Building a Windows 10 21H2 Reference Image using Microsoft Deployment Toolkit (MD

By Johan Arwidmark / May 15, 2022

Share Tweet Share

Here is a step-by-step quick guide on building the perfect Windows 10 21H2 reference image using Microsoft
Deployment Toolkit (MDT) 8456.

Real World Note: Since Windows Vista, there is no technical requirement to create reference images in order to

deploy Windows. After all, the ISO that you download from Microsoft contains WIM images that are in a deployable

state. The main reason for creating reference images, meaning images with one or more applications in them, is often
just deployment speed, and to some extent network efficiency (WIM images are highly compressed). However, in a

world with better and better peer to peer solutions, better networking, better hardware, you can make deployments go
quite fast even without a reference image. While more and more organizations are moving to use a thin image, and
deploy settings and applications at deployment time instead, if you still need a reference image. Here is how to create
one.

Block Internet Access

Due to how aggressive Windows 10 is regarding updating its native applications, which is known for breaking Sysprep,
make sure the virtual machine does not have Internet access during the build and capture process.

Tip: Daniel Barras (thank you), commented about a solution I was not aware of, removing the need for blocking

Internet access: Set the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State

ImageState key to IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE, and then update the State.ini file at

C:\Windows\Setup\State to read:

[State]

ImageState=IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBE

Software Requirements
MDT can be installed either on a file server, or on your own laptop, but in this scenario, I use a file server named
MDT01. Windows 10 21H2 requires Windows ADK 10 2004 or later, but since you likely want to evaluate Windows 11

as well, I recommend using Windows ADK for Windows 11 21H2 that supports both Windows 10 21H2 and Windows

11 21H2.

Note: Please don't use the newly released (May 2022) Windows ADK for Windows 11 22H2. It's not fully compatible

with MDT 8456 since it no longer contains the x86 version of WinPE which MDT expects to find.

For this guide you need the following software.

Windows 10 Enterprise 21H2 (make sure to use the latest media).

Windows ADK for Windows 11 21H2: Download and install the Windows ADK | Microsoft Docs
WinPE Addon for Windows ADK for Windows 11 21H2: Download and install the Windows ADK | Microsoft Docs
Microsoft Deployment Toolkit (MDT) 8456: Microsoft Deployment Toolkit documentation | Microsoft Docs
MDT 8456 HotFix: Windows 10 deployments fail with Microsoft Deployment Toolkit on computers with BIOS type
firmware
Script to relax default deployment share
permissions: http://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Set-
 MDTBuildLabPermissions.ps1 

Step-by-Step Guide
The entire process for creating a Windows 10 image using MDT takes about 20 – 30 minutes, fully automated. This

guide covers the following seven steps:

Step 1 – Install Windows ADK for Windows 11, and MDT 8456
Step 2 – Create the MDT Build Lab Deployment Share
Step 3 – Import the Windows 10 operating system
Step 4 – Add applications
Step 5 – Create the MDT Task Sequence
Step 6 – Configure the deployment share
Step 7 – Create Windows Reference Images

Step 1 – Install Windows ADK for Windows 11, and MDT 8456
In this example I have a virtual machine named MDT01, running Windows Server 2022 LTSC (Windows Server 2016

LTSC or Windows Server 2019 LTSC is fine too). The VM has 2 vCPUs and 4 GB RAM.

1. On MDT01, install Windows ADK for Windows 11, and select the following components:

Deployment Tools
Imaging and Configuration Designer (ICD)
Configuration Designer
User State Migration Tool (USMT    

Windows ADK 1Setup

2. Install WinPE Addon for Windows ADK for Windows 11, and select the following component:

Windows Preinstallation Environment (Windows PE)

Installing WinPE Addon for Windows ADK

3.  Install MDT 8456 using the default settings.

Installing MDT.

4. Install the MDT 8456 HotFix by extracting MDT_KB4564442.exe and extract it to a folder. In my lab, I extracted it to

the E:\Setup\MDT 8456 HotFix folder.

4a. Copy the x86 version of the new Microsoft.BDD.Utility.dll from E:\Setup\MDT 8456 HotFix\x86 to C:\Program

Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86. Replace the existing file.

4b. Copy the x64 version of the new Microsoft.BDD.Utility.dll from E:\Setup\MDT 8456 HotFix\x64 to C:\Program

Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64. Replace the existing file.

