Create a computer image without Sysprep

Sometimes you need to create images of clients without making changes to the original systems for backup purpose. This can be the case when software is installed by hand, specialized equipment is attached or software is licensed based on specific characteristics (SID).

The environment

Microsoft System Center Configuration Manager (ConfigMgr) 1810.
Windows 10 clients (LTSC).

The Business case

Users must be able to create an image without making system changes to the original computer.
ConfigMgr is already operational and therefore the preferred system.

The Design

When using ConfigMgr for imaging (Capture Operating System Image) ImageX will be used for creating the Windows Image File (.WIM). ImageX requires the operating system to be sysprepped with the /generalize option.

According to the documentation on the website from Microsoft, Sysprep will make modifications to the original system:
“Prepares the Windows installation to be imaged. If this option is specified, all unique system information is removed from the Windows installation. The security ID (SID) resets, any system restore points are cleared, and event logs are deleted”.

Since one of the main requirements is that no system changes should be made, the default “Capture Operating System Image” task within ConfigMgr is not an option.

While ImageX requires the windows installation to be generalized, dism does not have the requirement. Dism is not included in ConfigMgr but it is in the Microsoft Deployment Toolkit.

Microsoft Deployment Toolkit (MDT) is a free tool developed by Microsoft that you can use in combination with Windows Deployment Services to deploy a computer using task sequence as you do in ConfigMgr. MDT does not have options like managing clients or deploying software afterwards.

The good news is that MDT can be easily integrated within ConfigMgr. The bad news is that the integration will require extra maintenance to the ConfigMgr environment. This blog post will cover the installation of MDT without the integration, the creation of the MDT package and the creation of the task sequences for building/restoring the image.

Installing Microsoft Deployment Toolkit
The installation of MDT can be done one a separate machine. Only the MDT folder is required to make use of the MDT features that will be used.

MDT can be downloaded for free on the Microsoft Website: https://aka.ms/mdtdownload.
More details about the prerequisites can be found here: https://docs.microsoft.com/en-us/sccm/mdt/release-notes#prerequisites

 

Start the downloaded executable, click Next.

Accept the license agreement terms, click Next.

Since MDT can be uninstalled after the whole process, MDT can be installed with defaults.
Click Next.

Make a choice if you want to join the Customer Experience Improvement Program, click Next.

Click Install.

Click Finish.

The basic MDT installation is now finished.
A deployment share needs to be created so we can use the contents in the share to create a ConfigMgr package.

Start the deployment workbench, this can be found in the start menu.

Right click on “Deployment Shares” and click on “New Deployment Share”.

Choose the path where the data for the deployment share can be stored, click Next.
The share will take about 50MB of disk space and will be removed after the whole process. Therefore we don’t need to worry about permissions etc.

Specify a name for the deployment share, click Next.


Set the behavior options, click Next.


Review the details, click Next.


Click Finish.

The deployment workbench can be closed.

Create the MDT Package

A package with the MDT components needs to be created before any MDT components can be used.

Create a directory in the Sources folder that is being used for ConfigMgr.
Browse to the MDT Deployment Share directory.


Copy the following folders to the directory that has been created in the sources share.

  • Scripts
  • Servicing
  • Tools

Within the “Tools” folder, create an empty file called “WimScript.ini”. If this file is not in the package, the task sequence will fail with error code 0x00000001.
If there is a requirement to have file exclusions in the image creation the “WimScript.ini” may be configured. More information about the possible contents in the ini file: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-configuration-list-and-wimscriptini-files-winnext

Open the ConfigMgr Console, go to “Software Library > Application Management > Packages”.
In the top menu, click “Create Package”.


Specify a name, description and the UNC path to the source files and click Next.


Select “Do not create a program”. Click Next.


Review the summary and click Next.


Click Close.

Don’t forget to distribute the package to the distribution points.

Building the task sequence

The task sequence that will be used is straightforward.
Go to “Software Library > Operating Systems > Task Sequences”.


Click “Create Task Sequence”.


Select “Create a new custom task sequence”. Click Next.


Enter a descriptive name, description and select a boot image. Click Next.


Click Next.


Click Close.

Double click on the task sequence.


Go to the “User Notification” tab.

Check the “this is a high-impact task sequence” checkbox.
Check the “Use custom text” checkbox, and enter personal texts for this task sequence.
Click OK.


Right click on the created task sequence and click Edit.


Add a restart computer task (Add > General > Restart Computer).
Select “The boot image assigned to this task sequence”.


In the options tab, set the condition: Task Sequence Variable _SMSTSInWinPE must be false.
This will cause the computer to reboot into WinPE when the task sequence is started from within Windows (using the software center).


Add a Task sequence variable (Add > General > Set Task Sequence Variable).
Set the “Task Sequence Variable” to ComputerBackupLocation and the value to a UNC path where the backup must be saved.

The account for connecting to the network share is the same as that is defined for WinPE. When the environment requires another user to connect to the share, add a step before the “capture image” step “Connect to network share”. The user needs write permissions.

The size required on the share depends on the size of the images. A Windows 10 image is minimal 6GB but is probably a lot larger.


Add a Task sequence variable (Add > General > Set Task Sequence Variable).

Set the “Task Sequence Variable” to BackupFile and the value to a Filename with the WIM extension where the backup must be saved.
When this variable is not set, the computer name of the system that is being backed-up will be used.
Another option is to use a PowerShell script that will set the task sequence variable dynamically with for instance a date.


Add a Run Command Line task (Add > General > Run Command Line).
Set the Command line to cscript “.\scripts\ZTIBackup.wsf”
Check the “Package” checkbox, and browse for the MDT package.

This screen can be closed, the task sequence has now be created.

Deploying the task sequence
Go to Assets and compliance > Device collections. Click Deploy and select “Task Sequence”
Set “task sequence” to the task sequence that has been created in the previous steps.


Set the purpose to Available, and make the task sequence available to ConfigMgr clients, media and PXE. Click Next.


Click Next.


Click Next.


Click Next.


Click Next.


Review the deployment, click Next.


Click Close.

Running the task sequence

Inside the Software Center on a client, you can find this task sequence under “Operating Systems”.


Run the task sequence

Before the user can start the task they will get a warning screen with the custom text that is filled in into the task sequence properties. Click Install to begin the backup.


The computer will reboot to WinPE and will capture a snapshot of the computer.

Recovery

The recovery process is almost equal to deploying a standard operating system. Import the WIM File, assign the WIM file to a task sequence and deploy the task sequence.

You need to keep in mind that the SID’s of the image have not been reset before imaging so there is a slight change of duplicate SID’s in the environment. A solution to this problem can be to Sysprep the deployed computer.

Conclusion

Unfortunately, there is no option in ConfigMgr to choose which method to use for creating an image.
If you need the freedom of using DISM this can be a good solution. I hope Microsoft will give the option in the feature to choose between ImageX and Dism, I have submitted a feature request Uservoice.

https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/36837121-choose-between-dism-and-imagex-for-imaging