deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add new issues for multiple window platforms (#882)

Browse Source 
* Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update policy-csp-update.md

In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation.

* chore: Replace tab after unorderd list marker

* Update windows/security/identity-protection/credential-guard/credential-guard-manage.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* markdown syntex issue

There was a syntex issue with formating. It has been fixed.

* Update MDM Path

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash

Issue 
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553

* HTML Tag fix

There was issue with HTML tag in live 203 and has been fixed.

* Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-overview.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update waas-overview.md

* Update hello-hybrid-cert-whfb-settings-policy.md

removing extra "want"

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update hello-planning-guide.md

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update whiteboard-collaboration.md

* Update hello-key-trust-policy-settings.md

* Update integrate-configuration-manager-with-mdt.md

* Update use-system-center-configuration-manager-to-manage-devices-with-semm.md

* Update start-layout-xml-desktop.md

Added syntax and note

* remove reference about Windows 10 Pro 

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255

* Fixed Typo

* Adding Question to FAQ

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288

* Adding Question to FAQ

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288

* Updated with TVM refs

* Emphasize Device Sync

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401

* Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* fix: MD005/list-indent

Inconsistent indentation for list items at the same level

* Update integrate-configuration-manager-with-mdt.md

* Update use-system-center-configuration-manager-to-manage-devices-with-semm.md

* Update enable-admx-backed-policies-in-mdm.md

Added two links to notes.

* Update windows/configuration/start-layout-xml-desktop.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update index.md

Corrected typo: 'annd' to 'and'

* Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update devices/surface-hub/whiteboard-collaboration.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Create troubleshooting-agpm40-upgrades.md

* Update TOC.md

Addition of Troubleshooting AGPM Upgrades top-level link

* Update windows-10-upgrade-paths.md

* Update white-glove.md

Removed a singular reference to WG and replaced with white glove

* remove last 3 blocks in IT Admin

* Fixes typo issue in line 47

Closes #4557

* Update metadata to replace non-existent author

* Update index.md

Typo - corrected 'Bitlocker' to 'BitLocker'

* Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md

* Update hello-planning-guide.md

* Update configure-wd-app-guard.md

* Update configure-wd-app-guard.md

* Update configure-wd-app-guard.md

* Update kiosk-xml.md

* Update kiosk-xml.md

* Update waas-servicing-differences.md

Removed double use of the word critical

* Minor update to properly reflect supported macros

* Update applocker-csp.md

* Update kiosk-xml.md

* Update applocker-csp.md

* updated image needed 

I don't have rights to upload a new file (the updated error image)

More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489

* MDOP May 2019 Servicing Release: new Hotfix Link

Microsoft Desktop Optimization Pack May 2019 Servicing Release.
Replaces the outdated MDOP link to July 2018 Servicing Release.

Thanks to CaptainUnlikely for the Technet blogs information update.

Closes #4574

* Creating a WDATP alert requires recommendedAction

Otherwise the following will be returned by the API:

```
{"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}}
```

* Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update guidelines-for-assigned-access-app.md

* Corrected typo

 Changed "ConnecionSuccess" to "ConnectionSuccess

* Update install-wd-app-guard.md

* Update self-deploying.md

Added additional links.

* Update install-wd-app-guard.md

* Update hello-hybrid-cert-trust-devreg.md

* Update waas-delivery-optimization.md

fixed typo

* Fixed a small typo

Changed "wwitches" to "switches".

* Update for the month June 2019

I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. 

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586

* Update devices/surface-hub/surface-hub-update-history.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* typo

typo the Action Sataus column instead of the Action Status column

* Correcting small mistake on which version of Win10 displays MBEC

Correcting initial mistake when changed docs.

* Updated links

Hotlink for configuring MTP integration and API support was missing and has been updated.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569

* Resolves #4620 - typo in command line

Issue #4620

Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode
should be
Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode

* HTML to MarkDown in hello-hybrid-aadj-sso-cert.md

This is a combined effort to alleviate a translation bug as well as
improving the MarkDown codestyle in this document, both for the English
(en-us) version of the document as well as the translated versions.