Step 2 – Create the MDT Build Lab Deployment Share

1. On MDT01, using the Deployment Workbench (available on the start screen), right-click Deployment Shares and
select New Deployment Share. Use the following settings for the New Deployment Share Wizard (my data volume
on MDT01 is E:)
a.    Deployment share path: E:\MDTBuildLab
b.    Share name: MDTBuildLab$

c.    Deployment share description: MDT Build Lab

d.    Options: (default)

MDT Build Lab deployment share created

2. Once the deployment share is created you also want to relax the security a bit. MDT locks it down to hard by default.
Use the following PowerShell script (named Set-MDTBuildLabPermissions.ps1) to set some better permissions (modify

script to fit your environment):

#Requires -RunAsAdministrator

# Configure NTFS Permissions for the MDT Build Lab deployment share

$DeploymentShareNTFS = "E:\MDTBuildLab"

icacls $DeploymentShareNTFS /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(RX)'

icacls $DeploymentShareNTFS /grant '"Administrators":(OI)(CI)(F)'

icacls $DeploymentShareNTFS /grant '"SYSTEM":(OI)(CI)(F)'

icacls "$DeploymentShareNTFS\Captures" /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(M)'

# Configure Sharing Permissions for the MDT Build Lab deployment share

$DeploymentShare = "MDTBuildLab$"

Grant-SmbShareAccess -Name $DeploymentShare -AccountName "EVERYONE" -AccessRight Change -Force

Revoke-SmbShareAccess -Name $DeploymentShare -AccountName "CREATOR OWNER" -Force

Note: In my environment the MDT01 server is joined to a domain, and my service account used for the deployments
is VIAMONSTRA\MDT_BA. If using a different domain, or if using a workgroup server for your build and capture
modify the Set-MDTBuildLabPermissions.ps1 script to reflect that.
Running the Set-MDTBuildLabPermissions.ps1 script

Step 3 – Import the Windows 10 operating system

Note: Make sure to always download the latest version of Windows 10 Enterprise 21H2. Microsoft releases new media
monthly.

On MDT01, mount the Windows 10 Enterprise x64 21H2.iso media (or whatever you named it). On my server it was
mounted to the D: drive.

1. Using the Deployment Workbench, expand the Deployment Shares node, expand MDT Build Lab, select
the Operating Systems node and create a folder

named Windows 10.
2. Right-click the Windows 10 node, and select Import Operating System. Use the following settings for the Import
Operating System Wizard.

1. Full set of source files

2. Source directory: D:\
3. Destination directory name: REFW10X64-21H2
4. After adding the operating system, in the Windows 10 node, remove the indexes/images you don't need, and
rename the remaining operating system to Windows 10 Enterprise x64 21H2

Note: The Windows 10 media comes with many Windows version, in the below example I simply removed all but the
Enterprise version, and gave it a better name.
The Windows 10 Enterprise x64 operating system imported to deployment workbench.

Step 4 – Add applications

In this example you add Microsoft 365 Apps for enterprise (formerly named Microsoft Office 365 ProPlus) to MDT. Use
the Office Deployment Toolkit (ODT) to create a package of Microsoft 365 Apps for enterprise before continuing with

these steps.

1. On MDT01, download the Office Deployment Toolkit (ODT), and extract it to E:\Setup\ODT.

2. Using an elevated Command prompt, download the installers by running the following command:

setup.exe /download configuration-Office365-x64.xml

Microsoft 365 Apps for enterprise (well, Office) downloaded via setup.exe from ODT.

3. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a

folder named Microsoft.

4. Right-click the Microsoft folder, and select New Application. Use the following settings for the New Application

Wizard:

Application with source files

Publisher:
Application name: Install – Microsoft 365 Apps for enterprise
Version:
Source Directory: E:\Setup\ODT
Specify the name of the directory that should be created: Install – Microsoft 365 Apps for enterprise
Command Line: setup.exe /configure configuration-Office365-x64.xml
Working directory: (default)
Microsoft 365 Apps for enterprise (Office) added as an application.

Step 5 – Create and Configure the MDT Task Sequence

1. On MDT01, using the Deployment Workbench, in the MDT Build Lab deployment share, select the Task
Sequences node, and create a folder named Windows 10.
2. Expand the Task Sequences node, right-click on the Windows 10 node, and select New Task Sequence. Use the
following settings for the New Task Sequence Wizard:

1. Task sequence ID: REFW10-X64-001

2. Task sequence name: Windows 10 Enterprise x64 21H2
3. Task sequence comments: Reference Build
4. Template: Standard Client Task Sequence
5. Select OS: Windows 10 Enterprise x64 21H2
6. Specify Product Key: Do not specify a product key at this time
7. Full Name: ViaMonstra
8. Organization: ViaMonstra
9. Internet Explorer home page: about:blank
10. Do not specify an Administrator password at this time

3. Edit the task sequence by navigating to the Task Sequences / Windows 10 folder, right-click the Windows 10
Enterprise x64 21H2 task sequence, and select Properties.
4. On the Task Sequence tab, configure the Windows 10 Enterprise x64 21H2 task sequence with the following
settings:

1. In the State Restore / Custom Tasks group, add a new Install Application action with the following settings:

Name: Install – Microsoft 365 Apps for enterprise

Install a Single Application: Install – Microsoft 365 Apps for enterprise

Task Sequence configured for the reference image build and capture.

