deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into main

Browse Source
This commit is contained in:
Amy Zhou
2022-11-09 21:31:14 -08:00
committed by GitHub
parent 750dc21a06 4a2a542401
commit e56e85902a
1064 changed files with 11762 additions and 10351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

248
windows/deployment/TOC.yml
View File

@ -182,129 +182,131 @@
href: update/waas-wufb-group-policy.md
- name: 'Walkthrough: use Intune to configure Windows Update for Business'
href: update/deploy-updates-intune.md
- name: Monitor Windows client updates
- name: Monitor
items:
- name: Windows Update for Business reports (preview)
items:
- name: Windows Update for Business reports overview
href: update/wufb-reports-overview.md
- name: Enable Windows Update for Business reports (preview)
items:
- name: Windows Update for Business reports prerequisites
href: update/wufb-reports-prerequisites.md
- name: Enable Windows Update for Business reports
href: update/wufb-reports-enable.md
- name: Configure clients with a script
href: update/wufb-reports-configuration-script.md
- name: Configure clients manually
href: update/wufb-reports-configuration-manual.md
- name: Configure clients with Microsoft Intune
href: update/wufb-reports-configuration-intune.md
- name: Use Windows Update for Business reports (preview)
items:
- name: Monitor with Update Compliance (preview version)
items:
- name: Update Compliance overview
href: update/update-compliance-v2-overview.md
- name: Enable Update Compliance (preview)
items:
- name: Update Compliance prerequisites
href: update/update-compliance-v2-prerequisites.md
- name: Enable the Update Compliance solution
href: update/update-compliance-v2-enable.md
- name: Configure clients with a script
href: update/update-compliance-v2-configuration-script.md
- name: Configure clients manually
href: update/update-compliance-v2-configuration-manual.md
- name: Configure clients with Microsoft Endpoint Manager
href: update/update-compliance-v2-configuration-mem.md
- name: Use Update Compliance (preview)
items:
- name: Update Compliance workbook
href: update/update-compliance-v2-workbook.md
- name: Software updates in the Microsoft admin center (preview)
href: update/update-status-admin-center.md
- name: Use Update Compliance data
href: update/update-compliance-v2-use.md
- name: Feedback, support, and troubleshooting
href: update/update-compliance-v2-help.md
- name: Update Compliance schema reference (preview)
items:
- name: Update Compliance schema reference
href: update/update-compliance-v2-schema.md
- name: UCClient
href: update/update-compliance-v2-schema-ucclient.md
- name: UCClientReadinessStatus
href: update/update-compliance-v2-schema-ucclientreadinessstatus.md
- name: UCClientUpdateStatus
href: update/update-compliance-v2-schema-ucclientupdatestatus.md
- name: UCDeviceAlert
href: update/update-compliance-v2-schema-ucdevicealert.md
- name: UCServiceUpdateStatus
href: update/update-compliance-v2-schema-ucserviceupdatestatus.md
- name: UCUpdateAlert
href: update/update-compliance-v2-schema-ucupdatealert.md
- name: Monitor updates with Update Compliance
href: update/update-compliance-monitor.md
items:
- name: Get started
items:
- name: Get started with Update Compliance
href: update/update-compliance-get-started.md
- name: Update Compliance configuration script
href: update/update-compliance-configuration-script.md
- name: Manually configuring devices for Update Compliance
href: update/update-compliance-configuration-manual.md
- name: Configuring devices for Update Compliance in Microsoft Endpoint Manager
href: update/update-compliance-configuration-mem.md
- name: Update Compliance monitoring
items:
- name: Use Update Compliance
href: update/update-compliance-using.md
- name: Need attention report
href: update/update-compliance-need-attention.md
- name: Security update status report
href: update/update-compliance-security-update-status.md
- name: Feature update status report
href: update/update-compliance-feature-update-status.md
- name: Safeguard holds report
href: update/update-compliance-safeguard-holds.md
- name: Delivery Optimization in Update Compliance
href: update/update-compliance-delivery-optimization.md
- name: Data handling and privacy in Update Compliance
href: update/update-compliance-privacy.md
- name: Schema reference
items:
- name: Update Compliance schema reference
href: update/update-compliance-schema.md
- name: WaaSUpdateStatus
href: update/update-compliance-schema-waasupdatestatus.md