This change should in theory close the issue tickets #3451 and #3453
after the scripted translation process has been re-run on this document.

This solution is based on a user discussion in issue ticket #4589 .

* Update windows/deployment/windows-autopilot/self-deploying.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update index.md

* Update waas-configure-wufb.md

* Update hello-features.md

Removes \ typo

* Update windows-analytics-get-started.md

adding IE site discovery to GDPR blurb

* Update sideload-apps-in-windows-10.md

* Update upgrade-readiness-deployment-script.md

replacing support email with official support channels

* missing bold on GUI element

* formatting again - italicize typed word

* fixing warnings

* restored missing art, somehow

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881)
This commit is contained in:
John Liu
2019-08-09 19:17:27 -07:00
committed by GitHub
parent 2b7ef33d0b
commit 9444d5ca5b
238 changed files with 17627 additions and 17213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

387
windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
View File

@ -1,193 +1,194 @@
---
title: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager (Windows 10)
description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: configure, deploy, upgrade
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
**Applies to**
- Windows 10 versions 1507, 1511
>[!IMPORTANT]
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
## <a href="" id="sec01"></a>Enable MDT monitoring
This section will walk you through the process of creating the E:\\MDTProduction deployment share using the MDT Deployment Workbench to enable monitoring for Configuration Manager.
1. On CM01, using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
* Deployment share path: E:\\MDTProduction
* Share name: MDTProduction$
* Deployment share description: MDT Production
* Options: &lt;default settings&gt;
2. Right-click the **MDT Production** deployment share, and select **Properties**. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and click **OK**.
![Enable MDT monitoring for Configuration Manager](../images/mdt-06-fig31.png)
*Figure 26. Enable MDT monitoring for Configuration Manager*
## <a href="" id="sec02"></a>Create and share the Logs folder
To support additional server-side logging in Configuration Manager, you create and share the E:\\Logs folder on CM01 using Windows PowerShell. Then in the next step, you enable server-side logging by modifying the CustomSettings.ini file used by the Configuration Manager task sequence.
1. On CM01, start an elevated Windows PowerShell prompt (run as Administrator).
2. Type the following commands, pressing **Enter** after each one:
``` syntax
New-Item -Path E:\Logs -ItemType directory
New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
icacls E:\Logs /grant '"CM_NAA":(OI)(CI)(M)'
```
## <a href="" id="sec03"></a>Configure the rules (Windows 10 x64 Settings package)
This section will show you how to configure the rules (the Windows 10 x64 Settings package) to support the Contoso environment.
1. On CM01, using File Explorer, navigate to the **E:\\Sources\\OSD\\Settings\\Windows 10 x64 Settings** folder.
2. Using Notepad, edit the CustomSetting.ini file with the following settings:
``` syntax
[Settings]
Priority=Default
Properties=OSDMigrateConfigFiles,OSDMigrateMode
[Default]
DoCapture=NO
ComputerBackupLocation=NONE
MachineObjectOU=ou=Workstations,ou=Computers,ou=Contoso,dc=contoso,dc=com
OSDMigrateMode=Advanced
OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
SLSHARE=\\CM01\Logs$
EventService=http://CM01:9800
ApplyGPOPack=NO
```
![Settings package during deployment](../images/fig30-settingspack.png)
*Figure 27. The Settings package, holding the rules and the Unattend.xml template used during deployment*
3. Update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**.
>[!NOTE]
>Although you have not yet added a distribution point, you still need to select Update Distribution Points. That process also updates the Configuration Manager 2012 content library with changes.
## <a href="" id="sec04"></a>Distribute content to the CM01 distribution portal
In Configuration Manager, you can distribute all packages needed by a task sequence in a single task. In this section, you distribute packages that have not yet been distributed to the CM01 distribution point.
