deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-11

Browse Source
This commit is contained in:
Evan Miller 2020-03-11 07:53:49 -07:00 committed by GitHub
commit a0edd0a68f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
216 changed files with 3870 additions and 3840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
.openpublishing.redirection.json
View File

@ -1,6 +1,11 @@
{
"redirections": [
{
"source_path": "devices/hololens/hololens-whats-new.md",
"redirect_url": "https://docs.microsoft.com/hololens/hololens-release-notes",
"redirect_document_id": true
},
{
"source_path": "devices/hololens/hololens-upgrade-enterprise.md",
"redirect_url": "https://docs.microsoft.com/hololens/hololens-requirements#upgrade-to-windows-holographic-for-business",
"redirect_document_id": true
@ -1377,11 +1382,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score",
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@ -1727,17 +1727,12 @@
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-defender-atp/overview-secure-score.md",
"source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-defender-atp/secure-score-dashboard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-defender-atp/enable-secure-score.md",
"source_path": "windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": false
},
@ -15612,6 +15607,11 @@
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/windows-analytics-azure-portal.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
@ -15720,6 +15720,26 @@
"source_path": "windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/waas-manage-updates-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/configmgr/osd/deploy-use/manage-windows-as-a-service",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#mdt-lite-touch-components",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/key-features-in-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#key-features-in-mdt",
"redirect_document_id": false
}
]
}

1
.vscode/settings.json vendored
View File

@ -1,5 +1,6 @@
{
"cSpell.words": [
"intune",
"kovter",
"kovter's",
"poshspy"

4
browsers/edge/group-policies/new-tab-page-settings-gp.md
View File

@ -22,8 +22,8 @@ ms.topic: reference
Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads.
>[!NOTE]
>New tab pages do not load while running InPrivate mode.
> [!NOTE]
> New tab pages do not load while running InPrivate mode.
## Relevant group policies

2
browsers/edge/img-microsoft-edge-infographic-lg.md
View File

@ -9,6 +9,8 @@ ms.author: dansimp
author: dansimp
---
# Microsoft Edge Infographic
Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)<br>
Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892)

4
browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
View File

@ -13,8 +13,8 @@ ms.topic: include
By default, all sites open the currently active browser. With this policy, you can automatically open all sites not included in the Enterprise Mode Site List in Microsoft Edge. When you enable this policy, you must also turn on the Internet Explorer\Use the Enterprise Mode IE website list policy and include at least one site in the Enterprise Mode Site List.
>[!NOTE]
>If youve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11.
> [!NOTE]
> If youve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11.
You can find the group policy settings in the following location of the Group Policy Editor:

4
browsers/edge/managing-group-policy-admx-files.md
View File

@ -19,8 +19,8 @@ ms.date: 10/19/2018
ADMX files, which are registry-based policy settings provide an XML-based structure for defining the display of the Administrative Template policy settings in the Group Policy Object Editor. The ADMX files replace ADM files, which used a different markup language.
>[!NOTE]
>The administrative tools you use—Group Policy Object Editor and Group Policy Management Console—remain mostly unchanged. In the majority of situations, you wont notice the presence of ADMX files during your day-to-day Group Policy administration tasks.
> [!NOTE]
> The administrative tools you use—Group Policy Object Editor and Group Policy Management Console—remain mostly unchanged. In the majority of situations, you wont notice the presence of ADMX files during your day-to-day Group Policy administration tasks.
Unlike ADM files, ADMX files are not stored in individual GPOs by default; however, this behavior supports less common scenarios. For domain-based enterprises, you can create a central store location of ADMX files accessible by anyone with permission to create or edit GPOs. Group Policy tools continue to recognize other earlier ADM files you have in your existing environment. The Group Policy Object Editor automatically reads and displays Administrative Template policy settings from both the ADMX and ADM files.

16
browsers/enterprise-mode/set-up-enterprise-mode-portal.md
View File

@ -35,8 +35,8 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all
2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
>[!Note]
>You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
> [!NOTE]
> You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
3. Open File Explorer and then open the **EMIEWebPortal/** folder.
@ -105,8 +105,8 @@ Create a new Application Pool and the website, by using the IIS Manager.
9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**.
>[!Note]
>You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
> [!NOTE]
> You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
10. Return to the **<<i>website_name</i>> Home** pane, and double-click the **Connection Strings** icon.
@ -116,8 +116,8 @@ Create a new Application Pool and the website, by using the IIS Manager.
- **Initial catalog.** The name of your database.
>[!Note]
>Step 3 of this topic provides the steps to create your database.
> [!NOTE]
> Step 3 of this topic provides the steps to create your database.
## Step 3 - Create and prep your database
Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
@ -216,8 +216,8 @@ Register the EMIEScheduler tool and service for production site list changes.
1. Open File Explorer and go to EMIEWebPortal.SchedulerService\EMIEWebPortal.SchedulerService in your deployment directory, and then copy the **App_Data**, **bin**, and **Logs** folders to a separate folder. For example, C:\EMIEService\.
>[!Important]
>If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files.
> [!IMPORTANT]
> If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files.
2. In Visual Studio start the Developer Command Prompt as an administrator, and then change the directory to the location of the InstallUtil.exe file. For example, _C:\Windows\Microsoft.NET\Framework\v4.0.30319_.

4
browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
View File

@ -1,8 +1,8 @@
Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing
centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 wont look for an updated list again until you restart the browser.
>[!NOTE]
>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
> [!NOTE]
> We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
**Group Policy**

14
browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
View File

@ -7,7 +7,8 @@ author: dansimp
ms.prod: ie11
ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.author: dansimp
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
@ -62,15 +63,15 @@ Each XML file must include:
The following is an example of what your XML file should look like when youre done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
```
```xml
<site-list version="205">
<!--- File creation header --->
<!-- File creation header -->
<created-by>
<tool>EnterpriseSitelistManager</tool>
<version>10240</version>
<date-created>20150728.135021</date-created>
</created-by>
<!--- Begin Site List --->
<!-- Begin Site List -->
<site url="www.cpandl.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>MSEdge</open-in>
@ -115,8 +116,3 @@ After youve added all of your sites to the tool and saved the file to XML, yo
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)

4
browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
View File

@ -81,8 +81,8 @@ Every add-on has a Class ID (CLSID) that you use to enable and disable specific
2. From the copied information, select and copy just the **Class ID** value.
>[!NOTE]
>You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
> [!NOTE]
> You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
3. Open the Group Policy Management Editor and go to: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
<br>**-OR-**<br>

30
browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
View File

@ -37,8 +37,8 @@ current version of Internet Explorer.
Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10. If you decide you dont want Internet Explorer 11, and youre running Windows 7 SP1 or Windows Server 2008 R2 with SP1, you can uninstall it from the **View installed updates** section of the **Uninstall an update** page of the Control Panel.
>[!Note]
>If a user installs Internet Explorer 11 and then removes it, it wont be re-offered to that computer through Automatic Updates. Instead, the user will have to manually re-install the app.
> [!NOTE]
> If a user installs Internet Explorer 11 and then removes it, it wont be re-offered to that computer through Automatic Updates. Instead, the user will have to manually re-install the app.
## Internet Explorer 11 automatic upgrades
@ -52,14 +52,14 @@ If you use Automatic Updates in your company, but want to stop your users from a
- **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
>[!Note]
>The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.md).
> [!NOTE]
> The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.md).
- **Use an update management solution to control update deployment.**
If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Microsoft Endpoint Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit.
>[!Note]
>If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](https://support.microsoft.com/kb/946202).
> [!NOTE]
> If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](https://support.microsoft.com/kb/946202).
Additional information on Internet Explorer 11, including a Readiness Toolkit, technical overview, in-depth feature summary, and Internet Explorer 11 download is available on the [Internet Explorer 11 page of the Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge/dn262703.aspx).
@ -81,13 +81,13 @@ Internet Explorer 11 will be released to WSUS as an Update Rollup package. There
4. Click the rule that automatically approves an update that is classified as
Update Rollup, and then click **Edit.**
>[!Note]
>If you dont see a rule like this, you most likely havent configured WSUS to automatically approve Update Rollups for installation. In this situation, you dont have to do anything else.
> [!NOTE]
> If you dont see a rule like this, you most likely havent configured WSUS to automatically approve Update Rollups for installation. In this situation, you dont have to do anything else.
5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
>[!Note]
>The properties for this rule will resemble the following:<ul><li>When an update is in Update Rollups</li><li>Approve the update for all computers</li></ul>
> [!NOTE]
> The properties for this rule will resemble the following:<ul><li>When an update is in Update Rollups</li><li>Approve the update for all computers</li></ul>
6. Clear the **Update Rollup** check box, and then click **OK**.
@ -101,12 +101,12 @@ Internet Explorer 11 will be released to WSUS as an Update Rollup package. There
11. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
12. Choose **Unapproved** in the **Approval**drop down box.
12. Choose **Unapproved** in the **Approval** drop down box.
13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
>[!Note]
>There may be multiple updates, depending on the imported language and operating system updates.
> [!NOTE]
> There may be multiple updates, depending on the imported language and operating system updates.
**Optional**
@ -126,8 +126,8 @@ If you need to reset your Update Rollups packages to auto-approve, do this:
7. Click **OK** to close the **Automatic Approvals** dialog box.
>[!Note]
>Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server wont cause this update to be auto-approved.
> [!NOTE]
> Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server wont cause this update to be auto-approved.
## Additional resources

2
browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
View File

@ -9,6 +9,8 @@ manager: dansimp
ms.author: dansimp
---
# Full-sized flowchart detailing how document modes are chosen in IE11
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)<br>
<p style="overflow: auto;">

16
browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
View File

@ -36,8 +36,8 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all
2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
>[!Note]
>You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
> [!NOTE]
> You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
3. Open File Explorer and then open the **EMIEWebPortal/** folder.
@ -49,8 +49,8 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all
6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution.
>[!Note]
>Step 3 of this topic provides the steps to create your database.
> [!NOTE]
> Step 3 of this topic provides the steps to create your database.
7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
@ -109,8 +109,8 @@ Create a new Application Pool and the website, by using the IIS Manager.
9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**.
>[!Note]
>You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
> [!NOTE]
> You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
## Step 3 - Create and prep your database
Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
@ -209,8 +209,8 @@ Register the EMIEScheduler tool and service for production site list changes.
1. Open File Explorer and go to EMIEWebPortal.SchedulerService\EMIEWebPortal.SchedulerService in your deployment directory, and then copy the **App_Data**, **bin**, and **Logs** folders to a separate folder. For example, C:\EMIEService\.
>[!Important]
>If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files.
> [!IMPORTANT]
> If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files.
2. In Visual Studio start the Developer Command Prompt as an administrator, and then change the directory to the location of the InstallUtil.exe file. For example, _C:\Windows\Microsoft.NET\Framework\v4.0.30319_.

8
browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
View File

@ -85,8 +85,8 @@ To see if the site works in the Internet Explorer 5, Internet Explorer 7, Intern
- Run the site in each document mode until you find the mode in which the site works.
>[!NOTE]
>You will need to make sure the User agent string dropdown matches the same browser version as the Document mode dropdown. For example, if you were testing to see if the site works in Internet Explorer 10, you should update the Document mode dropdown to 10 and the User agent string dropdown to Internet Explorer 10.
> [!NOTE]
> You will need to make sure the User agent string dropdown matches the same browser version as the Document mode dropdown. For example, if you were testing to see if the site works in Internet Explorer 10, you should update the Document mode dropdown to 10 and the User agent string dropdown to Internet Explorer 10.
- If you find a mode in which your site works, you will need to add the site domain, sub-domain, or URL to the Enterprise Mode Site List for the document mode in which the site works, or ask the IT administrator to do so. You can add the *x-ua-compatible* meta tag or HTTP header as well.
@ -116,8 +116,8 @@ If IE8 Enterprise Mode doesn't work, IE7 Enterprise Mode will give you the Compa
If the site works, inform the IT administrator that the site needs to be added to the IE7 Enterprise Mode section.\
>[!NOTE]
>Adding the same Web path to the Enterprise Mode and sections of the Enterprise Mode Site List will not work, but we will address this in a future update.
> [!NOTE]
> Adding the same Web path to the Enterprise Mode and sections of the Enterprise Mode Site List will not work, but we will address this in a future update.
### Update the site for modern web standards

9
browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
View File

@ -28,8 +28,8 @@ ms.localizationpriority: medium
Before you can use a site list with Enterprise Mode, you need to turn the functionality on and set up the system for centralized control. By allowing centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 wont look for an updated list again until you restart the browser.
>[!NOTE]
>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
> [!NOTE]
> We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
**To turn on Enterprise Mode using Group Policy**
@ -64,8 +64,3 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)

12
browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
View File

@ -46,14 +46,6 @@ For IE11, the UI has been changed to provide just the controls needed to support
## Where did the search box go?
IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
>[!NOTE]
>Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
> [!NOTE]
> Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).

26
browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
View File

@ -29,8 +29,8 @@ ms.date: 05/10/2018
The Internet Explorer 11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the **Automatic Updates** feature of Windows Update.
>[!IMPORTANT]
>The IE11 Blocker Toolkit does not stop users from manually installing IE11 from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you have installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
> [!IMPORTANT]
> The IE11 Blocker Toolkit does not stop users from manually installing IE11 from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you have installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
## Install the toolkit
@ -69,13 +69,13 @@ If you use Automatic Updates in your company, but want to stop your users from a
- **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
>[!NOTE]
> [!NOTE]
>The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](https://docs.microsoft.com/internet-explorer/ie11-faq/faq-for-it-pros-ie11).
- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit.
>[!NOTE]
>If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
> [!NOTE]
> If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
### Prevent automatic installation of Internet Explorer 11 with WSUS
@ -90,13 +90,13 @@ Internet Explorer 11 will be released to WSUS as an Update Rollup package. There
4. Click the rule that automatically approves an update that is classified as Update Rollup, and then click **Edit.**
>[!NOTE]
>If you dont see a rule like this, you most likely havent configured WSUS to automatically approve Update Rollups for installation. In this situation, you dont have to do anything else.
> [!NOTE]
> If you dont see a rule like this, you most likely havent configured WSUS to automatically approve Update Rollups for installation. In this situation, you dont have to do anything else.
5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
>[!NOTE]
>The properties for this rule will resemble the following:<ul><li>When an update is in Update Rollups</li><li>Approve the update for all computers</li></ul>
> [!NOTE]
> The properties for this rule will resemble the following:<ul><li>When an update is in Update Rollups</li><li>Approve the update for all computers</li></ul>
6. Clear the **Update Rollup** check box, and then click **OK**.
@ -116,8 +116,8 @@ After the new Internet Explorer 11 package is available for download, you should
6. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
>[!NOTE]
>There may be multiple updates, depending on the imported language and operating system updates.
> [!NOTE]
> There may be multiple updates, depending on the imported language and operating system updates.
### Optional - Reset update rollups packages to auto-approve
@ -135,8 +135,8 @@ After the new Internet Explorer 11 package is available for download, you should
7. Click **OK** to close the **Automatic Approvals** dialog box.
>[!NOTE]
>Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server wont cause this update to be auto-approved.
> [!NOTE]
> Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server wont cause this update to be auto-approved.

12
browsers/internet-explorer/ie11-faq/faq-ieak11.md
View File

@ -36,22 +36,22 @@ You can customize and install IEAK 11 on the following supported operating syste
- Windows Server 2008 R2 Service Pack 1 (SP1)
>[!Note]
>IEAK 11 does not support building custom packages for Windows RT.
> [!NOTE]
> IEAK 11 does not support building custom packages for Windows RT.
**What can I customize with IEAK 11?**
The IEAK 11 enables you to customize branding and settings for Internet Explorer 11. For PCs running Windows 7, the custom package also includes the Internet Explorer executable.
>[!Note]
>Internet Explorer 11 is preinstalled on PCs running Windows 8. Therefore, the executable is not included in the customized package.
> [!NOTE]
> Internet Explorer 11 is preinstalled on PCs running Windows 8. Therefore, the executable is not included in the customized package.
**Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?**
Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
>[!Note]
>IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
> [!NOTE]
> IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
**Q: Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?**<br>
Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:

8
browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
View File

@ -98,14 +98,14 @@ Pressing the **F1** button on the **Automatic Version Synchronization** page of
## Certificate installation does not work on IEAK 11
IEAK 11 doesn't install certificates added using the Add a Root Certificate page of the Internet Explorer Customization Wizard 11. Administrators can manually install certificates using the Certificates Microsoft Management Console snap-in (Certmgr.msc) or using the command-line tool, Certificate Manager (Certmgr.exe).
>[!NOTE]
>This applies only when using the External licensing mode of IEAK 11.
> [!NOTE]
> This applies only when using the External licensing mode of IEAK 11.
## The Additional Settings page appears in the wrong language when using a localized version of IEAK 11
When using IEAK 11 in other languages, the settings on the Additional Settings page appear in the language of the target platform, regardless of the IEAK 11 language.
>[!NOTE]
>This applies only when using the Internal licensing mode of IEAK 11.
> [!NOTE]
> This applies only when using the Internal licensing mode of IEAK 11.
To work around this issue, run the customization wizard following these steps:
1. On the **Language Selection** page, select the language that matches the language of your installed IEAK 11.

4
browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
View File

@ -32,8 +32,8 @@ IEAK 10 and newer includes the ability to install using one of the following ins
- Internal
- External
>[!NOTE]
>IEAK 11 works in network environments, with or without Microsoft Active Directory service.
> [!NOTE]
> IEAK 11 works in network environments, with or without Microsoft Active Directory service.
### Corporations

54
devices/hololens/TOC.md
View File

@ -1,6 +1,6 @@
# [HoloLens overview](index.md)
# [Microsoft HoloLens](index.md)
# Get Started with HoloLens 2
# Get started with HoloLens 2
## [HoloLens 2 hardware](hololens2-hardware.md)
## [Get your HoloLens 2 ready to use](hololens2-setup.md)
## [Set up your HoloLens 2](hololens2-start.md)
@ -16,56 +16,56 @@
## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
# Deploying HoloLens and Mixed Reality Apps in Commercial Environments
## [Deployment planning](hololens-requirements.md)
## [Commercial feature overview](hololens-commercial-features.md)
## [Lincense Requriements](hololens-licenses-requirements.md)
## [Commercial Infrastructure Guidance](hololens-commercial-infrastructure.md)
# Deploy HoloLens and mixed-reality apps in commercial environments
## [Commercial features](hololens-commercial-features.md)
## [Deploy HoloLens in a commercial environment](hololens-requirements.md)
## [Determine what licenses you need](hololens-licenses-requirements.md)
## [Configure your network for HoloLens](hololens-commercial-infrastructure.md)
## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Use a provisioning package to configure HoloLens](hololens-provisioning.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Set up ring based updates for HoloLens](hololens-updates.md)
## [Manage HoloLens updates](hololens-updates.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
# Navigating Windows Holographic
## [Start menu and mixed reality home](holographic-home.md)
## [Use your voice with HoloLens](hololens-cortana.md)
## [Find and save files](holographic-data.md)
## [Create, share, and view photos and video](holographic-photos-and-videos.md)
## [Find, open, and save files](holographic-data.md)
## [Create mixed reality photos and videos](holographic-photos-and-videos.md)
# User management and access management
## [Accounts on HoloLens](hololens-identity.md)
## [Manage user identity and sign-in for HoloLens](hololens-identity.md)
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
## [Set up limited application access](hololens-kiosk.md)
## [Set up HoloLens as a kiosk for specific applications](hololens-kiosk.md)
# Holographic Applications
## [Try 3D Viewer](holographic-3d-viewer-beta.md)
# Holographic applications
## [Use 3D Viewer on HoloLens](holographic-3d-viewer-beta.md)
## [Find, install, and uninstall applications](holographic-store-apps.md)
## [Install and uninstall custom applications](holographic-custom-apps.md)
## [Manage custom apps for HoloLens](holographic-custom-apps.md)
# Accessories and connectivity
## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md)
## [Use the HoloLens (1st gen) clicker](hololens1-clicker.md)
## [Connect to a network](hololens-network.md)
## [Use HoloLens offline](hololens-offline.md)
## [Manage connection endpoints for HoloLens](hololens-offline.md)
# Hologram optics and placement in space
## [Tips for viewing clear Holograms](hololens-calibration.md)
## [Improve visual quality and comfort](hololens-calibration.md)
## [Environment considerations for HoloLens](hololens-environment-considerations.md)
## [Spatial mapping on HoloLens](hololens-spaces.md)
## [Map physical spaces with HoloLens](hololens-spaces.md)
# Update, troubleshoot, or recover HoloLens
## [Update HoloLens](hololens-update-hololens.md)
## [Restart, reset, or recover](hololens-recovery.md)
## [Troubleshoot HoloLens](hololens-troubleshooting.md)
## [Known issues](hololens-known-issues.md)
## [Restart, reset, or recover HoloLens](hololens-recovery.md)
## [Troubleshoot HoloLens issues](hololens-troubleshooting.md)
## [Known issues for HoloLens](hololens-known-issues.md)
## [Frequently asked questions](hololens-faq.md)
## [Frequently asked security questions](hololens-faq-security.md)
## [Hololens services status](hololens-status.md)
## [SCEP Whitepaper](scep-whitepaper.md)
## [Status of the HoloLens services](hololens-status.md)
## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb)
## [SCEP whitepaper](scep-whitepaper.md)
# [Release Notes](hololens-release-notes.md)
# [HoloLens release notes](hololens-release-notes.md)
# [Give us feedback](hololens-feedback.md)
# [Join the Windows Insider program](hololens-insider.md)
# [Insider preview for Microsoft HoloLens](hololens-insider.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

5
devices/hololens/holographic-custom-apps.md
View File

@ -11,12 +11,15 @@ author: mattzmsft
ms.author: mazeller
ms.topic: article
ms.localizationpriority: medium
ms.custom:
- CI 111456
- CSSTroubleshooting
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Install and manage custom applications (non-store)
# Manage custom apps for HoloLens
HoloLens supports many existing applications from the Microsoft Store, as well as new apps built specifically for HoloLens. This article focuses on custom holographic applications.

