From db805a417dbb5944ad1dc20736407b5eef8b658a Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Mon, 16 Sep 2019 16:06:24 +0200 Subject: [PATCH 1/8] Update build-a-distributed-environment-for-windows-10-deployment.md Updated Notes layout, no other changes. --- ...tributed-environment-for-windows-10-deployment.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index 944c8ac8aa..a1db593633 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -33,8 +33,8 @@ Figure 1. The machines used in this topic. Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in a number of different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content. -**Note**   -Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target. +>[!NOTE] +>Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target. ### Linked deployment shares in MDT @@ -103,8 +103,8 @@ When you have multiple deployment servers sharing the same content, you need to UserID=MDT_BA SkipBDDWelcome=YES ``` - **Note** - The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). +>[!NOTE] +>The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). 2. Save the Bootstrap.ini file. 3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. @@ -167,8 +167,8 @@ When you have multiple deployment servers sharing the same content, you need to 1. In the **Staging** tab, set the quota to **20480 MB**. 2. In the **Advanced** tab, set the quota to **8192 MB**. -**Note**   -It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly. +>[!NOTE] +>It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly. ### Verify replication 1. On MDT02, wait until you start to see content appear in the **E:\\MDTProduction** folder. From 753a01dae23d9a3d201d3ee42f9657c846cb4182 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Tue, 17 Sep 2019 11:22:54 +0200 Subject: [PATCH 2/8] Update set-up-mdt-for-bitlocker.md Separated into new step the GPO setting for System / Trusted Platform Module Services. Changed format of Note; added a space between quote marker and text. --- .../set-up-mdt-for-bitlocker.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index 70a3a46434..6ff8d794bd 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -29,8 +29,8 @@ To configure your environment for BitLocker, you will need to do the following: 3. Configure the operating system deployment task sequence for BitLocker. 4. Configure the rules (CustomSettings.ini) for BitLocker. ->[!NOTE] ->Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker. +> [!NOTE] +> Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker. For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof). @@ -38,8 +38,8 @@ For the purposes of this topic, we will use DC01, a domain controller that is a To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory. ->[!NOTE] ->Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory. +> [!NOTE] +> Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory. In Windows Server 2012 R2 (as well as in Windows Server 2008 R2 and Windows Server 2012), you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information. @@ -79,11 +79,11 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor 3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives 2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy. 3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy. - Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services - 4. Enable the **Turn on TPM backup to Active Directory Domain Services** policy. + 4. Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services + 1. Enable the **Turn on TPM backup to Active Directory Domain Services** policy. ->[!NOTE] ->If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using. +> [!NOTE] +> If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using. ### Set permissions in Active Directory for BitLocker From 9d69d9351fbbce367f1a417d5c8f9d12c63b8381 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 18 Sep 2019 14:32:27 +0200 Subject: [PATCH 3/8] Update windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...build-a-distributed-environment-for-windows-10-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index a1db593633..69d3cb029c 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -33,7 +33,7 @@ Figure 1. The machines used in this topic. Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in a number of different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content. ->[!NOTE] +> [!NOTE] >Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target. ### Linked deployment shares in MDT From 1aba58828d9c88ec40965ab8116bdd6d0bd4328a Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 18 Sep 2019 14:33:00 +0200 Subject: [PATCH 4/8] Update windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...build-a-distributed-environment-for-windows-10-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index 69d3cb029c..02abaf19d7 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -34,7 +34,7 @@ Figure 1. The machines used in this topic. Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in a number of different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content. > [!NOTE] ->Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target. +> Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry and, by default, it will only copy/remove files from the source that are newer than files on the target. ### Linked deployment shares in MDT From 2a70a33e3cee2cca53b368cd14c0cf43ab1ec059 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 18 Sep 2019 14:33:24 +0200 Subject: [PATCH 5/8] Update windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...build-a-distributed-environment-for-windows-10-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index 02abaf19d7..fc43620eed 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -168,7 +168,7 @@ When you have multiple deployment servers sharing the same content, you need to 2. In the **Advanced** tab, set the quota to **8192 MB**. >[!NOTE] ->It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly. +> It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly. ### Verify replication 1. On MDT02, wait until you start to see content appear in the **E:\\MDTProduction** folder. From 552deded52d36b7e90732956556e45b4b8374f59 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 18 Sep 2019 14:33:42 +0200 Subject: [PATCH 6/8] Update windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...build-a-distributed-environment-for-windows-10-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index fc43620eed..aeeef8d65e 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -167,7 +167,7 @@ When you have multiple deployment servers sharing the same content, you need to 1. In the **Staging** tab, set the quota to **20480 MB**. 2. In the **Advanced** tab, set the quota to **8192 MB**. ->[!NOTE] +> [!NOTE] > It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly. ### Verify replication From 47dacf678439f659f8da77f09324d8ce1a280ea5 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 18 Sep 2019 14:34:04 +0200 Subject: [PATCH 7/8] Update windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...build-a-distributed-environment-for-windows-10-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index aeeef8d65e..7c84befa97 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -104,7 +104,7 @@ When you have multiple deployment servers sharing the same content, you need to SkipBDDWelcome=YES ``` >[!NOTE] ->The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). +> The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). 2. Save the Bootstrap.ini file. 3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. From 29492e5f13f731aad9cf6df4787763cecce52c23 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 18 Sep 2019 14:34:15 +0200 Subject: [PATCH 8/8] Update windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...build-a-distributed-environment-for-windows-10-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index 7c84befa97..634479415f 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -103,7 +103,7 @@ When you have multiple deployment servers sharing the same content, you need to UserID=MDT_BA SkipBDDWelcome=YES ``` ->[!NOTE] +> [!NOTE] > The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md). 2. Save the Bootstrap.ini file.