1. **On CM01, using the Configuration Manager Console**, select **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Distribute Content.**
2. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
3. Using Configuration Manager Trace, verify the distribution to the CM01 distribution point by reviewing the distmgr.log file, or use the Distribution Status / Content Status option in the Monitoring workspace. Do not continue until you see all the new packages being distributed successfully.
## <a href="" id="sec05"></a>Create a deployment for the task sequence
This sections provides steps to help you create a deployment for the task sequence.
1. On CM01, using the Configuration Manager Console, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**.
2. On the **General** page, select the **All Unknown Computers** collection and click **Next**.
3. On the **Deployment Settings** page, use the following settings and then click **Next**:
* Purpose: Available
* Make available to the following: Only media and PXE
![Configure the deployment settings](../images/mdt-06-fig33.png)
*Figure 28. Configure the deployment settings*
4. On the **Scheduling** page, accept the default settings and click **Next**.
5. On the **User Experience** page, accept the default settings and click **Next**.
6. On the **Alerts** page, accept the default settings and click **Next**.
7. On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**.
![Task sequence deployed](../images/fig32-deploywiz.png)
*Figure 29. The Windows 10 Enterprise x64 RTM task sequence deployed to the All Unknown Computers collections available for media and PXE*
## <a href="" id="sec06"></a>Configure Configuration Manager to prompt for the computer name during deployment (optional)
You can have Configuration Manager prompt you for a computer name or you can use rules to generate a computer name. For more details on how to do this, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
This section provides steps to help you configure the All Unknown Computers collection to have Configuration Manager prompt for computer names.
1. Using the Configuration Manager Console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**.
2. In the **Collection Variables** tab, create a new variable with the following settings:
* Name: OSDComputerName
* Clear the **Do not display this value in the Configuration Manager console** check box.
3. Click **OK**.
>[!NOTE]
>Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
![Configure a collection variable](../images/mdt-06-fig35.png)
*Figure 30. Configure a collection variable*
## Related topics
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
---
title: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager (Windows 10)
description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: configure, deploy, upgrade
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
**Applies to**
- Windows 10 versions 1507, 1511
>[!IMPORTANT]
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
## <a href="" id="sec01"></a>Enable MDT monitoring
This section will walk you through the process of creating the E:\\MDTProduction deployment share using the MDT Deployment Workbench to enable monitoring for Configuration Manager.
1. On CM01, using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
* Deployment share path: E:\\MDTProduction
* Share name: MDTProduction$
* Deployment share description: MDT Production
* Options: &lt;default settings&gt;
2. Right-click the **MDT Production** deployment share, and select **Properties**. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and click **OK**.
![Enable MDT monitoring for Configuration Manager](../images/mdt-06-fig31.png)
*Figure 26. Enable MDT monitoring for Configuration Manager*
## <a href="" id="sec02"></a>Create and share the Logs folder
To support additional server-side logging in Configuration Manager, you create and share the E:\\Logs folder on CM01 using Windows PowerShell. Then in the next step, you enable server-side logging by modifying the CustomSettings.ini file used by the Configuration Manager task sequence.
1. On CM01, start an elevated Windows PowerShell prompt (run as Administrator).
2. Type the following commands, pressing **Enter** after each one:
```
