anyweb

Introduction Microsoft released the new Surface Pro and recently a new operating system, Windows 10 version 1709 (Fall Creators Update). Now you can automate the installation of it using PowerShell. This script has been written to allow you to automate the deployment Windows 10 version 1709 (Fall Creators Update) using the latest available software including: Windows 10 x64 (version 1709) Microsoft Deployment Toolkit (MDT) build 8443 Latest available 2017 drivers for the Surface Pro Windows 10 ADK (version 1709) Windows Server 2016 Note: This is fully automated, and as this does install a Windows Deployment Services server role hosting a boot image, you should modify the script accordingly and test it thoroughly in a lab first. This script is tailored for one thing only, deploying Windows 10 x64 version 1709 to the Microsoft Surface Pro with all drivers loaded and MDT 2013 preconfigured. Download it and customize it to suit your needs for other hardware if you wish because what it does is pretty cool. This script performs the following actions:- Downloads and then Installs Windows ADK 10 (version 1709) if you have not done so already Downloads and then Installs MDT, if you have not done so already Downloads all required drivers for Microsoft Surface Pro if you have not done so already Imports the Windows 10 x64 (version 1709) operating system into MDT Imports the Microsoft Surface Pro drivers into MDT Creates Selection Profiles for Surface Pro and WinPE x64 Creates a Deploy Windows 10 X64 version 1709 task sequence Edits the Deploy Windows 10 X64 version 1709 task sequence and adds an inject drivers step for Microsoft Surface Pro Sets a WMI query for hardware detection for the Surface Pro on the corresponding driver step Injects the Microsoft Surface Pro network drivers into the LiteTouchPE_x64.wim Creates custom CustomSettings.ini and BootStrap.ini files Disables the X86 boot wim (as it is not needed for Surface Pro) Changes the Selection Profile for the X64 boot wim to use the WinPE x64 selection profile Installs the Windows Deployment Service role Configures the WDS role and adds the previously created LiteTouchPE_x64.wim Starts the WDS service so that you can PXE boot (UEFI network boot). All you have to do is download the script below, modify some variables, then place certain files in the right place such as the Windows 10 x64 Enterprise (version 1709) media. Please ensure you have a working DHCP scope on your Active Directory domain controller, then PXE boot a Microsoft Surface Pro and sit back and enjoy the show. Step 1. Download the script The PowerShell script will do all the hard work for you, it is in the Downloads section at the end of this guide, download it, unzip it and place it on the server that is designated to be the MDT server. Step 2. Configure the variables in the script Once you have downloaded and extracted the script, you need to configure certain variables interspersed throughout the script. I'll highlight the ones you need to edit. The most important of them is the $SourcePath variable (line 53) as this decides where to get the content from and where to store it. This variable should point to a valid drive letter, the folder name will be created if it does not exist. The $FolderPath variable (line 237) specifies the MDT Deployment share root folder for example C:\MDTDeploy. There are other variables to configure, for joining the Domain (lines 315-317) and then you need to configure how you actually connect to the MDT server from WinPE (lines 392-396) Step 3. Copy the Windows 10 x64 (version 1709) operating system files Mount a Microsoft Windows 10 x64 Enterprise (version 1709) ISO and copy the contents to $SourcePath\Operating Systems\Windows 10 x64\1709 as shown below Step 4. Optionally copy MDT, ADK 10, Surface Pro drivers This is an optional step. If you've already downloaded the above files then place them in the source folder, otherwise the script will automatically download them for you. Note: You do not have to do this as the script will download the content for you if it's not found. Step 5. Optionally copy your Applications to the respective folders This is an optional step. If you have apps like Office 365, copy them to their respective folders under Applications. If you do add any applications, you'll need to edit the corresponding section within the script for the CustomSettings.ini and replace the GUID for the App, these applications are remmed out with a #, as shown here (line 358) and here in line 294... Step 6. Run the script On the server that will become your MDT server, start PowerShell ISE as Administrator. Click on the green triangle to run the script. Below you can see the script has completed. After the script is complete, you are ready to test deploying Windows 10 version 1709 (Fall Creators Update) to a Microsoft Surface Pro. You can see that Windows Deployment Services is installed and that the ADK 1709 version of the MDT LiteTouch_X64 boot wim is already imported. This boot image also has the Surface Pro network drivers added. After opening the Deployment Workbench, you can see the Deploy Windows 10 x64 version 1709 task sequence is created The Surface Pro Inject drivers step is pre-configured for you and the WMI query for the hardware is also added on the options tab drivers specific to the Surface Pro for are imported into MDT Step 7. Sit back and watch the deployment Take a properly shutdown Surface Pro , and power it on using the following sequence. Hold the down volume key and then press the power button while continuing to hold down the volume key, it should PXE boot. Press enter when prompted before loading the boot image before prompting you for a computer name, note that it's currently set to SurfacePro in CustomSettings.ini contained within the script, you can change that behavior in the UI itself (CustomSettings.ini on the Properties/Rules of the DeploymentShare) or automate it via the many methods available such as those that Mikael describes here click Next and off it goes, with your customized Company name and after a while it's all done Troubleshooting If the script has issues starting WDS (and you see the error below) then restart the server, as you were asked to do at the end of the script ;-). If you cannot PXE boot, because WDS is not accepting connections (revealed by the PXE Response tab in WDS properties), then look for the following error in the scripts output: An error occurred while trying to execute the command. Error Code: 0x5 Error Description: Access is denied. If you see that error, then the user you are logged in as does not have sufficient permissions to configure WDS. To grant permissions to the Windows Deployment Server (MDT01) do as follows Open Active Directory Users and Computers. Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control. On the first screen of the wizard, click Next. Change the object type to include computers. Add the computer object of the Windows Deployment Services server, and then click Next. Select Create a Custom task to delegate. Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next. In the Permissions box, select the Write all Properties check box, and click Finish. Repeat the above process to grant appropriate permissions for the User who will run the PowerShell script Summary Automating the deployment of Windows 10 version 1709 (Fall Creators Update) to the Microsoft Surface Pro using PowerShell and MDT is easy when you know how. Downloads Download the PowerShell script contained in the ZIP file. Deploy Windows 10 Fall Creators Update to Microsoft Surface Pro with MDT - November 2017.zip