210
devices/hololens/hololens-FAQ.md
View File

@ -1,5 +1,5 @@
---
title: Frequently asked questions about HoloLens and holograms
title: Frequently asked questions about HoloLens devices and holograms
description: Do you have a quick question about HoloLens or interacting with holograms? This article provides a quick answer and more resources.
keywords: hololens, faq, known issue, help
ms.prod: hololens
@ -9,130 +9,134 @@ ms.author: v-tea
ms.topic: article
audience: ITPro
ms.localizationpriority: medium
ms.date: 10/30/2019
ms.date: 02/27/2020
ms.reviewer:
ms.custom:
- CI 114606
- CSSTroubleshooting
manager: jarrettr
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# HoloLens and holograms: Frequently asked questions
# Frequently asked questions about HoloLens devices and holograms
Here are some answers to questions you might have about using HoloLens, placing holograms, working with spaces, and more.
This article answers some questions that you may have about how to use HoloLens, including how to place holograms, work with spaces, and more.
Any time you're having problems, make sure HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see if that fixes things. And please use the Feedback app to send us info about the issue&mdash;you'll find it on the [**Start** menu](holographic-home.md).
Any time that you have problems, make sure that HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see whether that fixes things. And please use the Feedback app to send us information about the issue. You'll find the Feedback app on the [**Start** menu](holographic-home.md).
For tips about wearing your HoloLens, see [HoloLens fit and comfort: FAQ](https://support.microsoft.com/help/13405/hololens-fit-and-comfort-faq).
For tips about hwo to wear your HoloLens, see [HoloLens (1st gen) fit and comfort frequently asked questions](hololens1-fit-comfort-faq.md).
This FAQ addresses the following questions and issues:
This article addresses the following questions and issues:
<a id="list"></a>
- [My holograms don't look right or are moving around](#my-holograms-dont-look-right-or-are-moving-around)
- [I see a message that says "Finding your space"](#i-see-a-message-that-says-finding-your-space)
- [I'm not seeing the holograms I expect to see in my space](#im-not-seeing-the-holograms-i-expect-to-see-in-my-space)
- [I can't place holograms where I want](#i-cant-place-holograms-where-i-want)
- [I'm not seeing the holograms that I expect to see in my space](#im-not-seeing-the-holograms-that-i-expect-to-see-in-my-space)
- [I can't place holograms where I want to](#i-cant-place-holograms-where-i-want-to)
- [Holograms disappear or are encased in other holograms or objects](#holograms-disappear-or-are-encased-in-other-holograms-or-objects)
- [I can see holograms that are on the other side of a wall](#i-can-see-holograms-that-are-on-the-other-side-of-a-wall)
- [When I place a hologram on a wall, it seems to float](#when-i-place-a-hologram-on-a-wall-it-seems-to-float)
- [When I place a hologram on a wall, the hologram seems to float](#when-i-place-a-hologram-on-a-wall-the-hologram-seems-to-float)
- [Apps appear too close to me when I'm trying to move them](#apps-appear-too-close-to-me-when-im-trying-to-move-them)
- [I'm getting a low disk space error](#im-getting-a-low-disk-space-error)
- [HoloLens doesn't respond to my gestures](#hololens-doesnt-respond-to-my-gestures)
- [HoloLens doesn't respond to my voice](#hololens-doesnt-respond-to-my-voice)
- [I'm having problems pairing or using a Bluetooth device](#im-having-problems-pairing-or-using-a-bluetooth-device)
- [I'm having problems with the HoloLens clicker](#im-having-problems-with-the-hololens-clicker)
- [HoloLens Settings lists devices as available, but the devices don't work](#hololens-settings-lists-devices-as-available-but-the-devices-dont-work)
- [I'm having problems using the HoloLens clicker](#im-having-problems-using-the-hololens-clicker)
- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi)
- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start)
- [HoloLens Management Questions](#hololens-management-questions)
- [HoloLens Security Questions](#hololens-security-questions)
- [I can't sign in to a HoloLens device because it was previously set up for someone else](#i-cant-sign-in-to-a-hololens-device-because-it-was-previously-set-up-for-someone-else)
- [Questions about managing HoloLens devices](#questions-about-managing-hololens-devices)
- [Questions about securing HoloLens devices](#questions-about-securing-hololens-devices)
- [How do I delete all spaces?](#how-do-i-delete-all-spaces)
- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator)
- [I can't log in to a HoloLens because it was previously set up for someone else](#i-cant-log-in-to-a-hololens-because-it-was-previously-set-up-for-someone-else)
## My holograms don't look right or are moving around
If your holograms don't look right (for example, they're jittery or shaky, or you see black patches on top of them), try one of these fixes:
- [Clean your device visor](hololens1-hardware.md#care-and-cleaning) and make sure nothing is blocking the sensors.
- Make sure you're in a well-lit room without a lot of direct sunlight.
- Try walking around and gazing at your surroundings so HoloLens can scan them more completely.
- Make sure that you're in a well-lit room that does not have a lot of direct sunlight.
- Try walking around and gazing at your surroundings so that HoloLens can scan them more completely.
- If you've placed a lot of holograms, try removing some.
If you're still having problems, trying running the Calibration app, which calibrates your HoloLens just for you, to help keep your holograms looking their best. Go to **Settings **>** System **>** Utilities**. Under Calibration, select **Open Calibration**.
If you're still having problems, trying running the Calibration app. This app calibrates your HoloLens just for you to help keep your holograms looking their best. To do this, go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**.
[Back to list](#list)
## I see a message that says Finding your space
## I see a message that says "Finding your space"
When HoloLens is learning or loading a space, you might see a brief message that says "Finding your space." If this message continues for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space."
When HoloLens is learning or loading a space, you may see a brief message that says "Finding your space." If this message displays for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space."
These messages mean that HoloLens is having trouble mapping your space. When this happens, you'll be able to open apps, but you won't be able to place holograms in your environment.
These messages mean that HoloLens is having trouble mapping your space. When this happens, you can open apps, but you can't place holograms in your environment.
If you see these messages often, try the following:
If you see these messages often, try one or more of the following fixes:
- Make sure you're in a well-lit room without a lot of direct sunlight.
- Make sure your device visor is clean. [Learn how](hololens1-hardware.md#care-and-cleaning).
- Make sure you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings **> **Network &amp; Internet** >** Wi-Fi**.
- Make sure that you're in a well-lit room that does not have a lot of direct sunlight.
- Make sure that your device visor is clean. [Learn how to clean your visor](hololens1-hardware.md#care-and-cleaning).
- Make sure that you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak Wi-Fi signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings** > **Network &amp; Internet** > **Wi-Fi**.
- Try moving more slowly.
[Back to list](#list)
## I'm not seeing the holograms I expect to see in my space
## I'm not seeing the holograms that I expect to see in my space
If you don't see holograms you placed, or you're seeing some you don't expect, try the following:
If you don't see the holograms that you placed, or if you're seeing some that you don't expect, try one or more of the following fixes:
- Try turning on some lights. HoloLens works best in a well-lit space.
- Remove holograms you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**.
- Turn on some lights. HoloLens works best in a well-lit space.
- Remove holograms that you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**.
> [!NOTE]
> If the layout or lighting in your space changes significantly, your device might have trouble identifying your space and showing your holograms.
[Back to list](#list)
## I can't place holograms where I want
## I can't place holograms where I want to
Here are some things to try if you're having trouble placing holograms:
- Stand about 1 to 3 meters from where you're trying to place the hologram.
- Stand between one and three meters from where you're trying to place the hologram.
- Don't place holograms on black or reflective surfaces.
- Make sure you're in a well-lit room without a lot of direct sunlight.
- Make sure that you're in a well-lit room that does not have a lot of direct sunlight.
- Walk around the rooms so HoloLens can rescan your surroundings. To see what's already been scanned, air tap to reveal the mapping mesh graphic.
[Back to list](#list)
## Holograms disappear or are encased in other holograms or objects
If you get too close to a hologram, it will temporarily disappear&mdash;just move away from it. Also, if you've placed a lot of holograms close together, some may disappear. Try removing a few.
If you get too close to a hologram, it will temporarily disappear&mdash;to restore the hologram, just move away from it. Also, if you've placed several holograms close together, some may disappear. Try removing a few.
Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following:
Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following fixes:
- If the hologram is encased in another hologram, move it to another location: select **Adjust**, then tap and hold to position it.
- If the hologram is encased in another hologram, move the encased hologram to another location. To do this, select **Adjust**, then tap and hold to position it.
- If the hologram is encased in a wall, select **Adjust**, then walk toward the wall until the hologram appears. Tap and hold, then pull the hologram forward and out of the wall.
- If you can't move the hologram with gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen it and place it in a new location.
- If you can't move the hologram by using gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen the hologram and place it in a new location.
[Back to list](#list)
## I can see holograms that are on the other side of a wall
If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you'll be able to see holograms that are in the next room. Stand 1 to 3 meters from the wall and gaze to scan it.
If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you can see holograms that are in the next room. To scan the wall, stand between one and three meters from the wall and gaze at it.
If HoloLens has problems scanning the wall, it might be because there's a black or reflective object nearby (for example, a black couch or a stainless steel refrigerator). If there is, scan the other side of the wall.
A black or reflective object (for example, a black couch or a stainless steel refrigerator) near the wall may cause problems when HoloLens tries to scan the wall. If there is such an object, scan the other side of the wall.
[Back to list](#list)
## When I place a hologram on a wall, it seems to float
## When I place a hologram on a wall, the hologram seems to float
Holograms placed on walls will appear to be an inch or so away from the wall. If they appear farther away, try the following:
A hologram that you place on a wall typically appears to be an inch or so away from the wall. If it appears to be farther away, try one or more of the following fixes:
- Stand 1 to 3 meters from the wall when you place a hologram and face the wall straight on.
- Air tap the wall to reveal the mapping mesh graphic. Make sure the mesh is lined up with the wall. If it isn't, remove the hologram, rescan the wall, and try again.
- When you place a hologram on a wall, stand between one and three meters from the wall and face the wall straight on.
- Air tap the wall to reveal the mapping mesh graphic. Make sure that the mesh aligns with the wall. If it doesn't, remove the hologram, rescan the wall, and then try again.
- If the issue persists, run the Calibration app. You'll find it in **Settings** > **System** > **Utilities**.
[Back to list](#list)
## Apps appear too close to me when I'm trying to move them
Try walking around and looking at the area where you're placing the app so HoloLens will scan it from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help.
Try walking around and looking at the area where you're placing the app so that HoloLens scans the area from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help.
[Back to list](#list)
@ -140,30 +144,36 @@ Try walking around and looking at the area where you're placing the app so HoloL
Free up some storage space by doing one or more of the following:
- Remove some of the holograms you've placed, or remove some saved data from within apps. [How do I find my data?](holographic-data.md)
- Remove some of the holograms that you've placed, or remove some saved data from within apps. [How do I find my data?](holographic-data.md)
- Delete some pictures and videos in the Photos app.
- Uninstall some apps from your HoloLens. In the All apps list, tap and hold the app you want to uninstall, then select **Uninstall**. (This will also delete any of the app's data stored on the device.)
- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, then select **Uninstall**. (Uninstalling the app also deletes any data that the app stores on the device.)
[Back to list](#list)
## HoloLens doesn't respond to my gestures
To make sure HoloLens can see your gestures, keep your hand in the gesture frame, which extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor will change from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md).
To make sure that HoloLens can see your gestures, keep your hand in the gesture frame. The gesture frame extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor changes from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md).
[Back to list](#list)
## HoloLens doesn't respond to my voice
If your HoloLens is not responding to your voice, make sure Speech recognition is on. Go to **Start > Settings > Privacy > Speech** and turn on **Speech recognition**.
HoloLens (1st gen) and HoloLens 2 have built-in speech recognition, and also support Cortana (online speech recognition).
> [!NOTE]
> This setting isn't available on HoloLens (1st Gen) because speech recognition is always on and cannot be disabled
### Built-in voice commands do not work
If Cortana isn't responding to your voice, make sure Cortana is on by enabling **Online speech recognition** in that same menu.
On HoloLens (1st gen), built-in speech recognition is not configurable. It is always turned on. On HoloLens 2, you can choose whether to turn on both speech recognition and Cortana during device setup.
- You can also easily reach this menu on HoloLens 2 by selecting the "Speech settings" button, or saying "Speech settings" while in the start menu after enabling Speech recognition.
If your HoloLens 2 is not responding to your voice, make sure Speech recognition is turned on. Go to **Start** > **Settings** > **Privacy** > **Speech** and turn on **Speech recognition**.
- If Cortana is still not responding after enabling Online speech recognition, In the **All apps** list, select and launch **Cortana** > select **Menu** > **Notebook** > **Settings** to make changes.
### Cortana or Dictation doesn't work
If Cortana or Dictation isn't responding to your voice, make sure online speech recognition is turned on. Go to **Start** > **Settings** > **Privacy** > **Speech** and verify the **Online speech recognition** settings.
If Cortana is still not responding, do one of the following to verify that Cortana itself is turned on:
- In **All apps**, select **Cortana** > select **Menu** > **Notebook** > **Settings** to make changes.
- On HoloLens 2, select the **Speech settings** button or say "Speech settings."
To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
@ -173,42 +183,46 @@ To learn more about what you can say, see [Use your voice with HoloLens](hololen
If you're having problems [pairing a Bluetooth device](hololens-connect-devices.md), try the following:
- Go to **Settings** > **Devices** and make sure Bluetooth is turned on. If it is, try turning if off and on again.
- Make sure your Bluetooth device is fully charged or has fresh batteries.
- If you still can't connect, [restart your HoloLens](hololens-recovery.md).
If you're having trouble using a Bluetooth device, make sure it's a supported device. Supported devices include:
- English-language QWERTY Bluetooth keyboards, which can be used anywhere you use the holographic keyboard.
- Bluetooth mice.
- The [HoloLens clicker](hololens1-clicker.md).
Other Bluetooth HID and GATT devices can be paired, but they might require a companion app from Microsoft Store to work with HoloLens.
HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported.
- Go to **Settings** > **Devices**, and make sure that Bluetooth is turned on. If it is, turn it off and on again.
- Make sure that your Bluetooth device is fully charged or has fresh batteries.
- If you still can't connect, [restart the HoloLens](hololens-recovery.md).
[Back to list](#list)
## I'm having problems with the HoloLens clicker
## HoloLens Settings lists devices as available, but the devices don't work
Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Additional clicker gestures may vary from app to app.
HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported.
If you're having trouble using the clicker, make sure its charged and paired with your HoloLens. If the battery is low, the indicator light will blink amber. To see if its paired, go to **Settings** > **Devices** and see if it shows up there. [Pair the clicker](hololens-connect-devices.md#pair-the-clicker).
If you're having trouble using a Bluetooth device, make sure that it's a supported device. Supported devices include the following:
- English-language QWERTY Bluetooth keyboards (you can use these anywhere that you use the holographic keyboard).
- Bluetooth mice.
- The [HoloLens clicker](hololens1-clicker.md).
You can pair other Bluetooth HID and GATT devices together with your HoloLens. However, you may have to install corresponding companion apps from Microsoft Store to actually use the devices.
[Back to list](#list)
## I'm having problems using the HoloLens clicker
Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Individial apps may support additional clicker gestures.
If you're having trouble using the clicker, make sure that it's charged and paired with your HoloLens. If the battery is low, the indicator light blinks amber. To verify that the clicker is paired, go to **Settings** > **Devices** and see if it shows up there. For more information, see [Pair the clicker](hololens-connect-devices.md#pair-the-clicker).
If the clicker is charged and paired and you're still having problems, reset it by holding down the main button and the pairing button for 15 seconds. Then pair the clicker with your HoloLens again.
If that doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker).
If resetting the clicker doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker).
[Back to list](#list)
## I can't connect to Wi-Fi
Here are some things to try if you can't connect to Wi-Fi on HoloLens:
Here are some things to try if you can't connect your HoloLens to a Wi-Fi network:
- Make sure Wi-Fi is turned on. Preform a Start gesture to open the menu, then select **Settings** > **Network &amp; Internet** > **Wi-Fi** to check. If Wi-Fi is on, try turning it off and on again.
- Make sure that Wi-Fi is turned on. To check, use the Start gesture, then select **Settings** > **Network &amp; Internet** > **Wi-Fi**. If Wi-Fi is on, try turning it off and then on again.
- Move closer to the router or access point.
- Restart your Wi-Fi router, then [restart HoloLens](hololens-recovery.md). Try connecting again.
- If none of these things work, check to make sure your router is using the latest firmware. You can find this information on the manufacturers website.
- If none of these things work, check to make sure that your router is using the latest firmware. You can find this information on the manufacturer website.
[Back to list](#list)
@ -218,35 +232,51 @@ If your device isn't performing properly, see [Restart, reset, or recover HoloLe
[Back to list](#list)
## I can't sign in to a HoloLens device because it was previously set up for someone else
## I can't log in to a HoloLens because it was previously set up for someone else
If your device was previously set up for someone else, either for a client or for a former employee, and you don't have their password to unlock the device, you can do one of the following:
If your device was previously set up for someone else, either a client or former employee and you don't have their password to unlock the device there are two solutions.
- If your device is MDM managed by Intune then you can remotely [Wipe](https://docs.microsoft.com/intune/remote-actions/devices-wipe) the device and it'll reflash itself. Make sure to leave **Retain enrollment state and user account** unchecked.
- If you have the device with you then you can put the device into **Flashing Mode** and use Advanced Recovery Companion to [recover](https://docs.microsoft.com/hololens/hololens-recovery) the device.
- For a device that is enrolled in Intune mobile device management (MDM), you can use Intune to remotely [wipe](https://docs.microsoft.com/intune/remote-actions/devices-wipe) the device. The device then re-flashes itself.
> [!IMPORTANT]
> When you wipe the device, make sure to leave **Retain enrollment state and user account** unchecked.
- For a non-MDM device, you can [put the device into **Flashing Mode** and use Advanced Recovery Companion](hololens-recovery.md#re-install-the-operating-system) to recover the device.
[Back to list](#list)
## HoloLens Management Questions
## Questions about managing HoloLens devices
1. **Can I use SCCM to manage the HoloLens?**
1. No. An MDM must be used to manage the HoloLens
1. **Can I use Active Directory to manage HoloLens user accounts?**
1. No, Azure AD must be used to manage user accounts.
1. **Is the HoloLens capable of ADCS auto enrollment?**
1. No
1. **Can the HoloLens participate in WNA/IWA?**
1. No
1. **Does the HoloLens support branding?**
1. No. However, one work around is to create a custom app and enable Kiosk mode. The custom app can have branding which can then launch other apps (such as Remote Assist). Another option is to change all of the users profile pictures in AAD to your company logo. (However, this may not be desirable for all scenarios)
1. **What logging capabilities are available on HL1 and HL2?**
1. Logging is limited to traces captured in developer/troubleshooting scenarios or telemetry sent to Microsoft servers.
### Can I use System Center Configuration Manager (SCCM) to manage HoloLens devices?
No. You have to use an MDM system to manage HoloLens devices.
### Can I use Active Directory Domain Services (AD DS) to manage HoloLens user accounts?
No. You have to use Azure Active Directory (AAD) to manage user accounts for HoloLens devices.
### Is HoloLens capable of Automated Data Capture Systems (ADCS) auto-enrollment?
No.
### Can HoloLens participate in Integrated Windows Authentication?
No.
### Does HoloLens support branding?
No. However, you can work around this issue by using one of the following approaches:
- Create a custom app, and then [enable Kiosk mode](hololens-kiosk.md). The custom app can have branding, and can launch other apps (such as Remote Assist).
- Change all of the user profile pictures in AAD to your company logo. However, this may not be desirable for all scenarios.
### What logging capabilities do HoloLens (1st gen) and HoloLens 2 offer?
Logging is limited to traces that can be captured in development or troubleshooting scenarios, or telemetry that the devices send to Microsoft servers.
[Back to list](#list)
## HoloLens Security Questions
## Questions about securing HoloLens devices
Frequently asked security questions can be found [here](hololens-faq-security.md).
See [frequently asked questions about securing HoloLens devices](hololens-faq-security.md).
[Back to list](#list)

13
devices/hololens/hololens-commercial-features.md
View File

@ -5,6 +5,9 @@ keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk m
author: scooley
ms.author: scooley
ms.date: 08/26/2019
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.topic: article
audience: ITPro
ms.prod: hololens
@ -40,7 +43,7 @@ HoloLens (1st gen) came with two licensing options, the developer license and a
- **Windows Update for Business.** Windows Update for Business provides controlled operating system updates to devices and support for the long-term servicing channel.
- **Data security.** BitLocker data encryption is enabled on HoloLens to provide the same level of security protection as any other Windows device.
- **Work access.** Anyone in your organization can remotely connect to the corporate network through virtual private network (VPN) on a HoloLens. HoloLens can also access Wi-Fi networks that require credentials.
- **Microsoft Store for Business.** Your IT department can also set up an enterprise private store, containing only your companys apps for your specific HoloLens usage. Securely distribute your enterprise software to selected group of enterprise users.
- **Microsoft Store for Business.** Your IT department can also set up an enterprise private store, containing only your company's apps for your specific HoloLens usage. Securely distribute your enterprise software to selected group of enterprise users.
## Feature comparison between editions
@ -48,7 +51,7 @@ HoloLens (1st gen) came with two licensing options, the developer license and a
|---|:---:|:---:|:---:|
|Device Encryption (BitLocker) | |✔️ |✔️ |
|Virtual Private Network (VPN) | |✔️ |✔️ |
|[Kiosk mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#kiosk-mode) | |✔️ |✔️ |
|[Kiosk mode](hololens-kiosk.md) | |✔️ |✔️ |
|**Management and deployment** | | | |
|Mobile Device Management (MDM) | |✔️ |✔️ |
|Ability to block unenrollment | |✔️ |✔️ |
@ -67,12 +70,12 @@ HoloLens (1st gen) came with two licensing options, the developer license and a
## Enabling commercial features
Your organization's IT admin can set up commercial features such as Microsoft Store for Business, kiosk mode, and enterprise Wi-Fi access. The [Microsoft HoloLens](https://docs.microsoft.com/hololens) documentation provides step-by-step instructions for enrolling devices and installing apps from Microsoft Store for Business.
Your organization's IT admin can set up commercial features such as Microsoft Store for Business, kiosk mode, and enterprise Wi-Fi access. The [Microsoft HoloLens](index.md) documentation provides step-by-step instructions for enrolling devices and installing apps from Microsoft Store for Business.
## See also
- [Microsoft HoloLens](https://docs.microsoft.com/hololens)
- [Kiosk mode](/windows/mixed-reality/using-the-windows-device-portal.md#kiosk-mode)
- [Microsoft HoloLens](index.md)
- [Kiosk mode](hololens-kiosk.md)
- [CSPs supported in HoloLens devices](/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices)
- [Microsoft Store For Business and line of business applications](https://blogs.technet.microsoft.com/sbucci/2016/04/13/windows-store-for-business-and-line-of-business-applications/)
- [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps)

21
devices/hololens/hololens-faq-security.md
View File

@ -11,15 +11,18 @@ ms.sitesec: library
ms.topic: article
audience: ITPro
ms.localizationpriority: high
ms.custom:
- CI 111456
- CSSTroubleshooting
manager: bradke
appliesto:
- HoloLens 1 (1st gen)
- HoloLens 2
---
# Frequently Asked Security Questions
# Frequently asked questions about HoloLens security
## HoloLens 1st Gen Security Questions
## HoloLens (1st gen) Security Questions
1. **What type of wireless is used?**
1. 802.11ac and Bluetooth 4.1 LE
@ -67,9 +70,9 @@ appliesto:
1. This is something that can be managed on the infrastructure level by either an MDM or an on-prem server. The device can be flagged as not compliant if it does not meet a specified Update version.
1. **Does Microsoft include any back doors or access to services that allows Microsoft to connect to the device for screen sharing or remote support at will?**
1. No
1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know its only on that device, unique to that device, and cant be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string thats sent to the client.
1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldnt be verified on a different device, rendering the certs/key unusable on different devices.
1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client.
1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices.
1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?**
1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities.
@ -87,7 +90,7 @@ appliesto:
1. **Can the device blacklist or white list specific frequencies?**
1. This is not controllable by the user/device
1. **What is the power level for both transmit and receive? Is it adjustable? What is the range of operation?**
1. Wireless power levels depend on the channel of operation. Devices are calibrated to perform at the highest power levels allowed based on the regions regulatory rules.
1. Wireless power levels depend on the channel of operation. Devices are calibrated to perform at the highest power levels allowed based on the region's regulatory rules.
1. **What is the duty cycle/lifetime for normal operation?**
1. *Currently unavailable.*
1. **What is transmit and receive behavior when a tool is not in range?**
@ -119,8 +122,8 @@ appliesto:
1. This is something that can be managed on the infrastructure level by either an MDM or an on-prem server. The device can be flagged as not compliant if it does not meet a specified Update version.
1. **Does Microsoft include any back doors or access to services that allows Microsoft to connect to the device for screen sharing or remote support at will?**
1. No
1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know its only on that device, unique to that device, and cant be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string thats sent to the client.
1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldnt be verified on a different device, rendering the certs/key unusable on different devices.
1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client.
1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices.
1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?**
1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities.

11
devices/hololens/hololens-identity.md
View File

@ -1,12 +1,15 @@
---
title: Managing user identity and login on HoloLens
description: Manage user identity, security, and login on HoloLens.
title: Manage user identity and sign-in for HoloLens
description: Manage user identity, security, and sign-in for HoloLens.
keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference
ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e
author: scooley
ms.author: scooley
ms.date: 1/6/2019
ms.date: 1/6/2020
ms.prod: hololens
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.topic: article
ms.sitesec: library
ms.topic: article
@ -18,7 +21,7 @@ appliesto:
- HoloLens 2
---
# User identity and signin
# Manage user identity and sign-in for HoloLens
> [!NOTE]
> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".

15
devices/hololens/hololens-insider.md
View File

@ -1,11 +1,14 @@
---
title: Insider preview for Microsoft HoloLens (HoloLens)
description: Its simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens.
title: Insider preview for Microsoft HoloLens
description: It's simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens.
ms.prod: hololens
ms.sitesec: library
author: scooley
ms.author: scooley
ms.topic: article
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.localizationpriority: medium
audience: ITPro
ms.date: 1/6/2020
@ -17,13 +20,13 @@ appliesto:
# Insider preview for Microsoft HoloLens
Welcome to the latest Insider Preview builds for HoloLens! Its simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
Welcome to the latest Insider Preview builds for HoloLens! It's simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
## Start receiving Insider builds
On a HoloLens 2 device go to **Settings** -> **Update & Security** -> **Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider.
Then, select **Active development of Windows**, choose whether youd like to receive **Fast** or **Slow** builds, and review the program terms.
Then, select **Active development of Windows**, choose whether you'd like to receive **Fast** or **Slow** builds, and review the program terms.
Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build.
@ -46,7 +49,7 @@ To opt out of Insider builds:
Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
> [!NOTE]
> Be sure to accept the prompt that asks whether youd like Feedback Hub to access your Documents folder (select **Yes** when prompted).
> Be sure to accept the prompt that asks whether you'd like Feedback Hub to access your Documents folder (select **Yes** when prompted).
## Note for developers
@ -68,7 +71,7 @@ Here's a quick summary of what's new:
- Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device
Once youve had a chance to explore these new capabilities, use the Feedback Hub app to let us know what you think. Feedback you provide in the Feedback Hub goes directly to our engineers.
Once you've had a chance to explore these new capabilities, use the Feedback Hub app to let us know what you think. Feedback you provide in the Feedback Hub goes directly to our engineers.
### FIDO 2 support
Many of you share a HoloLens with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long user names and passwords. FIDO lets anyone in your organization (AAD tenant) seamlessly sign in to HoloLens without entering a username or password.

12
devices/hololens/hololens-kiosk.md
View File

@ -1,5 +1,5 @@
---
title: Set up HoloLens in kiosk mode (HoloLens)
title: Set up HoloLens as a kiosk for specific applications
description: Use a kiosk configuration to lock down the apps on HoloLens.
ms.prod: hololens
ms.sitesec: library
@ -8,15 +8,21 @@ ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/13/2018
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.reviewer:
manager: dansimp
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Set up HoloLens in kiosk mode
# Set up HoloLens as a kiosk for specific applications
In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don't need to access.
Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the [start gestures](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) (including [Bloom](https://docs.microsoft.com/hololens/hololens1-basic-usage) on HoloLens (1st Gen)) and Cortana are disabled, and placed apps aren't shown in the user's surroundings.

19
devices/hololens/hololens-known-issues.md
View File

@ -1,11 +1,14 @@
---
title: HoloLens known issues
title: Known issues for HoloLens
description: This is the list of known issues that may affect HoloLens developers.
keywords: troubleshoot, known issue, help
author: mattzmsft
ms.author: mazeller
ms.date: 8/30/2019
ms.topic: article
ms.custom:
- CI 111456
- CSSTroubleshooting
HoloLens and holograms: Frequently asked questions
manager: jarrettr
ms.prod: hololens
@ -13,7 +16,7 @@ appliesto:
- HoloLens 1
---
# HoloLens known issues
# Known issues for HoloLens
This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
@ -70,7 +73,7 @@ Our team is currently working on a fix. In the meantime, you can use the followi
1. Select **Build** > **Build Solution**.
1. Open a Command Prompt Window and cd to the folder that contains the compiled .exe file (for example, C:\MyProjects\HoloLensDeploymentFix\bin\Debug)
1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the devices Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1"
1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the device's Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1"
1. After the tool has exited without any messages (this should only take a few seconds), you will now be able to deploy and debug from Visual Studio 2017 or newer. Continued use of the tool is not necessary.
@ -84,9 +87,9 @@ We will provide further updates as they become available.
You may experience issues when trying to launch the Microsoft Store and apps on HoloLens. We've determined that the issue occurs when background app updates deploy a newer version of framework packages in specific sequences while one or more of their dependent apps are still running. In this case, an automatic app update delivered a new version of the .NET Native Framework (version 10.0.25531 to 10.0.27413) caused the apps that are running to not correctly update for all running apps consuming the prior version of the framework. The flow for framework update is as follows:
1. The new framework package is downloaded from the store and installed
1. All apps using the older framework are updated to use the newer version
1. All apps using the older framework are 'updated' to use the newer version
If step 2 is interrupted before completion then any apps for which the newer framework wasnt registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue.
If step 2 is interrupted before completion then any apps for which the newer framework wasn't registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue.
Some users have reported that closing hung apps and launching other apps such as Feedback Hub, 3D Viewer or Photos resolves the issue for them&mdash;however, this does not work 100% of the time.
@ -112,10 +115,10 @@ If you would not like to take the update, we have released a new version of the
If your device is still unable to load apps, you can sideload a version of the .NET Native Framework and Runtime through the download center by following these steps:
1. Please download [this zip file](https://download.microsoft.com/download/8/5/C/85C23745-794C-419D-B8D7-115FBCCD6DA7/netfx_1.7.zip) from the Microsoft Download Center. Unzipping will produce two files. Microsoft.NET.Native.Runtime.1.7.appx and Microsoft.NET.Native.Framework.1.7.appx
1. Please verify that your device is dev unlocked. If you havent done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
1. Please verify that your device is dev unlocked. If you haven't done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
1. You then want to get into the Windows Device Portal. Our recommendation is to do this over USB and you would do that by typing http://127.0.0.1:10080 into your browser.
1. After you have the Windows Device Portal up we need you to “side load” the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**.
1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on “Go” under the Deploy section. Then do this for the second APPX file.
1. After you have the Windows Device Portal up we need you to "side load" the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**.
1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on "Go" under the Deploy section. Then do this for the second APPX file.
![Windows Device Portal to Install Side-Loaded app](images/20190322-DevicePortal.png)
1. At this point we believe your applications should start working again and that you can also get to the Store.

4
devices/hololens/hololens-licenses-requirements.md
View File

@ -23,7 +23,7 @@ appliesto:
If you plan on managing your HoloLens devices, you will need Azure AD and an MDM. Active Director (AD) cannot be used to manage HoloLens devices.
If you plan on using an MDM other than Intune, an [Azure Active Directory Licenses](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) is required.
If you plan on using Intune as your MDM, you can acquire an [Enterprise Mobility + Security (EMS) suite (E3 or E5) licenses](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing). **Please note that Azure AD is included in both suites.**
If you plan on using Intune as your MDM, [here](https://docs.microsoft.com/intune/fundamentals/licenses) are a list of suites that includes Intune licenses. **Please note that Azure AD is included in the majority of these suites.**
## Identify the licenses needed for your scenario and products
@ -44,6 +44,8 @@ Make sure you have the required licensing and device. Updated licensing and prod
1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
If you plan on implementing **[this cross-tenant scenario](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/cross-tenant-overview#scenario-2-leasing-services-to-other-tenants)**, you may need an Information Barriers license. Please see [this article](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/cross-tenant-licensing-implementation#step-1-determine-if-information-barriers-are-necessary) to determine if an Information Barrier License is required.
### Guides License Requirements
Updated licensing and device requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/guides/requirements).

1
devices/hololens/hololens-network.md
View File

@ -5,7 +5,6 @@ ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d
author: mattzmsft
ms.author: mazeller
keywords: HoloLens, wifi, wireless, internet, ip, ip address
ms.date: 02/27/2020
ms.prod: hololens
ms.sitesec: library
ms.localizationpriority: high

11
devices/hololens/hololens-offline.md
View File

@ -5,9 +5,12 @@ keywords: hololens, offline, OOBE
audience: ITPro
ms.date: 07/01/2019
ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
author: v-miegge
ms.author: v-miegge
manager: v-miegge
author: Teresa-Motiv
ms.author: v-tea
ms.custom:
- CI 111456
- CSSTroubleshooting
manager: jarrettr
ms.topic: article
ms.prod: hololens
ms.sitesec: library
@ -19,7 +22,7 @@ appliesto:
# Manage connection endpoints for HoloLens
Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be whitelisted in your network configuratiion (e.g. proxy or firewall) for those components to be functional.
Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be whitelisted in your network configuration (e.g. proxy or firewall) for those components to be functional.
## Near-offline setup

8
devices/hololens/hololens-provisioning.md
View File

@ -1,8 +1,13 @@
---
title: Configure HoloLens by using a provisioning package (HoloLens)
description: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging.
ms.prod: hololens
ms.sitesec: library
ms.custom:
- CI 111456
- CSSTroubleshooting
author: dansimp
ms.author: dansimp
ms.topic: article
@ -13,6 +18,9 @@ ms.localizationpriority: medium
ms.date: 03/10/2020
ms.reviewer: Teresa-Motiv
manager: dansimp
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Configure HoloLens by using a provisioning package

29
devices/hololens/hololens-recovery.md
View File

@ -1,5 +1,5 @@
---
title: Reset or recover your HoloLens
title: Restart, reset, or recover HoloLens
ms.reviewer: Both basic and advanced instructions for rebooting or resetting your HoloLens.
description: How to use Advanced Recovery Companion to flash an image to HoloLens 2.
keywords: how-to, reboot, reset, recover, hard reset, soft reset, power cycle, HoloLens, shut down, arc, advanced recovery companion
@ -8,6 +8,9 @@ ms.sitesec: library
author: mattzmsft
ms.author: mazeller
ms.date: 08/30/2019
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.topic: article
ms.localizationpriority: high
manager: jarrettr
@ -18,9 +21,9 @@ appliesto:
# Restart, reset, or recover HoloLens
If youre experiencing problems with your HoloLens you may want to try a restart, reset, or even re-flash with device recovery.
If you're experiencing problems with your HoloLens you may want to try a restart, reset, or even re-flash with device recovery.
Here are some things to try if your HoloLens isnt running well. This article will guide you through the recommended recovery steps in succession.
Here are some things to try if your HoloLens isn't running well. This article will guide you through the recommended recovery steps in succession.
This article focuses on the HoloLens device and software, if your holograms don't look right, [this article](hololens-environment-considerations.md) talks about environmental factors that improve hologram quality.
@ -33,9 +36,9 @@ First, try restarting the device.
The safest way to restart the HoloLens is by using Cortana. This is generally a great first-step when experiencing an issue with HoloLens:
1. Put on your device
1. Make sure its powered on, a user is logged in, and the device is not waiting for a password to unlock it.
1. Say “Hey Cortana, reboot” or "Hey Cortana, restart."
1. When she acknowledges she will ask you for confirmation. Wait a second for a sound to play after she has finished her question, indicating she is listening to you and then say “Yes.”
1. Make sure it's powered on, a user is logged in, and the device is not waiting for a password to unlock it.
1. Say "Hey Cortana, reboot" or "Hey Cortana, restart."
1. When she acknowledges she will ask you for confirmation. Wait a second for a sound to play after she has finished her question, indicating she is listening to you and then say "Yes."
1. The device will now restart.
### Perform a safe restart by using the power button
@ -45,7 +48,7 @@ If you still can't restart your device, you can try to restart it by using the p
1. Press and hold the power button for five seconds.
1. After one second, you will see all five LEDs illuminate, then slowly turn off from right to left.
1. After five seconds, all LEDs will be off, indicating the shutdown command was issued successfully.
1. Note that its important to stop pressing the button immediately after all the LEDs have turned off.
1. Note that it's important to stop pressing the button immediately after all the LEDs have turned off.
1. Wait one minute for the shutdown to cleanly succeed. Note that the shutdown may still be in progress even if the displays are turned off.
1. Power on the device again by pressing and holding the power button for one second.
@ -66,18 +69,18 @@ If none of the previous methods are able to successfully restart your device, yo
1. Press and hold the power button for at least 10 seconds.
- Its okay to hold the button for longer than 10 seconds.
- Its safe to ignore any LED activity.
- It's okay to hold the button for longer than 10 seconds.
- It's safe to ignore any LED activity.
1. Release the button and wait for two or three seconds.
1. Power on the device again by pressing and holding the power button for one second.
If youre still having problems, press the power button for 4 seconds, until all of the battery indicators fade out and the screen stops displaying holograms. Wait 1 minute, then press the power button again to turn on the device.
If you're still having problems, press the power button for 4 seconds, until all of the battery indicators fade out and the screen stops displaying holograms. Wait 1 minute, then press the power button again to turn on the device.
## Reset to factory settings
> [!NOTE]
> The battery needs at least 40 percent charge to reset.
If your HoloLens is still experiencing issues after restarting, try resetting it to factory state. Resetting your HoloLens keeps the version of the Windows Holographic software thats installed on it and returns everything else to factory settings.
If your HoloLens is still experiencing issues after restarting, try resetting it to factory state. Resetting your HoloLens keeps the version of the Windows Holographic software that's installed on it and returns everything else to factory settings.
If you reset your device, all your personal data, apps, and settings will be erased. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth).
@ -120,7 +123,7 @@ If necessary, you can install a completely new operating system on your HoloLens
Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time. When you're done, the latest version of the Windows Holographic software approved for your HoloLens will be installed.
To use the tool, youll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you cant run this tool on a virtual machine.
To use the tool, you'll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can't run this tool on a virtual machine.
To recover your HoloLens
@ -128,4 +131,4 @@ To recover your HoloLens
1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens.
1. Run the Windows Device Recovery Tool and follow the instructions.
If the HoloLens (1st gen) isnt automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
If the HoloLens (1st gen) isn't automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.

17
devices/hololens/hololens-release-notes.md
View File

@ -1,5 +1,5 @@
---
title: What's new in Microsoft HoloLens
title: HoloLens release notes
description: Learn about updates in each new HoloLens release.
author: scooley
ms.author: scooley
@ -9,6 +9,9 @@ ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 12/02/2019
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
@ -16,7 +19,7 @@ appliesto:
---
# HoloLens Release Notes
# HoloLens release notes
## HoloLens 2
@ -57,12 +60,12 @@ appliesto:
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png) |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, youll be able to stop recording from the same place. (Dont forget, you can always do this with voice commands too.) |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if youre in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | Youll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens youll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—its between the "Hello" message and the Windows boot logo. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |

14
devices/hololens/hololens-requirements.md
View File

@ -33,7 +33,7 @@ This document also assumes that the HoloLens has been evaluated by security team
Before deploying the HoloLens in your environment, it is important to first determine what features, apps, and type of identities are needed. It is also important to ensure that your security team has approved of the use of the HoloLens on the company's network. Please see [Frequently ask security questions](hololens-faq-security.md) for additional security information.
### Type of identity
### Type of Identity
Determine the type of identity that will be used to sign into the device.
@ -41,6 +41,8 @@ Determine the type of identity that will be used to sign into the device.
2. **MSA:** This is a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device.
3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device.
For more detailed information about identity types, please visit our [HoloLens Identity](hololens-identity.md) article.
### Type of Features
Your feature requirements will determine which HoloLens you need. One popular feature that we see deployed in customer environments frequently is Kiosk Mode. A list of HoloLens key features, and the editions of HoloLens that support them, can be found [here](hololens-commercial-features.md).
@ -66,13 +68,15 @@ There are two types of Kiosk Modes: Single app and multi-app. Single app kiosk m
There are two main ways ([provisioning packages](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) and [MDM](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc.
### Apps
### Apps and App Specific Scenarios
The majority of the steps found in this document will also apply to the following apps:
1. Remote Assist
2. Guides
3. Customer Apps
| App | App Specific Scenarios |
| --- | --- |
| Remote Assist | [Cross Tenant Communication](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/cross-tenant-overview)|
| Guides | *Coming Soon* |
|Custom Apps | *Coming Soon* |
### Determine your enrollment method

9
devices/hololens/hololens-spaces.md
View File

@ -1,9 +1,12 @@
---
title: Mapping physical spaces with HoloLens
title: Map physical spaces with HoloLens
description: HoloLens learns what a space looks like over time. Users can facilitate this process by moving the HoloLens in certain ways through the space.
ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
author: dorreneb
ms.author: dobrown
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.date: 09/16/2019
keywords: hololens, Windows Mixed Reality, design, spatial mapping, HoloLens, surface reconstruction, mesh, head tracking, mapping
ms.prod: hololens
@ -15,14 +18,14 @@ appliesto:
- HoloLens 2
---
# Mapping physical spaces with HoloLens
# Map physical spaces with HoloLens
HoloLens blends holograms with your physical world. To do that, HoloLens has to learn about the physical world around you and remember where you place holograms within that space.
Over time, the HoloLens builds up a *spatial map* of the environment that it has seen. HoloLens updates the map as the environment changes. As long as you are logged in and the device is turned on, HoloLens creates and updates your spatial maps. If you hold or wear the device with the cameras pointed at a space, the HoloLens tries to map the area. While the HoloLens learns a space naturally over time, there are ways in which you can help HoloLens map your space more quickly and efficiently.
> [!NOTE]
> If your HoloLens cant map your space or is out of calibration, HoloLens may enter Limited mode. In Limited mode, you wont be able to place holograms in your surroundings.
> If your HoloLens can't map your space or is out of calibration, HoloLens may enter Limited mode. In Limited mode, you won't be able to place holograms in your surroundings.
This article explains how HoloLens maps spaces, how to improve spatial mapping, and how to manage the spatial data that HoloLens collects.