New-Item -Path E:\Logs -ItemType directory
New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
icacls E:\Logs /grant '"CM_NAA":(OI)(CI)(M)'
```
## <a href="" id="sec03"></a>Configure the rules (Windows 10 x64 Settings package)
This section will show you how to configure the rules (the Windows 10 x64 Settings package) to support the Contoso environment.
1. On CM01, using File Explorer, navigate to the **E:\\Sources\\OSD\\Settings\\Windows 10 x64 Settings** folder.
2. Using Notepad, edit the CustomSetting.ini file with the following settings:
```
[Settings]
Priority=Default
Properties=OSDMigrateConfigFiles,OSDMigrateMode
[Default]
DoCapture=NO
ComputerBackupLocation=NONE
MachineObjectOU=ou=Workstations,ou=Computers,ou=Contoso,dc=contoso,dc=com
OSDMigrateMode=Advanced
OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
SLSHARE=\\CM01\Logs$
EventService=http://CM01:9800
ApplyGPOPack=NO
```
![Settings package during deployment](../images/fig30-settingspack.png)
*Figure 27. The Settings package, holding the rules and the Unattend.xml template used during deployment*
3. Update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**.
>[!NOTE]
>Although you have not yet added a distribution point, you still need to select Update Distribution Points. That process also updates the Configuration Manager 2012 content library with changes.
## <a href="" id="sec04"></a>Distribute content to the CM01 distribution portal
In Configuration Manager, you can distribute all packages needed by a task sequence in a single task. In this section, you distribute packages that have not yet been distributed to the CM01 distribution point.
1. **On CM01, using the Configuration Manager Console**, select **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Distribute Content.**
2. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
3. Using Configuration Manager Trace, verify the distribution to the CM01 distribution point by reviewing the distmgr.log file, or use the Distribution Status / Content Status option in the Monitoring workspace. Do not continue until you see all the new packages being distributed successfully.
## <a href="" id="sec05"></a>Create a deployment for the task sequence
This sections provides steps to help you create a deployment for the task sequence.
1. On CM01, using the Configuration Manager Console, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**.
2. On the **General** page, select the **All Unknown Computers** collection and click **Next**.
3. On the **Deployment Settings** page, use the following settings and then click **Next**:
* Purpose: Available
* Make available to the following: Only media and PXE
![Configure the deployment settings](../images/mdt-06-fig33.png)
*Figure 28. Configure the deployment settings*
4. On the **Scheduling** page, accept the default settings and click **Next**.
5. On the **User Experience** page, accept the default settings and click **Next**.
6. On the **Alerts** page, accept the default settings and click **Next**.
7. On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**.
![Task sequence deployed](../images/fig32-deploywiz.png)
*Figure 29. The Windows 10 Enterprise x64 RTM task sequence deployed to the All Unknown Computers collections available for media and PXE*
## <a href="" id="sec06"></a>Configure Configuration Manager to prompt for the computer name during deployment (optional)
You can have Configuration Manager prompt you for a computer name or you can use rules to generate a computer name. For more details on how to do this, see [Configure MDT settings](../deploy-windows-mdt/configure-mdt-settings.md).
This section provides steps to help you configure the All Unknown Computers collection to have Configuration Manager prompt for computer names.
1. Using the Configuration Manager Console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**.
2. In the **Collection Variables** tab, create a new variable with the following settings:
* Name: OSDComputerName
* Clear the **Do not display this value in the Configuration Manager console** check box.
3. Click **OK**.
>[!NOTE]
>Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
![Configure a collection variable](../images/mdt-06-fig35.png)
*Figure 30. Configure a collection variable*
## Related topics
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)