you would have to configure that requirement in Intune first, and then see how it's applied on a client computer, then and only then should you modify the MSI to match your requirements, I have not tested that scenario though but i'd be happy to help you with it

glad you got it resolved ! my messenger inbox was full, but i've emptied it now

i see the scaling is crazy in that screenshot, and i bet if you log off and log back on again it will look better, but alternatively you can adjust the dpi settings in the wrapper to fix this, if you want i can remote in via teamviewer and help you with this, just pm me your details

i guess you'll have to change the SKU to match the version you are installing as part of the installation, you can do that as documented here but i don't know if OEM is covered https://blogs.technet.microsoft.com/mniehaus/2017/10/09/changing-between-windows-skus/ can you please tell me what version of Windows 10 are you upgrading from (home/pro ?)

as regards the SUM collections they are just sample collections that you can use for Windows servicing or Software Update Deployment, you decide in relation to the DPI settings, you may need to adjust/change the values to suit the hardware that you have, I don't have access to every device so what I tested works for me on most devices, feel free to post your solution for those DPI's here for others and mention the hardware you tested it on thanks for trying it out and sticking with it ! cheers niall

ok, apologies for the delay my lab died and i had to re-import all my vm's but it's running again now and i tested the script, you got the buggy one (sorry), i've re-attached the working one, please try it out and let me know if there's any problems or questions, i've tested it in a CM environment with no extra collections added and it worked just fine as you can see below, give it a try ! cheers niall

what os are you upgrading from ?

well in my version it logs that it's deleting the scheduled task, when did you download the msi, perhaps you should retry the download

i'll look at the script tomorrow if i get time and provide feedback, it's a while since i wrote it, and... I recently added that script after making some changes to the wrapper, so i may have uploaded the wrong script, but basically the SUM collections are Software Update Management,

the script works for me every time in a lab, did you edit it in any way ?