11
devices/hololens/hololens-status.md
View File

@ -1,18 +1,21 @@
---
title: HoloLens status
title: Status of the HoloLens services
description: Shows the status of HoloLens online services.
author: todmccoy
ms.author: v-todmc
author: Teresa-Motiv
ms.author: v-tea
ms.reviewer: luoreill
manager: jarrettr
audience: Admin
ms.custom:
- CI 111456
- CSSTroubleshooting
ms.topic: article
ms.prod: hololens
ms.localizationpriority: high
ms.sitesec: library
---
# HoloLens status
# Status of the HoloLens services
✔️ **All services are active**

49
devices/hololens/hololens-troubleshooting.md
View File

@ -1,5 +1,5 @@
---
title: HoloLens troubleshooting
title: Troubleshoot HoloLens issues
description: Solutions for common HoloLens issues.
author: mattzmsft
ms.author: mazeller
@ -11,16 +11,19 @@ audience: ITPro
ms.localizationpriority: medium
keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
manager: jarrettr
ms.custom:
- CI 111456
- CSSTroubleshooting
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Troubleshooting HoloLens issues
# Troubleshoot HoloLens issues
This article describes how to resolve several common HoloLens issues.
## My HoloLens is unresponsive or wont start
## My HoloLens is unresponsive or won't start
If your HoloLens won't start:
@ -35,59 +38,59 @@ If these steps don't work, you can try [recovering your device](hololens-recover
## Holograms don't look good
If your holograms are unstable, jumpy, or dont look right, try:
If your holograms are unstable, jumpy, or don't look right, try:
- Cleaning your device visor and sensor bar on the front of your HoloLens.
- Increasing the light in your room.
- Walking around and looking at your surroundings so that HoloLens can scan them more completely.
- Calibrating your HoloLens for your eyes. Go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**.
## HoloLens doesnt respond to gestures
## HoloLens doesn't respond to gestures
To make sure that HoloLens can see your gestures. Keep your hand in the gesture frame - when HoloLens can see your hand, the cursor changes from a dot to a ring.
Learn more about using gestures on [HoloLens (1st gen)](hololens1-basic-usage.md#use-hololens-with-your-hands) or [HoloLens 2](hololens2-basic-usage.md#the-hand-tracking-frame).
If your environment is too dark, HoloLens might not see your hand, so make sure that theres enough light.
If your environment is too dark, HoloLens might not see your hand, so make sure that there's enough light.
If your visor has fingerprints or smudges, use the microfiber cleaning cloth that came with the HoloLens to clean your visor gently.
## HoloLens doesnt respond to my voice commands
## HoloLens doesn't respond to my voice commands
If Cortana isnt responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
If Cortana isn't responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
## I cant place holograms or see holograms that I previously placed
## I can't place holograms or see holograms that I previously placed
If HoloLens cant map or load your space, it enters Limited mode and you wont be able to place holograms or see holograms that youve placed. Here are some things to try:
If HoloLens can't map or load your space, it enters Limited mode and you won't be able to place holograms or see holograms that you've placed. Here are some things to try:
- Make sure that theres enough light in your environment so HoloLens can see and map the space.
- Make sure that youre connected to a Wi-Fi network. If youre not connected to Wi-Fi, HoloLens cant identify and load a known space.
- Make sure that there's enough light in your environment so HoloLens can see and map the space.
- Make sure that you're connected to a Wi-Fi network. If you're not connected to Wi-Fi, HoloLens can't identify and load a known space.
- If you need to create a new space, connect to Wi-Fi, then restart your HoloLens.
- To see if the correct space is active, or to manually load a space, go to **Settings** > **System** > **Spaces**.
- If the correct space is loaded and youre still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space.
- If the correct space is loaded and you're still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space.
## My HoloLens cant tell what space Im in
## My HoloLens can't tell what space I'm in
If your HoloLens cant identify and load the space youre in automatically, check the following factors:
If your HoloLens can't identify and load the space you're in automatically, check the following factors:
- Make sure that youre connected to Wi-Fi
- Make sure that theres plenty of light in the room
- Make sure that there havent been any major changes to the surroundings.
- Make sure that you're connected to Wi-Fi
- Make sure that there's plenty of light in the room
- Make sure that there haven't been any major changes to the surroundings.
You can also load a space manually or manage your spaces by going to **Settings** > **System** > **Spaces**.
## Im getting a “low disk space” error
## I'm getting a "low disk space" error
Youll need to free up some storage space by doing one or more of the following:
You'll need to free up some storage space by doing one or more of the following:
- Delete some unused spaces. Go to **Settings** > **System** > **Spaces**, select a space that you no longer need, and then select **Remove**.
- Remove some of the holograms that youve placed.
- Remove some of the holograms that you've placed.
- Delete some pictures and videos from the Photos app.
- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, and then select **Uninstall**.
## My HoloLens cant create a new space
## My HoloLens can't create a new space
The most likely problem is that youre running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space.
The most likely problem is that you're running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space.
## The HoloLens emulators isn't working

7
devices/hololens/hololens-updates.md
View File

@ -1,5 +1,5 @@
---
title: Managing updates to HoloLens
title: Manage HoloLens updates
description: Administrators can use mobile device management to manage updates to HoloLens devices.
ms.prod: hololens
ms.sitesec: library
@ -11,12 +11,15 @@ ms.localizationpriority: high
ms.date: 11/7/2019
ms.reviewer: jarrettr
manager: jarrettr
ms.custom:
- CI 111456
- CSSTroubleshooting
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Managing HoloLens updates
# Manage HoloLens updates
HoloLens uses Windows Update, just like other Windows 10 devices. When an update is available, it will be automatically downloaded and installed the next time your device is plugged in and connected to the Internet.

85
devices/hololens/hololens-whats-new.md
View File

@ -1,85 +0,0 @@
---
title: What's new in Microsoft HoloLens (HoloLens)
description: Windows Holographic for Business gets new features in Windows 10, version 1809.
ms.prod: hololens
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/13/2018
ms.reviewer:
manager: dansimp
---
# What's new in Microsoft HoloLens
## Windows 10, version 1809 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
### For everyone
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png) |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, youll be able to stop recording from the same place. (Dont forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if youre in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | Youll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens youll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—its between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### For international customers
Feature | Details
--- | ---
Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.
Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English.
[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md)
## Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
![Provisioning HoloLens devices](images/provision-hololens-devices.png)
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

7
devices/hololens/index.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft HoloLens
description: Landing page Microsoft HoloLens.
description: Landing page for Microsoft HoloLens.
ms.prod: hololens
ms.sitesec: library
ms.assetid: 0947f5b3-8f0f-42f0-aa27-6d2cad51d040
@ -10,8 +10,11 @@ ms.topic: article
ms.localizationpriority: medium
ms.date: 10/14/2019
audience: ITPro
ms.custom:
- CI 111456
- CSSTroubleshooting
appliesto:
- HoloLens 1
- HoloLens (1st gen)
- HoloLens 2
---

11
devices/hololens/scep-whitepaper.md
View File

@ -11,20 +11,23 @@ ms.sitesec: library
ms.topic: article
audience: ITPro
ms.localizationpriority: high
ms.custom:
- CI 111456
- CSSTroubleshooting
appliesto:
- HoloLens 1 (1st gen)
- HoloLens 2
---
# SCEP Whitepaper
# SCEP whitepaper
## High Level
### How the SCEP Challenge PW is secured
We work around the weakness of the SCEP protocol by generating custom challenges in Intune itself. The challenge string we create is signed/encrypted, and contains the information weve configured in Intune for certificate issuance into the challenge blob. This means the blob used as the challenge string contains the expected CSR information like the Subject Name, Subject Alternative Name, and other attributes.
We work around the weakness of the SCEP protocol by generating custom challenges in Intune itself. The challenge string we create is signed/encrypted, and contains the information we've configured in Intune for certificate issuance into the challenge blob. This means the blob used as the challenge string contains the expected CSR information like the Subject Name, Subject Alternative Name, and other attributes.
We then pass that to the device and then the device generates its CSR and passes it, and the blob to the SCEP URL it received in the MDM profile. On NDES servers running the Intune SCEP module we perform a custom challenge validation that validates the signature on the blob, decrypts the challenge blob itself, compare it to the CSR received, and then determine if we should issue the cert. If any portion of this check fails then the certificate request is rejected.
We then pass that to the device and then the device generates it's CSR and passes it, and the blob to the SCEP URL it received in the MDM profile. On NDES servers running the Intune SCEP module we perform a custom challenge validation that validates the signature on the blob, decrypts the challenge blob itself, compare it to the CSR received, and then determine if we should issue the cert. If any portion of this check fails then the certificate request is rejected.
## Behind the scenes
@ -72,6 +75,6 @@ We then pass that to the device and then the device generates its CSR and pas
1. 1st time configuration of the connector: Authentication to AAD during the initial connector setup.
1. Connector checks in with Intune, and will process and any cert revocation transactions (i.e, if the Intune tenant admin issues a remote wipe full or partial, also If a user unenrolls their device from Intune), reporting on issued certs, renewing the connectors SC_Online_Issuing certificate from Intune. Also note: the NDES Intune connector has shared PKCS cert functionality (if you decide to issue PKCS/PFX based certs) so the connector checks to Intune for PKCS cert requests even though there wont be any requests to process. We are splitting that functionality out, so this connector just handles SCEP, but no ETA yet.
1. Connector checks in with Intune, and will process and any cert revocation transactions (i.e, if the Intune tenant admin issues a remote wipe full or partial, also If a user unenrolls their device from Intune), reporting on issued certs, renewing the connectors' SC_Online_Issuing certificate from Intune. Also note: the NDES Intune connector has shared PKCS cert functionality (if you decide to issue PKCS/PFX based certs) so the connector checks to Intune for PKCS cert requests even though there won't be any requests to process. We are splitting that functionality out, so this connector just handles SCEP, but no ETA yet.
1. [Here](https://docs.microsoft.com/intune/intune-endpoints#microsoft-intune-certificate-connector) is a reference for Intune NDES connector network communications.

182
devices/surface-hub/index.md
View File

@ -1,182 +0,0 @@
---
title: Surface Hub
author: greg-lindsay
ms.author: greglin
manager: laurawi
layout: LandingPage
ms.prod: surface-hub
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: landing-page
description: "Get started with Microsoft Surface Hub."
ms.localizationpriority: High
---
# Get started with Surface Hub
Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Use the links below to learn how to plan, deploy, manage, and support your Surface Hub devices.
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/get-started-blue.svg" alt="Get started icon" />
</div>
</div>
<div class="cardText">
<h3>Overview</h3>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099" target="_blank">Behind the design: Surface Hub 2S</a></p>
<p><a href="surface-hub-2s-whats-new.md">What's new in Surface Hub 2S</a></p>
<p><a href="differences-between-surface-hub-and-windows-10-enterprise.md">Operating system essentials</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/task-checklist-planning-blue.svg" alt="Plan icon" />
</div>
</div>
<div class="cardText">
<h3>Plan</h3>
<p><a href="surface-hub-2s-site-readiness-guide.md">Surface Hub 2S Site Readiness Guide</a></p>
<p><a href="surface-hub-2s-install-mount.md">Install and mount Surface Hub 2S</a></p>
<p><a href="surface-hub-2s-custom-install.md">Customize Surface Hub 2S installation</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/deploy-blue.svg" alt="Deploy icon" />
</div>
</div>
<div class="cardText">
<h3>Deploy</h3>
<p><a href="surface-hub-2s-adoption-kit.md">Surface Hub 2S adoption and training</a></p>
<p><a href="surface-hub-2s-deploy-checklist.md">Surface Hub 2S deployment checklist</a></p>
<p><a href="surface-hub-2s-account.md">Create device account</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/process-flow-blue.svg" alt="Manage icon" />
</div>
</div>
<div class="cardText">
<h3>Manage</h3>
<p><a href="surface-hub-2s-manage-intune.md">Manage with Intune</a></p>
<p><a href="local-management-surface-hub-settings.md">Manage local settings</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/security-blue.svg" alt="Secure icon" />
</div>
</div>
<div class="cardText">
<h3>Secure</h3>
<p><a href="surface-hub-2s-secure-with-uefi-semm.md">Secure with UEFI and SEMM</a></p>
<p><a href="surface-hub-wifi-direct.md">Wi-Fi security considerations</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/connector-blue.svg" alt="Support icon" />
</div>
</div>
<div class="cardText">
<h3>Troubleshoot</h3>
<p><a href="https://support.microsoft.com/help/4493926" target="_blank">Service and warranty</a></p>
<p><a href="surface-hub-2s-recover-reset.md">Recover & reset Surface Hub 2S</a></p>
<p><a href="support-solutions-surface-hub.md">Surface Hub support solutions</a></p>
<p><a href="https://support.office.com/article/Enable-Microsoft-Whiteboard-on-Surface-Hub-b5df4539-f735-42ff-b22a-0f5e21be7627" target="_blank">Enable Microsoft Whiteboard on Surface Hub</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
---
<ul class="panelContent cardsW">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Get ready for Surface Hub 2S</h3>
<p><a href="https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab" target="_blank">Ordering Surface Hub 2S</p>
<p><a href="surface-hub-2s-prepare-environment.md">Prepare your environment for Surface Hub 2S</p>
<p><a href="surface-hub-2s-install-mount.md">Install & mount Surface Hub 2S</p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Surface Hub 2S Videos</h3>
<p><a href="surface-hub-2s-adoption-videos.md" target="_blank">Adoption and training videos</p>
<p><a href="https://youtu.be/pbhNngw3a-Y" target="_blank">What is Surface Hub 2S?</p>
<p><a href="https://www.youtube.com/watch?v=CH2seLS5Wb0" target="_blank">Surface Hub 2S with Teams</p>
<p><a href="https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7" target="_blank">Surface Hub 2S with Microsoft 365</p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Community</h3>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-Hub/bd-p/SurfaceHub" target="_blank">Join the Surface Hub Technical Community</p>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices" target="_blank">Join the Surface Devices Technical Community</p>
</div>
</div>
</div>
</div>
</li>
</ul>

127
devices/surface-hub/index.yml Normal file
View File

@ -0,0 +1,127 @@
### YamlMime:Hub
title: Surface Hub documentation # < 60 chars
summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device. # < 160 chars
# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
brand: windows
metadata:
title: Surface Hub documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Get started with Microsoft Surface Hub. # Required; article description that is displayed in search results. < 160 chars.
services: product-insights
ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM.
ms.topic: hub-page # Required
ms.prod: surface-hub
ms.technology: windows
audience: ITPro
ms.localizationpriority: medium
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
manager: laurawi
# highlightedContent section (optional)
# Maximum of 8 items
highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items:
# Card
- title: What is Surface Hub 2S?
itemType: overview
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099
# Card
- title: What's new in Surface Hub 2S?
itemType: whats-new
url: surface-hub-2s-whats-new.md
# Card
- title: Operating system essentials
itemType: learn
url: differences-between-surface-hub-and-windows-10-enterprise.md
# Card
- title: Surface Hub 2S Site Readiness Guide
itemType: learn
url: surface-hub-2s-site-readiness-guide.md
# Card
- title: Install and mount Surface Hub 2S
itemType: how-to-guide
url: surface-hub-2s-install-mount.md
# Card
- title: Customize Surface Hub 2S installation
itemType: how-to-guide
url: surface-hub-2s-custom-install.md
# productDirectory section (optional)
productDirectory:
title: Deploy, manage, and support your Surface Hub devices # < 60 chars (optional)
summary: Find related links to deploy, manage and support your Surface Hub devices. # < 160 chars (optional)
items:
# Card
- title: Deploy
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/office/media/icons/deploy-blue.svg
links:
- url: surface-hub-2s-adoption-kit.md
text: Surface Hub 2S adoption and training
- url: surface-hub-2s-deploy-checklist.md
text: Surface Hub 2S deployment checklist
- url: surface-hub-2s-account.md
text: Create device account
# Card
- title: Manage
imageSrc: https://docs.microsoft.com/office/media/icons/process-flow-blue.svg
links:
- url: surface-hub-2s-manage-intune.md
text: Manage with Intune
- url: local-management-surface-hub-settings.md
text: Manage local settings
# Card
- title: Secure
imageSrc: https://docs.microsoft.com/office/media/icons/security-blue.svg
links:
- url: surface-hub-2s-secure-with-uefi-semm.md
text: Secure with UEFI and SEMM
- url: surface-hub-wifi-direct.md
text: Wi-Fi security considerations
# Card
- title: Troubleshoot
imageSrc: https://docs.microsoft.com/office/media/icons/connector-blue.svg
links:
- url: https://support.microsoft.com/help/4493926
text: Service and warranty
- url: surface-hub-2s-recover-reset.md
text: Recover & reset Surface Hub 2S
- url: support-solutions-surface-hub.md
text: Surface Hub support solutions
- url: https://support.office.com/article/Enable-Microsoft-Whiteboard-on-Surface-Hub-b5df4539-f735-42ff-b22a-0f5e21be7627
text: Enable Microsoft Whiteboard on Surface Hub
# additionalContent section (optional)
# Card with links style
additionalContent:
# Supports up to 3 sections
sections:
- title: Other content # < 60 chars (optional)
summary: Find related links for videos, community and support. # < 160 chars (optional)
items:
# Card
- title: Get ready for Surface Hub 2S
links:
- text: Ordering Surface Hub 2S
url: https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab
- text: Prepare your environment for Surface Hub 2S
url: surface-hub-2s-prepare-environment.md
# Card
- title: Surface Hub 2S Videos
links:
- text: Adoption and training videos
url: surface-hub-2s-adoption-videos.md
- text: Surface Hub 2S with Teams
url: https://www.youtube.com/watch?v=CH2seLS5Wb0
- text: Surface Hub 2S with Microsoft 365
url: https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7
# Card
- title: Community
links:
- text: Join the Surface Hub Technical Community
url: https://techcommunity.microsoft.com/t5/Surface-Hub/bd-p/SurfaceHub
- text: Join the Surface Devices Technical Community
url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices

24
devices/surface-hub/surface-hub-2s-manage-intune.md
View File

@ -50,22 +50,26 @@ To ensure optimal video and audio quality on Surface Hub 2S, add the following Q
|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
|:------ |:------------- |:--------- |:------ |:------- |
|**Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DestinationPortMatchCondition | String | 3478-3479 |
|**Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 |
|**Video Ports**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DestinationPortMatchCondition | String | 3480 |
|**Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 34 |
|**Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsAudio/DestinationPortMatchCondition | String | 3478-3479 |
|**Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsAudio/DSCPAction | Integer | 46 |
|**Video Port**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsVideo/DestinationPortMatchCondition | String | 3480 |
|**Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsVideo/DSCPAction | Integer | 34 |
|**P2P Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PAudio/DestinationPortMatchCondition | String | 50000-50019 |
|**P2P Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PAudio/DSCPAction | Integer | 46 |
|**P2P Video Ports**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PVideo/DestinationPortMatchCondition | String | 50020-50039 |
|**P2P Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PVideo/DSCPAction | Integer | 34 |
### Skype for Business QoS settings
| Name | Description | OMA-URI | Type | Value |
| ------------------ | ------------------- | ------------------------------------------------------------------------ | ------- | ------------------------------ |
| Audio Ports | Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | String | 50000-50019 |
| Audio DSCP | Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 |
| Audio Media Source | Skype App name | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe |
| Video Ports | Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | String | 50020-50039 |
| Video DSCP | Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 34 |
| Video Media Source | Skype App name | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe |
| Audio Ports | Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBAudio/SourcePortMatchCondition | String | 50000-50019 |
| Audio DSCP | Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBAudio/DSCPAction | Integer | 46 |
| Audio Media Source | Skype App name | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBAudio/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe |
| Video Ports | Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBVideo/SourcePortMatchCondition | String | 50020-50039 |
| Video DSCP | Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBVideo/DSCPAction | Integer | 34 |
| Video Media Source | Skype App name | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBVideo/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe |
> [!NOTE]
> Both tables show default port ranges. Administrators may change the port ranges in the Skype for Business and Teams control panel.

2
devices/surface-hub/surface-hub-2s-whats-new.md
View File

@ -22,7 +22,7 @@ Surface Hub 2S is an all-in-one collaboration canvas thats built for teamwork
|**Mobile Device Management and UEFI manageability**| Manage settings and policies using a mobile device management (MDM) provider. <br> <br> Full integration with Surface Enterprise Management Mode (SEMM) lets you manage hardware components and firmware. | [Managing Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md) <br> <br> [Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode) |
|**Cloud and on-premises coexistence**| Supports on-premises, hybrid, or online. | [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md) |
|**Reset and recovery**| Restore from the cloud or USB drive. | [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md) |
|**Microsoft Whiteboard**| Ofice 365 integration, intelligent ink, and Bing search bring powerful new capabilities, enabling a persistent digital canvas shareable across most browsers, Windows and iOS devices. | [Announcing a new whiteboard for your Surface Hub](https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-a-new-Whiteboard-for-your-Surface-Hub/ba-p/637050) |
|**Microsoft Whiteboard**| Office 365 integration, intelligent ink, and Bing search bring powerful new capabilities, enabling a persistent digital canvas shareable across most browsers, Windows and iOS devices. | [Announcing a new whiteboard for your Surface Hub](https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-a-new-Whiteboard-for-your-Surface-Hub/ba-p/637050) |
|**Microsoft Teams Meeting Room License**| Extends Office 365 licensing options across Skype for Business, Microsoft Teams, and Intune. | [Teams Meeting Room Licensing Update](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0) |
|**On-screen display**| Adjust volume, brightness, and input control directly on the display. | |
|**Sensor-activated Connected Standby**| Doppler sensor activates Connected Standby after 1 minute of inactivity.<br> <br> Manage this setting remotely using Intune or directly on the device from the Settings app. | [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) |

27
devices/surface-hub/surface-hub-update-history.md
View File

@ -24,6 +24,33 @@ Please refer to the “[Surface Hub Important Information](https://support.micro
## Windows 10 Team Creators Update 1703
<details>
<summary>February 28, 2020—update for Surface Hub 2S</summary>
This update is specific to the Surface Hub 2S and provides the driver and firmware updates outlined below:
* Surface Integration driver - 13.46.139.0
* Improves display brightness scenarios.
* Intel(R) Management Engine Interface driver - 1914.12.0.1256
* Improves system stability.
* Surface SMC Firmware update - 1.161.139.0
* Improves pen battery performance.
* Surface UEFI update - 694.2938.768.0
* Improves system stability.
</details>
<details>
<summary>February 11, 2020—update for Team edition based on KB4537765* (OS Build 15063.2284)</summary>
This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
* Resolves an issue where the Hub 2S cannot be heard well by other participants during Skype for Business calls.
* Improves reliability for some Arabic, Hebrew, and other RTL language usage scenarios on Surface Hub.
Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
*[KB4537765](https://support.microsoft.com/help/4537765)
</details>
<details>
<summary>January 14, 2020—update for Team edition based on KB4534296* (OS Build 15063.2254)</summary>

2
devices/surface/TOC.md
View File

@ -1,6 +1,6 @@
# [Surface](index.yml)
## [Get started](get-started.md)
## [Surface devices documentation](get-started.yml)
## Overview

169
devices/surface/get-started.md
View File

@ -1,169 +0,0 @@
---
title: Get started with Surface devices
author: greg-lindsay
ms.author: greglin
manager: laurawi
layout: LandingPage
ms.assetid:
ms.audience: itpro
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: landing-page
description: "Get started with Microsoft Surface devices"
ms.localizationpriority: High
---
# Get started with Surface devices
Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface for Business devices in your organization.
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/task-checklist-planning-blue.svg" alt="Plan" />
</div>
</div>
<div class="cardText">
<h3>Plan</h3>
<p><a href="considerations-for-surface-and-system-center-configuration-manager.md">Surface and Endpoint Configuration Manager considerations</a></p>
<p><a href="wake-on-lan-for-surface-devices.md">Wake On LAN for Surface devices</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/deploy-blue.svg" alt="Deploy" />
</div>
</div>
<div class="cardText">
<h3>Deploy</h3>
<p><a href="manage-surface-driver-and-firmware-updates.md">Manage and deploy Surface driver and firmware updates</a></p>
<p><a href="windows-autopilot-and-surface-devices.md">Autopilot and Surface devices</a></p>
<p><a href="surface-pro-arm-app-management.md">Deploying, managing, and servicing Surface Pro X</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/process-flow-blue.svg" alt="Manage" />
</div>
</div>
<div class="cardText">
<h3>Manage</h3>
<p><a href="surface-wireless-connect.md">Optimize Wi-Fi connectivity for Surface devices</a></p>
<p><a href="maintain-optimal-power-settings-on-Surface-devices.md">Best practice power settings for Surface devices</a></p>
<p><a href="battery-limit.md">Manage battery limit with UEFI</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/security-blue.svg" alt="Secure" />
</div>
</div>
<div class="cardText">
<h3>Secure</h3>
<p><a href="surface-manage-dfci-guide.md">Intune management of Surface UEFI settings</a></p>
<p><a href="surface-enterprise-management-mode.md">Surface Enterprise Management Mode (SEMM)</a></p>
<p><a href="microsoft-surface-data-eraser.md">Surface Data Eraser tool</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/connector-blue.svg" alt="Support" />
</div>
</div>
<div class="cardText">
<h3>Support</h3>
<p><a href="https://support.microsoft.com/help/4483194/maximize-surface-battery-life">Maximize your Surface battery life</a></p>
<p><a href="https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations">Troubleshoot Surface Dock and docking stations</a></p>
<p><a href="support-solutions-surface.md">Top support solutions</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
---
<ul class="panelContent cardsW">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Tech specs</h3>
<P><a href="https://www.microsoft.com/surface/business/surface-pro-7" target="_blank">Surface Pro 7 for Business</a></P>
<P><a href="https://www.microsoft.com/surface/business/surface-pro-x" target="_blank">Surface Pro X for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-laptop-3" target="_blank">Surface Laptop 3 for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-book-2" target="_blank">Surface Book 2 for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-studio-2" target="_blank">Surface Studio 2 for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-go" target="_blank">Surface Go</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Discover Surface tools</h3>
<P><a href="surface-dock-firmware-update.md">Surface Dock Firmware Update</a></p>
<P><a href="surface-diagnostic-toolkit-for-business-intro.md">Surface Diagnostic Toolkit for Business</a></p>
<P><a href="surface-enterprise-management-mode.md">SEMM and UEFI</a></p>
<P><a href="microsoft-surface-brightness-control.md">Surface Brightness Control</a></p>
<P><a href="battery-limit.md">Battery Limit setting</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Community</h3>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro" target="_blank">Surface IT Pro blog</a></p>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices" target="_blank">Surface Devices Tech Community</a></p>
<p><a href="https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ" target="_blank">Microsoft Mechanics Surface videos</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>

122
devices/surface/get-started.yml Normal file
View File

@ -0,0 +1,122 @@
### YamlMime:Landing
title: Surface devices documentation # < 60 chars
summary: Harness the power of Surface, Windows, and Office connected together through the cloud. # < 160 chars
metadata:
title: Surface devices documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Get started with Microsoft Surface devices # Required; article description that is displayed in search results. < 160 chars.
ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM.
ms.topic: landing-page # Required
manager: laurawi
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
audience: itpro
ms.localizationpriority: High
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- title: Surface devices
linkLists:
- linkListType: overview
links:
- text: Surface Pro 7 for Business
url: https://www.microsoft.com/surface/business/surface-pro-7
- text: Surface Pro X for Business
url: https://www.microsoft.com/surface/business/surface-pro-x
- text: Surface Laptop 3 for Business
url: https://www.microsoft.com/surface/business/surface-laptop-3
- text: Surface Book 2 for Business
url: https://www.microsoft.com/surface/business/surface-book-2
- text: Surface Studio 2 for Business
url: https://www.microsoft.com/surface/business/surface-studio-2
- text: Surface Go
url: https://www.microsoft.com/surface/business/surface-go
- linkListType: video
links:
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
# Card (optional)
- title: Get started
linkLists:
- linkListType: get-started
links:
- text: Surface and Endpoint Configuration Manager considerations
url: considerations-for-surface-and-system-center-configuration-manager.md
- text: Wake On LAN for Surface devices
url: wake-on-lan-for-surface-devices.md
# Card
- title: Deploy Surface devices
linkLists:
- linkListType: deploy
links:
- text: Manage and deploy Surface driver and firmware updates
url: manage-surface-driver-and-firmware-updates.md
- text: Autopilot and Surface devices
url: windows-autopilot-and-surface-devices.md
- text: Deploying, managing, and servicing Surface Pro X
url: surface-pro-arm-app-management.md
# Card
- title: Manage Surface devices
linkLists:
- linkListType: how-to-guide
links:
- text: Optimize Wi-Fi connectivity for Surface devices
url: surface-wireless-connect.md
- text: Best practice power settings for Surface devices
url: maintain-optimal-power-settings-on-Surface-devices.md
- text: Manage battery limit with UEFI
url: battery-limit.md
# Card
- title: Secure Surface devices
linkLists:
- linkListType: how-to-guide
links:
- text: Intune management of Surface UEFI settings
url: surface-manage-dfci-guide.md
- text: Surface Enterprise Management Mode (SEMM)
url: surface-enterprise-management-mode.md
- text: Surface Data Eraser tool
url: microsoft-surface-data-eraser.md
# Card
- title: Discover Surface tools
linkLists:
- linkListType: how-to-guide
links:
- text: Surface Dock Firmware Update
url: surface-dock-firmware-update.md
- text: Surface Diagnostic Toolkit for Business
url: surface-diagnostic-toolkit-for-business-intro.md
- text: SEMM and UEFI
url: surface-enterprise-management-mode.md
- text: Surface Brightness Control
url: microsoft-surface-brightness-control.md
- text: Battery Limit setting
url: battery-limit.md
# Card
- title: Support and community
linkLists:
- linkListType: learn
links:
- text: Top support solutions
url: support-solutions-surface.md
- text: Maximize your Surface battery life
url: https://support.microsoft.com/help/4483194/maximize-surface-battery-life
- text: Troubleshoot Surface Dock and docking stations
url: https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations
- linkListType: reference
links:
- text: Surface IT Pro blog
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro
- text: Surface Devices Tech Community
url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices

35
devices/surface/manage-surface-driver-and-firmware-updates.md
View File

@ -14,18 +14,17 @@ author: dansimp
ms.author: dansimp
ms.topic: article
ms.audience: itpro
ms.date: 01/24/2020
ms.date: 03/10/2020
---
# Manage and deploy Surface driver and firmware updates
How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distributing updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network.
How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distribute updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network.
> [!NOTE]
> This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for maintaining the stability of your production environment and enabling users to stay productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals.
While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for sustaining a stable production environment and ensuring users aren't blocked from being productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals.
## Central update management in commercial environments
@ -33,7 +32,7 @@ Microsoft has streamlined tools for managing devices including driver and fi
### Manage updates with Configuration Manager and Intune
Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed, and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
For detailed steps, see the following resources:
@ -44,38 +43,42 @@ For detailed steps, see the following resources:
### Manage updates with Microsoft Deployment Toolkit
Included in Microsoft Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. These include the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
For detailed steps, see the following resources:
Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
For instructions on how to deploy updates by using Microsoft Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt)
Surface driver and firmware updates are packaged as Windows Installer (*.msi) files. To deploy these Windows Installer packages, you can use Endpoint Configuration Manager or MDT. For information about selecting the correct .msi file for a device and operating system, refer to the guidance below about downloading .msi files.
For instructions on how to deploy updates by using Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
**WindowsPE and Surface firmware and drivers**
Microsoft Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
### Microsoft Endpoint Configuration Manager
### Endpoint Configuration Manager
Starting in Endpoint Configuration Manager, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
Starting in Microsoft Endpoint Configuration Manager, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
## Supported devices
Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
Downloadable .msi files are available for Surface devices from Surface Pro 2 and later. Information about .msi files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
## Managing firmware with DFCI
With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see:
With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see:
- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
## Best practices for update deployment processes
To maintain a stable environment and keep users productive, its strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates).
To maintain a stable environment, it's strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates).
## Downloadable Surface update packages
@ -93,6 +96,7 @@ Specific versions of Windows 10 have separate .msi files, each containing all re
### Downloading .msi files
1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center.
2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3.msi**.
@ -102,6 +106,7 @@ Specific versions of Windows 10 have separate .msi files, each containing all re
### Surface .msi naming convention
Since August 2019, .msi files have used the following naming convention:
- *Product*_*Windows release*_*Windows build number*_*Version number*_*Revision of version number (typically zero)*.

