How to create a Windows 10 Image


  • Hello everybody

    I would like to know exactly how you have to create a Windows 10 image in order to be able to distribute it successfully later. What do I have to consider.

    Many thanks for your help.

  • Testers

    @cello said in How to create a Windows 10 Image:

    Is it also possible without Sysprep?

    It’s a trap!

    While there are ways that appear to work without sysprep, you’ll have a much better time if you just use sysprep.
    I learned this the hard way. Sysprep has gotten faster and a bit easier (in some respects at least).
    If you don’t use it, you’ll end up with windows licenses with the same universal identifiers, which breaks volume license activation tools.
    You can also end up with driver problems if the image wasn’t created on the same model computer and you don’t use sysprep.

    If I were to sum up our steps for creating a win 10 image (but like @george1421 said it’s a bit out of scope and would take days to answer in full detail, also we don’t use MDT, just to provide another method) I would say

    1. Download iso of latest version of most recent windows 10 H2 release (i.e. 20H2, ltsb versions are also a trap unless truly neccessary)
    2. Create an unattend file using windows system image manager (see also https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/windows-system-image-manager-how-to-topics) I personally took the time a few years ago to ready through all the options available, it’s pretty extensive. But you can also make it pretty basic with setting some simple settings, adding some first logoncommands, and then just make sure you read up on using the ‘reseal’ options to make the sysprep phases go in your desired order. (i.e. I have mine go Audit System - adds (but doesn’t install) network drivers to the driver store -> Audit User - reseals to generalize -> Generalize - removes drivers not added by sysprep and makes the image general for any device -> I have it send to shutdown from here -> I Upload it to fog -> When it deploys it starts the specialize phase -> Then it goes through oobe (which you can make unattended, there are some skip oobe options to be sure it doesn’t show, but you want to be sure all settings that would be set during interactive oobe are set by your unattend.xml created with windows system image manager)
    3. Install the iso on a vm (or whereever you want to capture your image from), at the oobe screen after install hit ctrl+shift+f3 to enter audit mode
    4. DO NOT OPEN THE WINDOWS STORE (if apps are updated in the store, sysprep won’t run, it’s a whole thing)
    5. Add customizations/files you want on all machines (some will be removed by sysprep, figuring it out involves some reading and trial and error) and add the unattend.xml file to “C:\Unattend.xml” and “C:\Windows\System32\Sysprep\Unattend.xml” (I like using both places as a fail safe to be sure its used). I personally use custom powershell modules to automate this whole process, scripting it in some way is a good idea once you get it dialed in. I suggest limiting program installation at this step, I have found its better to use a provisioning method such as snapins and or chocolatey triggered by the firstlogoncommands to add programs, easier to keep them up to date and if something goes wrong with an install it’s not then on every single one of your computers.
    6. Run sysprep (i.e. sysprep.exe /audit /reboot /unattend:"C:\unattend.xml") and capture the image to fog
    7. Deploy the image with fog and watch the magic happen

    Part of the oobe phase can involve auto-logging in as the administartor and running the firstlogoncommands, which is where (if you didn’t add it during audit mode) you can make sure the fogservice is there and will get your computer connected to your domain.

    This is all a very high level overview and there may be some steps in between beyond creating scripts and other infrastructure. docs.microsoft.com has many helpful guides for the available unattend.xml options and creating images, I thought I had some of the more helpful ones bookmarked/referenced in internal docs but I can’t find them at the moment. I’ll share them if I find them later and remember.

    If you take the time to do it right and get it all setup, it becomes very easy to create new images and deploy them.
    You could also easily use fogs scheduled tasks to deploy the image nightly on machines. You’ll just need to dial in the firstlogoncommands to work they way you want it to.


  • @george1421 said in How to create a Windows 10 Image:

    So are you trying to make a diskless windows computer boot every day? Does the image have to reset back to a standard configuration?