569
windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
View File

@ -1,284 +1,285 @@
---
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: install, configure, deploy, deployment
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
**Applies to**
- Windows 10 versions 1507, 1511
>[!IMPORTANT]
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
## Prerequisites
In this topic, you will use an existing Configuration Manager server structure to prepare for operating system deployment. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
- Active Directory Schema has been extended and System Management container created.
- Active Directory Forest Discovery and Active Directory System Discovery have been enabled.
- IP range boundaries and a boundary group for content and site assignment have been created.
- The Configuration Manager reporting services point role has been added and configured
- A file system folder structure for packages has been created.
- A Configuration Manager console folder structure for packages has been created.
- System Center 2012 R2 Configuration Manager SP1 and any additional Windows 10 prerequisites are installed.
For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. DC01 and CM01 are both members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
## <a href="" id="sec01"></a>Create the Configuration Manager service accounts
To configure permissions for the various service accounts needed for operating system deployment in Configuration Manager, you use a role-based model. To create the Configuration Manager Join Domain account as well as the Configuration Manager Network Access account, follow these steps:
1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
2. Select the Service Accounts OU and create the CM\_JD account using the following settings:
* Name: CM\_JD
* User logon name: CM\_JD
* Password: P@ssw0rd
* User must change password at next logon: Clear
* User cannot change password: Select
* Password never expires: Select
3. Repeat the step, but for the CM\_NAA account.
4. After creating the accounts, assign the following descriptions:
* CM\_JD: Configuration Manager Join Domain Account
* CM\_NAA: Configuration Manager Network Access Account
![figure 6](../images/mdt-06-fig06.png)
Figure 6. The Configuration Manager service accounts used for operating system deployment.
## <a href="" id="sec02"></a>Configure Active Directory permissions
In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
1. On DC01, log on as Administrator in the CONTOSO domain using the password <strong>P@ssw0rd</strong>.
2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing **Enter** after each command:
``` syntax
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\Set-OUPermissions.ps1 -Account CM_JD
-TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
```
3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted:
* Scope: This object and all descendant objects
* Create Computer objects
* Delete Computer objects
* Scope: Descendant Computer objects
* Read All Properties
* Write All Properties
* Read Permissions
* Modify Permissions
* Change Password
* Reset Password
* Validated write to DNS host name
* Validated write to service principal name
## <a href="" id="sec03"></a>Review the Sources folder structure
To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01):
>[!NOTE]
>In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server.
- E:\\Sources
- E:\\Sources\\OSD
- E:\\Sources\\OSD\\Boot
- E:\\Sources\\OSD\\DriverPackages
- E:\\Sources\\OSD\\DriverSources
- E:\\Sources\\OSD\\MDT
- E:\\Sources\\OSD\\OS
- E:\\Sources\\OSD\\Settings
- E:\\Sources\\Software
- E:\\Sources\\Software\\Adobe
- E:\\Sources\\Software\\Microsoft
![figure 7](../images/mdt-06-fig07.png)
Figure 7. The E:\\Sources\\OSD folder structure.
## <a href="" id="sec04"></a>Integrate Configuration Manager with MDT
To extend the Configuration Manager console with MDT wizards and templates, you install MDT in the default location and run the integration setup. In these steps, we assume you have downloaded MDT to the C:\\Setup\\MDT2013 folder on CM01.
1. On CM01, log on as Administrator in the CONTOSO domain using the password <strong>P@ssw0rd</strong>.
2. Make sure the Configuration Manager Console is closed before continuing.
3. Using File Explorer, navigate to the **C:\\Setup\\MDT** folder.
4. Run the MDT setup (MicrosoftDeploymentToolkit2013\_x64.msi), and use the default options in the setup wizard.
5. From the Start screen, run Configure ConfigManager Integration with the following settings:
* Site Server Name: CM01.contoso.com
* Site code: PS1
![figure 8](../images/mdt-06-fig08.png)
Figure 8. Set up the MDT integration with Configuration Manager.
## <a href="" id="sec06"></a>Configure the client settings
Most organizations want to display their name during deployment. In this section, you configure the default Configuration Manager client settings with the Contoso organization name.
1. On CM01, using the Configuration Manager Console, in the Administration workspace, select **Client Settings**.
2. In the right pane, right-click **Default Client Settings**, and select **Properties**.
