If you’re planning your Windows 10 migration, the switch from BIOS-to-UEFI is a hugely important piece of the puzzle.
Unless all your Windows machines are configured to UEFI, your organization cannot take advantage of the special Windows 10 security features. Microsoft’s ‘MBR2GPT’ tool still only gets you part of the way there.
This webinar was hosted live from Redmond by Microsoft MVP Jörgen Nilsson and Jim Bezdan, will ensure you know how to complete the BIOS-to-UEFI process fully, securely and automatically.
The full webinar recording can be viewed here: https://www.1e.com/on-demand-webinar/automate-bios-to-uefi-2018-edition/
We needed to keep the Intel USB 3.0 drivers in a Windows 7 reference image.
- Import the drivers into MDT and create a selection profile.
- Edit the TS and update the Injected Drivers step to point to the selection profile.
- Open and edit Unattend.xml. Add the component called Microsoft-Windows-PnpSysprep to Step 3 Generalize.
- Edit the PersistAllDeviceInstalls option to be true.
- Save the Unattend.xml file and close.
More information here: http://technet.microsoft.com/en-us/library/ff716298.aspx
Had an issue with MDT failing to install Windows 10 via WSUS. I kept getting the 0x8024401C error.
I upgraded my WSUS on the Windows Server 2012R2 to version 4.0. Then upgraded the host to Windows Server 2016. Still receiving the same error.
After some more googling and trial and error I made the following changes to the IIS server for the WSUS Application Pool:
- Queue Length: From 10000 to 25000
- Limit Interval (minutes): From 5 to 15
- “Service Unavailable” Response: From HttpLevel to TcpLevel
- Private Memory Limit (KB): From 18342456 to 0
Build is now receiving updates from the WSUS server.
Some light reading for the bus ride home:
Quick little note for me to remember the silent install command for the HP Softpaq. No need to extract and search the %Temp% location for the MSI files. Use the the following command to install the Softpaq silently without reboot:
setup.exe /S /v"/qn /norestart"
I came across this issue at a customers site. We were deploying Office 365 Business as part of an MDT task sequence. Once deployed, the end user would activate the suite using their business email address.
Issue: Unfortunately the Sign In dialog box would freeze. The option to push Next would not function. Additionally the text in the box would not automatically disappear.
I logged a ticket trough the Office 365 Portal. After a couple of options we found the solution.
Solution: Reset Internet Explorer 11. Turns out the Sign In dialog box is a HTA. Give IE a reset and then we are good to go. A big thank you to the Office 365 team.
In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample Set-OUPermissions.ps1 script and copied it to C:\Setup\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01.
- On DC01, using Active Directory User and Computers, browse to contoso.com / Contoso / Service Accounts.
- Select the Service Accounts organizational unit (OU) and create the MDT_JD account using the following settings:
- Name: MDT_JD
- User logon name: MDT_JD
- Password: P@ssw0rd
- User must change password at next logon: Clear
- User cannot change password: Select
- Password never expires: Select
- In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press Enter after each command:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
.\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
- The Set-OUPermissions.ps1 script allows the MDT_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted:
- Scope: This object and all descendant objects
- Create Computer objects
- Delete Computer objects
- Scope: Descendant Computer objects
- Read All Properties
- Write All Properties
- Read Permissions
- Modify Permissions
- Change Password
- Reset Password
- Validated write to DNS host name
- Validated write to service principal name
In Windows 8.1 with KB3065988 installed, the system prompts users to reserve a copy of Windows 10 as part of the OOBE process that occurs at the first startup cycle. For organizations that are deploying Windows 8.1 Pro by using an Unattend.xml file that automates the OOBE process, this reservation notice still occurs. To suppress this notice, you can use either of the following methods:
Use Group Policy
Set the following Group Policy setting to Disabled:
Computer Configuration > Administrative Templates > System > Logon > Show first sign-in animation
Change the Unattend.xml file
Add the following entry to the Unattend.xml file for Windows 8.1 Pro x64
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v EnableFirstLogonAnimation /d 0 /t REG_DWORD /f </Path>
When the deadline is near last thing to need to see is this error.
I am trying to edit the unattend.xml with MDT 2013.
The error arrives, looks like it is time to reinstall the ADK.
Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly ‘Microsoft.ComponentStudio.ComponentPlatformInterface, Version=126.96.36.199, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. A strongly-named assembly is required. (Exception from HRESULT: 0x80131044) —> System.IO.FileLoadException: A strongly-named assembly is required. (Exception from HRESULT: 0x80131044)
— End of inner exception stack trace —
at Microsoft.BDD.Catalog.Program.Main(String args)
Non-zero return code from catalog utility, rc = -532462766