Now that we’ve installed everything, imported the OS, and created a Task Sequence, we need to make some customizations to the CustomSettings.ini and the Bootstrap.ini. Both files can be accessed one of two ways:
- Go to your Deployment Share in Explorer (mine was D:\MDTReferenceBuild) and go into the Control Folder.
- In the Deployment Workbench, right-click on the Deployment Share and click Properties. Then, click the Rules tab.
For the Bootstrap.ini, here are the settings I use:
For the CustomSettings.ini, here are the settings I use:
_SMSTSORGNAME=Reference Image Creator
TimeZoneName=Eastern Standard Time
BackupFile=%TaskSequenceID%_#month(date) & "-" & day(date) & "-" & year(date)#.wim
Most of the settings above are fairly common for people to use in MDT, but there are several I feel the need to explain. Here we go:
After the capture ends, shut down the VM. Not including this will cause the VM to reboot and you’ll just have to manually stop it.
Since we’re creating our reference image in a VM, there’s really no reason to have the extra partitions that are necessary for BitLocker.
This dumps the MDT logs to a network share in the event you need to track down a problem later.
Technically, you can install the updates without WSUS, but there are a few things you’ll want to know. First off, it’s slow… really slow. Having the updates available via WSUS can shave literally hours off the update process depending on your Internet connection. Second, the process will install EVERYTHING. You’ll have to manually specify each KB article number or GUID to exclude updates… trust me… setting up WSUS will save you a ton of time in more ways than one.
- BackupFile=%TaskSequenceID%_#month(date) & “-” & day(date) & “-” & year(date)#.wim
This names the captured WIM file using the Task Sequence ID we set earlier along with today’s date.
I like to be able to change the name of the WIM file that I’m capturing. I also like to have the option to just Sysprep if I’m going to re-use my VHD.
The Sysprep process is just going to remove the machine from AD anyway… there’s really no reason to have it in AD for creating a reference image.
I like to get a nice “everything completed properly” at the end of the process.
Typically, I have create reference images for more than one OS version or bitness. By setting this to NO, I can select the appropriate Task Sequence.
UserDomain, UserID, UserPassword (Bootstrap.ini)
In the Bootstrap.ini, you may have noticed that I had a local user account on the MDT server. For creating reference images, I like to set up a local account on the MDT server that can be used for authenticating to the Deployment Share. If you want to do this, there are a few things you’ll need to know:
- The user
doesn’tshouldn’t be in the local Administrators group.
- The default share permissions for the MDT share have Everyone set to Full Control. CHANGE THIS. Give you local service account Full Control and then any other IT Admin users/groups that may need to access the share.
- The default file system permissions for the MDT folder have Users with Read permissions. If you’ve updated the file share permissions, you should be good. But, if you or your security people are paranoid [like I am], feel free to remove this and give your MDT service account a minimum of Read on the folder.
- The service account will need Full Control of the Captures folder (or whatever folder you’re using to capture WIM files.)
Update the Deployment Share
At this point, you’ll want to right-click on your Deployment Share and choose Update Deployment Share.
Updating the Deployment Share will allow you to build the ISO images you’ll need to boot your VM and build out your reference image. When prompted, the default option “Optimize the boot image updating process” can stay selected. Run through the rest of the wizard and you’re ready to build your first reference image (which I’ll cover in Part 4!).