Sometimes you need to create images of clients without making changes to the original systems for backup purpose. This can be the case when software is installed by hand, specialized equipment is attached or software is licensed based on specific characteristics (SID).
Microsoft System Center Configuration Manager (ConfigMgr) 1810.
Windows 10 clients (LTSC).
The Business case
Users must be able to create an image without making system changes to the original computer.
ConfigMgr is already operational and therefore the preferred system.
When using ConfigMgr for imaging (Capture Operating System Image) ImageX will be used for creating the Windows Image File (.WIM). ImageX requires the operating system to be sysprepped with the /generalize option.
According to the documentation on the website from Microsoft, Sysprep will make modifications to the original system:
“Prepares the Windows installation to be imaged. If this option is specified, all unique system information is removed from the Windows installation. The security ID (SID) resets, any system restore points are cleared, and event logs are deleted”.
Since one of the main requirements is that no system changes should be made, the default “Capture Operating System Image” task within ConfigMgr is not an option.
While ImageX requires the windows installation to be generalized, dism does not have the requirement. Dism is not included in ConfigMgr but it is in the Microsoft Deployment Toolkit.
Microsoft Deployment Toolkit (MDT) is a free tool developed by Microsoft that you can use in combination with Windows Deployment Services to deploy a computer using task sequence as you do in ConfigMgr. MDT does not have options like managing clients or deploying software afterwards.
The good news is that MDT can be easily integrated within ConfigMgr. The bad news is that the integration will require extra maintenance to the ConfigMgr environment. This blog post will cover the installation of MDT without the integration, the creation of the MDT package and the creation of the task sequences for building/restoring the image.
Installing Microsoft Deployment Toolkit
The installation of MDT can be done one a separate machine. Only the MDT folder is required to make use of the MDT features that will be used.
MDT can be downloaded for free on the Microsoft Website: https://aka.ms/mdtdownload.
More details about the prerequisites can be found here: https://docs.microsoft.com/en-us/sccm/mdt/release-notes#prerequisites
Start the downloaded executable, click Next.
Accept the license agreement terms, click Next.
The basic MDT installation is now finished.
A deployment share needs to be created so we can use the contents in the share to create a ConfigMgr package.
Right click on “Deployment Shares” and click on “New Deployment Share”.
Choose the path where the data for the deployment share can be stored, click Next.
The share will take about 50MB of disk space and will be removed after the whole process. Therefore we don’t need to worry about permissions etc.
Specify a name for the deployment share, click Next.
Review the details, click Next.
The deployment workbench can be closed.
Create the MDT Package
A package with the MDT components needs to be created before any MDT components can be used.
Create a directory in the Sources folder that is being used for ConfigMgr.
Browse to the MDT Deployment Share directory.
Within the “Tools” folder, create an empty file called “WimScript.ini”. If this file is not in the package, the task sequence will fail with error code 0x00000001.
If there is a requirement to have file exclusions in the image creation the “WimScript.ini” may be configured. More information about the possible contents in the ini file: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-configuration-list-and-wimscriptini-files-winnext
Open the ConfigMgr Console, go to “Software Library > Application Management > Packages”.
In the top menu, click “Create Package”.
Don’t forget to distribute the package to the distribution points.
Building the task sequence
The task sequence that will be used is straightforward.
Go to “Software Library > Operating Systems > Task Sequences”.
Double click on the task sequence.
Check the “this is a high-impact task sequence” checkbox.
Check the “Use custom text” checkbox, and enter personal texts for this task sequence.
In the options tab, set the condition: Task Sequence Variable _SMSTSInWinPE must be false.
This will cause the computer to reboot into WinPE when the task sequence is started from within Windows (using the software center).
The account for connecting to the network share is the same as that is defined for WinPE. When the environment requires another user to connect to the share, add a step before the “capture image” step “Connect to network share”. The user needs write permissions.
The size required on the share depends on the size of the images. A Windows 10 image is minimal 6GB but is probably a lot larger.
Set the “Task Sequence Variable” to BackupFile and the value to a Filename with the WIM extension where the backup must be saved.
When this variable is not set, the computer name of the system that is being backed-up will be used.
Another option is to use a PowerShell script that will set the task sequence variable dynamically with for instance a date.
This screen can be closed, the task sequence has now be created.
Deploying the task sequence
Go to Assets and compliance > Device collections. Click Deploy and select “Task Sequence”
Set “task sequence” to the task sequence that has been created in the previous steps.
Running the task sequence
Inside the Software Center on a client, you can find this task sequence under “Operating Systems”.
Before the user can start the task they will get a warning screen with the custom text that is filled in into the task sequence properties. Click Install to begin the backup.
The recovery process is almost equal to deploying a standard operating system. Import the WIM File, assign the WIM file to a task sequence and deploy the task sequence.
You need to keep in mind that the SID’s of the image have not been reset before imaging so there is a slight change of duplicate SID’s in the environment. A solution to this problem can be to Sysprep the deployed computer.
Unfortunately, there is no option in ConfigMgr to choose which method to use for creating an image.
If you need the freedom of using DISM this can be a good solution. I hope Microsoft will give the option in the feature to choose between ImageX and Dism, I have submitted a feature request Uservoice.