the error above translates to " A network error interrupted the operation. Source: Windows ----- " do you get an ip in WinPE ? did you try adding network drivers for the hardware involved to your boot image ? this script will help you identify if you have missing drivers in the boot image and will inform you if so

no problem, if you still have issues then please post the exact error message you get so we can try and help

1. the 4 hours is to give the user time to finish their PowerPoint or meeting, and then start the upgrade with loads of time to spare, but at the same time to give them a sense of urgency 2. set them whatever way you want 3. VPN's can cause upgrade's to fail (lack of connection), hence the vpn check, it's better to do the upgrade in the office to force it to run quickly I open a powershell cmd prompt on a vm, and start the powershell start... command to kick off the hta, that's a manual process but it allows you to test the flow so that you are happy with it cheers niall

heh well good luck with that, if you want to manage servers then most people do that with SCCM, by installing the client agent on the servers to do tasks (application install, gathering data etc) and software update management, there's a whole bunch of guides here on windows-noob to get you started with that, here for example

hi and welcome, what is your goal here ? to manage a few desktops or image them, or what ?

really ? it worked for me when I tested it, what does the log tell you ?

it's documented here, have you seen this yet ? Trivial FTP (TFTP) Daemon: The Trivial FTP (TFTP) Daemon system service does not require a user name or password and is an integral part of Windows Deployment Services (WDS). The Trivial FTP Daemon service implements support for the TFTP protocol that's defined by the following RFCs: RFC 350: TFTP RFC 2347: Option extension RFC 2348: Block size option RFC 2349: Time-out interval and transfer size options Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port allows the TFTP service to receive incoming TFTP requests but doesn't allow the selected server to respond to those requests. You can't enable the selected server to respond to inbound TFTP requests unless the TFTP server is configured to respond from port 69. https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/ports

Great guide, thanks so much for making this available to everyone this resource is the best by far on the web. hi and thanks for your comments Do I need to amend the computer name and server name that's mentioned in the DeploymentConfigTemplate at all? not in my testing, but please verify first in a LAB I don't plan on using Config Manager for WSUS at the moment so should i still install the role? We currently already have a WSUS server which is looking after updates. if you don't intend to use SCCM for software updates, then you don't need to install WSUS. Is it best practice to use the default local SQL accounts for the SQL services or should I apply domain accounts for those services? I mentioned in a previous post about having to re-install Config Manager from scratch as the whole thing was a mess when I took it on, I have managed to uninstall most of the clients on the domain but as I will be using the same site names going forward as before am I likely to run into trouble after following this setup guide? Use SQL accounts that work with your enterprise, here are some tips, and as regards your current setup and installing configmgr again, i'd suggest you verify everything in a lab first, it's easy to do so.

the 0.0.0.0 is only for the vpn i tested with, you should customize that function to detect your own VPN solution, or just skip it

yeah there were some bug fixes on the scripts, but what is there now should do what it supposed to

once the threshold completes, it will close the HTA so yes, that is as per design, I initially wanted to move the window to the center of the screen and flash it on top of all other windows but didn't find a reliable way of doing it, and i'm not going to use third party tools to do so if you use teamviewer I can remote in and have a look and see what's wrong with yours...

when testing the HTA I copy the package to a virtual machine desktop, then cd to that folder, then start powershell, then start the powershell script from the powershell prompt, that should kick off the wrapper and launch the HTA, you can then close the hta or defer and the values should be updated in the registry, try multiple times and each time it's launched the value should decrease by 1

hi, I can't share it sorry, but I can give you an idea of what it contains, via these pointers *below*, you'll have to go and create one yourself for your Company cheers Niall <- Known software Incompatibilities Hardware requirements Preparation Required upgrade to the latest Windows 10 version 1709 What to do when the upgrade is completed Windows 10 features Incidents and issues

was it a typo ?