4
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -7,7 +7,6 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 06/11/2019
ms.reviewer: cottmca
manager: dansimp
ms.localizationpriority: medium
@ -34,7 +33,8 @@ Before you run the diagnostic tool, make sure you have the latest Windows update
2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required.
# If you still need help
## If you still need help
If the Surface Diagnostic Toolkit for Business didnt fix the problem, you can also:

11
devices/surface/surface-system-sku-reference.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 10/31/2019
ms.date: 03/09/2020
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
@ -24,18 +24,15 @@ System Model and System SKU are variables that are stored in the System Manageme
| Device | System Model | System SKU |
| ---------- | ----------- | -------------- |
| AMD Surface Laptop 3 | Surface 3 | Surface_Laptop_3_1873 |
| Surface Laptop 3 | Surface 3 | Surface_Laptop_3_1867:1868 |
| Surface Laptop 3 | Surface 3 | Surface_3
| Surface 3 WiFI | Surface 3 | Surface_3 |
| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
| Surface 3 LTE North America | Surface 3 | Surface_3_NAG |
| Surface 3 LTE Outside of North America and Y!mobile In Japan | Surface 3 | Surface_3_ROW |
| Surface 3 LTE outside of North America and Y!mobile in Japan | Surface 3 | Surface_3_ROW |
| Surface Pro | Surface Pro | Surface_Pro_1796 |
| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 |
| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 |
| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
| Surface Book 2 13" | Surface Book 2 | Surface_Book_1832 |
| Surface Book 2 15" | Surface Book 2 | Surface_Book_1793 |
| Surface Go LTE Consumer | Surface Go | Surface_Go_1825_Consumer |
| Surface Go LTE Commercial | System Go | Surface_Go_1825_Commercial |
| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |

2
mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md
View File

@ -52,7 +52,7 @@ The Microsoft Application Virtualization (App-V) 5.0 Administrators Guide pro
- [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md)
- [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md)
#
## Also see
- Add or vote on suggestions on the ["Microsoft Application Virtualization" forum on UserVoice.com](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).

2
mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md
View File

@ -48,7 +48,7 @@ The Microsoft Application Virtualization (App-V) 5.1 Administrators Guide pro
- [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata51.md)
- [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md)
#
## Also see
- Add or vote on suggestions on the ["Microsoft Application Virtualization" forum on UserVoice.com](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).

35
mdop/mbam-v2/about-mbam-20-sp1.md
View File

@ -16,12 +16,10 @@ ms.date: 08/30/2016
# About MBAM 2.0 SP1
This topic describes the changes in Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1). For a general description of MBAM, see [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md).
## <a href="" id="what-s-new-in-mbam-2-0-sp1"></a>Whats new in MBAM 2.0 SP1
This version of MBAM provides the following new features and functionality.
### Support for Windows 8.1, Windows Server 2012 R2, and System Center 2012 R2 Configuration Manager
@ -257,8 +255,9 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
// Microsoft BitLocker Administration and Monitoring
//===================================================
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
class Win32_BitLockerEncryptionDetails
{
@ -290,8 +289,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
Boolean IsAutoUnlockEnabled;
};
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy
{
@ -352,8 +351,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
EncodedComputerName;
};
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy_64
{
@ -414,8 +413,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
EncodedComputerName;
};
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_OperatingSystemExtended
@ -426,8 +425,8 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
uint32 SKU;
};
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
# pragma namespace ("\\\\.\\root\\cimv2")
# pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_ComputerSystemExtended
@ -449,35 +448,23 @@ If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration M
MBAM 2.0 SP1 is now available in the following languages:
- English (United States) en-US
- French (France) fr-FR
- Italian (Italy) it-IT
- German (Germany) de-DE
- Spanish, International Sort (Spain) es-ES
- Korean (Korea) ko-KR
- Japanese (Japan) ja-JP
- Portuguese (Brazil) pt-BR
- Russian (Russia) ru-RU
- Chinese Traditional zh-TW
- Chinese Simplified zh-CN
## How to Get MDOP Technologies
MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
## Related topics
[Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)

6
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -76,7 +76,11 @@ manager: dansimp
<!--Description-->
This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.
> [!NOTE]
> DeviceEnroller.exe will not elevate the user if a pre-configured local admin group already exists on the device. This is a security measure in the executable where it checks for other non-disabled Administrators' membership(s). If at least one already exists, the tool will exit without elevating.
> [!CAUTION]
> If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.
Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution.

4
windows/configuration/start-layout-troubleshoot.md
View File

@ -7,7 +7,6 @@ ms.sitesec: library
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
ms.date: 12/03/18
ms.reviewer:
manager: dansimp
ms.topic: troubleshooting
@ -34,8 +33,6 @@ When troubleshooting basic Start issues (and for the most part, all other Window
- Powershell:[System.Environment]::OSVersion.Version
- WinVer from CMD.exe
### Check if Start is installed
- If Start fails immediately after a feature update, on thing to check is if the App package failed to install successfully.
@ -66,7 +63,6 @@ If it is installed but not running, test booting into safe mode or use MSCONFIG
- If that file does not exist, the system is a clean install.
- Upgrade issues can be found by running `test-path "$env:windir\panther\miglog.xml"`
### Check if Start is registered or activated
- Export the following Event log to CSV and do a keyword search in a text editor or spreadsheet:

26
windows/deployment/TOC.md
View File

@ -79,19 +79,20 @@
##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
### [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
#### [Get started with the Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
##### [Key features in MDT](deploy-windows-mdt/key-features-in-mdt.md)
##### [MDT Lite Touch components](deploy-windows-mdt/mdt-lite-touch-components.md)
##### [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
### Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT)
#### [Get started with MDT](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
#### [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md)
#### [Deploy a Windows 10 image using MDT](deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md)
#### [Build a distributed environment for Windows 10 deployment](deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md)
#### [Refresh a Windows 7 computer with Windows 10](deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md)
#### [Replace a Windows 7 computer with a Windows 10 computer](deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md)
#### [Perform an in-place upgrade to Windows 10 with MDT](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
#### [Configure MDT settings](deploy-windows-mdt/configure-mdt-settings.md)
#### Deploy Windows 10 with MDT
##### [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
##### [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md)
##### [Deploy a Windows 10 image using MDT](deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md)
##### [Build a distributed environment for Windows 10 deployment](deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md)
##### [Refresh a Windows 7 computer with Windows 10](deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md)
##### [Replace a Windows 7 computer with a Windows 10 computer](deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md)
##### [Perform an in-place upgrade to Windows 10 with MDT](deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
#### Customize MDT
##### [Configure MDT settings](deploy-windows-mdt/configure-mdt-settings.md)
##### [Set up MDT for BitLocker](deploy-windows-mdt/set-up-mdt-for-bitlocker.md)
##### [Configure MDT deployment share rules](deploy-windows-mdt/configure-mdt-deployment-share-rules.md)
##### [Configure MDT for UserExit scripts](deploy-windows-mdt/configure-mdt-for-userexit-scripts.md)
@ -272,4 +273,3 @@
### [Manage device restarts after updates](update/waas-restart.md)
### [Manage additional Windows Update settings](update/waas-wu-settings.md)
### [Determine the source of Windows updates](update/windows-update-sources.md)

161
windows/deployment/change-history-for-deploy-windows-10.md
View File

@ -1,161 +0,0 @@
---
title: Change history for Deploy Windows 10 (Windows 10)
description: This topic lists new and updated topics in the Deploy Windows 10 documentation for Windows 10 and Windows 10 Mobile.
ms.assetid: 19C50373-6B25-4F5C-A6EF-643D36904349
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](https://docs.microsoft.com/windows/deployment) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
## April 2018
New or changed topic | Description
--- | ---
[Install VAMT](volume-activation/install-vamt.md) | Updated the instructions and link for SQL Server Express.
## November 2017
New or changed topic | Description
-- | ---
[Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) | Added warning that you should not use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml.
## RELEASE: Windows 10, version 1709
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) | Updated the edition upgrade table to include all other Windows 10 editions previously not on the list and the supported upgrade methods for upgrade path. |
| [Fonts missing after upgrading to Windows 10](windows-10-missing-fonts.md)| New article about the set of fonts that have moved from being included in the default installation image to being included in Optional Features. This article includes the steps for adding these optional font features.|
## July 2017
| New or changed topic | Description |
|----------------------|-------------|
| The table of contents for deployment topics was reorganized.
## June 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md) | New |
## April 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) | Updated: The "refresh" and "replace" procedures were swapped in order so that it would not be necessary to save and restore VMs. Also a missing step was added to include the State migration point role. |
| [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)| Updated with minor fixes. |
| [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)| Updated child topics under this node to include new feature and user interface changes. |
| [Get started with Upgrade Readiness](upgrade/upgrade-readiness-get-started.md)| Added a table summarizing connection scenarios under the Enable data sharing topic. |
## RELEASE: Windows 10, version 1703
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The provisioning topics have been moved to [Configure Windows 10](/windows/configuration/index).
## March 2017
| New or changed topic | Description |
|----------------------|-------------|
| [What's new in Windows 10 deployment](deploy-whats-new.md) | New |
| [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) | Topic moved under [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) in the table of contents and title adjusted to clarify in-place upgrade. |
| [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md) | Topic moved under [Deploy Windows 10 with Microsoft Endpoint Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) in the table of contents and title adjusted to clarify in-place upgrade. |
| [Convert MBR partition to GPT](mbr-to-gpt.md) | New |
## February 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) | Multiple topics updated, name changed from Upgrade Analytics to Upgrade Readiness, and other content updates. |
| [USMT Requirements](usmt/usmt-requirements.md) | Updated: Vista support removed and other minor changes |
| [Get started with Upgrade Analytics](upgrade/upgrade-readiness-get-started.md) | Updated structure and content |
| [Upgrade Analytics deployment script](upgrade/upgrade-readiness-deployment-script.md) | Added as a separate page from get started |
| [Use Upgrade Analytics to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) | Updated with links to new content and information about the target OS setting |
| [Upgrade Analytics - Upgrade overview](upgrade/upgrade-readiness-upgrade-overview.md) | New |
| [Upgrade Analytics - Step 1: Identify important apps](upgrade/upgrade-readiness-identify-apps.md) | Updated topic title and content |
| [Upgrade Analytics - Step 2: Resolve app and driver issues](upgrade/upgrade-readiness-resolve-issues.md) | New |
| [Upgrade Analytics - Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md) | New |
| [Upgrade Analytics - Additional insights](upgrade/upgrade-readiness-additional-insights.md) | New |
## January 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) | New |
| [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) | New |
| [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) | New |
| [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) | New (previously published in other topics) |
| [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package) | New (previously published in Hardware Dev Center on MSDN) |
| [Create a provisioning package with multivariant settings](/windows/configuration/provisioning-packages/provisioning-multivariant) | New (previously published in Hardware Dev Center on MSDN) |
| [How provisioning works in Windows 10](/windows/configuration/provisioning-packages/provisioning-how-it-works) | New (previously published in Hardware Dev Center on MSDN) |
| [Install Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) | New (previously published in Hardware Dev Center on MSDN) |
| [NFC-based device provisioning](/windows/configuration/mobile-devices/provisioning-nfc) | New (previously published in Hardware Dev Center on MSDN) |
| [Settings changed when you uninstall a provisioning package](/windows/configuration/provisioning-packages/provisioning-uninstall-package) | New (previously published in Hardware Dev Center on MSDN) |
| [Use a script to install a desktop app in provisioning packages](/windows/configuration/provisioning-packages/provisioning-script-to-install-app) | New (previously published in Hardware Dev Center on MSDN) |
| [Windows ICD command-line interface (reference)](/windows/configuration/provisioning-packages/provisioning-command-line) | New (previously published in Hardware Dev Center on MSDN) |
| [Get started with Upgrade Analytics](upgrade/upgrade-readiness-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog |
| [Provision PCs with common settings for initial deployment (simple provisioning)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment) | Instructions for applying the provisioning package moved to [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) |
| [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates) | Instructions for applying the provisioning package moved to [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) |
## October 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) | New |
## September 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) | New |
| [Get started with Upgrade Analytics](upgrade/upgrade-readiness-get-started.md) | Updated with prerequisites for site discovery |
| [Resolve application and driver issues](upgrade/upgrade-readiness-resolve-issues.md) | Updated with app status info for Ready For Windows |
| [Review site discovery](upgrade/upgrade-readiness-additional-insights.md) | New |
## RELEASE: Windows 10, version 1607
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
- [Provisioning packages for Windows 10](/windows/configuration/provisioning-packages/provisioning-packages.md)
- [Provision PCs with apps and certificates for initial deployment](/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md)
- [Provision PCs with common settings for initial deployment](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md)
## August 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) | Updated with reboot requirements |
## July 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Manage Windows upgrades with Upgrade Analytics](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) | New |
## June 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) | New |
| [User State Migration Tool Technical Reference](usmt/usmt-technical-reference.md) | Updated support statement for Office 2016 |
| [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) | New |
## May 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) | New |
## December 2015
| New or changed topic | Description |
|----------------------|-------------|
| [Activate using Key Management Service](volume-activation/activate-using-key-management-service-vamt.md) | Updated |
| [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) | Updated |
## November 2015
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) | New |
## Related topics
- [Change history for Plan for Windows 10 deployment](/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment)
- [Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)
- [Change history for Device Security](/windows/device-security/change-history-for-device-security)
- [Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)

48
windows/deployment/deploy-old.md Normal file
View File

@ -0,0 +1,48 @@
---
title: Deploy Windows 10 (Windows 10)
description: Deploying Windows 10 for IT professionals.
ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Deploy Windows 10
Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and topics are available.
|Topic |Description |
|------|------------|
|[Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md) |This topic provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. |
|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
## Related topics
[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
 
 

8
windows/deployment/deploy-whats-new.md
View File

@ -169,11 +169,9 @@ For more information, see the following guides:
The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10.
[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
<BR>[Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)
<BR>[Change history for Device Security](/windows/device-security/change-history-for-device-security)
<BR>[Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)
[Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)<br>
[Change history for Device Security](/windows/device-security/change-history-for-device-security)<br>
[Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)
## Related topics

22
windows/deployment/deploy-windows-mdt/TOC.md Normal file
View File

@ -0,0 +1,22 @@
# Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT)
## [Get started with MDT](get-started-with-the-microsoft-deployment-toolkit.md)
## Deploy Windows 10 with MDT
### [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
### [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
### [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
### [Perform an in-place upgrade to Windows 10 with MDT](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
## Customize MDT
### [Configure MDT settings](configure-mdt-settings.md)
### [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
### [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
### [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
### [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
### [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
### [Use web services in MDT](use-web-services-in-mdt.md)
### [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)

236
windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
View File

@ -21,15 +21,19 @@ ms.topic: article
**Applies to**
- Windows 10
In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of the deployment solution. With images reaching 5 GB in size or more, you can't deploy machines in a remote office over the wire. You need to replicate the content, so that the clients can do local deployments.
Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
We will use four machines for this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 standard server, and PC0006 is a blank machine to which you will deploy Windows 10. You will configure a second deployment server (MDT02) for a remote site (Stockholm) by replicating the deployment share in the original site (New York). MDT01, MDT02, and PC0006 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
Four computers are used in this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we will deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more details on the infrastructure setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
![figure 1](../images/mdt-10-fig01.png)
Figure 1. The machines used in this topic.
Computers used in this topic.
## <a href="" id="sec01"></a>Replicate deployment shares
>HV01 is also used in this topic to host the PC0006 virtual machine.
## Replicate deployment shares
Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in a number of different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content.
@ -42,60 +46,88 @@ LDS is a built-in feature in MDT for replicating content. However, LDS works bes
### Why DFS-R is a better option
DFS-R is not only very fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication target(s) as read-only, which is exactly what you want for MDT. This way, you can have your master deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
DFS-R is not only very fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your master deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
## <a href="" id="sec02"></a>Set up Distributed File System Replication (DFS-R) for replication
## Set up Distributed File System Replication (DFS-R) for replication
Setting up DFS-R for replication is a quick and straightforward process. You prepare the deployment servers and then create a replication group. To complete the setup, you configure some replication settings.
Setting up DFS-R for replication is a quick and straightforward process: Prepare the deployment servers, create a replication group, then configure some replication settings.
### Prepare MDT01 for replication
1. On MDT01, using Server Manager, click **Add roles and features**.
2. On the **Select installation type** page, select **Role-based or feature-based installation**.
3. On the **Select destination server** page, select **MDT01.contoso.com** and click **Next**.
4. On the **Select server roles** page, expand **File and Storage Services (Installed)** and expand **File and iSCSI Services (Installed)**.
5. In the **Roles** list, select **DFS Replication**. In the **Add Roles and Features Wizard** dialog box, select **Add Features**, and then click **Next**.
On **MDT01**:
![figure 2](../images/mdt-10-fig02.png)
1. Install the DFS Replication role on MDT01 by entering the following at an elevated Windows PowerShell prompt:
Figure 2. Adding the DFS Replication role to MDT01.
```powershell
Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
```
6. On the **Select features** page, accept the default settings, and click **Next**.
7. On the **Confirm installation selections** page, click **Install**.
8. On the **Installation progress** page, click **Close**.
2. Wait for installation to comlete, and then verify that the installation was successful. See the following output:
```output
PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {DFS Replication, DFS Management Tools, Fi...
```
### Prepare MDT02 for replication
1. On MDT02, using Server Manager, click **Add roles and features**.
2. On the **Select installation type** page, select **Role-based or feature-based installation**.
3. On the **Select destination server** page, select **MDT02.contoso.com** and click **Next**.
4. On the **Select server roles** page, expand **File and Storage Services (Installed)** and expand **File and iSCSI Services (Installed)**.
5. In the **Roles** list, select **DFS Replication**. In the **Add Roles and Features Wizard** dialog box, select **Add Features**, and then click **Next**.
6. On the **Select features** page, accept the default settings, and click **Next**.
7. On the **Confirm installation selections** page, click **Install**.
8. On the **Installation progress** page, click **Close**.
On **MDT02**:
1. Perform the same procedure on MDT02 by entering the following at an elevated Windows PowerShell prompt:
```powershell
Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
```
2. Wait for installation to comlete, and then verify that the installation was successful. See the following output:
```output
PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {DFS Replication, DFS Management Tools, Fi...
```
### Create the MDTProduction folder on MDT02
1. On MDT02, using File Explorer, create the **E:\\MDTProduction** folder.
2. Share the **E:\\MDTProduction** folder as **MDTProduction$**. Use the default permissions.
On **MDT02**:
![figure 3](../images/mdt-10-fig03.png)
1. Create and share the **D:\\MDTProduction** folder using default permissions by entering the following at an elevated command prompt:
Figure 3. Sharing the **E:\\MDTProduction folder** on MDT02.
```powershell
mkdir d:\MDTProduction
New-SmbShare -Name "MDTProduction$" -Path "D:\MDTProduction"
```
2. You should see the following output:
```output
C:\> New-SmbShare -Name "MDTProduction$" -Path "D:\MDTProduction"
Name ScopeName Path Description
---- --------- ---- -----------
MDTProduction$ * D:\MDTProduction
```
### Configure the deployment share
When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
1. On MDT01, using Notepad, navigate to the **E:\\MDTProduction\\Control** folder and modify the Boostrap.ini file to look like this:
On **MDT01**:
1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the Boostrap.ini file as follows. Under [DefaultGateway] enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (i.e. server) to use.
```ini
[Settings]
Priority=DefaultGateway, Default
[DefaultGateway]
192.168.1.1=NewYork
192.168.2.1=Stockholm
10.10.10.1=NewYork
10.10.20.1=Stockholm
[NewYork]
DeployRoot=\\MDT01\MDTProduction$
@ -106,87 +138,85 @@ When you have multiple deployment servers sharing the same content, you need to
[Default]
UserDomain=CONTOSO
UserID=MDT_BA
UserPassword=pass@word1
SkipBDDWelcome=YES
```
> [!NOTE]
> The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local.
>
> To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
>[!NOTE]
>The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
2. Save the Bootstrap.ini file.
3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**.
![figure 4](../images/mdt-10-fig04.png)
Figure 4. Updating the MDT Production deployment share.
4. Use the default settings for the Update Deployment Share Wizard.
5. After the update is complete, use the Windows Deployment Services console. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**.
3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. Use the default settings for the Update Deployment Share Wizard. This process will take a few minutes.
4. After the update is complete, use the Windows Deployment Services console on MDT01. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**.
5. Browse and select the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings.
![figure 5](../images/mdt-10-fig05.png)
Figure 5. Replacing the updated boot image in WDS.
Replacing the updated boot image in WDS.
6. Browse and select the **E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings.
>[!TIP]
>If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
## Replicate the content
## <a href="" id="sec03"></a>Replicate the content
Once the MDT01 and MDT02 servers are prepared, you are ready to configure the actual replication.
### Create the replication group
7. On MDT01, using DFS Management, right-click **Replication**, and select **New Replication Group**.
8. On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**.
9. On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**.
10. On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**.
6. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and click **New Replication Group**.
7. On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**.
8. On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**.
9. On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**.
![figure 6](../images/mdt-10-fig06.png)
Figure 6. Adding the Replication Group Members.
Adding the Replication Group Members.
11. On the **Topology Selection** page, select the **Full mesh** option and click **Next**.
12. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**.
13. On the **Primary Member** page, select **MDT01** and click **Next**.
14. On the **Folders to Replicate** page, click **Add**, type in **E:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**.
15. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**.
16. On the **Edit** page, select the **Enabled** option, type in **E:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**.
![figure 7](../images/mdt-10-fig07.png)
Figure 7. Configure the MDT02 member.
17. On the **Review Settings and Create Replication Group** page, click **Create**.
18. On the **Confirmation** page, click **Close**.
10. On the **Topology Selection** page, select the **Full mesh** option and click **Next**.
11. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**.
12. On the **Primary Member** page, select **MDT01** and click **Next**.
13. On the **Folders to Replicate** page, click **Add**, enter **D:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**.
14. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**.
15. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**.
16. On the **Review Settings and Create Replication Group** page, click **Create**.
17. On the **Confirmation** page, click **Close**.
### Configure replicated folders
19. On MDT01, using DFS Management, expand **Replication** and then select **MDTProduction**.
20. In the middle pane, right-click the **MDT01** member and select **Properties**.
21. On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**:
18. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
19. In the middle pane, right-click the **MDT01** member and click **Properties**.
20. On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**:
1. In the **Staging** tab, set the quota to **20480 MB**.
2. In the **Advanced** tab, set the quota to **8192 MB**.
In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share:
In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Below is a Windows PowerShell example that calculates the size of the 16 largest files in the D:\\MDTProduction deployment share:
``` powershell
(Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
(Get-ChildItem D:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
```
![figure 8](../images/mdt-10-fig08.png)
Figure 8. Configure the Staging settings.
22. In the middle pane, right-click the **MDT02** member and select **Properties**.
23. On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**:
21. In the middle pane, right-click the **MDT02** member and select **Properties**.
22. On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**:
1. In the **Staging** tab, set the quota to **20480 MB**.
2. In the **Advanced** tab, set the quota to **8192 MB**.
> [!NOTE]
> It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly.
23. Verify that MDT01 and MDT02 are members of the MDTProduction replication group, with MDT01 being primary as follows using an elevated command prompt:
```cmd
C:\> dfsradmin membership list /rgname:MDTProduction /attr:MemName,IsPrimary
MemName IsPrimary
MDT01 Yes
MDT02 No
```
### Verify replication
1. On MDT02, wait until you start to see content appear in the **E:\\MDTProduction** folder.
On **MDT02**:
1. Wait until you start to see content appear in the **D:\\MDTProduction** folder.
2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, select **Health report** and click **Next**.
3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and click **Next**.
4. On the **Path and Name** page, accept the default settings and click **Next**.
5. On the **Members to Include** page, accept the default settings and click **Next**.
6. On the **Options** page, accept the default settings and click **Next**.
@ -195,17 +225,21 @@ When you have multiple deployment servers sharing the same content, you need to
![figure 9](../images/mdt-10-fig09.png)
Figure 9. The DFS Replication Health Report.
The DFS Replication Health Report.
## <a href="" id="sec04"></a>Configure Windows Deployment Services (WDS) in a remote site
>If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
## Configure Windows Deployment Services (WDS) in a remote site
Like you did in the previous topic for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
1. On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
2. Browse to the E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim file and add the image with the default settings.
2. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
## <a href="" id="sec05"></a>Deploy the Windows 10 client to the remote site
## Deploy a Windows 10 client to the remote site
Now you should have a solution ready for deploying the Windows 10 client to the remote site, Stockholm, connecting to the MDT Production deployment share replica on MDT02.
Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure.
>For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the Boostrap.ini file.
1. Create a virtual machine with the following settings:
1. Name: PC0006
@ -213,30 +247,24 @@ Now you should have a solution ready for deploying the Windows 10 client to the
3. Generation: 2
4. Memory: 2048 MB
5. Hard disk: 60 GB (dynamic disk)
2. Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The machine will now load the Windows PE boot image from the WDS server.
6. Install an operating system from a network-based installation server
2. Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
1. Password: P@ssw0rd
2. Select a task sequence to execute on this computer:
1. Windows 10 Enterprise x64 RTM Custom Image
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
2. Computer Name: PC0006
3. Applications: Select the Install - Adobe Reader XI - x86 application
4. The setup will now start and do the following:
3. Applications: Select the Install - Adobe Reader
4. Setup will now start and perform the following:
1. Install the Windows 10 Enterprise operating system.
2. Install the added application.
3. Update the operating system via your local Windows Server Update Services (WSUS) server.
2. Install applications.
3. Update the operating system using your local Windows Server Update Services (WSUS) server.
![pc0001](../images/pc0006.png)
## Related topics
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
[Configure MDT settings](configure-mdt-settings.md)

21
windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
View File

@ -1,6 +1,6 @@
---
title: Configure MDT settings (Windows 10)
description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities. Learn how to customize your environment.
description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
ms.reviewer:
manager: laurawi
@ -19,11 +19,11 @@ ms.topic: article
# Configure MDT settings
One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
![figure 1](../images/mdt-09-fig01.png)
Figure 1. The machines used in this topic.
The computers used in this topic.
## In this section
@ -38,14 +38,9 @@ Figure 1. The machines used in this topic.
## Related topics
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)

6
windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
View File

@ -1,6 +1,6 @@
---
title: Create a task sequence with Configuration Manager (Windows 10)
description: Create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
ms.reviewer:
manager: laurawi
@ -23,14 +23,14 @@ ms.topic: article
- Windows 10
In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in System Center 2012 R2 Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
In this topic, you will learn how to create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard, both of which are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
## <a href="" id="sec01"></a>Create a task sequence using the MDT Integration Wizard
This section walks you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use.
This section walks you through the process of creating a Configuration Manager task sequence for production use.
1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.

