expired while executing script/query in SQL management studio 2008 R2.What should i do?What is the issue?

Can you please tell me how to upgrade OS( window server 2012 r2 to window server 2016) using scripting language .

Hi Experts;
I have an application in VB6 which uses this code to import from a .csv file.

    Set adbMain = New Access.Application
    adbMain.AutomationSecurity = 1 'Set Macro Security to Low
    adbMain.OpenCurrentDatabase "c:\<path>\Mydb.mdb", False
    adbMain.DoCmd.TransferText acImportDelim, , sTable, sFile, True
    Set adbMain = Nothing

99% of the time it works like a dream - however some users do not have Access and they are getting an Automation Error.

I'm referencing Microoft Access 11.0 in my project, and tried having the user install & manually register the underlying file:
(c:\program files (x86)\Microsoft Office\OFFICE11\msacc.olb)
but this didn't solve the error, and also caused a sister-app to throw an error on launch.

I've read MDAC_TYP.exe could be the answer, but my searches indicate it isn't available for Win10; and is x86 only.
My current user is x86, but no doubt I'll have 64-bit users in the same situation.

My question is this: Is MDAC_TYP.exe the answer?
If yes, Is there a recommended version of MDAC_TYP.exe I should have him use.
Does it pose any danger to the user's system?

Thank you for any advice!
I have had a working MDT deployment (6.3.8443) environment for a year or so but now I have my first UEFI only computer, I have added all the latest win7x64 drivers to the task sequence (chipset, VGA, LAN etc etc) and there is a (built-in) task step "Format and Partition Disk (UEFI)" which formats the drive as GPT, this applies correctly when I run the task sequence.

The sequence finishes imaging the computer but on first boot to Windows it hangs at the 'Starting Windows' logo.
Safe mode hangs at CLASSPNP.sys

Any ideas?

OS Deployment

Operating System (OS) Deployment allows users to create operating system images and deploy them to target computers. Its task sequences help facilitate the deployment of operating system images and other Microsoft Configuration Manager software packages.

Top Experts In
OS Deployment