OS Deployment

Operating System (OS) Deployment allows users to create operating system images and deploy them to target computers. Its task sequences help facilitate the deployment of operating system images and other Microsoft Configuration Manager software packages.

Share tech news, updates, or what's on your mind.

Sign up to Post

We're using SCCM 1710 to deploy 64-bit Windows 10 2016 LTSB (version 1607) .

At the very end, we enable BitLocker (successfully).  We've found that the DRA protector is not enabled b/c the volume identifier is still unknown.  We define the identifier via GPO.  This GPO is applied to the OU where this newly imaged computer is dropped during the deploy process.  

We discovered that if we run "manage-bde.exe -si c:", the identifier is assigned, and the DRA protector is then listed when you run a "manage-bde -status".

So we're trying to add a "Run command line" task to do the "manage-bde.exe -si c:" after the enable BitLocker task.

No matter what syntax we try (based on various suggestions we've found here and there), the task always fails with an "Element not found" error.  The error code is 0x80070490.

We've added a pause to our task sequence after the "Enable BitLocker" ask so we can test different ideas.  So far we're finding lots of ways to not create a light bulb.

We're also finding that at this stage of the deploy, "gpresult /r" does not work in the command prompt. We're thinking this could mean that BitLocker is not aware of the identifier GPO settings at this stage.

Is there a way to set the volume identifier during the OS deploy so the DRA protector is added to the disk?

Is there another way to add the DRA protector?

Any help is greatly appreciated!!
4 signs you’re cut out for a cybersecurity career
4 signs you’re cut out for a cybersecurity career

It’s one of the most in-demand fields in technology and in the job market as a whole. It’s crucial to our individual and national security. And it may be your path to a future filled with success and job satisfaction—if these four traits sound like you.


I'm working in medium company with 400 users. I'm looking for a tool to deploy pc and get an inventory of devices, workstations, servers, applications, etc.

What can you suggest? (SCCM is too expensive for us)



We have a case where we need to capture Windows 10 Enterprise from a bare-metal system / physical machine (Dell OptiPlex 5050) and redistribute it with MDT to other OptiPlex 5050 machines. Normally we do this with a VM, but in this case it is impossible, because there are specific drivers and settings done on this machine for very specific hardware peripherals that are connected in a production environment.

The system was initially a Windows 10 1609 build with all the hard- and software requirements needed for the production environment. We would like to refresh the image now and redeploy it to dozens of other machines. The reference computer was upgraded to 1803 and some software components where upgraded (webbrowsers, ...)
The capture worked with MDT and the image was successfully saved to e WIM file on the deployment share in a folder Captures.

The standard procedure was to import the WIM file as a custom Operating System build. There is a specific task sequence created to redistribute this custom image.
The deployment on the target machine (Optiplex 5050) works just fine, but after the action 'Install Operating System' completes, the system reboots twice and displays the message:

Your PC couldn't start properly
After multiple tries, the operating system on your PC failed to start, so it needs to be repaired.
Error code: 0xc0000001

Pressing F1 reboots the system and presents the following message:

The boot configuration data …
I have Microsoft Deployment Toolkit setup on my home Windows 2016 Standard Server test lab and can deploy, but it always requires me to manually enter the Windows 10 Pro after the deployment is finished.

How can I setup to automatically get whatever OEM key my existing brand new DELL Windows 10 Pro PCs have instead of wiping that key out ?

Maybe something like the https://www.reddit.com/r/sysadmin/comments/6cam2k/how_would_you_got_about_deploying_an_image_to_200/ script talks about ?
I have 2 vms running on esxi 5.5.0 Server1 and Server2. Server1 had problems so we restarted the server. We found that when server1 that is restarted it just continues to boot os but unable to do so. We restarted server2, also noticing that server1 one was able to boot as well. After a while both were ok. Both server are windows server 2012

I need to find the root cause of this issue what should i be looking at? What should i do to solve this issue?

I have a Windows 10 1709 image which I have successfully sysprepped and been rolling out to users.

I have now restored the 1709 reference image I create BEFORE running sysprep and updated to 1803, updated my companies software etc and then created a new 1803 reference image

BUT when I now try and run sysprep.exe /generalize /oobe /shutdown /unattend:unattend.xml I get the following error:-

"Sysprep was not able to validate your Windows installation.  Review the log file at %WinDir%\System32\Sysprep\Panther\Setupact.log for details.  After resolving the issue, use Sysprep to validate your installation again"

Attached is the setupact.log but I cannot see what problem is OR how to solve it?