565
windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
View File

@ -22,57 +22,69 @@ ms.topic: article
- Windows 10
Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, PC0001 is a Windows 10 Enterprise x64 client, and MDT01 is a Windows Server 2012 R2 standard server. HV01 is a Hyper-V host server, but HV01 could be replaced by PC0001 as long as PC0001 has enough memory and is capable of running Hyper-V. MDT01, HV01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation.
>[!NOTE]
>For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
>See [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md) for more information about the server, client, and network infrastructure used in this guide.
![figure 1](../images/mdt-08-fig01.png)
For the purposes of this topic, we will use three computers: DC01, MDT01, and HV01.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is a contoso.com domain member server.
- HV01 is a Hyper-V server that will be used to build the reference image.
Figure 1. The machines used in this topic.
![devices](../images/mdt-08-fig01.png)
Computers used in this topic.
## The reference image
The reference image described in this documentation is designed primarily for deployment to physical machines. However, the reference image is created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are the following:
- You reduce development time and can use snapshots to test different configurations quickly.
- You rule out hardware issues. You simply get the best possible image, and if you have a problem, it's not likely to be hardware related.
- It ensures that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
- It's easy to move between lab, test, and production.
The reference image described in this guide is designed primarily for deployment to physical devices. However, the reference image is typically created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are the following:
- To reduce development time and can use snapshots to test different configurations quickly.
- To rule out hardware issues. You simply get the best possible image, and if you have a problem, it's not likely to be hardware related.
- To ensures that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
- The image is easy to move between lab, test, and production.
## <a href="" id="sec01"></a>Set up the MDT build lab deployment share
## Set up the MDT build lab deployment share
With Windows 10, there is no hard requirement to create reference images; however, to reduce the time needed for deployment, you may want to create a reference image that contains a few base applications as well as all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
With Windows 10, there is no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications as well as all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
### Create the MDT build lab deployment share
- On MDT01, log on as Administrator in the CONTOSO domain using a password of <strong>P@ssw0rd</strong>.
On **MDT01**:
- Sign in as contoso\\administrator using a password of <b>pass@word1</b> (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) topic).
- Start the MDT deployment workbench, and pin this to the taskbar for easy access.
- Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
- Use the following settings for the New Deployment Share Wizard:
- Deployment share path: E:\\MDTBuildLab
- Share name: MDTBuildLab$
- Deployment share description: MDT Build Lab
- &lt;default&gt;
- Verify that you can access the \\\\MDT01\\MDTBuildLab$ share.
- Deployment share path: **D:\\MDTBuildLab**
- Share name: **MDTBuildLab$**
- Deployment share description: **MDT Build Lab**
- Accept the default selections on the Options page and click **Next**.
- Review the Summary page, click **Next**, wait for the deployment share to be created, then click **Finish**.
- Verify that you can access the <b>\\\\MDT01\\MDTBuildLab$</b> share.
![figure 2](../images/mdt-08-fig02.png)
![figure 2](../images/mdt-08-fig02.png)
Figure 2. The Deployment Workbench with the MDT Build Lab deployment share created.
The Deployment Workbench with the MDT Build Lab deployment share.
### Enable monitoring
To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, click **Properties**, click the **Monitoring** tab, and select **Enable monitoring for this deployment share**. This step is optional.
### Configure permissions for the deployment share
In order to write the reference image back to the deployment share, you need to assign Modify permissions to the MDT Build Account (MDT\_BA) for the **Captures** subfolder in the **E:\\MDTBuildLab** folder
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Modify the NTFS permissions for the **E:\\MDTBuildLab\\Captures** folder by running the following command in an elevated Windows PowerShell prompt:
In order to read files in the deployment share and write the reference image back to it, you need to assign NTSF and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTBuildLab** folder
```
icacls E:\MDTBuildLab\Captures /grant '"MDT_BA":(OI)(CI)(M)'
On **MDT01**:
1. Ensure you are signed in as **contoso\\administrator**.
2. Modify the NTFS permissions for the **D:\\MDTBuildLab** folder by running the following command in an elevated Windows PowerShell prompt:
``` powershell
icacls "D:\MDTBuildLab" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
grant-smbshareaccess -Name MDTBuildLab$ -AccountName "Contoso\MDT_BA" -AccessRight Full -force
```
![figure 3](../images/mdt-08-fig03.png)
Figure 3. Permissions configured for the MDT\_BA user.
## <a href="" id="sec02"></a>Add the setup files
## Add setup files
This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
@ -85,211 +97,205 @@ MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images t
### Add Windows 10 Enterprise x64 (full source)
In these steps we assume that you have copied the content of a Windows 10 Enterprise x64 ISO to the **E:\\Downloads\\Windows 10 Enterprise x64** folder.
On **MDT01**:
1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
![ISO](../images/iso-data.png)
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Build Lab**.
3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
5. Full set of source files
6. Source directory: E:\\Downloads\\Windows 10 Enterprise x64
7. Destination directory name: W10EX64RTM
8. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click the added operating system name in the **Operating System** node and change the name to the following: **Windows 10 Enterprise x64 RTM Default Image**
- Full set of source files
- Source directory: (location of your source files)
- Destination directory name: <b>W10EX64RTM</b>
5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**. See the following example.
![figure 4](../images/figure4-deployment-workbench.png)
![Default image](../images/deployment-workbench01.png)
Figure 4. The imported Windows 10 operating system after renaming it.
>Depending on the DVD you used, there might be multiple editions available. For the purposes of this guide, we are using the Windows 10 Enterprise image, but other images will also work.
## <a href="" id="sec03"></a>Add applications
## Add applications
Before you create an MDT task sequence, you need to add all of the applications and other sample scripts to the MDT Build Lab share.
Before you create an MDT task sequence, you need to add any applications and scripts you wish to install to the MDT Build Lab share.
The steps in this section use a strict naming standard for your MDT applications. You add the "Install - " prefix for typical application installations that run a setup installer of some kind, and you use the "Configure - " prefix when an application configures a setting in the operating system. You also add an " - x86", " - x64", or "- x86-x64" suffix to indicate the application's architecture (some applications have installers for both architectures). Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency.
By storing configuration items as MDT applications, it is easy to move these objects between various solutions, or between test and production environments. In this topic's step-by-step sections, you will add the following applications:
On **MDT01**:
- Install - Microsoft Office 2013 Pro Plus - x86
- Install - Microsoft Silverlight 5.0 - x64
- Install - Microsoft Visual C++ 2005 SP1 - x86
- Install - Microsoft Visual C++ 2005 SP1 - x64
- Install - Microsoft Visual C++ 2008 SP1 - x86
- Install - Microsoft Visual C++ 2008 SP1 - x64
- Install - Microsoft Visual C++ 2010 SP1 - x86
- Install - Microsoft Visual C++ 2010 SP1 - x64
- Install - Microsoft Visual C++ 2012 Update 4 - x86
- Install - Microsoft Visual C++ 2012 Update 4 - x64
First, create an MDT folder to store the Microsoft applications that will be installed:
In these examples, we assume that you downloaded the software in this list to the E:\\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell.
1. In the MDT Deployment Workbench, expand **Deployment Shares \\ MDT Build Lab \\ Applications**
2. Right-click **Applications** and then click **New Folder**.
3. Under **Folder name**, type **Microsoft**.
4. Click **Next** twice, and then click **Finish**.
The steps in this section use a strict naming standard for your MDT applications.
- Use the "<b>Install - </b>" prefix for typical application installations that run a setup installer of some kind,
- Use the "<b>Configure - </b>" prefix when an application configures a setting in the operating system.
- You also add an "<b> - x86</b>", "<b> - x64</b>", or "<b>- x86-x64</b>" suffix to indicate the application's architecture (some applications have installers for both architectures).
Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency.
By storing configuration items as MDT applications, it is easy to move these objects between various solutions, or between test and production environments.
In example sections, you will add the following applications:
- Install - Microsoft Office 365 Pro Plus - x64
- Install - Microsoft Visual C++ Redistributable 2019 - x86
- Install - Microsoft Visual C++ Redistributable 2019 - x64
>The 64-bit version of Microsoft Office 365 Pro Plus is recommended unless you need legacy app support. For more information, see [Choose between the 64-bit or 32-bit version of Office](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261)
Download links:
- [Office Deployment Tool](https://www.microsoft.com/download/details.aspx?id=49117)
- [Microsoft Visual C++ Redistributable 2019 - x86](https://aka.ms/vs/16/release/VC_redist.x86.exe)
- [Microsoft Visual C++ Redistributable 2019 - x64](https://aka.ms/vs/16/release/VC_redist.x64.exe)
Download all three items in this list to the D:\\Downloads folder on MDT01.
**Note**: For the purposes of this lab, we will leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
>[!NOTE]
>All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523).
>All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
### Create the install: Microsoft Office Professional Plus 2013 x86
### Create configuration file: Microsoft Office 365 Professional Plus x64
You can customize Office 2013. In the volume license versions of Office 2013, there is an Office Customization Tool you can use to customize the Office installation. In these steps we assume you have copied the Office 2013 installation files to the E:\\Downloads\\Office2013 folder.
1. After downloading the most current version of the Office Deployment tool from the Microsoft Download Center using the link provided above, run the self-extracting executable file and extract the files to **D:\\Downloads\\Office365**. The Office Deployment Tool (setup.exe) and several sample configuration.xml files will be extracted.
2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Office 365 ProPlus that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
### Add the Microsoft Office Professional Plus 2013 x86 installation files
For example, you can use the following configuration.xml file, which provides these configuration settings:
- Install the 64-bit version of Office 365 ProPlus in English directly from the Office Content Delivery Network (CDN) on the internet. Note: 64-bit is now the default and recommended edition.
- Use the Semi-Annual Channel and get updates directly from the Office CDN on the internet.
- Perform a silent installation. You wont see anything that shows the progress of the installation and you wont see any error messages.
After adding the Microsoft Office Professional Plus 2013 x86 application, you then automate its setup by running the Office Customization Tool. In fact, MDT detects that you added the Office Professional Plus 2013 x86 application and creates a shortcut for doing this.
You also can customize the Office installation using a Config.xml file. But we recommend that you use the Office Customization Tool as described in the following steps, as it provides a much richer way of controlling Office 2013 settings.
1. Using the Deployment Workbench in the MDT Build Lab deployment share, expand the **Applications / Microsoft** node, and double-click **Install - Microsoft Office 2013 Pro Plus x86**.
2. In the **Office Products** tab, click **Office Customization Tool**, and click **OK** in the **Information** dialog box.
```xml
<Configuration>
<Add OfficeClientEdition="64" Channel="Broad">
<Product ID="O365ProPlusRetail">
<Language ID="en-us" />
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" />
<Updates Enabled="TRUE" />
</Configuration>
```
![figure 5](../images/mdt-08-fig05.png)
By using these settings, any time you build the reference image youll be installing the most up-to-date Semi-Annual Channel version of Office 365 ProPlus.
Figure 5. The Install - Microsoft Office 2013 Pro Plus - x86 application properties.
>[!TIP]
>You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
>[!NOTE]
>If you don't see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft.
Also see [Configuration options for the Office Deployment Tool](https://docs.microsoft.com/deployoffice/configuration-options-for-the-office-2016-deployment-tool) and [Overview of the Office Deployment Tool](https://docs.microsoft.com/DeployOffice/overview-of-the-office-2016-deployment-tool) for more information.
3. In the Office Customization Tool dialog box, select the Create a new Setup customization file for the following product option, select the Microsoft Office Professional Plus 2013 (32-bit) product, and click OK.
4. Use the following settings to configure the Office 2013 setup to be fully unattended:
1. Install location and organization name
- Organization name: Contoso
2. Licensing and user interface
1. Select Use KMS client key
2. Select I accept the terms in the License Agreement.
3. Select Display level: None
3. Ensure the configuration.xml file is in the D:\\Downloads\\Office365 folder. See the following example of the extracted files plus the configuration.xml file in the Downloads\\Office365 folder:
![figure 6](../images/mdt-08-fig06.png)
![folder](../images/office-folder.png)
Figure 6. The licensing and user interface screen in the Microsoft Office Customization Tool
Assuming you have named the file "configuration.xml" as shown above, we will use the command "**setup.exe /configure configuration.xml**" when we create the application in MDT. This will perform the installation of Office 365 ProPlus using the configuration settings in the configuration.xml file. Do not perform this step yet.
3. Modify Setup properties
- Add the **SETUP\_REBOOT** property and set the value to **Never**.
4. Modify user settings
- In the **Microsoft Office 2013** node, expand **Privacy**, select **Trust Center**, and enable the Disable Opt-in Wizard on first run setting.
5. From the **File** menu, select **Save**, and save the configuration as 0\_Office2013ProPlusx86.msp in the **E:\\MDTBuildLab\\Applications\\Install - Microsoft Office 2013 Pro Plus - x86\\Updates** folder.
>[!IMPORTANT]
>After Office 365 ProPlus is installed on the reference image, do NOT open any Office programs. if you open an Office program, you are prompted to sign-in, which activates the installation of Office 365 ProPlus. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Office 365 ProPlus installed as part of your reference image.
>[!NOTE]
>The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates, and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates.
Additional information
- Office 365 ProPlus is usually updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel youre using). That means that once youve deployed your reference image, Office 365 ProPlus will most likely need to download and install the latest updates that have been released since you created your reference image.
6. Close the Office Customization Tool, click Yes in the dialog box, and in the **Install - Microsoft Office 2013 Pro Plus - x86 Properties** window, click **OK**.
- **Note**: By using installing Office Deployment Tool as part of the reference image, Office 365 ProPlus is installed immediately after the reference image is deployed to the users device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Office 365 ProPlus right away and wont have to download any new updates (which is most likely what would happen if Office 365 ProPlus was installed as part of the reference image.)
- When you are creating your reference image, instead of installing Office 365 ProPlus directly from the Office CDN on the internet, you can install Office 365 ProPlus from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Office 365 ProPlus from that location on to your reference image. As part of that, youll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Office 365 ProPlus files. If you decide to do this, the next time you create a new reference image, youll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Office 365 ProPlus to that location on your internal network. That way your new reference image will have a more up-to-date installation of Office 365 ProPlus.
### Connect to the deployment share using Windows PowerShell
If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive).
1. On MDT01, log on as **CONTOSO\\Administrator**.
On **MDT01**:
1. Ensure you are signed in as **contoso\\Administrator**.
2. Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
``` powershell
Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"
New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "D:\MDTBuildLab"
```
>[!TIP]
>Use "Get-Command -module MicrosoftDeploymentToolkit" to see a list of available cmdlets
### Create the install: Microsoft Visual C++ 2005 SP1 x86
### Create the install: Microsoft Office 365 Pro Plus - x64
In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x86.
1. On MDT01, log on as **CONTOSO\\Administrator**.
In these steps we assume that you have downloaded the Office Deployment Tool. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads\\Office365.
On **MDT01**:
1. Ensure you are signed on as **contoso\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86"
$CommandLine = "vcredist_x86.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2005SP1x86"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
$ApplicationName = "Install - Office365 ProPlus - x64"
$CommandLine = "setup.exe /configure configuration.xml"
$ApplicationSourcePath = "D:\Downloads\Office365"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName -Verbose
```
### Create the install: Microsoft Visual C++ 2005 SP1 x64
Upon successful installation the following text is displayed:
```
VERBOSE: Performing the operation "import" on target "Application".
VERBOSE: Beginning application import
VERBOSE: Copying application source files from D:\Downloads\Office365 to D:\MDTBuildLab\Applications\Install -
Office365 ProPlus - x64
VERBOSE: Creating new item named Install - Office365 ProPlus - x64 at DS001:\Applications\Microsoft.
In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x64.
1. On MDT01, log on as **CONTOSO\\Administrator**.
Name
----
Install - Office365 ProPlus - x64
VERBOSE: Import processing finished.
```
### Create the install: Microsoft Visual C++ Redistributable 2019 - x86
>[!NOTE]
>We have abbreviated "Microsoft Visual C++ Redistributable" in the $ApplicationName below as "MSVC" to avoid the path name exceeding the maxiumum allowed length of 248 characters.
In these steps we assume that you have downloaded Microsoft Visual C++ Redistributable 2019 - x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
On **MDT01**:
1. Ensure you are signed on as **contoso\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64"
$CommandLine = "vcredist_x64.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2005SP1x64"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
$ApplicationName = "Install - MSVC 2019 - x86"
$CommandLine = "vc_redist.x86.exe /Q"
$ApplicationSourcePath = "D:\Downloads"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName -Verbose
```
### Create the install: Microsoft Visual C++ 2008 SP1 x86
Upon successful installation the following text is displayed:
```
VERBOSE: Performing the operation "import" on target "Application".
VERBOSE: Beginning application import
VERBOSE: Copying application source files from D:\Downloads to D:\MDTBuildLab\Applications\Install - MSVC 2019 - x86
VERBOSE: Creating new item named Install - MSVC 2019 - x86 at DS001:\Applications\Microsoft.
In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x86.
1. On MDT01, log on as **CONTOSO\\Administrator**.
Name
----
Install - MSVC 2019 - x86
VERBOSE: Import processing finished.
```
### Create the install: Microsoft Visual C++ Redistributable 2019 - x64
In these steps we assume that you have downloaded Microsoft Visual C++ Redistributable 2019 - x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to D:\\Downloads.
On **MDT01**:
1. Ensure you are signed on as **contoso\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86"
$CommandLine = "vcredist_x86.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2008SP1x86"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
$ApplicationName = "Install - MSVC 2019 - x64"
$CommandLine = "vc_redist.x64.exe /Q"
$ApplicationSourcePath = "D:\Downloads"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName -Verbose
```
### Create the install: Microsoft Visual C++ 2008 SP1 x64
In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x64.
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64"
$CommandLine = "vcredist_x64.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2008SP1x64"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
```
### Create the install: Microsoft Visual C++ 2010 SP1 x86
In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x86.
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86"
$CommandLine = "vcredist_x86.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2010SP1x86"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
```
### Create the install: Microsoft Visual C++ 2010 SP1 x64
In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x64.
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64"
$CommandLine = "vcredist_x64.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2010SP1x64"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
```
### Create the install: Microsoft Visual C++ 2012 Update 4 x86
In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux86.
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86"
$CommandLine = "vcredist_x86.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2012Ux86"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
```
### Create the install: Microsoft Visual C++ 2012 Update 4 x64
In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux64.
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create the application by running the following commands in an elevated PowerShell prompt:
``` powershell
$ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64"
$CommandLine = "vcredist_x64.exe /Q"
$ApplicationSourcePath = "E:\Downloads\VC++2012Ux64"
Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName
-Verbose
```
## <a href="" id="sec04"></a>Create the reference image task sequence
## Create the reference image task sequence
In order to build and capture your Windows 10 reference image for deployment using MDT, you will create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you are deploying.
@ -302,8 +308,10 @@ Because we use modern virtual platforms for creating our reference images, we do
To create a Windows 10 reference image task sequence, the process is as follows:
1. Using the Deployment Workbench in the MDT Build Lab deployment share, right-click **Task Sequences**, and create a new folder named **Windows 10**.
2. Expand the **Task Sequences** node, right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
On **MDT01**:
1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab** right-click **Task Sequences**, and create a **New Folder** named **Windows 10**.
2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
1. Task sequence ID: REFW10X64-001
2. Task sequence name: Windows 10 Enterprise x64 RTM Default Image
3. Task sequence comments: Reference Build
@ -317,22 +325,20 @@ To create a Windows 10 reference image task sequence, the process is as follows
### Edit the Windows 10 task sequence
The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office 2013.
The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office365 ProPlus x64.
1. In the Task Sequences / Windows 10 folder, right-click the Windows 10 Enterprise x64 RTM Default Image task sequence, and select Properties.
On **MDT01**:
1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
1. State Restore. Enable the Windows Update (Pre-Application Installation) action.
**Note**  
Enable an action by going to the Options tab and clearing the Disable this step check box.
1. **State Restore > Windows Update (Pre-Application Installation)** action: Enable this action by clicking the **Options** tab and clearing the **Disable this step** check box.
2. State Restore. Enable the Windows Update (Post-Application Installation) action.
3. State Restore. Enable the Windows Update (Post-Application Installation) action. State Restore. After the **Tattoo** action, add a new **Group** action with the following setting:
- Name: Custom Tasks (Pre-Windows Update)
4. State Restore. After Windows Update (Post-Application Installation) action, rename Custom Tasks to Custom Tasks (Post-Windows Update).
**Note**  
The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
5. State Restore / Custom Tasks (Pre-Windows Update). Add a new Install Roles and Features action with the following settings:
2. **State Restore > Windows Update (Post-Application Installation)** action: Also enable this action.
3. **State Restore**: After the **Tattoo** action, add a new **Group** action (click **Add** then click **New Group**) with the following setting:
- Name: **Custom Tasks (Pre-Windows Update)**
4. **State Restore**: After **Windows Update (Post-Application Installation)** action, rename **Custom Tasks** to **Custom Tasks (Post-Windows Update)**.
- **Note**: The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
5. **State Restore > Custom Tasks (Pre-Windows Update)**: Add a new **Install Roles and Features** action with the following settings:
1. Name: Install - Microsoft NET Framework 3.5.1
2. Select the operating system for which roles are to be installed: Windows 10
3. Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
@ -340,41 +346,34 @@ The steps below walk you through the process of editing the Windows 10 referenc
>[!IMPORTANT]
>This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
![figure 7](../images/fig8-cust-tasks.png)
![task sequence](../images/fig8-cust-tasks.png)
Figure 7. The task sequence after creating the Custom Tasks (Pre-Windows Update) group and adding the Install - Microsoft NET Framework 3.5.1 action.
The task sequence after creating the Custom Tasks (Pre-Windows Update) group and adding the Install - Microsoft NET Framework 3.5.1 action.
6. State Restore - Custom Tasks (Pre-Windows Update). After the **Install - Microsoft NET Framework 3.5.1** action, add a new **Install Application** action with the following settings:
1. Name: Install - Microsoft Visual C++ 2005 SP1 - x86
2. Install a Single Application: Install - Microsoft Visual C++ 2005 SP1 - x86-x64
7. Repeat the previous step (add a new **Install Application**) to add the following applications:
1. Install - Microsoft Visual C++ 2005 SP1 - x64
2. Install - Microsoft Visual C++ 2008 SP1 - x86
3. Install - Microsoft Visual C++ 2008 SP1 - x64
4. Install - Microsoft Visual C++ 2010 SP1 - x86
5. Install - Microsoft Visual C++ 2010 SP1 - x64
6. Install - Microsoft Visual C++ 2012 Update 4 - x86
7. Install - Microsoft Visual C++ 2012 Update 4 - x64
8. Install - Microsoft Office 2013 Pro Plus - x86
8. After the Install - Microsoft Office 2013 Pro Plus - x86 action, add a new Restart computer action.
6. **State Restore > Custom Tasks (Pre-Windows Update)**: After the **Install - Microsoft NET Framework 3.5.1** action, add a new **Install Application** action (selected from the **General** group) with the following settings:
1. Name: Microsoft Visual C++ Redistributable 2019 - x86
2. Install a Single Application: browse to **Install - MSVC 2019 - x86**
7. Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Office 365 ProPlus as well.
3. Click **OK**.
![apps](../images/mdt-apps.png)
### Optional configuration: Add a suspend action
The goal when creating a reference image is of course to automate everything. But sometimes you have a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you click the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
![figure 8](../images/fig8-suspend.png)
![figure 8](../images/fig8-suspend.png)
Figure 8. A task sequence with optional Suspend action (LTISuspend.wsf) added.
A task sequence with optional Suspend action (LTISuspend.wsf) added.
![figure 9](../images/fig9-resumetaskseq.png)
![figure 9](../images/fig9-resumetaskseq.png)
Figure 9. The Windows 10 desktop with the Resume Task Sequence shortcut.
The Windows 10 desktop with the Resume Task Sequence shortcut.
### Edit the Unattend.xml file for Windows 10 Enterprise
When using MDT, you don't need to edit the Unattend.xml file very often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer 11 behavior, then you can edit the Unattend.xml for this. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you will want to use Internet Explorer Administration Kit (IEAK).
When using MDT, you don't need to edit the Unattend.xml file very often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml for this. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you will want to use the Internet Explorer Administration Kit (IEAK).
>[!WARNING]
>Do not use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
@ -384,37 +383,54 @@ When using MDT, you don't need to edit the Unattend.xml file very often because
Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
1. Using the Deployment Workbench, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
On **MDT01**:
1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
>[!IMPORTANT]
>The current version of MDT (8456) has a known issue generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. As a temporary workaround:
>- Close the Deployment Workbench and install the [WSIM 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334). This will update imagecat.exe and imgmgr.exe to version 10.0.18362.144.
>- Manually run imgmgr.exe (C:\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM\\imgmgr.exe).
>- Generate a catalog (Tools/Create Catalog) for the selected install.wim (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install.wim).
>- After manually creating the catalog file (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install_Windows 10 Enterprise.clg), open the Deployment Workbench and proceed to edit unattend.xml.
3. In Windows SIM, expand the **4 specialize** node in the **Answer File** pane and select the amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral entry.
4. In the **amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral properties** window (right-hand window), set the following values:
- DisableDevTools: true
5. Save the Unattend.xml file, and close Windows SIM.
- Note: If errors are reported that certain display values are incorrect, you can ignore this or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
6. On the Windows 10 Enterprise x64 RTM Default Image Properties, click **OK**.
![figure 10](../images/fig10-unattend.png)
![figure 10](../images/fig10-unattend.png)
Figure 10. Windows System Image Manager with the Windows 10 Unattend.xml.
Windows System Image Manager with the Windows 10 Unattend.xml.
## <a href="" id="sec05"></a>Configure the MDT deployment share rules
## Configure the MDT deployment share rules
Understanding rules is critical to successfully using MDT. Rules are configured using the Rules tab of the deployment share's properties. The Rules tab is essentially a shortcut to edit the CustomSettings.ini file that exists in the E:\\MDTBuildLab\\Control folder. This section discusses how to configure the MDT deployment share rules as part of your Windows 10 Enterprise deployment.
Understanding rules is critical to successfully using MDT. Rules are configured using the **Rules** tab of the deployment share's properties. The **Rules** tab is essentially a shortcut to edit the **CustomSettings.ini** file that exists in the **D:\\MDTBuildLab\\Control** folder. This section discusses how to configure the MDT deployment share rules as part of your Windows 10 Enterprise deployment.
### MDT deployment share rules overview
In MDT, there are always two rule files: the CustomSettings.ini file and the Bootstrap.ini file. You can add almost any rule to either; however, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file.
For that reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK. By taking the following steps, you will configure the rules for the MDT Build Lab deployment share:
1. Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Properties**.
2. Select the **Rules** tab and modify using the following information:
In MDT, there are always two rule files: the **CustomSettings.ini** file and the **Bootstrap.ini** file. You can add almost any rule to either. However, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file. For this reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK.
To configure the rules for the MDT Build Lab deployment share:
On **MDT01**:
1. Using the Deployment Workbench, right-click the **MDT Build Lab** deployment share and select **Properties**.
2. Select the **Rules** tab and replace the existing content with the following information (edit the settings as needed to match your deployment). For example, If you do not have a WSUS server in your environment, delete the **WSUSServer** line from the configuration:
```
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
UserDataLocation=NONE
DoCapture=YES
OSInstall=Y
AdminPassword=P@ssw0rd
AdminPassword=pass@word1
TimeZoneName=Pacific Standard Time
JoinWorkgroup=WORKGROUP
HideShell=YES
@ -439,35 +455,33 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
SkipFinalSummary=YES
```
![figure 11](../images/mdt-08-fig14.png)
![figure 11](../images/mdt-rules.png)
Figure 11. The server-side rules for the MDT Build Lab deployment share.
The server-side rules for the MDT Build Lab deployment share.
3. Click **Edit Bootstrap.ini** and modify using the following information:
```
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTBuildLab$
UserDomain=CONTOSO
UserID=MDT_BA
UserPassword=P@ssw0rd
UserPassword=pass@word1
SkipBDDWelcome=YES
```
![figure 12](../images/mdt-08-fig15.png)
Figure 12. The boot image rules for the MDT Build Lab deployment share.
>[!NOTE]
>For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation.
>For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation. Obviously if you are not using the same password (pass@word3) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
4. In the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
4. On the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
5. In the **Lite Touch Boot Image Settings** area, configure the following settings:
1. Image description: MDT Build Lab x86
2. ISO file name: MDT Build Lab x86.iso
6. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
6. On the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
7. In the **Lite Touch Boot Image Settings** area, configure the following settings:
1. Image description: MDT Build Lab x64
2. ISO file name: MDT Build Lab x64.iso
@ -476,12 +490,11 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
>[!NOTE]
>In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
### Update the deployment share
After the deployment share has been configured, it needs to be updated. This is the process when the Windows PE boot images are created.
1. Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Update Deployment Share**.
1. In the Deployment Workbench, right-click the **MDT Build Lab** deployment share and select **Update Deployment Share**.
2. Use the default options for the Update Deployment Share Wizard.
>[!NOTE]
@ -500,7 +513,7 @@ The CustomSettings.ini file is normally stored on the server, in the Deployment
### The Bootstrap.ini file
The Bootstrap.ini file is available via the deployment share's Properties dialog box, or via the E:\\MDTBuildLab\\Control folder on MDT01.
The Bootstrap.ini file is available via the deployment share's Properties dialog box, or via the D:\\MDTBuildLab\\Control folder on MDT01.
```
[Settings]
@ -509,7 +522,7 @@ Priority=Default
DeployRoot=\\MDT01\MDTBuildLab$
UserDomain=CONTOSO
UserID=MDT_BA
UserPassword=P@ssw0rd
UserPassword=pass@word1
SkipBDDWelcome=YES
```
@ -538,7 +551,7 @@ _SMSTSORGNAME=Contoso
UserDataLocation=NONE
DoCapture=YES
OSInstall=Y
AdminPassword=P@ssw0rd
AdminPassword=pass@word1
TimeZoneName=Pacific Standard Time
JoinWorkgroup=WORKGROUP
HideShell=YES
@ -570,8 +583,7 @@ SkipFinalSummary=YES
- **AdminPassword.** Sets the local Administrator account password.
- **TimeZoneName.** Establishes the time zone to use. Don't confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).
**Note**  
The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
**Note**: The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
- **JoinWorkgroup.** Configures Windows to join a workgroup.
- **HideShell.** Hides the Windows Shell during deployment. This is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
@ -594,37 +606,45 @@ SkipFinalSummary=YES
- **SkipCapture.** Skips the Capture pane.
- **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to click OK before the machine shuts down.
## <a href="" id="sec06"></a>Build the Windows 10 reference image
## Build the Windows 10 reference image
As previously described, this section requires a Hyper-V host. See [Hyper-V requirements](prepare-for-windows-deployment-with-mdt.md#hyper-v-requirements) for more information.
Once you have created your task sequence, you are ready to create the Windows 10 reference image. This will be performed by launching the task sequence from a virtual machine which will then automatically perform the reference image creation and capture process.
This steps below outline the process used to boot a virtual machine using an ISO boot image created by MDT, and then execute the reference image task sequence image to create and capture the Windows 10 reference image.
1. Copy the E:\\MDTBuildLab\\Boot\\MDT Build Lab x86.iso on MDT01 to C:\\ISO on the Hyper-V host.
The steps below outline the process used to boot a virtual machine using an ISO boot image created by MDT, and then run the reference image task sequence image to create and capture the Windows 10 reference image.
**Note**  
Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
1. Copy D:\\MDTBuildLab\\Boot\\MDT Build Lab x86.iso on MDT01 to C:\\ISO on your Hyper-V host (HV01).
2. Create a virtual machine with the following settings:
**Note**: Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
On **HV01**:
2. Create a new virtual machine with the following settings:
1. Name: REFW10X64-001
2. Location: C:\\VMs
3. Memory: 1024 MB
4. Network: External (The network that is connected to the same infrastructure as MDT01 is)
5. Hard disk: 60 GB (dynamic disk)
6. Image file: C:\\ISO\\MDT Build Lab x86.iso
3. Take a snapshot of the REFW10X64-001 virtual machine, and name it **Clean with MDT Build Lab x86 ISO**.
2. Store the virtual machine in a different location: C:\VM
3. Generation 1
4. Memory: 1024 MB
5. Network: Must be able to connect to \\MDT01\MDTBuildLab$
7. Hard disk: 60 GB (dynamic disk)
8. Install OS with image file: C:\\ISO\\MDT Build Lab x86.iso
1. Before you start the VM, add a checkpoint for REFW10X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
**Note**  
Taking a snapshot is useful if you need to restart the process and want to make sure you can start clean.
**Note**: Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
4. Start the REFW10X64-001 virtual machine. After booting into Windows PE, complete the Windows Deployment Wizard using the following settings:
4. Start the REFW10X64-001 virtual machine and connect to it.
**Note**: Up to this point we have not discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers. You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario this is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
2. Specify whether to capture an image: Capture an image of this reference computer
- Location: \\\\MDT01\\MDTBuildLab$\\Captures
3. File name: REFW10X64-001.wim
![figure 13](../images/fig13-captureimage.png)
![capture image](../images/captureimage.png)
Figure 13. The Windows Deployment Wizard for the Windows 10 reference image.
The Windows Deployment Wizard for the Windows 10 reference image.
5. The setup now starts and does the following:
1. Installs the Windows 10 Enterprise operating system.
@ -635,18 +655,25 @@ This steps below outline the process used to boot a virtual machine using an ISO
6. Captures the installation to a Windows Imaging (WIM) file.
7. Turns off the virtual machine.
After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the E:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
![image](../images/image-captured.png)
## Troubleshooting
If you [enabled monitoring](#enable-monitoring), you can check the progress of the task sequence.
![monitoring](../images/mdt-monitoring.png)
If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](https://docs.microsoft.com/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log. From the command line in Windows PE you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$.
After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
## Related topics
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
[Configure MDT settings](configure-mdt-settings.md)