3. In the **Computer Agent** node, in the **Organization name displayed in Software Center** text box, type in **Contoso** and click **OK**.
![figure 9](../images/mdt-06-fig10.png)
Figure 9. Configure the organization name in client settings.
![figure 10](../images/fig10-contosoinstall.png)
Figure 10. The Contoso organization name displayed during deployment.
## <a href="" id="sec07"></a>Configure the Network Access account
Configuration Manager uses the Network Access account during the Windows 10 deployment process to access content on the distribution point(s). In this section, you configure the Network Access account.
1. Using the Configuration Manager Console, in the Administration workspace, expand **Site Configuration** and select **Sites**.
2. Right-click **PS1 - Primary Site 1**, select **Configure Site Components**, and then select **Software Distribution**.
3. In the **Network Access Account** tab, configure the **CONTOSO\\CM\_NAA** user account (select New Account) as the Network Access account. Use the new **Verify** option to verify that the account can connect to the **\\\\DC01\\sysvol** network share.
![figure 11](../images/mdt-06-fig12.png)
Figure 11. Test the connection for the Network Access account.
## <a href="" id="sec08"></a>Enable PXE on the CM01 distribution point
Configuration Manager has many options for starting a deployment, but starting via PXE is certainly the most flexible in a large environment. In this section, you enable PXE on the CM01 distribution point.
1. In the Configuration Manager Console, in the Administration workspace, select **Distribution Points**.
2. Right-click the **\\\\CM01.CONTOSO.COM distribution point** and select **Properties**.
3. In the **PXE** tab, select the following settings:
* Enable PXE support for clients
* Allow this distribution point to respond to incoming PXE requests
* Enable unknown computer support
* Require a password when computers use PXE
* Password and Confirm password: Passw0rd!
![figure 12](../images/mdt-06-fig13.png)
Figure 12. Configure the CM01 distribution point for PXE.
4. Using the Configuration Manager Trace Log Tool, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Look for ConfigurePXE and CcmInstallPXE lines.
![figure 13](../images/mdt-06-fig14.png)
Figure 13. The distmgr.log displays a successful configuration of PXE on the distribution point.
5. Verify that you have seven files in each of the folders **E:\\RemoteInstall\\SMSBoot\\x86** and **E:\\RemoteInstall\\SMSBoot\\x64**.
![figure 14](../images/mdt-06-fig15.png)
Figure 14. The contents of the E:\\RemoteInstall\\SMSBoot\\x64 folder after you enable PXE.
## Related topics
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
---
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: install, configure, deploy, deployment
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
**Applies to**
- Windows 10 versions 1507, 1511
>[!IMPORTANT]
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
## Prerequisites
In this topic, you will use an existing Configuration Manager server structure to prepare for operating system deployment. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
- Active Directory Schema has been extended and System Management container created.
- Active Directory Forest Discovery and Active Directory System Discovery have been enabled.
- IP range boundaries and a boundary group for content and site assignment have been created.
- The Configuration Manager reporting services point role has been added and configured
- A file system folder structure for packages has been created.
- A Configuration Manager console folder structure for packages has been created.
- System Center 2012 R2 Configuration Manager SP1 and any additional Windows 10 prerequisites are installed.
For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. DC01 and CM01 are both members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
## <a href="" id="sec01"></a>Create the Configuration Manager service accounts
To configure permissions for the various service accounts needed for operating system deployment in Configuration Manager, you use a role-based model. To create the Configuration Manager Join Domain account as well as the Configuration Manager Network Access account, follow these steps:
1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
2. Select the Service Accounts OU and create the CM\_JD account using the following settings:
* Name: CM\_JD
* User logon name: CM\_JD
* Password: P@ssw0rd
* User must change password at next logon: Clear
* User cannot change password: Select
* Password never expires: Select
3. Repeat the step, but for the CM\_NAA account.
4. After creating the accounts, assign the following descriptions:
* CM\_JD: Configuration Manager Join Domain Account
* CM\_NAA: Configuration Manager Network Access Account
![figure 6](../images/mdt-06-fig06.png)
Figure 6. The Configuration Manager service accounts used for operating system deployment.
## <a href="" id="sec02"></a>Configure Active Directory permissions
In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
1. On DC01, log on as Administrator in the CONTOSO domain using the password <strong>P@ssw0rd</strong>.
2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing **Enter** after each command:
```
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\Set-OUPermissions.ps1 -Account CM_JD
-TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
```
3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted:
* Scope: This object and all descendant objects
* Create Computer objects
* Delete Computer objects
* Scope: Descendant Computer objects
* Read All Properties
* Write All Properties
* Read Permissions
* Modify Permissions
* Change Password
* Reset Password
* Validated write to DNS host name
* Validated write to service principal name
## <a href="" id="sec03"></a>Review the Sources folder structure
To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01):
>[!NOTE]
>In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server.
- E:\\Sources
- E:\\Sources\\OSD
- E:\\Sources\\OSD\\Boot
- E:\\Sources\\OSD\\DriverPackages
- E:\\Sources\\OSD\\DriverSources
- E:\\Sources\\OSD\\MDT
- E:\\Sources\\OSD\\OS
- E:\\Sources\\OSD\\Settings
- E:\\Sources\\Software
- E:\\Sources\\Software\\Adobe
- E:\\Sources\\Software\\Microsoft
![figure 7](../images/mdt-06-fig07.png)
Figure 7. The E:\\Sources\\OSD folder structure.
## <a href="" id="sec04"></a>Integrate Configuration Manager with MDT
To extend the Configuration Manager console with MDT wizards and templates, you install MDT in the default location and run the integration setup. In these steps, we assume you have downloaded MDT to the C:\\Setup\\MDT2013 folder on CM01.
1. On CM01, log on as Administrator in the CONTOSO domain using the password <strong>P@ssw0rd</strong>.
2. Make sure the Configuration Manager Console is closed before continuing.
3. Using File Explorer, navigate to the **C:\\Setup\\MDT** folder.
4. Run the MDT setup (MicrosoftDeploymentToolkit2013\_x64.msi), and use the default options in the setup wizard.
5. From the Start screen, run Configure ConfigManager Integration with the following settings:
* Site Server Name: CM01.contoso.com
* Site code: PS1
![figure 8](../images/mdt-06-fig08.png)
Figure 8. Set up the MDT integration with Configuration Manager.
## <a href="" id="sec06"></a>Configure the client settings
Most organizations want to display their name during deployment. In this section, you configure the default Configuration Manager client settings with the Contoso organization name.
1. On CM01, using the Configuration Manager Console, in the Administration workspace, select **Client Settings**.
2. In the right pane, right-click **Default Client Settings**, and select **Properties**.
3. In the **Computer Agent** node, in the **Organization name displayed in Software Center** text box, type in **Contoso** and click **OK**.
![figure 9](../images/mdt-06-fig10.png)
Figure 9. Configure the organization name in client settings.
![figure 10](../images/fig10-contosoinstall.png)
Figure 10. The Contoso organization name displayed during deployment.
## <a href="" id="sec07"></a>Configure the Network Access account
Configuration Manager uses the Network Access account during the Windows 10 deployment process to access content on the distribution point(s). In this section, you configure the Network Access account.
1. Using the Configuration Manager Console, in the Administration workspace, expand **Site Configuration** and select **Sites**.
2. Right-click **PS1 - Primary Site 1**, select **Configure Site Components**, and then select **Software Distribution**.
3. In the **Network Access Account** tab, configure the **CONTOSO\\CM\_NAA** user account (select New Account) as the Network Access account. Use the new **Verify** option to verify that the account can connect to the **\\\\DC01\\sysvol** network share.
![figure 11](../images/mdt-06-fig12.png)
Figure 11. Test the connection for the Network Access account.
## <a href="" id="sec08"></a>Enable PXE on the CM01 distribution point
Configuration Manager has many options for starting a deployment, but starting via PXE is certainly the most flexible in a large environment. In this section, you enable PXE on the CM01 distribution point.
1. In the Configuration Manager Console, in the Administration workspace, select **Distribution Points**.
2. Right-click the **\\\\CM01.CONTOSO.COM distribution point** and select **Properties**.
3. In the **PXE** tab, select the following settings:
* Enable PXE support for clients
* Allow this distribution point to respond to incoming PXE requests
* Enable unknown computer support
* Require a password when computers use PXE
* Password and Confirm password: Passw0rd!
![figure 12](../images/mdt-06-fig13.png)
Figure 12. Configure the CM01 distribution point for PXE.
4. Using the Configuration Manager Trace Log Tool, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Look for ConfigurePXE and CcmInstallPXE lines.
![figure 13](../images/mdt-06-fig14.png)
Figure 13. The distmgr.log displays a successful configuration of PXE on the distribution point.
5. Verify that you have seven files in each of the folders **E:\\RemoteInstall\\SMSBoot\\x86** and **E:\\RemoteInstall\\SMSBoot\\x64**.
![figure 14](../images/mdt-06-fig15.png)
Figure 14. The contents of the E:\\RemoteInstall\\SMSBoot\\x64 folder after you enable PXE.
## Related topics
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)