Please help
While browsing to the data source for the operating system image within the "Software Library\Operating Systems" section of SystemCenter Configuration Manager 2016 (SCCM) I receive an error message that says "The specified UNC path does not contain a valid WIM file or you do not have permission to access it. Specify a valid path."

I get this same error message when trying to point to the WIM files for Windows 10, Server 2016, and Windows 7 operating systems.

What do I need to do to fix this issue so I can successfully point to these OS WIM files?

SCCM WIM UNC path error
I have been to many KB articles about CA root cert validation period and still have doubt about it and want to clear it. I am about to work on a root CA to increase the validity period as well to increases the issued certificate period.
We have a CA root server and this  server is issuing (no subordinate server in place) the certificate with five years . We now want to renew the CA 's root cert as well as the issued certs period to another 5 years.
My understanding from the EE, nothing I can do with issued certificates and they will expire what ever I do with root server. In this case , I first have to change the validity period in CApolicy.inf file and renew the certificate of CA root server to 10 years, hence this will increase the validation of CA's root certificate as desired (10 years or more).
But the old issued certificates to the clients are chained to old issued template, in this case, the old issued certificates will be expired soon even after changing the value of CAplicy.inf file .
To remediate the issue, the next step is that I have to create new issuing template and issue the certificates to client by GPO.
I have to issue the listed below commands to the server In order for me to set  the  AD's templates period to 5 years as we want otherwise the AD's templates will be staying with old's validation period?
certutil -setreg CA\ValidityPeriodUnits 10
certutil -setreg CA\ValidityPeriod Years
net stop certsvc && net start certsvc

In conclusion, I have to…
Hi All

I have a WIM file that I am trying to deploy via USB.

Please can someone assist me.

The PC that I am using has Windows 10 1803 with the ADK installed.

The WIM only has one image.
If I grab the User State Migration Tools(USMT) executables from the Windows 10 "Windows Assessment and Deployment Kit" can I use them also on Windows 7 boxes? We are working on a non-SCCM OS migration.
Price Your IT Services for Profit
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

Hello experts - I'm looking for a solution to save me time when preparing PCs for deployment.  I work for an architecture firm and we use primarily Dell Precision PCs but each it built to order and there are no two exactly the same.  I have a standard set of software that all architectural users get.  Right now, I prepare each one manually which takes nearly a full day to get ready.  I'd like to explore other options but am not sure where to start.  Ideally I'd create a standard image containing all the software we normally use and deploy that to new machines without having to go through the install process for every application.  I'm not sure how that would work with each machine having slightly different hardware, windows licenses etc.  Where would be a good place to start with this?
Hi Experts,

I have to boot this device via LAN or USB.
But this is not possible until now.

The device is : Lenovo Miix 720

Can you help me out ?
I get always this error....
Hello Everyone !

I have to create a W10 1703 template on my vCenter infrastructure.
To do this, I just repeated the same process than for the 1607 version.

1/ Create a VM and deploy our W10 1703 image
2/ Add the VM in WORKGROUP
3/ Convert in template
4/ Deploy a machine from this template with the associated customization

We have to use custom sysprep answer file (unattended file). I tried with the customization used by 1607 version but it doesn't work.

 UnattendedFile.xml :
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      semaphore timeout period has expired while executing script/query in SQL management studio 2008 R2.What should i do?What is the issue?

Can you please tell me how to upgrade OS( window server 2012 r2 to window server 2016) using scripting language .

Hi Experts;
I have an application in VB6 which uses this code to import from a .csv file.

    Set adbMain = New Access.Application
    adbMain.AutomationSecurity = 1 'Set Macro Security to Low
    adbMain.OpenCurrentDatabase "c:\<path>\Mydb.mdb", False
    adbMain.DoCmd.TransferText acImportDelim, , sTable, sFile, True
    Set adbMain = Nothing

99% of the time it works like a dream - however some users do not have Access and they are getting an Automation Error.

I'm referencing Microoft Access 11.0 in my project, and tried having the user install & manually register the underlying file:
(c:\program files (x86)\Microsoft Office\OFFICE11\msacc.olb)
but this didn't solve the error, and also caused a sister-app to throw an error on launch.

I've read MDAC_TYP.exe could be the answer, but my searches indicate it isn't available for Win10; and is x86 only.
My current user is x86, but no doubt I'll have 64-bit users in the same situation.

My question is this: Is MDAC_TYP.exe the answer?
If yes, Is there a recommended version of MDAC_TYP.exe I should have him use.
Does it pose any danger to the user's system?

Thank you for any advice!
I have had a working MDT deployment (6.3.8443) environment for a year or so but now I have my first UEFI only computer, I have added all the latest win7x64 drivers to the task sequence (chipset, VGA, LAN etc etc) and there is a (built-in) task step "Format and Partition Disk (UEFI)" which formats the drive as GPT, this applies correctly when I run the task sequence.