521
windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
View File

@ -21,115 +21,144 @@ ms.topic: article
**Applies to**
- Windows 10
This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). You will prepare for this by creating a MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. You will then configure the deployment share, create a new task sequence, add applications, add drivers, add rules, and configure Active Directory permissions for deployment.
This topic will show you how to take your reference image for Windows 10 (that was just [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
For the purposes of this topic, we will use three machines: DC01, MDT01, and PC0005. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 standard server, and PC0005 is a blank machine to which you deploy Windows 10. MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation.
We will prepare for this by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.
![figure 1](../images/mdt-07-fig01.png)
For the purposes of this topic, we will use four computers: DC01, MDT01, HV01 and PC0005.
Figure 1. The machines used in this topic.
- DC01 is a domain controller
- MDT01 is a domain member server
- HV01 is a Hyper-V server
- PC0005 is a blank device to which we will deploy Windows 10
MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation. HV01 used to test deployment of PC0005 in a virtual environment.
![devices](../images/mdt-07-fig01.png)
>[!NOTE]
>For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
>For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
## Step 1: Configure Active Directory permissions
## <a href="" id="sec01"></a>Step 1: Configure Active Directory permissions
These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
On **DC01**:
1. Download the [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copy it to the **C:\\Setup\\Scripts** directory on DC01. This script configures permissions to allow the MDT_JD account to manage computer accounts in the contoso > Computers organizational unit.
2. Create the MDT_JD service account by running the following command from an elevated Windows PowerShell prompt:
```powershell
New-ADUser -Name MDT_JD -UserPrincipalName MDT_JD -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT join domain account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true
```
3. Next, run the Set-OuPermissions script to apply permissions to the **MDT\_JD** service account, enabling it to manage computer accounts in the Contoso / Computers OU. Run the following commands from an elevated Windows PowerShell prompt:
These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
2. Select the **Service Accounts** organizational unit (OU) and create the MDT\_JD account using the following settings:
1. Name: MDT\_JD
2. User logon name: MDT\_JD
3. Password: P@ssw0rd
4. User must change password at next logon: Clear
5. User cannot change password: Select
6. Password never expires: Select
3. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press **Enter** after each command:
```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
```
4. The Set-OUPermissions.ps1 script allows the MDT\_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted:
1. Scope: This object and all descendant objects
1. Create Computer objects
2. Delete Computer objects
2. Scope: Descendant Computer objects
1. Read All Properties
2. Write All Properties
3. Read Permissions
4. Modify Permissions
5. Change Password
6. Reset Password
7. Validated write to DNS host name
8. Validated write to service principal name
## <a href="" id="sec02"></a>Step 2: Set up the MDT production deployment share
The following is a list of the permissions being granted:
a. Scope: This object and all descendant objects
b. Create Computer objects
c. Delete Computer objects
d. Scope: Descendant Computer objects
e. Read All Properties
f. Write All Properties
g. Read Permissions
h. Modify Permissions
i. Change Password
j. Reset Password
k. Validated write to DNS host name
l. Validated write to service principal name
When you are ready to deploy Windows 10 in a production environment, you will first create a new MDT deployment share. You should not use the same deployment share that you used to create the reference image for a production deployment. For guidance on creating a custom Windows 10 image, see
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
## Step 2: Set up the MDT production deployment share
Next, create a new MDT deployment share. You should not use the same deployment share that you used to create the reference image for a production deployment. Perform this procedure on the MDT01 server.
### Create the MDT production deployment share
On **MDT01**:
The steps for creating the deployment share for production are the same as when you created the deployment share for creating the custom reference image:
1. On MDT01, log on as Administrator in the CONTOSO domain using a password of <strong>P@ssw0rd.</strong>
2. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
3. On the **Path** page, in the **Deployment share path** text box, type **E:\\MDTProduction** and click **Next**.
1. Ensure you are signed on as: contoso\administrator.
2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
## <a href="" id="sec03"></a>Step 3: Add a custom image
### Configure permissions for the production deployment share
To read files in the deployment share, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTProduction** folder
On **MDT01**:
1. Ensure you are signed in as **contoso\\administrator**.
2. Modify the NTFS permissions for the **D:\\MDTProduction** folder by running the following command in an elevated Windows PowerShell prompt:
``` powershell
icacls "D:\MDTProduction" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
grant-smbshareaccess -Name MDTProduction$ -AccountName "Contoso\MDT_BA" -AccessRight Full -force
```
## Step 3: Add a custom image
The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores additional components in the Sources\\SxS folder which is outside the image and may be required when installing components.
### Add the Windows 10 Enterprise x64 RTM custom image
In these steps, we assume that you have completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you have a Windows 10 reference image in the E:\\MDTBuildLab\\Captures folder on MDT01.
In these steps, we assume that you have completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you have a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
1. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**.
2. Right-click the **Windows 10** folder and select **Import Operating System**.
3. On the **OS Type** page, select **Custom image file** and click **Next**.
4. On the **Image** page, in the **Source file** text box, browse to **E:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and click **Next**.
5. On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **E:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and click **Next**.
4. On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and click **Next**.
5. On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and click **Next**.
6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**.
7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to match the following: **Windows 10 Enterprise x64 RTM Custom Image**.
7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**.
>[!NOTE]
>The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
![figure 2](../images/fig2-importedos.png)
![imported OS](../images/fig2-importedos.png)
Figure 2. The imported operating system after renaming it.
## Step 4: Add an application
## <a href="" id="sec04"></a>Step 4: Add an application
When you configure your MDT Build Lab deployment share, you can also add applications to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the MDT Production deployment share using Adobe Reader as an example.
When you configure your MDT Build Lab deployment share, you will also add any applications to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the MDT Production deployment share using Adobe Reader as an example.
### Create the install: Adobe Reader DC
### Create the install: Adobe Reader XI x86
On **MDT01**:
In this example, we assume that you have downloaded the Adobe Reader XI installation file (AdbeRdr11000\_eu\_ES.msi) to E:\\Setup\\Adobe Reader on MDT01.
1. Using the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
2. Right-click the **Applications** node, and create a new folder named **Adobe**.
3. In the **Applications** node, right-click the **Adobe** folder and select **New Application**.
4. On the **Application Type** page, select the **Application with source files** option and click **Next**.
5. On the **Details** page, in the **Application** name text box, type **Install - Adobe Reader XI - x86** and click **Next**.
6. On the **Source** page, in the **Source Directory** text box, browse to **E:\\Setup\\Adobe Reader XI** and click **Next**.
7. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader XI - x86** and click **Next**.
8. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AdbeRdr11000\_eu\_ES.msi /q**, click **Next** twice, and then click **Finish**.
1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC1902120058_en_US.exe) to **D:\\setup\\adobe** on MDT01.
2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC1902120058_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
4. Right-click the **Applications** node, and create a new folder named **Adobe**.
5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**.
6. On the **Application Type** page, select the **Application with source files** option and click **Next**.
7. On the **Details** page, in the **Application Name** text box, type **Install - Adobe Reader** and click *Next**.
8. On the **Source** page, in the **Source Directory** text box, browse to **D:\\setup\\adobe\\install** and click **Next**.
9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and click **Next**.
10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, click **Next** twice, and then click **Finish**.
![figure 3](../images/mdt-07-fig03.png)
![acroread](../images/acroread.png)
Figure 3. The Adobe Reader application added to the Deployment Workbench.
The Adobe Reader application added to the Deployment Workbench.
## <a href="" id="sec05"></a>Step 5: Prepare the drivers repository
## Step 5: Prepare the drivers repository
In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
- Lenovo ThinkPad T420
- Dell Latitude E6440
- Dell Latitude 7390
- HP EliteBook 8560w
- Microsoft Surface Pro
For boot images, you need to have storage and network drivers; for the operating system, you need to have the full suite of drivers.
>[!NOTE]
@ -139,20 +168,22 @@ For boot images, you need to have storage and network drivers; for the operating
The key to successful management of drivers for MDT, as well as for any other deployment solution, is to have a really good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use.
1. On MDT01, using File Explorer, create the **E:\\Drivers** folder.
2. In the **E:\\Drivers** folder, create the following folder structure:
On **MDT01**:
1. Using File Explorer, create the **D:\\drivers** folder.
2. In the **D:\\drivers** folder, create the following folder structure:
1. WinPE x86
2. WinPE x64
3. Windows 10 x64
3. In the new Windows 10 x64 folder, create the following folder structure:
- Dell
- Latitude E6440
- HP
- Latitude E7450
- Hewlett-Packard
- HP EliteBook 8560w
- Lenovo
- ThinkPad T420 (4178)
- ThinkStation P500 (30A6003TUS)
- Microsoft Corporation
- Surface Pro 3
- Surface Laptop
>[!NOTE]
>Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
@ -166,16 +197,16 @@ When you import drivers to the MDT driver repository, MDT creates a single insta
2. WinPE x64
3. Windows 10 x64
3. In the **Windows 10 x64** folder, create the following folder structure:
- Dell Inc.
- Latitude E6440
- Dell
- Latitude E7450
- Hewlett-Packard
- HP EliteBook 8560w
- Lenovo
- 4178
- 30A6003TUS
- Microsoft Corporation
- Surface Pro 3
- Surface Laptop
The preceding folder names are selected because they match the actual make and model values that MDT reads from the machines during deployment. You can find out the model values for your machines via the following command in Windows PowerShell:
The preceding folder names should match the actual make and model values that MDT reads from devices during deployment. You can find out the model values for your machines by using the following command in Windows PowerShell:
``` powershell
Get-WmiObject -Class:Win32_ComputerSystem
@ -188,87 +219,104 @@ wmic csproduct get name
If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](https://go.microsoft.com/fwlink/p/?LinkId=619536).
![figure 4](../images/fig4-oob-drivers.png)
![drivers](../images/fig4-oob-drivers.png)
Figure 4. The Out-of-Box Drivers structure in Deployment Workbench.
The Out-of-Box Drivers structure in the Deployment Workbench.
### Create the selection profiles for boot image drivers
By default, MDT adds any storage and network drivers that you import to the boot images. However, you should add only the drivers that are necessary to the boot image. You can control which drivers are added by using selection profiles.
The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you cant locate Windows 10 drivers for your device, a Windows 7 or Windows 8.1 driver will most likely work, but Windows 10 drivers should be your first choice.
1. On MDT01, using the Deployment Workbench, in the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**.
On **MDT01**:
1. In the Deployment Workbench, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**.
2. In the New Selection Profile Wizard, create a selection profile with the following settings:
1. Selection Profile name: WinPE x86
2. Folders: Select the WinPE x86 folder in Out-of-Box Drivers.
3. Again, right-click the **Selection Profiles** node, and select **New Selection Profile**.
3. Click **Next**, **Next** and **Finish**.
3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**.
4. In the New Selection Profile Wizard, create a selection profile with the following settings:
1. Selection Profile name: WinPE x64
2. Folders: Select the WinPE x64 folder in Out-of-Box Drivers.
3. Click **Next**, **Next** and **Finish**.
![figure 5](../images/fig5-selectprofile.png)
Figure 5. Creating the WinPE x64 selection profile.
Creating the WinPE x64 selection profile.
### Extract and import drivers for the x64 boot image
Windows PE supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image.
In these steps, we assume you have downloaded PROWinx64.exe from Intel.com and saved it to a temporary folder.
1. Extract PROWinx64.exe to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder.
2. Using File Explorer, create the **E:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
3. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **E:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
4. Using Deployment Workbench, expand the **Out-of-Box Drivers** node, right-click the **WinPE x64** node, and select **Import Drivers**. Use the following setting for the Import Drivers Wizard:
- Driver source directory: **E:\\Drivers\\WinPE x64\\Intel PRO1000**
On **MDT01**:
1. Download **PROWinx64.exe** from Intel.com (ex: [PROWinx64.exe](https://downloadcenter.intel.com/downloads/eula/25016/Intel-Network-Adapter-Driver-for-Windows-10?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F25016%2Feng%2FPROWinx64.exe)).
2. Extract PROWinx64.exe to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder.
a. **Note**: Extracting the .exe file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the .exe terminates.
3. Using File Explorer, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
4. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
5. In the Deployment Workbench, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, and select **Import Drivers**, and use the following Driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**.
### Download, extract, and import drivers
### For the ThinkPad T420
### For the Lenovo ThinkStation P500
For the Lenovo T420 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo T420 model has the 4178B9G model name, meaning the Machine Type is 4178.
For the ThinkStation P500 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo ThinkStation P500 model has the 30A6003TUS model name, meaning the Machine Type is 30A6.
To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
![ThinkStation](../images/thinkstation.png)
In these steps, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever v5.0 to the E:\\Drivers\\Lenovo\\ThinkPad T420 (4178) folder.
To get the updates, download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can also download the drivers by searching PC Support on the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
1. On MDT01, using the Deployment Workbench, in the **MDT Production** node, expand the **Out-Of-Box Drivers** node, and expand the **Lenovo** node.
2. Right-click the **4178** folder and select **Import Drivers**; use the following setting for the Import Drivers Wizard:
- Driver source directory: **E:\\Drivers\\Windows 10 x64\\Lenovo\\ThinkPad T420 (4178)**
In this example, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever to the **D:\\Drivers\\Lenovo\\ThinkStation P500 (30A6003TUS)** directory.
### For the Latitude E6440
On **MDT01**:
For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
1. In the Deployment Workbench, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Lenovo** node.
2. Right-click the **30A6003TUS** folder and select **Import Drivers** and use the following Driver source directory to import drivers: **D:\\Drivers\\Windows 10 x64\\Lenovo\\ThinkStation P500 (30A6003TUS)**
In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E6440 model to the E:\\Drivers\\Dell\\Latitude E6440 folder.
The folder you select and all sub-folders will be checked for drivers, expanding any .cab files that are present and searching for drivers.
1. On **MDT01**, using the **Deployment Workbench**, in the **MDT Production** node, expand the **Out-Of-Box Drivers** node, and expand the **Dell** node.
2. Right-click the **Latitude E6440** folder and select **Import Drivers**; use the following setting for the Import Drivers Wizard:
- Driver source directory: **E:\\Drivers\\Windows 10 x64\\Dell\\Latitude E6440**
### For the Latitude E7450
For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell\\Latitude E7450** folder.
On **MDT01**:
1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell** node.
2. Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: **D:\\Drivers\\Windows 10 x64\\Dell\\Latitude E7450**
### For the HP EliteBook 8560w
For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](https://go.microsoft.com/fwlink/p/?LinkId=619545).
In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the E:\\Drivers\\Windows 10 x64\\HP\\HP EliteBook 8560w folder.
In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder.
1. On **MDT01**, using the **Deployment Workbench**, in the **MDT Production** node, expand the **Out-Of-Box Drivers** node, and expand the **Hewlett-Packard** node.
2. Right-click the **HP EliteBook 8560w** folder and select **Import Drivers**; use the following setting for the Import Drivers Wizard:
- Driver source directory: **E:\\Drivers\\Windows 10 x64\\HP\\HP EliteBook 8560w**
On **MDT01**:
### For the Microsoft Surface Pro 3
1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Hewlett-Packard** node.
2. Right-click the **HP EliteBook 8560w** folder and select **Import Drivers** and use the following Driver source directory to import drivers: **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w**
For the Microsoft Surface Pro model, you find the drivers on the Microsoft website. In these steps we assume you have downloaded and extracted the Surface Pro 3 drivers to the E:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Pro 3 folder.
### For the Microsoft Surface Laptop
1. On MDT01, using the Deployment Workbench, in the **MDT Production** node, expand the **Out-Of-Box Drivers** node, and expand the **Microsoft** node.
2. Right-click the **Surface Pro 3** folder and select **Import Drivers**; use the following setting for the Import Drivers Wizard:
- Driver source directory: **E:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Pro 3**
For the Microsoft Surface Laptop model, you find the drivers on the Microsoft website. In these steps we assume you have downloaded and extracted the Surface Laptop drivers to the **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop** folder.
## <a href="" id="sec06"></a>Step 6: Create the deployment task sequence
On **MDT01**:
This section will show you how to create the task sequence used to deploy your production Windows 10 reference image. You will then configure the tasks sequence to enable patching via a Windows Server Update Services (WSUS) server.
1. In the Deployment Workbench, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Microsoft** node.
2. Right-click the **Surface Laptop** folder and select **Import Drivers**; and use the following Driver source directory to import drivers: **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop**
## Step 6: Create the deployment task sequence
This section will show you how to create the task sequence used to deploy your production Windows 10 reference image. You will then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.
### Create a task sequence for Windows 10 Enterprise
1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**.
On **MDT01**:
1. In the Deployment Workbench, under the **MDT Production** node, right-click **Task Sequences**, and create a folder named **Windows 10**.
2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
1. Task sequence ID: W10-X64-001
2. Task sequence name: Windows 10 Enterprise x64 RTM Custom Image
@ -278,13 +326,14 @@ This section will show you how to create the task sequence used to deploy your p
6. Specify Product Key: Do not specify a product key at this time
7. Full Name: Contoso
8. Organization: Contoso
9. Internet Explorer home page: about:blank
9. Internet Explorer home page: https://www.contoso.com
10. Admin Password: Do not specify an Administrator Password at this time
### Edit the Windows 10 task sequence
3. Right-click the **Windows 10 Enterprise x64 RTM Custom Image** task sequence, and select **Properties**.
4. On the **Task Sequence** tab, configure the **Windows 10 Enterprise x64 RTM Custom Image** task sequence with the following settings:
1. Preinstall. After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings:
### Edit the Windows 10 task sequence
1. Continuing from the previous procedure, right-click the **Windows 10 Enterprise x64 RTM Custom Image** task sequence, and select **Properties**.
2. On the **Task Sequence** tab, configure the **Windows 10 Enterprise x64 RTM Custom Image** task sequence with the following settings:
1. Preinstall: After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings:
1. Name: Set DriverGroup001
2. Task Sequence Variable: DriverGroup001
3. Value: Windows 10 x64\\%Make%\\%Model%
@ -297,36 +346,36 @@ This section will show you how to create the task sequence used to deploy your p
3. State Restore. Enable the **Windows Update (Pre-Application Installation)** action.
4. State Restore. Enable the **Windows Update (Post-Application Installation)** action.
5. Click **OK**.
3. Click **OK**.
![figure 6](../images/fig6-taskseq.png)
![drivergroup](../images/fig6-taskseq.png)
Figure 6. The task sequence for production deployment.
The task sequence for production deployment.
## <a href="" id="sec07"></a>Step 7: Configure the MDT production deployment share
## Step 7: Configure the MDT production deployment share
In this section, you will learn how to configure the MDT Build Lab deployment share with the rules required to create a simple and dynamic deployment process. This includes configuring commonly used rules and an explanation of how these rules work.
### Configure the rules
1. On MDT01, using File Explorer, copy the following files from the **D:\\Setup\\Sample Files\\MDT Production\\Control** folder to **E:\\MDTProduction\\Control**. Overwrite the existing files.
1. Bootstrap.ini
2. CustomSettings.ini
2. Right-click the **MDT Production** deployment share and select **Properties**.
3. Select the **Rules** tab and modify using the following information:
On **MDT01**:
1. Right-click the **MDT Production** deployment share and select **Properties**.
2. Select the **Rules** tab and replace the existing rules with the following information (modify the domain name, WSUS server, and administrative credentials to match your environment):
```
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
OSInstall=YES
UserDataLocation=AUTO
TimeZoneName=Pacific Standard Time
AdminPassword=P@ssw0rd
AdminPassword=pass@word1
JoinDomain=contoso.com
DomainAdmin=CONTOSO\MDT_JD
DomainAdminPassword=P@ssw0rd
DomainAdminPassword=pass@word1
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
SLShare=\\MDT01\Logs$
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
@ -350,36 +399,40 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
SkipCapture=YES
SkipFinalSummary=NO
```
4. Click **Edit Bootstrap.ini** and modify using the following information:
```
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
SkipBDDWelcome=YES
```
5. In the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected.
6. In the **General** sub tab, configure the following settings:
3. Click **Edit Bootstrap.ini** and modify using the following information:
```
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
UserPassword=pass@word1
SkipBDDWelcome=YES
```
4. On the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected.
5. On the **General** sub tab (still under the main Windows PE tab), configure the following settings:
- In the **Lite Touch Boot Image Settings** area:
1. Image description: MDT Production x86
2. ISO file name: MDT Production x86.iso
> [!NOTE]
>
> Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests.
>Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests.
7. In the **Drivers and Patches** sub tab, select the **WinPE x86** selection profile and select the **Include all drivers from the selection profile** option.
8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
9. In the **General** sub tab, configure the following settings:
6. On the **Drivers and Patches** sub tab, select the **WinPE x86** selection profile and select the **Include all drivers from the selection profile** option.
7. On the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
8. On the **General** sub tab, configure the following settings:
- In the **Lite Touch Boot Image Settings** area:
1. Image description: MDT Production x64
2. ISO file name: MDT Production x64.iso
10. In the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
11. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box.
12. Click **OK**.
9. In the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
10. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box.
11. Click **OK**.
>[!NOTE]
>It will take a while for the Deployment Workbench to create the monitoring database and web service.
@ -387,39 +440,46 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
![figure 8](../images/mdt-07-fig08.png)
Figure 7. The Windows PE tab for the x64 boot image.
The Windows PE tab for the x64 boot image.
### The rules explained
The rules for the MDT Production deployment share are somewhat different from those for the MDT Build Lab deployment share. The biggest differences are that you deploy the machines into a domain instead of a workgroup and that you do not automate the logon.
The rules for the MDT Production deployment share are somewhat different from those for the MDT Build Lab deployment share. The biggest differences are that you deploy the machines into a domain instead of a workgroup.
>
>You can optionally remove the **UserID** and **UserPassword** entries from Bootstrap.ini so that users performing PXE boot are prompted to provide credentials with permission to connect to the deployment share. Setting **SkipBDDWelcome=NO** enables the welcome screen that displays options to run the deployment wizard, run DaRT tools (if installed), exit to a Windows PE command prompt, set the keyboard layout, or configure a static IP address. In this example we are skipping the welcome screen and providing credentials.
### The Bootstrap.ini file
This is the MDT Production Bootstrap.ini without the user credentials (except domain information):
This is the MDT Production Bootstrap.ini:
```
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTProduction$
UserDomain=CONTOSO
UserID=MDT_BA
UserPassword=pass@word1
SkipBDDWelcome=YES
```
### The CustomSettings.ini file
This is the CustomSettings.ini file with the new join domain information:
```
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
OSInstall=Y
UserDataLocation=AUTO
TimeZoneName=Pacific Standard Time
AdminPassword=P@ssw0rd
AdminPassword=pass@word1
JoinDomain=contoso.com
DomainAdmin=CONTOSO\MDT_JD
DomainAdminPassword=P@ssw0rd
DomainAdminPassword=pass@word1
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
SLShare=\\MDT01\Logs$
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
@ -444,7 +504,8 @@ SkipCapture=YES
SkipFinalSummary=NO
EventService=http://MDT01:9800
```
The additional properties to use in the MDT Production rules file are as follows:
Some properties to use in the MDT Production rules file are as follows:
- **JoinDomain.** The domain to join.
- **DomainAdmin.** The account to use when joining the machine to the domain.
- **DomainAdminDomain.** The domain for the join domain account.
@ -456,33 +517,35 @@ The additional properties to use in the MDT Production rules file are as follows
### Optional deployment share configuration
If your organization has a Microsoft Software Assurance agreement, you also can subscribe to the additional Microsoft Desktop Optimization Package (MDOP) license (at an additional cost). Included in MDOP is Microsoft Diagnostics and Recovery Toolkit (DaRT), which contains tools that can help you
troubleshoot MDT deployments, as well as troubleshoot Windows itself.
If your organization has a Microsoft Software Assurance agreement, you also can subscribe to the additional Microsoft Desktop Optimization Package (MDOP) license (at an additional cost). Included in MDOP is Microsoft Diagnostics and Recovery Toolkit (DaRT), which contains tools that can help you troubleshoot MDT deployments, as well as troubleshoot Windows itself.
### Add DaRT 10 to the boot images
If you have licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you do not have DaRT licensing, or don't want to use it, simply skip to the next section, [Update the Deployment Share](#bkmk-update-deployment). To enable the remote connection feature in MDT, you need to do the following:
- Install DaRT 10 (part of MDOP 2015 R1).
- Copy the two tools CAB files (Toolsx86.cab and Toolsx64.cab) to the deployment share.
- Configure the deployment share to add DaRT.
In these steps, we assume that you downloaded MDOP 2015 R1 and copied DaRT 10 to the E:\\Setup\\DaRT 10 folder on MDT01.
- On MDT01, install DaRT 10 (MSDaRT10.msi) using the default settings.
- Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder.
- Copy the Toolsx64.cab file to **E:\\MDTProduction\\Tools\\x64**.
- Copy the Toolsx86.cab file to **E:\\MDTProduction\\Tools\\x86**.
- Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**.
- In the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected.
- In the **Features** sub tab, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
If you have licensing for MDOP and DaRT, you can add DaRT to the boot images using the steps in this section. If you do not have DaRT licensing, or don't want to use it, simply skip to the next section, [Update the Deployment Share](#update-the-deployment-share). To enable the remote connection feature in MDT, you need to do the following:
![figure 8](../images/mdt-07-fig09.png)
>DaRT 10 is part of [MDOP 2015](https://docs.microsoft.com/microsoft-desktop-optimization-pack/#how-to-get-mdop). Note: MDOP might be available as a download from your [Visual Studio subscription](https://my.visualstudio.com/Downloads). When searching, be sure to look for **Desktop Optimization Pack**.
Figure 8. Selecting the DaRT 10 feature in the deployment share.
On **MDT01**:
1. Download MDOP 2015 and copy the DaRT 10 installer file to the D:\\Setup\\DaRT 10 folder on MDT01 (DaRT\\DaRT 10\\Installers\\\<lang\>\\x64\\MSDaRT100.msi).
2. Install DaRT 10 (MSDaRT10.msi) using the default settings.
![DaRT](../images/dart.png)
2. Copy the two tools CAB files from **C:\\Program Files\\Microsoft DaRT\\v10** (**Toolsx86.cab** and **Toolsx64.cab**) to the production deployment share at **D:\\MDTProduction\\Tools\\x86** and **D:\\MDTProduction\\Tools\\x64**, respectively.
3. In the Deployment Workbench, right-click the **MDT Production** deployment share and select **Properties**.
4. On the **Windows PE** tab, in the **Platform** drop-down list, make sure **x86** is selected.
5. On the **Features** sub tab, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** checkbox.
![DaRT selection](../images/mdt-07-fig09.png)
Selecting the DaRT 10 feature in the deployment share.
8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
9. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
10. Click **OK**.
### <a href="" id="bkmk-update-deployment"></a>Update the deployment share
### Update the deployment share
Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.
1. Right-click the **MDT Production** deployment share and select **Update Deployment Share**.
@ -491,56 +554,74 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee
>[!NOTE]
>The update process will take 5 to 10 minutes.
## <a href="" id="sec08"></a>Step 8: Deploy the Windows 10 client image
## Step 8: Deploy the Windows 10 client image
These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.
### Configure Windows Deployment Services
You need to add the MDT Production Lite Touch x64 Boot image to WDS in preparation for the deployment. For the following steps, we assume that Windows Deployment Services has already been installed on MDT01.
1. Using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
2. Browse to the E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim file and add the image with the default settings.
You need to add the MDT Production Lite Touch x64 Boot image to WDS in preparation for the deployment. In this procedure, we assume that WDS is already installed and initialized on MDT01 as described in the [Prepare for Windows deployment](prepare-for-windows-deployment-with-mdt.md#install-and-initialize-windows-deployment-services-wds) article.
On **MDT01**:
1. Open the Windows Deployment Services console, expand the **Servers** node and then expand **MDT01.contoso.com**.
2. Right-click **Boot Images** and select **Add Boot Image**.
3. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
![figure 9](../images/mdt-07-fig10.png)
Figure 9. The boot image added to the WDS console.
The boot image added to the WDS console.
### Deploy the Windows 10 client
At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you are confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. This helps rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
On **HV01**:
1. Create a virtual machine with the following settings:
1. Name: PC0005
2. Location: C:\\VMs
2. Store the virtual machine in a different location: C:\VM
3. Generation: 2
4. Memory: 2048 MB
5. Hard disk: 60 GB (dynamic disk)
2. Start the PC0005 virtual machine, and press **Enter** to start the PXE boot. The machine will now load the Windows PE boot image from the WDS server.
5. Network: Must be able to connect to \\MDT01\MDTProduction$
6. Hard disk: 60 GB (dynamic disk)
7. Installation Options: Install an operating system from a network-based installation server
2. Start the PC0005 virtual machine, and press **Enter** to start the PXE boot. The VM will now load the Windows PE boot image from the WDS server.
![figure 10](../images/mdt-07-fig11.png)
Figure 10. The initial PXE boot process of PC0005.
The initial PXE boot process of PC0005.
3. After Windows PE has booted, complete the Windows Deployment Wizard using the following setting:
1. Password: P@ssw0rd
2. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
3. Computer Name: PC0005
4. Applications: Select the Install - Adobe Reader XI - x86 application.
4. The setup now starts and does the following:
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
2. Computer Name: **PC0005**
3. Applications: Select the **Install - Adobe Reader** checkbox.
4. Setup now begins and does the following:
1. Installs the Windows 10 Enterprise operating system.
2. Installs the added application.
3. Updates the operating system via your local Windows Server Update Services (WSUS) server.
![pc0005](../images/pc0005-vm.png)
### Application installation
Following OS installation, Microsoft Office 365 Pro Plus - x64 is installed automatically.
![pc0005](../images/pc0005-vm-office.png)
### Use the MDT monitoring feature
Now that you have enabled the monitoring on the MDT Production deployment share, you can follow your deployment of PC0005 via the monitoring node.
Since you have enabled the monitoring on the MDT Production deployment share, you can follow your deployment of PC0005 via the monitoring node.
1. On MDT01, using Deployment Workbench, expand the **MDT Production** deployment share folder.
On **MDT01**:
1. In the Deployment Workbench, expand the **MDT Production** deployment share folder.
2. Select the **Monitoring** node, and wait until you see PC0005.
3. Double-click PC0005, and review the information.
![figure 11](../images/mdt-07-fig13.png)
Figure 11. The Monitoring node, showing the deployment progress of PC0005.
The Monitoring node, showing the deployment progress of PC0005.
### Use information in the Event Viewer
@ -548,11 +629,11 @@ When monitoring is enabled, MDT also writes information to the event viewer on M
![figure 12](../images/mdt-07-fig14.png)
Figure 12. The Event Viewer showing a successful deployment of PC0005.
The Event Viewer showing a successful deployment of PC0005.
## <a href="" id="sec09"></a>Multicast deployments
## Multicast deployments
Multicast deployment allows for image deployment with reduced network load during simultaneous deployments. Multicast is a useful operating system deployment feature in MDT deployments, however it is important to ensure that your network supports it and is designed for it.
Multicast deployment allows for image deployment with reduced network load during simultaneous deployments. Multicast is a useful operating system deployment feature in MDT deployments, however it is important to ensure that your network supports it and is designed for it. If you have a limited number of simultaneous deployments, you probably do not need to enable multicast.
### Requirements
@ -563,25 +644,30 @@ Internet Group Management Protocol (IGMP) snooping is turned on and that the net
Setting up MDT for multicast is straightforward. You enable multicast on the deployment share, and MDT takes care of the rest.
1. On MDT01, right-click the **MDT Production** deployment share folder and select **Properties**.
2. In the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and click **OK**.
On **MDT01**:
1. In the Deployment Workbench, right-click the **MDT Production** deployment share folder and select **Properties**.
2. On the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and click **OK**.
3. Right-click the **MDT Production** deployment share folder and select **Update Deployment Share**.
4. After updating the deployment share, use the Windows Deployment Services console to, verify that the multicast namespace was created.
![figure 13](../images/mdt-07-fig15.png)
Figure 13. The newly created multicast namespace.
The newly created multicast namespace.
## <a href="" id="sec10"></a>Use offline media to deploy Windows 10
## Use offline media to deploy Windows 10
In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can very easily generate an offline version of your deployment share - either the full deployment share or a subset of it - by the use of selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can very easily generate an offline version of your deployment share - either the full deployment share or a subset of it - through the use of selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
Offline media are useful not only when you do not have network connectivity to the deployment share, but also when you have limited connection to the deployment share and do not want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.
### Create the offline media selection profile
To filter what is being added to the media, you create a selection profile. When creating selection profiles, you quickly realize the benefits of having created a good logical folder structure in the Deployment Workbench.
1. On MDT01, using Deployment Workbench, in the **MDT Production / Advanced Configuration** node, right-click **Selection Profile**, and select **New Selection Profile**.
On **MDT01**:
1. In the Deployment Workbench, under the **MDT Production / Advanced Configuration** node, right-click **Selection Profiles**, and select **New Selection Profile**.
2. Use the following settings for the New Selection Profile Wizard:
1. General Settings
- Selection profile name: Windows 10 Offline Media
@ -592,48 +678,58 @@ To filter what is being added to the media, you create a selection profile. When
4. Out-Of-Box Drivers / Windows 10 x64
5. Task Sequences / Windows 10
![offline media](../images/mdt-offline-media.png)
### Create the offline media
In these steps, you generate offline media from the MDT Production deployment share. To filter what is being added to the media, you use the previously created selection profile.
1. On MDT01, using File Explorer, create the **E:\\MDTOfflineMedia** folder.
1. On MDT01, using File Explorer, create the **D:\\MDTOfflineMedia** folder.
>[!NOTE]
>When creating offline media, you need to create the target folder first. It is crucial that you do not create a subfolder inside the deployment share folder because it will break the offline media.
2. Using Deployment Workbench, in the **MDT Production / Advanced Configuration** node, right-click the **Media** node, and select **New Media**.
2. In the Deployment Workbench, under the **MDT Production / Advanced Configuration** node, right-click the **Media** node, and select **New Media**.
3. Use the following settings for the New Media Wizard:
- General Settings
1. Media path: **E:\\MDTOfflineMedia**
2. Selection profile: Windows 10 Offline Media
1. Media path: **D:\\MDTOfflineMedia**
2. Selection profile: **Windows 10 Offline Media**
### Configure the offline media
Offline media has its own rules, its own Bootstrap.ini and CustomSettings.ini files. These files are stored in the Control folder of the offline media; they also can be accessed via properties of the offline media in the Deployment Workbench.
1. On MDT01, using File Explorer, copy the CustomSettings.ini file from the **E:\MDTProduction\Control** folder to **E:\\MDTOfflineMedia\\Content\\Deploy\\Control**. Overwrite the existing files.
2. Using Deployment Workbench, in the **MDT Production / Advanced Configuration / Media** node, right-click the **MEDIA001** media, and select **Properties**.
On **MDT01**:
1. Copy the CustomSettings.ini file from the **D:\MDTProduction\Control** folder to **D:\\MDTOfflineMedia\\Content\\Deploy\\Control**. Overwrite the existing files.
2. In the Deployment Workbench, under the **MDT Production / Advanced Configuration / Media** node, right-click the **MEDIA001** media, and select **Properties**.
3. In the **General** tab, configure the following:
1. Clear the Generate x86 boot image check box.
2. ISO file name: Windows 10 Offline Media.iso
4. Still in the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
5. In the **General** sub tab, configure the following settings:
4. On the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
5. On the **General** sub tab, configure the following settings:
1. In the **Lite Touch Boot Image Settings** area:
- Image description: MDT Production x64
2. In the **Windows PE Customizations** area, set the Scratch space size to 128.
6. In the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
6. On the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
7. Click **OK**.
### Generate the offline media
You have now configured the offline media deployment share however the share has not yet been populated with the files required for deployment. Now everything is ready you populate the deployment share content folder and generate the offline media ISO.
You have now configured the offline media deployment share, however the share has not yet been populated with the files required for deployment. Now everything is ready you populate the deployment share content folder and generate the offline media ISO.
1. On MDT01, using Deployment Workbench, navigate to the **MDT Production / Advanced Configuration / Media** node.
2. Right-click the **MEDIA001** media, and select **Update Media Content**. The Update Media Content process now generates the offline media in the **E:\\MDTOfflineMedia\\Content** folder.
On **MDT01**:
1. In the Deployment Workbench, navigate to the **MDT Production / Advanced Configuration / Media** node.
2. Right-click the **MEDIA001** media, and select **Update Media Content**. The Update Media Content process now generates the offline media in the **D:\\MDTOfflineMedia\\Content** folder. The process might require several minutes.
### Create a bootable USB stick
The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.)
>[!TIP]