Step 6 – Configure the deployment share

To configure the deployment settings, you modify the two rules files (Bootstrap.ini and CustomSettings.ini). You can do
the either via the MDT Build Lab deployment share properties, or directly in the file system, in the

E:\MDTBuildLab\Control folder. Below you find the configurations I used in this guide.

Bootstrap.ini

[Settings]

Priority=Default

[Default]

DeployRoot=\\MDT01\MDTBuildLab$

UserDomain=VIAMONSTRA

UserID=MDT_BA

UserPassword=P@ssw0rd

SkipBDDWelcome=YES

CustomSettings.ini

[Settings]

Priority=Default

[Default]

_SMSTSORGNAME=ViaMonstra

UserDataLocation=NONE

ComputerBackupLocation=NETWORK

DoCapture=YES

OSInstall=Y

AdminPassword=P@ssw0rd

TimeZoneName=Pacific Standard Time

 JoinWorkgroup=WORKGROUP

HideShell=NO

FinishAction=SHUTDOWN

ApplyGPOPack=NO

BackupShare=\\MDT01\MDTBuildLab$

BackupDir=Captures

BackupFile=%TaskSequenceID%_#month(date) & "-" & day(date) & "-" & year(date)#.wim

SkipAdminPassword=YES

SkipProductKey=YES

SkipComputerName=YES

SkipDomainMembership=YES

SkipUserData=YES

SkipLocaleSelection=YES

SkipTaskSequence=NO

SkipTimeZone=YES

SkipApplications=YES

SkipBitLocker=YES

SkipSummary=YES

SkipRoles=YES

SkipCapture=NO

SkipFinalSummary=YES

1. On MDT01, modify the Bootstrap.ini and CustomSettings.ini per the preceding examples.

2. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties.

1. In the Windows PE tab, in the Platform dropdown list, make sure x86 is selected. Then in the Lite Touch
Boot Image Settings area, configure the following settings:

1. Image description: MDT Build Lab x86

2. ISO file name: MDT Build Lab x86.iso

2. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:

1. Selection profile: Nothing

2. Select the Include all drivers from selection profile option

Configuring the deployment share not to add the Windows 10 CU into the boot image.

3. In the Windows PE tab, in the Platform dropdown list, make sure x64 is selected. Then in the Lite Touch
Boot Image Settings area, configure the following settings:
 1. Image description: MDT Build Lab x64
2. ISO file name: MDT Build Lab x64.iso

4. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:

1. Selection profile: Nothing
2. Select the Include all drivers from selection profile option

5. Click OK.
6. Update the deployment share, by right-clicking the MDT Build Lab deployment share and select Update
Deployment Share. Use the default Options for the Update Deployment Share wizard.

The contents of the E:\MDTBuildLab\Boot folder after updating the deployment share.

Step 7 – Create Windows Reference Images

Now it is time to create a Windows 10 Reference WIM Image, fully automated.

Note: To make sure Sysprep does not fail during the build and capture process, make sure the virtual machine you are
using does not have Internet access during the entire process.

1. On MDT01, copy the E:\MDTBuildLab\Boot\MDT Build Lab x64.iso file to your VMware or Hyper-V machine.
2. Create a virtual machine named REF001, assign it 2 vCPUs and 4 GB RAM. Then mount MDT Build Lab
x64.iso on the virtual machine.
3. Start the REF001 virtual machine, and allow it to boot. Then complete the Deployment Wizard using the below
settings:

1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 21H2

2. Specify whether to capture an image: Capture an image of this reference computer.

1. Location:
2. File name:

The task sequence will now do the following:

Install the Windows 10 Enterprise operating system.

Install the added applications, roles, and features.
Stage WinPE on the local disk.
Run Sysprep and reboot into WinPE.
Capture the Windows 10 installation to a WIM file.
MDT capturing a Windows 10 Image.

Resources
Note: Please also check these posts:

Image Factory

Automate this process even further (you still need to do the step in this guide first), check out the Image Factory for

Hyper-V solution by Mikael Nystrom (@mikael_nystrom).

http://github.com/DeploymentBunny/ImageFactoryV3ForHyper-V