The sequence finishes imaging the computer but on first boot to Windows it hangs at the 'Starting Windows' logo.
Safe mode hangs at CLASSPNP.sys

Any ideas?
For the life of me, I can't figure this one out.

I am trying to create an image, using MDT, that will have a custom Start Menu and Taskbar Layout. I have created a Start Menu with the code (See Below), then exported it to the imaged machine, and have imported the file using PowerShell.   The Start Menu layout does not work, but the taskbar layout appears correctly.

I'd like to get the start menu for all new users, while allowing them the freedom to change this as they use it.  I'd prefer not to use GPO, as this will change their start menu each time, or at the very least, lock certain areas down.

I should note that these are all new setups, not reimages.

Here are the steps in the Task Sequence:
1. Copy the LayoutModification file to C:\Windows\Temp

xcopy "%SCRIPTROOT%\Customizations\StartMenu\LayoutModification.xml" "C:\Windows\Temp" /Q /Y

Open in new window

2. Restart Computer
3. Set Execution Policy Bypass
powershell.exe -command "Set-ExecutionPolicy Bypass"

Open in new window

4. Apply LayoutModification file

Open in new window

ApplyCustomMenu.ps1 is as follows:
import-startlayout -layoutpath "C:\Windows\Temp\LayoutModification.xml" -MountPath $env:SystemDrive\

Open in new window

5. Restart Computer

Here is the code for my Start Menu and Taskbar Layout - all in one file:
<?xml version="1.0" encoding="UTF-8"?>

Open in new window

 I am imaging a Win7 Pro machine that will be deployed to similar systems of the make.  I would like to Sysprep the machine but would like it to keep the device drivers after it is Syprep. I would appreciate any assistance on how l can do this.
High-tech healthcare
High-tech healthcare

From AI to wearables, telehealth to genomics to 3D printing — healthcare technology is seeing rapid advancement. Experts believe that this technological advancement will save money and save lives. Healthcare is changing dramatically, and emerging technology drives that change.

Hi all, we currently use Acronis to deploy images to desktops / laptops, however i'm looking to automate OS and application deployment.

Do you have any recommend ways to deploy.

I am brand new to imaging. I have been tasked with deploying Windows 10 through SCCM 2012 R2. I am looking for step by step instructions on how to create a boot.wim including the setup binaries.

I am able to create a boot.wim that is just PE, but I am completely in the dark with how to create the second index with the Windows 10 installation setup.
Just purchased a new HP DL380 Gen8 server with no optical drive..

I have connected a external optical drive to the server but the server does not see it.. I can boot all my Gen7 & Gen6 servers from this, but this one will not.

I am not familiar with iLo, is it possible to installed the server OS using iLo?

I need to install Server 2012 Standard R2 but have run out of ideas on how to do this since the optical server is not working.  

I have tried creating a bootable 32GB thumb drive with the installation files on it, the server sees the thumb drive but when I select that as a boot volume I get a black screen until I force a reboot.

Any help would be appreciated!
hi all ,

i have one question regarding what could be the best deployment tools from windows for end user  . i .e. we have 2000 PC and we need to have them all the same image  what is the best deployment tools for such situation ?

like we are doing zero touch for the deployment
Our company has several offsite datacenters (remote). We also have a small datacenter onsite (physically accessible to our Engineers) for lab use, as well as for "staging" and building out physical servers (Windows, VMware, Linux, etc.), etc. then shipping them off to the appropriate locations (around the world). But let's just focus on Windows for this discussion.

At the moment we are using a Windows Server 2012 R2 image on a flash drive to boot to. You select your options (we have pre-defined), and the rest is automated from there. Right now the WHOLE build time takes about 1 hour to complete.

NOTE: This whole process and the way we do it was done before I started, so as the newer guy, I'm looking into better ways.

HP DL360p (rack mount servers).

What is the most efficient way to deploy our image and configuration to lets say 20+ (or more) physical servers at a time, instead of
doing one at a time with a flash drive?

I know there are a lot of different ways/options, but I wanted to get all of your opinions and experiences on how you have done/currently are doing this kind of process?
I successfully deployed image using MDT and got the physical machine joined to domain. When I switch user the customizations I made to image are not visible. Am I missing anything?

OS Deployment

Operating System (OS) Deployment allows users to create operating system images and deploy them to target computers. Its task sequences help facilitate the deployment of operating system images and other Microsoft Configuration Manager software packages.

Top Experts In
OS Deployment