>In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. This means you must split the .wim file, which can be done using DISM: <br>&nbsp;<br>Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800. <br>&nbsp;<br>Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm. <br>&nbsp;<br>To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\<SkipWimSplit\>True\</SkipWimSplit\>), so this must be changed and the offline media content updated.
Follow these steps to create a bootable USB stick from the offline media content:
1. On a physical machine running Windows 7 or later, insert the USB stick you want to use.
@ -643,24 +739,19 @@ Follow these steps to create a bootable USB stick from the offline media content
5. In the Diskpart utility, type **select volume F** (replace F with your USB stick drive letter).
6. In the Diskpart utility, type **active**, and then type **exit**.
## <a href="" id="sec11"></a>Unified Extensible Firmware Interface (UEFI)-based deployments
## Unified Extensible Firmware Interface (UEFI)-based deployments
As referenced in [Windows 10 deployment tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UEFI.
As referenced in [Windows 10 deployment scenarios and tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UEFI.
![figure 14](../images/mdt-07-fig16.png)
Figure 14. The partitions when deploying an UEFI-based machine.
The partitions when deploying an UEFI-based machine.
## Related topics
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
[Configure MDT settings](configure-mdt-settings.md)
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
[Configure MDT settings](configure-mdt-settings.md)<br>

98
windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
View File

@ -1,98 +0,0 @@
---
title: Deploy Windows 10 with the Microsoft Deployment Toolkit (Windows 10)
description: This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT).
ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: deploy, tools, configure, script
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.pagetype: mdt
ms.topic: article
---
# Deploy Windows 10 with the Microsoft Deployment Toolkit
**Applies to**
- Windows 10
This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT).
The Microsoft Deployment Toolkit is a unified collection of tools, processes, and guidance for automating desktop and server deployment. In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the Windows Assessment and Deployment Kit (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
MDT supports the deployment of Windows 10, as well as Windows 7, Windows 8, Windows 8.1, and Windows Server 2012 R2. It also includes support for zero-touch installation (ZTI) with Microsoft System Center 2012 R2 Configuration Manager.
To download the latest version of MDT, visit the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
## In this section
- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
- [Configure MDT settings](configure-mdt-settings.md)
## <a href="" id="proof"></a>Proof-of-concept environment
For the purposes of this guide, and the topics discussed herein, we will use the following servers and client machines: DC01, MDT01, CM01, PC0001, and PC0002.
![figure 1](../images/mdt-01-fig01.png)
Figure 1. The servers and machines used for examples in this guide.
DC01 is a domain controller; the other servers and client machines are members of the domain contoso.com for the fictitious Contoso Corporation.
![figure 2](../images/mdt-01-fig02.jpg)
Figure 2. The organizational unit (OU) structure used in this guide.
### Server details
- **DC01.** A Windows Server 2012 R2 Standard machine, fully patched with the latest security updates, and configured as Active Directory Domain Controller, DNS Server, and DHCP Server in the contoso.com domain.
- Server name: DC01
- IP Address: 192.168.1.200
- Roles: DNS, DHCP, and Domain Controller
- **MDT01.** A Windows Server 2012 R2 Standard machine, fully patched with the latest security updates, and configured as a member server in the contoso.com domain.
- Server name: MDT01
- IP Address: 192.168.1.210
- **CM01.** A Windows Server 2012 R2 Standard machine, fully patched with the latest security updates, and configured as a member server in the contoso.com domain.
- Server name: CM01
- IP Address: 192.168.1.214
### Client machine details
- **PC0001.** A Windows 10 Enterprise x64 machine, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This machine is referenced as the admin workstation.
- Client name: PC0001
- IP Address: DHCP
- **PC0002.** A Windows 7 SP1 Enterprise x64 machine, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This machine is referenced during the migration scenarios.
- Client name: PC0002
- IP Address: DHCP
## Sample files
The information in this guide is designed to help you deploy Windows 10. In order to help you put the information you learn into practice more quickly, we recommend that you download a small set of sample files for the fictitious Contoso Corporation:
- [Gather.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
- [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
## Related topics
[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
[Windows 10 deployment tools](../windows-deployment-scenarios-and-tools.md)
[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
[Deploy Windows To Go in your organization](../deploy-windows-to-go.md)
[Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
[Volume Activation for Windows 10](../volume-activation/volume-activation-windows-10.md)

157
windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
View File

@ -11,44 +11,161 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Get started with the Microsoft Deployment Toolkit (MDT)
# Get started with MDT
**Applies to**
- Windows 10
This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment. MDT is one of the most important tools available to IT professionals today. You can use it to create reference images or as a complete deployment solution. MDT also can be used to extend the operating system deployment features available in Microsoft System Center 2012 R2 Configuration Manager.
This article provides an overview of the features, components, and capabilities of the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117). When you have finished reviewing this information, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
In addition to familiarizing you with the features and options available in MDT, this topic will walk you through the process of preparing for deploying Windows 10 using MDT by configuring Active Directory, creating an organizational unit (OU) structure, creating service accounts, configuring log files and folders, and installing the tools needed to view the logs and continue with the deployment process.
## About MDT
For the purposes of this topic, we will use two machines: DC01 and MDT01. DC01 is a domain controller and MDT01 is a Windows Server 2012 R2 standard server. MDT01 is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see
[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
MDT is a unified collection of tools, processes, and guidance for automating desktop and server deployment. You can use it to create reference images or as a complete deployment solution. MDT is one of the most important tools available to IT professionals today.
![figure 1](../images/mdt-05-fig01.png)
In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the [Windows Assessment and Deployment Kit](https://docs.microsoft.com/windows-hardware/get-started/adk-install) (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
Figure 1. The machines used in this topic.
MDT supports the deployment of Windows 10, as well as Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/).
## In this section
## Key features in MDT
- [Key features in MDT](key-features-in-mdt.md)
- [MDT Lite Touch components](mdt-lite-touch-components.md)
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it is considered fundamental to Windows operating system and enterprise application deployment.
## Related topics
MDT has many useful features, such as:
- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
- **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), as well as Windows 8.1 Embedded Industry.
- **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
- **GPT support.** Supports deployment to machines that require the new GPT partition table format. This is related to UEFI.
- **Enhanced Windows PowerShell support.** Provides support for running PowerShell scripts.
[Microsoft Deployment Toolkit downloads and documentation](https://go.microsoft.com/fwlink/p/?LinkId=618117)
![figure 2](../images/mdt-05-fig02.png)
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
The deployment share mounted as a standard PSDrive allows for administration using PowerShell.
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
- **Add local administrator accounts.** Allows you to add multiple user accounts to the local Administrators group on the target computers, either via settings or the deployment wizard.
- **Automated participation in CEIP and WER.** Provides configuration for participation in Windows Customer Experience Improvement Program (CEIP) and Windows Error Reporting (WER).
- **Deploy Windows RE.** Enables deployment of a customized Windows Recovery Environment (Windows RE) as part of the task sequence.
- **Deploy to VHD.** Provides ready-made task sequence templates for deploying Windows into a virtual hard disk (VHD) file.
- **Improved deployment wizard.** Provides additional progress information and a cleaner UI for the Lite Touch Deployment Wizard.
- **Monitoring.** Allows you to see the status of currently running deployments.
- **Apply GPO Pack.** Allows you to deploy local group policy objects created by Microsoft Security Compliance Manager (SCM).
- **Partitioning routines.** Provides improved partitioning routines to ensure that deployments work regardless of the current hard drive structure.
- **Offline BitLocker.** Provides the capability to have BitLocker enabled during the Windows Preinstallation Environment (Windows PE) phase, thus saving hours of encryption time.
- **USMT offline user-state migration.** Provides support for running the User State Migration Tool (USMT) capture offline, during the Windows PE phase of the deployment.
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
![figure 3](../images/mdt-05-fig03.png)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
The offline USMT backup in action.
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
- **Install or uninstall Windows roles or features.** Enables you to select roles and features as part of the deployment wizard. MDT also supports uninstall of roles and features.
- **Microsoft System Center Orchestrator integration.** Provides the capability to use Orchestrator runbooks as part of the task sequence.
- **Support for DaRT.** Supports optional integration of the DaRT components into the boot image.
- **Support for Microsoft Office.** Provides added support for deploying Microsoft Office.
- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
- **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
[Configure MDT settings](configure-mdt-settings.md)
## MDT Lite Touch components
Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires very little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disc.
When deploying the Windows operating system using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click View Script. That will give you the PowerShell command.
![figure 4](../images/mdt-05-fig04.png)
If you click **View Script** on the right side, you will get the PowerShell code that was used to perform the task.
## Deployment shares
A deployment share is essentially a folder on the server that is shared and contains all the setup files and scripts needed for the deployment solution. It also holds the configuration files (called rules) that are gathered when a machine is deployed. These configuration files can reach out to other sources, like a database, external script, or web server to get additional settings for the deployment. For Lite Touch deployments, it is common to have two deployment shares: one for creating the reference images and one for deployment. For Zero Touch, it is common to have only the deployment share for creating reference images because Configuration Manager deploys the image in the production environment.
## Rules
The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The rules control the Windows Deployment Wizard on the client and, for example, can provide the following settings to the machine being deployed:
- Computer name
- Domain to join, and organizational unit (OU) in Active Directory to hold the computer object
- Whether to enable BitLocker
- Regional settings
You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](https://go.microsoft.com/fwlink/p/?LinkId=618117).
![figure 5](../images/mdt-05-fig05.png)
Example of a MDT rule. In this example, the new computer name is being calculated based on PC- plus the first seven (Left) characters from the serial number
## Boot images
Boot images are the Windows Preinstallation Environment (Windows PE) images that are used to start the deployment. They can be started from a CD or DVD, an ISO file, a USB device, or over the network using a Pre-Boot Execution Environment (PXE) server. The boot images connect to the deployment
share on the server and start the deployment.
## Operating systems
Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you have created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
## Applications
Using the Deployment Workbench, you also add the applications you want to deploy. MDT supports virtually every executable Windows file type. The file can be a standard .exe file with command-line switches for an unattended install, a Microsoft Windows Installer (MSI) package, a batch file, or a VBScript. In fact, it can be just about anything that can be executed unattended. MDT also supports the new Universal Windows apps.
## Driver repository
You also use the Deployment Workbench to import the drivers your hardware needs into a driver repository that lives on the server, not in the image.
## Packages
With the Deployment Workbench, you can add any Microsoft packages that you want to use. The most commonly added packages are language packs, and the Deployment Workbench Packages node works well for those. You also can add security and other updates this way. However, we generally recommend that you use Windows Server Update Services (WSUS) for operating system updates. The rare exceptions are critical hotfixes that are not available via WSUS, packages for the boot image, or any other package that needs to be deployed before the WSUS update process starts.
## Task sequences
Task sequences are the heart and soul of the deployment solution. When creating a task sequence, you need to select a template. The templates are located in the Templates folder in the MDT installation directory, and they determine which default actions are present in the sequence.
You can think of a task sequence as a list of actions that need to be executed in a certain order. Each action can also have conditions. Some examples of actions are as follows:
- **Gather.** Reads configuration settings from the deployment server.
- **Format and Partition.** Creates the partition(s) and formats them.
- **Inject Drivers.** Finds out which drivers the machine needs and downloads them from the central driver repository.
- **Apply Operating System.** Uses ImageX to apply the image.
- **Windows Update.** Connects to a WSUS server and updates the machine.
## Task sequence templates
MDT comes with nine default task sequence templates. You can also create your own templates. As long as you store them in the Templates folder, they will be available when you create a new task sequence.
- **Sysprep and Capture task sequence.** Used to run the System Preparation (Sysprep) tool and capture an image of a reference computer.
**Note**: It is preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture cannot.
- **Standard Client task sequence.** The most frequently used task sequence. Used for creating reference images and for deploying clients in production.
- **Standard Client Replace task sequence.** Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
- **Custom task sequence.** As the name implies, a custom task sequence with only one default action (one Install Application action).
- **Standard Server task sequence.** The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it does not contain any USMT actions because USMT is not supported on servers.
- **Lite Touch OEM task sequence.** Used to preload operating systems images on the computer hard drive. Typically used by computer original equipment manufacturers (OEMs) but some enterprise organizations also use this feature.
- **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Very useful for server deployments but not often used for client deployments.
- **Deploy to VHD Client task sequence.** Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
- **Deploy to VHD Server task sequence.** Same as the Deploy to VHD Client task sequence but for servers.
- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
## Selection profiles
Selection profiles, which are available in the Advanced Configuration node, provide a way to filter content in the Deployment Workbench. Selection profiles are used for several purposes in the Deployment Workbench and in Lite Touch deployments. For example, they can be used to:
- Control which drivers and packages are injected into the Lite Touch (and generic) boot images.
- Control which drivers are injected during the task sequence.
- Control what is included in any media that you create.
- Control what is replicated to other deployment shares.
- Filter which task sequences and applications are displayed in the Deployment Wizard.
## Logging
MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
**Note**  
The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
## Monitoring
On the deployment share, you also can enable monitoring. After you enable monitoring, you will see all running deployments in the Monitor node in the Deployment Workbench.
## See next
[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)

66
windows/deployment/deploy-windows-mdt/key-features-in-mdt.md
View File

@ -1,66 +0,0 @@
---
title: Key features in MDT (Windows 10)
description: The Microsoft Deployment Toolkit (MDT) has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0.
ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: deploy, feature, tools, upgrade, migrate, provisioning
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro author: greg-lindsay
ms.topic: article
---
# Key features in MDT
**Applies to**
- Windows 10
The Microsoft Deployment Toolkit (MDT) has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it is considered fundamental to Windows operating system and enterprise application deployment.
MDT has many useful features, the most important of which are:
- **Windows Client support.** Supports Windows 7, Windows 8, Windows 8.1, and Windows 10.
- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
- **Additional operating systems support.** Supports Windows Thin PC and Windows Embedded POSReady 7, as well as Windows 8.1 Embedded Industry.
- **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
- **GPT support.** Supports deployment to machines that require the new GUID (globally unique identifier) partition table (GPT) format. This is related to UEFI.
- **Enhanced Windows PowerShell support.** Provides support for running PowerShell scripts.
![figure 2](../images/mdt-05-fig02.png)
Figure 2. The deployment share mounted as a standard PSDrive allows for administration using PowerShell.
- **Add local administrator accounts.** Allows you to add multiple user accounts to the local Administrators group on the target computers, either via settings or the deployment wizard.
- **Automated participation in CEIP and WER.** Provides configuration for participation in Windows Customer Experience Improvement Program (CEIP) and Windows Error Reporting (WER).
- **Deploy Windows RE.** Enables deployment of a customized Windows Recovery Environment (Windows RE) as part of the task sequence.
- **Deploy to VHD.** Provides ready-made task sequence templates for deploying Windows into a virtual hard disk (VHD) file.
- **Improved deployment wizard.** Provides additional progress information and a cleaner UI for the Lite Touch Deployment Wizard.
- **Monitoring.** Allows you to see the status of currently running deployments.
- **Apply GPO Pack.** Allows you to deploy local group policy objects created by Microsoft Security Compliance Manager (SCM).
- **Partitioning routines.** Provides improved partitioning routines to ensure that deployments work regardless of the current hard drive structure.
- **Offline BitLocker.** Provides the capability to have BitLocker enabled during the Windows Preinstallation Environment (Windows PE) phase, thus saving hours of encryption time.
- **USMT offline user-state migration.** Provides support for running the User State Migration Tool (USMT) capture offline, during the Windows PE phase of the deployment.
![figure 3](../images/mdt-05-fig03.png)
Figure 3. The offline USMT backup in action.
- **Install or uninstall Windows roles or features.** Enables you to select roles and features as part of the deployment wizard. MDT also supports uninstall of roles and features.
- **Microsoft System Center 2012 Orchestrator integration.** Provides the capability to use Orchestrator runbooks as part of the task sequence.
- **Support for DaRT.** Supports optional integration of the DaRT components into the boot image.
- **Support for Office 2013.** Provides added support for deploying Microsoft Office Professional Plus 2013.
- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
- **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
## Related topics
[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
[MDT Lite Touch components](mdt-lite-touch-components.md)
 
 

121
windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md
View File

@ -1,121 +0,0 @@
---
title: MDT Lite Touch components (Windows 10)
description: This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) that support Lite Touch Installation (LTI) for Windows 10.
ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: deploy, install, deployment, boot, log, monitor
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro author: greg-lindsay
ms.topic: article
---
# MDT Lite Touch components
**Applies to**
- Windows 10
This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) that support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires very little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disc.
When deploying the Windows operating system using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click View Script. That will give you the PowerShell command.
![figure 4](../images/mdt-05-fig04.png)
Figure 4. If you click **View Script** on the right side, you will get the PowerShell code that was used to perform the task.
## <a href="" id="sec01"></a>Deployment shares
A deployment share is essentially a folder on the server that is shared and contains all the setup files and scripts needed for the deployment solution. It also holds the configuration files (called rules) that are gathered when a machine is deployed. These configuration files can reach out to other sources, like a database, external script, or web server to get additional settings for the deployment. For Lite Touch deployments, it is common to have two deployment shares: one for creating the reference images and one for deployment. For Zero Touch, it is common to have only the deployment share for creating reference images because Microsoft System Center 2012 R2 Configuration Manager deploys the image in the production environment.
## <a href="" id="sec02"></a>Rules
The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The rules control the Windows Deployment Wizard on the client and, for example, can provide the following settings to the machine being deployed:
- Computer name
- Domain to join, and organizational unit (OU) in Active Directory to hold the computer object
- Whether to enable BitLocker
- Regional settings
You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](https://go.microsoft.com/fwlink/p/?LinkId=618117).
![figure 5](../images/mdt-05-fig05.png)
Figure 5. Example of a MDT rule. In this example, the new computer name is being calculated based on PC- plus the first seven (Left) characters from the serial number
## <a href="" id="sec03"></a>Boot images
Boot images are the Windows Preinstallation Environment (Windows PE) images that are used to start the deployment. They can be started from a CD or DVD, an ISO file, a USB device, or over the network using a Pre-Boot Execution Environment (PXE) server. The boot images connect to the deployment
share on the server and start the deployment.
## <a href="" id="sec04"></a>Operating systems
Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you have created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
## <a href="" id="sec05"></a>Applications
Using the Deployment Workbench, you also add the applications you want to deploy. MDT supports virtually every executable Windows file type. The file can be a standard .exe file with command-line switches for an unattended install, a Microsoft Windows Installer (MSI) package, a batch file, or a VBScript. In fact, it can be just about anything that can be executed unattended. MDT also supports the new Universal Windows apps.
## <a href="" id="sec06"></a>Driver repository
You also use the Deployment Workbench to import the drivers your hardware needs into a driver repository that lives on the server, not in the image.
## <a href="" id="sec07"></a>Packages
With the Deployment Workbench, you can add any Microsoft packages that you want to use. The most commonly added packages are language packs, and the Deployment Workbench Packages node works well for those. You also can add security and other updates this way. However, we generally recommend that you use Windows Server Update Services (WSUS) for operating system updates. The rare exceptions are critical hotfixes that are not available via WSUS, packages for the boot image, or any other package that needs to be deployed before the WSUS update process starts.
## <a href="" id="sec08"></a>Task sequences
Task sequences are the heart and soul of the deployment solution. When creating a task sequence, you need to select a template. The templates are located in the Templates folder in the MDT installation directory, and they determine which default actions are present in the sequence.
You can think of a task sequence as a list of actions that need to be executed in a certain order. Each action can also have conditions. Some examples of actions are as follows:
- **Gather.** Reads configuration settings from the deployment server.
- **Format and Partition.** Creates the partition(s) and formats them.
- **Inject Drivers.** Finds out which drivers the machine needs and downloads them from the central driver repository.
- **Apply Operating System.** Uses ImageX to apply the image.
- **Windows Update.** Connects to a WSUS server and updates the machine.
## <a href="" id="sec09"></a>Task sequence templates
MDT comes with nine default task sequence templates. You can also create your own templates. As long as you store them in the Templates folder, they will be available when you create a new task sequence.
- **Sysprep and Capture task sequence.** Used to run the System Preparation (Sysprep) tool and capture an image of a reference computer.
**Note**  
It is preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture cannot.
- **Standard Client task sequence.** The most frequently used task sequence. Used for creating reference images and for deploying clients in production.
- **Standard Client Replace task sequence.** Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
- **Custom task sequence.** As the name implies, a custom task sequence with only one default action (one Install Application action).
- **Standard Server task sequence.** The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it does not contain any USMT actions because USMT is not supported on servers.
- **Lite Touch OEM task sequence.** Used to preload operating systems images on the computer hard drive. Typically used by computer original equipment manufacturers (OEMs) but some enterprise organizations also use this feature.
- **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Very useful for server deployments but not often used for client deployments.
- **Deploy to VHD Client task sequence.** Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
- **Deploy to VHD Server task sequence.** Same as the Deploy to VHD Client task sequence but for servers.
- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
## <a href="" id="sec10"></a>Selection profiles
Selection profiles, which are available in the Advanced Configuration node, provide a way to filter content in the Deployment Workbench. Selection profiles are used for several purposes in the Deployment Workbench and in Lite Touch deployments. For example, they can be used to:
- Control which drivers and packages are injected into the Lite Touch (and generic) boot images.
- Control which drivers are injected during the task sequence.
- Control what is included in any media that you create.
- Control what is replicated to other deployment shares.
- Filter which task sequences and applications are displayed in the Deployment Wizard.
## <a href="" id="sec11"></a>Logging
MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
**Note**  
The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
## <a href="" id="sec12"></a>Monitoring
On the deployment share, you also can enable monitoring. After you enable monitoring, you will see all running deployments in the Monitor node in the Deployment Workbench.
## Related topics
[Key features in MDT](key-features-in-mdt.md)
[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)

258
windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
View File

@ -1,6 +1,6 @@
---
title: Prepare for deployment with MDT (Windows 10)
description: Learn how to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
ms.reviewer:
manager: laurawi
@ -19,51 +19,176 @@ ms.topic: article
# Prepare for deployment with MDT
**Applies to**
- Windows 10
- Windows 10
This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT). It covers the installation of the necessary system prerequisites, the creation of shared folders and service accounts, and the configuration of security permissions in the files system and in Active Directory.
This article will walk you through the steps necessary to prepare your network and server infrastructure to deploy Windows 10 with the Microsoft Deployment Toolkit (MDT). It covers the installation of the necessary system prerequisites, the creation of shared folders and service accounts, and the configuration of security permissions in the file system and in Active Directory.
For the purposes of this topic, we will use two machines: DC01 and MDT01. DC01 is a domain controller and MDT01 is a Windows Server 2012 R2 standard server. MDT01 is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
## Infrastructure
## <a href="" id="sec01"></a>System requirements
The procedures in this guide use the following names and infrastructure.
MDT requires the following components:
- Any of the following operating systems:
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Assessment and Deployment Kit (ADK) for Windows 10
- Windows PowerShell
- Microsoft .NET Framework
### Network and servers
## <a href="" id="sec02"></a>Install Windows ADK for Windows 10
For the purposes of this topic, we will use three server computers: **DC01**, **MDT01**, and **HV01**.
- All servers are running Windows Server 2019.
- You can use an earlier version of Windows Server with minor modifications to some procedures.
- Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is requried to perform the procedures in this guide.
- **DC01** is a domain controller, DHCP server, and DNS server for <b>contoso.com</b>, representing the fictitious Contoso Corporation.
- **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
- A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-10-deployment.md) for Windows 10 deployment. This server is located on a different subnet than MDT01 and has a different default gateway.
- **HV01** is a Hyper-V host computer that is used to build a Windows 10 reference image.
- See [Hyper-V requirements](#hyper-v-requirements) below for more information about HV01.
These steps assume that you have the MDT01 member server installed and configured and that you have downloaded [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803) to the E:\\Downloads\\ADK folder.
1. On MDT01, log on as Administrator in the CONTOSO domain using a password of <strong>P@ssw0rd</strong>.
2. Start the **ADK Setup** (E:\\Downloads\\ADK\\adksetup.exe), and on the first wizard page, click **Continue**.
3. On the **Select the features you want to change** page, select the features below and complete the wizard using the default settings:
1. Deployment Tools
2. Windows Preinstallation Environment (Windows PE)
3. User State Migration Tool (USMT)
### Client computers
>[!IMPORTANT]
>Starting with Windows 10, version 1809, Windows PE is released separately from the ADK. See [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) for more information.
Several client computers are referenced in this guide with hostnames of PC0001 to PC0007.
## <a href="" id="sec03"></a>Install MDT
- **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
- Client name: PC0001
- IP Address: DHCP
- **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
- Client name: PC0002
- IP Address: DHCP
- **PC0003 - PC0007**: These are other client computers similar to PC0001 and PC0002 that are used in this guide and another guide for various scenarios. The device names are incremented for clarity within each scenario. For example, PC0003 and PC0004 are running Windows 7 just like PC0002, but are used for Configuration Manager refresh and replace scenarios, respectively.
These steps assume that you have downloaded [MDT](https://go.microsoft.com/fwlink/p/?LinkId=618117 ) to the E:\\Downloads\\MDT folder on MDT01.
### Storage requirements
1. On MDT01, log on as Administrator in the CONTOSO domain using a password of <strong>P@ssw0rd</strong>.
2. Install **MDT** (E:\\Downloads\\MDT\\MicrosoftDeploymentToolkit\_x64.msi) with the default settings.
MDT01 and HV01 should have the ability to store up to 200 GB of files on a data drive (D:). If you use a computer with a single system partition (C:) you will need to adjust come procedures in this guide to specify the C: drive instead of the D: drive.
## <a href="" id="sec04"></a>Create the OU structure
### Hyper-V requirements
If you do not have an organizational unit (OU) structure in your Active Directory, you should create one. In this section, you create an OU structure and a service account for MDT.
1. On DC01, using Active Directory User and Computers, in the contoso.com domain level, create a top-level OU named **Contoso**.
If you do not have access to a Hyper-V server, you can install Hyper-V on a Windows 10 or Windows 8.1 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](https://docs.microsoft.com/windows/deployment/windows-10-poc#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
### Network requirements
All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
### Domain credentials
The following generic credentials are used in this guide. You should replace these credentials as they appear in each procedure with your credentials.
**Active Directory domain name**: contoso.com<br>
**Domain administrator username**: administrator<br>
**Domain administrator password**: pass@word1
### Organizational unit structure
The following OU structure is used in this guide. Instructions are provided [below](#create-the-ou-structure) to help you create the required OUs.
![figure 2](../images/mdt-01-fig02.jpg)
## Install the Windows ADK
These steps assume that you have the MDT01 member server running and configured as a domain member server.
On **MTD01**:
Visit the [Download and install the Windows ADK](https://go.microsoft.com/fwlink/p/?LinkId=526803) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you will need to create this folder):
- [The Windows ADK for Windows 10](https://go.microsoft.com/fwlink/?linkid=2086042)
- [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2087112)
- [The Windows System Image Manager (WSIM) 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334)
>[!TIP]
>You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties).
1. On **MDT01**, ensure that you are signed in as an administrator in the CONTOSO domain.
- For the purposes of this guide, we are using a Domain Admin account of **administrator** with a password of <b>pass@word1</b>. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page click **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
4. Extract the **WSIM 1903 update** (D:\\Downloads\ADK\\WSIM1903.zip) and then run the **UpdateWSIM.bat** file.
- You can confirm that the update is applied by viewing properties of the ImageCat.exe and ImgMgr.exe files at **C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM** and verifying that the **Details** tab displays a **File version** of **10.0.18362.144** or later.
## Install and initialize Windows Deployment Services (WDS)
On **MDT01**:
1. Open an elevated Windows PowerShell prompt and enter the following command:
```powershell
Install-WindowsFeature -Name WDS -IncludeManagementTools
WDSUTIL /Verbose /Progress /Initialize-Server /Server:MDT01 /RemInst:"D:\RemoteInstall"
WDSUTIL /Set-Server /AnswerClients:All
```
## Optional: Install Windows Server Update Services (WSUS)
If you wish to use MDT as a WSUS server using the Windows Internal Database (WID), use the following command to install this service. Alternatively, change the WSUS server information in this guide to the WSUS server in your environment.
To install WSUS on MDT01, enter the following at an elevated Windows PowerShell prompt:
```powershell
Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI
cmd /c "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
```
>To use the WSUS that you have installed on MDT01, you must also [configure Group Policy](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wsus#configure-automatic-updates-and-update-service-location) on DC01.
## Install MDT
>[!NOTE]
>MDT installation requires the following:
>- The Windows ADK for Windows 10 (installed in the previous procedure)
>- Windows PowerShell ([version 5.1](https://www.microsoft.com/download/details.aspx?id=54616) is recommended; type **$host** to check)
>- Microsoft .NET Framework
On **MDT01**:
1. Visit the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117) and click **Download MDT**.
2. Save the **MicrosoftDeploymentToolkit_x64.msi** file to the D:\\Downloads\\MDT folder on MDT01.
- **Note**: As of the publishing date for this guide, the current version of MDT is 8456 (6.3.8456.1000), but a later version will also work.
3. Install **MDT** (D:\\Downloads\\MDT\\MicrosoftDeploymentToolkit_x64.exe) with the default settings.
## Create the OU structure
Switch to **DC01** and perform the following procedures on **DC01**:
To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell.
To use Windows PowerShell, copy the following commands into a text file and save it as <b>C:\Setup\Scripts\ou.ps1</b>. Be sure that you are viewing file extensions and that you save the file with the .ps1 extension.
```powershell
$oulist = Import-csv -Path c:\oulist.txt
ForEach($entry in $oulist){
$ouname = $entry.ouname
$oupath = $entry.oupath
New-ADOrganizationalUnit -Name $ouname -Path $oupath -WhatIf
Write-Host -ForegroundColor Green "OU $ouname is created in the location $oupath"
}
```
Next, copy the following list of OU names and paths into a text file and save it as <b>C:\Setup\Scripts\oulist.txt</b>
```text
OUName,OUPath
Contoso,"DC=CONTOSO,DC=COM"
Accounts,"OU=Contoso,DC=CONTOSO,DC=COM"
Computers,"OU=Contoso,DC=CONTOSO,DC=COM"
Groups,"OU=Contoso,DC=CONTOSO,DC=COM"
Admins,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
Service Accounts,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
Users,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
Servers,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
Workstations,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
Security Groups,"OU=Groups,OU=Contoso,DC=CONTOSO,DC=COM"
```
Lastly, open an elevated Windows PowerShell prompt on DC01 and run the ou.ps1 script:
```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\ou.ps1
```
This will create an OU structure as shown below.
![OU structure](../images/mdt-05-fig07.png)
To use the Active Directory Users and Computers console (instead of PowerShell):
On **DC01**:
1. Using the Active Directory Users and Computers console (dsa.msc), in the contoso.com domain level, create a top-level OU named **Contoso**.
2. In the **Contoso** OU, create the following OUs:
1. Accounts
2. Computers
@ -76,55 +201,62 @@ If you do not have an organizational unit (OU) structure in your Active Director
1. Servers
2. Workstations
5. In the **Contoso / Groups** OU, create the following OU:
- Security Groups
1. Security Groups
![figure 6](../images/mdt-05-fig07.png)
The final result of either method is shown below. The **MDT_BA** account will be created next.
Figure 6. A sample of how the OU structure will look after all the OUs are created.
## Create the MDT service account
## <a href="" id="sec05"></a>Create the MDT service account
When creating a reference image, you need an account for MDT. The MDT build account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01.
When creating a reference image, you need an account for MDT. The MDT Build Account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01.
1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
2. Select the **Service Accounts** OU and create the **MDT\_BA** account using the following settings:
1. Name: MDT\_BA
2. User logon name: MDT\_BA
3. Password: P@ssw0rd
4. User must change password at next logon: Clear
5. User cannot change password: Selected
6. Password never expires: Selected
To create an MDT build account, open an elevalted Windows PowerShell prompt on DC01 and enter the following (copy and paste the entire command, taking care to notice the scroll bar at the bottom). This command will create the MDT_BA user account and set the password to "pass@word1":
## <a href="" id="sec06"></a>Create and share the logs folder
```powershell
New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true
```
If you have the Active Directory Users and Computers console open you can refresh the view and see this new account in the **Contoso\Accounts\Service Accounts** OU as shown in the screenshot above.
## Create and share the logs folder
By default MDT stores the log files locally on the client. In order to capture a reference image, you will need to enable server-side logging and, to do that, you will need to have a folder in which to store the logs. For more information, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create and share the **E:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt:
On **MDT01**:
``` powershell
New-Item -Path E:\Logs -ItemType directory
New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)'
1. Sign in as **CONTOSO\\administrator**.
2. Create and share the **D:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt:
```powershell
New-Item -Path D:\Logs -ItemType directory
New-SmbShare -Name Logs$ -Path D:\Logs -ChangeAccess EVERYONE
icacls D:\Logs /grant '"MDT_BA":(OI)(CI)(M)'
```
![figure 7](../images/mdt-05-fig08.png)
See the following example:
Figure 7. The Sharing tab of the E:\\Logs folder after sharing it with PowerShell.
![Logs folder](../images/mdt-05-fig08.png)
## <a href="" id="sec07"></a>Use CMTrace to read log files (optional)
## Use CMTrace to read log files (optional)
The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace (CMTrace), which is available as part [of Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). You can use Notepad, but CMTrace formatting makes the logs easier to read.
The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace ([CMTrace](https://docs.microsoft.com/sccm/core/support/cmtrace)), which is available as part of the [Microsoft System 2012 R2 Center Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). You should also download this tool.
You can use Notepad (example below):
![figure 8](../images/mdt-05-fig09.png)
Figure 8. An MDT log file opened in Notepad.
Alternatively, CMTrace formatting makes the logs much easier to read. See the same log file below, opened in CMTrace:
![figure 9](../images/mdt-05-fig10.png)
After installing the ConfigMgrTools.msi file, you can search for **cmtrace** and pin the tool to your taskbar for easy access.
Figure 9. The same log file, opened in CMTrace, is much easier to read.
## Related topics
## Next steps
[Key features in MDT](key-features-in-mdt.md)
When you have completed all the steps in this section to prepare for deployment, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
[MDT Lite Touch components](mdt-lite-touch-components.md)
## Appendix
**Sample files**
The following sample files are also available to help automate some MDT deployment tasks. This guide does not use these files, but they are made available here so that you can see how some tasks can be automated with Windows PowerShell.
- [Gather.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
- [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.