    Yes, our goal is to boot from the network in the morning, then to synchronize a standard image on the hard drive, by the way, Rembo even only synchronized the changes and then work with them. The whole thing runs until the customer needs software changes, then a clean image is loaded, the changes are made and the image is uploaded. When a client comes the next day, the latest image is automatically synchronized. The images are historically stored and an older image can be used if necessary. Something like that I should offer a new solution for our customer.

    Since FOG can even perform a domain join, I was hoping that I was correct.

    To your questions, the system is not diskless and yes, every morning it is reset to the same image, so that all computers are the same every morning. Like in a school in the training room e.g.

  • Moderator

    @cello said in How to create a Windows 10 Image:

    It was all a lot easier with Rembo and mySHN. Doesn’t that also exist with FOG.

    First I get the idea you are not using FOG as it was designed. It sounds like you are trying to make a persistent netboot server. FOG is an imaging server for a one to many deployment. With that said fog is opensource so you can do things with it that FOG was never designed to do.

    So are you trying to make a diskless windows computer boot every day? Does the image have to reset back to a standard configuration?


  • @george1421
    Hello George

    What are the possibilities? Is it also possible without Sysprep? It was all a lot easier with Rembo and mySHN. Doesn’t that also exist with FOG. I mean, because the Windows KEY, the domain joining etc. can all be controlled from FOG. I just wonder what the Windows 10 image should look like. Our plan is for the computers to fetch this image from the FOG server every morning so that they start right away every day. But if I always have to do a MiniSetup first, it takes too long. Do you have another tip for me?

    Thank you and best regards

    Marcel

  • Moderator

    @cello Ok now your question is more specific. “How to create a windows 10 image” is a very big question.

    In my case the golden image is never connected to AD. The only time AD is connected is on the target hardware. I also sysprep the golden image before capture with FOG. Lastly I do not use FOG to connect the target computer to AD, but I let windows do it for me using the unattend.xml file.

    If you want FOG to do this, then you must install the FOG client on the target computer, but disable the FOG Client service on the golden image. You will use the windows setupcomplete.cmd batch file to enable it once fog pushes the image to the target computer and Windows OOBE is done (this will break OOBE and you will have a dead windows install). That way FOG doesn’t start working and reboot the computer before OOBE is done. When the FOG Client starts it will rename the computer to match what FOG has configured and then connect the target computer to Windows AD. This is the design.

    Tips for fog client with sysprep: https://wiki.fogproject.org/wiki/index.php/FOG_Client#FOG_Client_with_Sysprep


  • @george1421

    Hello george

    Until now we have used Rembo and mySHN for the adaptation of the Windows adaptations. Since we now have devices that only have UEFI Bios and Rembo does not support this, we switched to FOG. Here are our advantages that the domain join can be automated. I have now created an image that has already joined the domain. Now I’ve created an image and distributed it. A new computer does not want to hop into the domain without further ado and I asked myself whether I had made mistakes when creating the image. In the Rembo / mySHN times that wasn’t a problem at all. That’s why I ask so naively.

    Can the image already be in a domain?
    FOG Client is installed, already in the image. etc. etc.

    Are there no brief instructions on how to proceed?

    And thank you for writing.

    thanks
    Marcel

  • Moderator

    @cello Your question is really beyond the scope of the fog project since FOG doesn’t describe how you need to build your golden image. Don’t take what I will say in a bad light, but your simple question would require many days to answer. Its not simply do these 10 things, capture the image with FOG and deploy. The “10 things” you need to do is really depends on your company and your needs.

    I can point you in a direction to look.
    https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image

    https://web.sas.upenn.edu/jasonrw/2018/03/21/building-an-image-of-windows-10-for-mass-distribution/

    And the site DeploymentResearch will be your friend: https://www.deploymentresearch.com/ they have many tricks and shortcuts to solve your problems.

    Finally on my campus we use MDT to build the golden image from DVD/ISO every time we create a new golden image. This gives us a consistent and repeatable golden image build. Once MDT builds the golden image we then capture and deploy with FOG. This is not the only way it can be done, it just works the best for us because using an automated process to create the golden image keeps us from having to deep verify the build each time a new golden image is created.

321
Online

9.0k
Users

15.6k
Topics

145.1k
Posts