108
windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
View File

@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.topic: article
---
@ -20,113 +21,100 @@ ms.topic: article
**Applies to**
- Windows 10
This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process. The refresh scenario, or computer refresh, is a reinstallation of an operating system on the same machine. You can refresh the machine to the same operating system as it is currently running, or to a later version.
This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
For the purposes of this topic, we will use three machines: DC01, MDT01, and PC0001. DC01 is a domain controller and MDT01 is a Windows Server 2012 R2 Standard server. PC0001 is a machine with Windows 7 Service Pack 1 (SP1) that is going to be refreshed into a Windows 10 machine, with data and settings restored. MDT01 and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
For the purposes of this topic, we will use three computers: DC01, MDT01, and PC0001.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
![The machines used in this topic](../images/mdt-04-fig01.png "The machines used in this topic")
Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
Figure 1. The machines used in this topic.
![computers](../images/mdt-04-fig01.png "Computers used in this topic")
## <a href="" id="sec01"></a>The computer refresh process
The computers used in this topic.
## The computer refresh process
A computer refresh is not the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
Even though a computer will appear, to the end user, to be upgraded, a computer refresh is not, technically, an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation.
For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh you will:
1. Back up data and settings locally, in a backup folder.
2. Wipe the partition, except for the backup folder.
3. Apply the new operating system image.
4. Install other applications.
5. Restore data and settings.
During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are simply linked in the file system, which allows for fast migration, even when there is a lot of data.
>[!NOTE]
>In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file will contain the entire volume from the computer, and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire machine is not a supported scenario.
>In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
### Multi-user migration
By default, ScanState in USMT backs up all profiles on the machine, including local computer profiles. If you have a machine that has been in your environment for a while, it likely has several domain-based profiles on it, including those of former users. You can limit which profiles are backed up
by configuring command-line switches to ScanState (added as rules in MDT).
By default, ScanState in USMT backs up all profiles on the machine, including local computer profiles. If you have a computer that has been in your environment for a while, it likely has several domain-based profiles on it, including those of former users. You can limit which profiles are backed up by configuring command-line switches to ScanState (added as rules in MDT).
As an example, the following line configures USMT to migrate only domain user profiles and not profiles from the local SAM account database: ScanStateArgs=/ue:\*\\\* /ui:CONTOSO\\\*
For example, the following line configures USMT to migrate only domain user profiles and not profiles from the local SAM account database: ScanStateArgs=/ue:\*\\\* /ui:CONTOSO\\\*
>[!NOTE]
>You also can combine the preceding switches with the /uel switch, which excludes profiles that have not been accessed within a specific number of days. For example, adding /uel:60 will configure ScanState (or LoadState) not to include profiles that haven't been accessed for more than 60 days.
### Support for additional settings
In addition to the command-line switches that control which profiles to migrate, the XML templates control exactly what data is being migrated. You can control data within and outside the user profiles
In addition to the command-line switches that control which profiles to migrate, [XML templates](https://docs.microsoft.com/windows/deployment/usmt/understanding-migration-xml-files) control exactly what data is being migrated. You can control data within and outside the user profiles.
## <a href="" id="sec02"></a>Create a custom User State Migration Tool (USMT) template
### Multicast
In this section, you learn to migrate additional data using a custom template. You configure the environment to use a custom USMT XML template that will:
Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You will need to update the deployment share after changing this setting.
1. Back up the **C:\\Data** folder (including all files and folders).
## Refresh a Windows 7 SP1 client
2. Scan the local disk for PDF documents (\*.pdf files) and restore them into the **C:\\Data\\PDF Documents** folder on the destination machine.
The custom USMT template is named MigContosoData.xml, and you can find it in the sample files for this documentation, which include:
In these section, we assume that you have already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
* [Gather script](https://go.microsoft.com/fwlink/p/?LinkId=619361)
* [Set-OUPermissions](https://go.microsoft.com/fwlink/p/?LinkId=619362) script
* [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363)
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
### Add the custom XML template
In order to use the custom MigContosoData.xml USMT template, you need to copy it to the MDT Production deployment share and update the CustomSettings.ini file. In these steps, we assume you have downloaded the MigContosoData.xml file.
1. Using File Explorer, copy the MigContosoData.xml file to the **E:\\MDTProduction\\Tools\\x64\\USMT5** folder.
2. Using Notepad, edit the E:\\MDTProduction\\Control\\CustomSettings.ini file. After the USMTMigFiles002=MigUser.xml line add the following line:
``` syntax
USMTMigFiles003=MigContosoData.xml
```
3. Save the CustomSettings.ini file.
## <a href="" id="sec03"></a>Refresh a Windows 7 SP1 client
After adding the additional USMT template and configuring the CustomSettings.ini file to use it, you are now ready to refresh a Windows 7 SP1 client to Windows 10. In these steps, we assume you have a Windows 7 SP1 client named PC0001 in your environment that is ready for a refresh to Windows 10.
>[!NOTE]
>MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property in the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we will refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
### Upgrade (refresh) a Windows 7 SP1 client
1. On PC0001, log on as **CONTOSO\\Administrator**. Start the Lite Touch Deploy Wizard by executing **\\\\MDT01\\MDTProduction$\\Scripts\\Litetouch.vbs**. Complete the deployment guide using the following settings:
>[!IMPORTANT]
>Domain join details [specified in the deployment share rules](deploy-a-windows-10-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process. If the Windows 7 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-10-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in Contoso > Computers > Workstations. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer.
* Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM
1. On PC0001, sign in as **contoso\\Administrator** and start the Lite Touch Deploy Wizard by opening **\\\\MDT01\\MDTProduction$\\Scripts\\Litetouch.vbs**.
2. Complete the deployment guide using the following settings:
* Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
* Computer name: &lt;default&gt;
* Specify where to save a complete computer backup: Do not back up the existing computer
>[!NOTE]
>Skip this optional full WIM backup. The USMT backup will still run.
>Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
* Select one or more applications to install: Install - Adobe Reader
2. Select one or more applications to install: Install - Adobe Reader XI - x86
![Computer refresh](../images/fig2-taskseq.png "Start the computer refresh")
3. The setup now starts and does the following:
4. Setup starts and does the following:
* Backs up user settings and data using USMT.
* Installs the Windows 10 Enterprise x64 operating system.
* Installs the added application(s).
* Updates the operating system via your local Windows Server Update Services (WSUS) server.
* Installs any added applications.
* Updates the operating system using your local Windows Server Update Services (WSUS) server.
* Restores user settings and data using USMT.
![Start the computer refresh from the running Windows 7 client](../images/fig2-taskseq.png "Start the computer refresh from the running Windows 7 client")
5. You can monitor progress of the deployment using the deployment workbench on MDT01. See the following example:
Figure 2. Starting the computer refresh from the running Windows 7 SP1 client.
![monitor deployment](../images/monitor-pc0001.png)
6. After the refresh process completes, sign in to the Windows 10 computer and verify that user accounts, data and settings were migrated.
## Related topics
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
[Configure MDT settings](configure-mdt-settings.md)

110
windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
View File

@ -21,68 +21,75 @@ ms.topic: article
**Applies to**
- Windows 10
A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10; however, because you are replacing a machine, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it.
For the purposes of this topic, we will use four machines: DC01, MDT01, PC0002, and PC0007. DC01 is a domain controller and MDT01 is a Windows Server 2012 R2 standard server. PC0002 is an old machine running Windows 7 SP1. It is going to be replaced by a new Windows 10 machine, PC0007. User State Migration Tool (USMT) will be used to backup and restore data and settings. MDT01, PC0002, and PC0007 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10. However, because you are replacing a device, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
![The machines used in this topic](../images/mdt-03-fig01.png "The machines used in this topic")
For the purposes of this topic, we will use four computers: DC01, MDT01, PC0002, and PC0007.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007.
- PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
Figure 1. The machines used in this topic.
For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
## <a href="" id="sec01"></a>Prepare for the computer replace
![The computers used in this topic](../images/mdt-03-fig01.png)
When preparing for the computer replace, you need to create a folder in which to store the backup, and a backup only task sequence that you run on the old computer.
The computers used in this topic.
>HV01 is also used in this topic to host the PC0007 virtual machine for demonstration purposes, however typically PC0007 is a physical computer.
## Prepare for the computer replace
To prepare for the computer replace, you need to create a folder in which to store the backup and a backup only task sequence to run on the old computer.
### Configure the rules on the Microsoft Deployment Toolkit (MDT) Production share
1. On MDT01, using the Deployment Workbench, update the MDT Production deployment share rules.
On **MDT01**:
1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, click **Properties**, and then click the **Rules** tab.
2. Change the **SkipUserData=YES** option to **NO**, and click **OK**.
3. Right-click **MDT Production** and click **Update Deployment Share**. Click **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default setttings.
### Create and share the MigData folder
1. On MDT01, log on as **CONTOSO\\Administrator**.
On **MDT01**:
2. Create and share the **E:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt:
1. Create and share the **D:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt:
``` powershell
New-Item -Path E:\MigData -ItemType directory
New-SmbShare -Name MigData$ -Path E:\MigData
-ChangeAccess EVERYONE
icacls E:\MigData /grant '"MDT_BA":(OI)(CI)(M)'
New-Item -Path D:\MigData -ItemType directory
New-SmbShare -Name MigData$ -Path D:\MigData -ChangeAccess EVERYONE
icacls D:\MigData /grant '"MDT_BA":(OI)(CI)(M)'
```
### Create a backup only (replace) task sequence
3. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node and create a new folder named **Other**.
2. In Deployment Workbench, under the **MDT Production** deployment share, select the **Task Sequences** node and create a new folder named **Other**.
4. Right-click the **Other** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
3. Right-click the **Other** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
* Task sequence ID: REPLACE-001
* Task sequence name: Backup Only Task Sequence
* Task sequence comments: Run USMT to backup user data and settings
* Template: Standard Client Replace Task Sequence
5. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions.
4. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions.
![The Backup Only Task Sequence action list](../images/mdt-03-fig02.png "The Backup Only Task Sequence action list")
Figure 2. The Backup Only Task Sequence action list.
The Backup Only Task Sequence action list.
## <a href="" id="sec02"></a>Perform the computer replace
## Perform the computer replace
During a computer replace, these are the high-level steps that occur:
1. On the computer you are replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Window Imaging (WIM) backup.
2. On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
2. On the new machine, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
### Run the replace task sequence
### Execute the replace task sequence
On **PC0002**:
1. On PC0002, log on as **CONTOSO\\Administrator**.
2. Verify that you have write access to the **\\\\MDT01\\MigData$** share.
3. Execute **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**.
4. Complete the Windows Deployment Wizard using the following settings:
1. Sign in as **CONTOSO\\Administrator** and verify that you have write access to the **\\\\MDT01\\MigData$** share.
2. Run **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**.
3. Complete the Windows Deployment Wizard using the following settings:
1. Select a task sequence to execute on this computer: Backup Only Task Sequence
* Specify where to save your data and settings: Specify a location
@ -92,21 +99,24 @@ During a computer replace, these are the high-level steps that occur:
>If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
2. Specify where to save a complete computer backup: Do not back up the existing computer
3. Password: P@ssw0rd
The task sequence will now run USMT (Scanstate.exe) to capture user data and settings of the machine.
The task sequence will now run USMT (Scanstate.exe) to capture user data and settings of the computer.
![The new task sequence](../images/mdt-03-fig03.png "The new task sequence")
Figure 3. The new task sequence running the Capture User State action on PC0002.
The new task sequence running the Capture User State action on PC0002.
5. On MDT01, verify that you have an USMT.MIG compressed backup file in the **E:\\MigData\\PC0002\\USMT** folder.
4. On **MDT01**, verify that you have an USMT.MIG compressed backup file in the **D:\\MigData\\PC0002\\USMT** folder.
![The USMT backup](../images/mdt-03-fig04.png "The USMT backup")
Figure 4. The USMT backup of PC0002.
The USMT backup of PC0002.
### Deploy the PC0007 virtual machine
### Deploy the replacement computer
To demonstrate deployment of the replacement computer, HV01 is used to host a virtual machine: PC0007.
On **HV01**:
1. Create a virtual machine with the following settings:
@ -115,38 +125,40 @@ During a computer replace, these are the high-level steps that occur:
* Generation: 2
* Memory: 2048 MB
* Hard disk: 60 GB (dynamic disk)
* Install an operating system from a network-based installation server
2. Start the PC0007 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The machine will now load the Windows PE boot image from the WDS server.
2. Start the PC0007 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from MDT01 (or MDT02 if at a remote site).
![The initial PXE boot process](../images/mdt-03-fig05.png "The initial PXE boot process")
Figure 5. The initial PXE boot process of PC0005.
The initial PXE boot process of PC0007.
3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
* Password: P@ssw0rd
* Select a task sequence to execute on this computer:
* Windows 10 Enterprise x64 RTM Custom Image
* Computer Name: PC0007
* Applications: Select the Install - Adobe Reader XI - x86 application.
* Move Data and Settings: Do not move user data and settings.
* User Data (Restore) > Specify a location: \\\\MDT01\\MigData$\\PC0002
* Applications: Adobe > Install - Adobe Reader
4. The setup now starts and does the following:
4. Setup now starts and does the following:
* Partitions and formats the disk.
* Installs the Windows 10 Enterprise operating system.
* Installs the added application.
* Installs the application.
* Updates the operating system via your local Windows Server Update Services (WSUS) server.
* Restores the USMT backup from PC0002.
You can view progress of the process by clicking the Monitoring node in the Deployment Workbrench on MDT01.
![Monitor progress](../images/mdt-replace.png)
## Related topics
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Configure MDT settings](configure-mdt-settings.md)

29
windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
View File

@ -37,7 +37,10 @@ If you have access to Microsoft BitLocker Administration and Monitoring (MBAM),
> [!NOTE]
> Backing up TMP to Active Directory was supported only on Windows 10 version 1507 and 1511.
For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
>[!NOTE]
>Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
## Configure Active Directory for BitLocker
@ -50,7 +53,7 @@ In Windows Server version from 2008 R2 and later, you have access to the BitLock
![figure 2](../images/mdt-09-fig02.png)
Figure 2. The BitLocker Recovery information on a computer object in the contoso.com domain.
The BitLocker Recovery information on a computer object in the contoso.com domain.
### Add the BitLocker Drive Encryption Administration Utilities
@ -69,7 +72,7 @@ The BitLocker Drive Encryption Administration Utilities are added as features vi
![figure 3](../images/mdt-09-fig03.png)
Figure 3. Selecting the BitLocker Drive Encryption Administration Utilities.
Selecting the BitLocker Drive Encryption Administration Utilities.
### Create the BitLocker Group Policy
@ -103,7 +106,7 @@ In addition to the Group Policy created previously, you need to configure permis
![figure 4](../images/mdt-09-fig04.png)
Figure 4. Running the Add-TPMSelfWriteACE.vbs script on DC01.
Running the Add-TPMSelfWriteACE.vbs script on DC01.
## Add BIOS configuration tools from Dell, HP, and Lenovo
@ -161,16 +164,10 @@ In the following task sequence, we added five actions:
## Related topics
[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
[Use web services in MDT](use-web-services-in-mdt.md)
[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)<br>
[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)<br>
[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)<br>
[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)<br>
[Use web services in MDT](use-web-services-in-mdt.md)<br>
[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)

61
windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
View File

@ -18,15 +18,26 @@ ms.topic: article
# Simulate a Windows 10 deployment in a test environment
This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined machine (client or server). In the following example, you use the PC0001 Windows 10 client.
For the purposes of this topic, you already will have either downloaded and installed the free Microsoft System Center 2012 R2 Configuration Manager Toolkit, or copied Configuration Manager Trace (CMTrace) if you have access to the System Center 2012 R2 Configuration Manager media. We also assume that you have downloaded the [sample Gather.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery.
This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined client.
1. On PC0001, log on as **CONTOSO\\Administrator** using the password <strong>P@ssw0rd</strong>.
2. Using Computer Management, add the **CONTOSO\\MDT\_BA** user account to the local **Administrators** group.
3. Log off, and then log on to PC0001 as **CONTOSO\\MDT\_BA**.
4. Using File Explorer, create a folder named **C:\\MDT**.
5. Copy the downloaded Gather.ps1 script to the **C:\\MDT** folder.
6. From the **\\\\MDT01\\MDTProduction$\\Scripts** folder, copy the following files to **C:\\MDT**:
## Test environment
- A Windows 10 client named **PC0001** will be used to simulate deployment. The client is joined to the contoso.com domain and has access to the Internet to required download tools and scripts.
- It is assumed that you have performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
## Simulate deployment
On **PC0001**:
1. Sign as **contoso\\Administrator**.
2. Download the [sample Gather.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery and copy it to a directory named **C:\MDT** on PC0001.
3. Download and install the free [Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
4. Using Local Users and Groups (lusrmgr.msc), add the **contoso\\MDT\_BA** user account to the local **Administrators** group.
5. Sign off, and then sign on to PC0001 as **contoso\\MDT\_BA**.
6. Open the **\\\\MDT01\\MDTProduction$\\Scripts** folder and copy the following files to **C:\\MDT**:
1. ZTIDataAccess.vbs
2. ZTIGather.wsf
3. ZTIGather.xml
@ -35,36 +46,32 @@ For the purposes of this topic, you already will have either downloaded and inst
8. In the **C:\\MDT** folder, create a subfolder named **X64**.
9. From the **\\\\MDT01\\MDTProduction$\\Tools\\X64** folder, copy the Microsoft.BDD.Utility.dll file to **C:\\MDT\\X64**.
![figure 6](../images/mdt-09-fig06.png)
![files](../images/mdt-09-fig06.png)
Figure 6. The C:\\MDT folder with the files added for the simulation environment.
The C:\\MDT folder with the files added for the simulation environment.
10. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press Enter after each command:
10. Type the following at an elevated Windows PowerShell prompt:
``` powershell
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force
Set-Location C:\MDT
.\Gather.ps1
```
11. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder.
When prompted, press **R** to run the gather script.
11. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder using CMTrace.
**Note**
Warnings or errors with regard to the Wizard.hta are expected. If the log file looks okay, you are ready to try a real deployment.
![ztigather](../images/mdt-09-fig07.png)
![figure 7](../images/mdt-09-fig07.png)
Figure 7. The ZTIGather.log file from PC0001, displaying some of its hardware capabilities.
The ZTIGather.log file from PC0001.
## Related topics
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
[Use web services in MDT](use-web-services-in-mdt.md)
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)<br>
[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)<br>
[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)<br>
[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)<br>
[Use web services in MDT](use-web-services-in-mdt.md)<br>
[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)

114
windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md Normal file
View File

@ -0,0 +1,114 @@
---
title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Perform an in-place upgrade to Windows 10 with MDT
**Applies to**
- Windows 10
The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
>[!TIP]
>In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple.
In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you cannot use a custom image to perform the in-place upgrade. In this article we will add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
Three computers are used in this topic: DC01, MDT01, and PC0002.
- DC01 is a domain controller for the contoso.com domain
- MDT01 is a domain member server
- PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
![computers](../images/mdt-upgrade.png)
The computers used in this topic.
>[!NOTE]
>For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
>If you have already completed all the steps in [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md), then you already have a production deployment share and you can skip to [Add Windows 10 Enterprise x64 (full source)](#add-windows-10-enterprise-x64-full-source).
## Create the MDT production deployment share
On **MDT01**:
1. Ensure you are signed on as: contoso\administrator.
2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
## Add Windows 10 Enterprise x64 (full source)
>If you have already have a Windows 10 [reference image](create-a-windows-10-reference-image.md) in the **MDT Build Lab** deployment share, you can use the deployment workbench to copy and paste this image from the MDT Build Lab share to the MDT Production share and skip the steps in this section.
On **MDT01**:
1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**.
3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
- Full set of source files
- Source directory: (location of your source files)
- Destination directory name: <b>W10EX64RTM</b>
5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**.
## Create a task sequence to upgrade to Windows 10 Enterprise
On **MDT01**:
1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**.
2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
- Task sequence ID: W10-X64-UPG
- Task sequence name: Windows 10 Enterprise x64 RTM Upgrade
- Template: Standard Client Upgrade Task Sequence
- Select OS: Windows 10 Enterprise x64 RTM Default Image
- Specify Product Key: Do not specify a product key at this time
- Organization: Contoso
- Admin Password: Do not specify an Administrator password at this time
## Perform the Windows 10 upgrade
To initiate the in-place upgrade, perform the following steps on PC0002 (the device to be upgraded).
On **PC0002**:
1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**
2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then click **Next**.
3. Select one or more applications to install (will appear if you use custom image): Install - Adobe Reader
4. On the **Ready** tab, click **Begin** to start the task sequence.
When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
![upgrade1](../images/upgrademdt-fig5-winupgrade.png)
<br>
![upgrade2](../images/mdt-upgrade-proc.png)
<br>
![upgrade3](../images/mdt-post-upg.png)
After the task sequence completes, the computer will be fully upgraded to Windows 10.
## Related topics
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)

15
windows/deployment/deploy-windows-sccm/TOC.md Normal file
View File

@ -0,0 +1,15 @@
# Deploy Windows 10 with Configuration Manager
## [Configuration Manager components](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
### [Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
### [Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
### [Monitor the Windows 10 deployment with Configuration Manager](monitor-windows-10-deployment-with-configuration-manager.md)
### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
### [Perform an in-place upgrade to Windows 10 using Configuration Manager](../upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)

11
windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
View File

@ -86,23 +86,14 @@ Operating system deployment with Configuration Manager is part of the normal sof
**Note**  Configuration Manager SP1 along with the Windows Assessment and Deployment Kit (ADK) for Windows 10 are required to support management and deployment of Windows 10.
 
## See also
- [Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
- [Windows deployment tools](../windows-deployment-scenarios-and-tools.md)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Deploy Windows To Go in your organization](../deploy-windows-to-go.md)
- [Sideload Windows Store apps](https://technet.microsoft.com/library/dn613831.aspx)
- [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803)
 

80
windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-configuration-manager.md Normal file
View File

@ -0,0 +1,80 @@
---
title: Deploy Windows 10 with Configuration Manager (Windows 10)
description: If you have Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10.
ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: deployment, custom, boot
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Deploy Windows 10 with Configuration Manager
**Applies to**
- Windows 10 versions 1507, 1511
>[!IMPORTANT]
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
If you have Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT).
For the purposes of this topic, we will use four machines: DC01, CM01, PC0003, and PC0004. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 standard. PC0003 and PC0004 are machines with Windows 7 SP1, on which Windows 10 will be deployed via both refresh and replace scenarios. In addition to these four ready-made machines, you could also include a few blank virtual machines to be used for bare-metal deployments. DC01, CM01, PC003, and PC0004 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
![figure 1](../images/mdt-06-fig01.png)
Figure 1. The machines used in this topic.
## In this section
- [Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
- [Prepare for Zero Touch Installation of Windows with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
- [Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
- [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
- [Monitor the Windows 10 deployment with Configuration Manager](monitor-windows-10-deployment-with-configuration-manager.md)
- [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
- [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
## Components of Configuration Manager operating system deployment
Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are additional components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which is not used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
- **State migration point (SMP).** The state migration point is used to store user state migration data during computer replace scenarios.
- **Distribution point (DP).** The distribution point is used to store all packages in Configuration Manager, including the operating system deployment-related packages.
- **Software update point (SUP).** The software update point, which is normally used to deploy updates to existing machines, also can be used to update an operating system as part of the deployment process. You also can use offline servicing to update the image directly on the Configuration Manager server.
- **Reporting services point.** The reporting services point can be used to monitor the operating system deployment process.
- **Boot images.** Boot images are the Windows Preinstallation Environment (Windows PE) images Configuration Manager uses to start the deployment.
- **Operating system images.** The operating system image package contains only one file, the custom .wim image. This is typically the production deployment image.
- **Operating system installers.** The operating system installers were originally added to create reference images using Configuration Manager. Instead, we recommend that you use MDT Lite Touch to create your reference images. For more information on how to create a reference image, see [Create a Windows 10 reference image](../deploy-windows-mdt/create-a-windows-10-reference-image.md).
- **Drivers.** Like MDT Lite Touch, Configuration Manager also provides a repository (catalog) of managed device drivers.
- **Task sequences.** The task sequences in Configuration Manager look and feel pretty much like the sequences in MDT Lite Touch, and they are used for the same purpose. However, in Configuration Manager the task sequence is delivered to the clients as a policy via the Management Point (MP). MDT provides additional task sequence templates to Configuration Manager.
**Note**  Configuration Manager SP1 along with the Windows Assessment and Deployment Kit (ADK) for Windows 10 are required to support management and deployment of Windows 10.
 
## See also
- [Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)<br>
- [Windows deployment tools](../windows-deployment-scenarios-and-tools.md)<br>
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)<br>
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)<br>
- [Deploy Windows To Go in your organization](../deploy-windows-to-go.md)<br>
- [Sideload Windows Store apps](https://technet.microsoft.com/library/dn613831.aspx)<br>
- [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803)

10
windows/deployment/deploy.md
View File

@ -10,7 +10,6 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
ms.date: 11/06/2018
audience: itpro
author: greg-lindsay
ms.topic: article
@ -38,12 +37,3 @@ Windows 10 upgrade options are discussed and information is provided about plann
## Related topics
[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
 
 

BIN
windows/deployment/images/acroread.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
windows/deployment/images/captureimage.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/images/dart.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 87 KiB

BIN
windows/deployment/images/dc01-cm01-pc0001.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.4 KiB

BIN
windows/deployment/images/deployment-workbench01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

BIN
windows/deployment/images/downloads.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/images/fig10-unattend.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 81 KiB

BIN
windows/deployment/images/fig2-importedos.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 81 KiB

After

Width:  |  Height:  |  Size: 44 KiB

BIN
windows/deployment/images/fig2-taskseq.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 188 KiB

After

Width:  |  Height:  |  Size: 258 KiB

BIN
windows/deployment/images/fig4-oob-drivers.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 63 KiB

BIN
windows/deployment/images/fig8-cust-tasks.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/images/image-captured.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
windows/deployment/images/iso-data.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

BIN
windows/deployment/images/mdt-03-fig02.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 87 KiB

After

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/images/mdt-03-fig03.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 252 KiB

After

Width:  |  Height:  |  Size: 360 KiB

BIN
windows/deployment/images/mdt-03-fig04.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 15 KiB

BIN
windows/deployment/images/mdt-03-fig05.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 2.9 KiB

Some files were not shown because too many files have changed in this diff Show More