- name: WaaSInsiderStatus
href: update/update-compliance-schema-waasinsiderstatus.md
- name: WaaSDeploymentStatus
href: update/update-compliance-schema-waasdeploymentstatus.md
- name: WUDOStatus
href: update/update-compliance-schema-wudostatus.md
- name: WUDOAggregatedStatus
href: update/update-compliance-schema-wudoaggregatedstatus.md
- name: Troubleshooting
- name: Windows Update for Business reports workbook
href: update/wufb-reports-workbook.md
- name: Software updates in the Microsoft 365 admin center
href: update/wufb-reports-admin-center.md
- name: Use Windows Update for Business reports data
href: update/wufb-reports-use.md
- name: Feedback, support, and troubleshooting
href: update/wufb-reports-help.md
- name: Windows Update for Business reports (preview) schema reference
items:
- name: Resolve upgrade errors
items:
- name: Resolve Windows client upgrade errors
href: upgrade/resolve-windows-10-upgrade-errors.md
- name: Quick fixes
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: SetupDiag
href: upgrade/setupdiag.md
- name: Troubleshooting upgrade errors
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows error reporting
href: upgrade/windows-error-reporting.md
- name: Upgrade error codes
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Log files
href: upgrade/log-files.md
- name: Resolution procedures
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Submit Windows client upgrade errors
href: upgrade/submit-errors.md
- name: Troubleshoot Windows Update
items:
- name: How to troubleshoot Windows Update
href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Opt out of safeguard holds
href: update/safeguard-opt-out.md
- name: Determine the source of Windows Updates
href: ./update/how-windows-update-works.md
- name: Common Windows Update errors
href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows Update error code reference
href: update/windows-update-error-reference.md
- name: Troubleshoot the Windows Update for Business deployment service
href: update/deployment-service-troubleshoot.md
- name: Windows Update for Business reports schema reference
href: update/wufb-reports-schema.md
- name: UCClient
href: update/wufb-reports-schema-ucclient.md
- name: UCClientReadinessStatus
href: update/wufb-reports-schema-ucclientreadinessstatus.md
- name: UCClientUpdateStatus
href: update/wufb-reports-schema-ucclientupdatestatus.md
- name: UCDeviceAlert
href: update/wufb-reports-schema-ucdevicealert.md
- name: UCServiceUpdateStatus
href: update/wufb-reports-schema-ucserviceupdatestatus.md
- name: UCUpdateAlert
href: update/wufb-reports-schema-ucupdatealert.md
- name: Monitor updates with Update Compliance
href: update/update-compliance-monitor.md
items:
- name: Get started
items:
- name: Get started with Update Compliance
href: update/update-compliance-get-started.md
- name: Update Compliance configuration script
href: update/update-compliance-configuration-script.md
- name: Manually configuring devices for Update Compliance
href: update/update-compliance-configuration-manual.md
- name: Configuring devices for Update Compliance in Microsoft Intune
href: update/update-compliance-configuration-mem.md
- name: Update Compliance monitoring
items:
- name: Use Update Compliance
href: update/update-compliance-using.md
- name: Need attention report
href: update/update-compliance-need-attention.md
- name: Security update status report
href: update/update-compliance-security-update-status.md
- name: Feature update status report
href: update/update-compliance-feature-update-status.md
- name: Safeguard holds report
href: update/update-compliance-safeguard-holds.md
- name: Delivery Optimization in Update Compliance
href: update/update-compliance-delivery-optimization.md
- name: Data handling and privacy in Update Compliance
href: update/update-compliance-privacy.md
- name: Schema reference
items:
- name: Update Compliance schema reference
href: update/update-compliance-schema.md
- name: WaaSUpdateStatus
href: update/update-compliance-schema-waasupdatestatus.md
- name: WaaSInsiderStatus
href: update/update-compliance-schema-waasinsiderstatus.md
- name: WaaSDeploymentStatus
href: update/update-compliance-schema-waasdeploymentstatus.md
- name: WUDOStatus
href: update/update-compliance-schema-wudostatus.md
- name: WUDOAggregatedStatus
href: update/update-compliance-schema-wudoaggregatedstatus.md
- name: Troubleshooting
items:
- name: Resolve upgrade errors
items:
- name: Resolve Windows client upgrade errors
href: upgrade/resolve-windows-10-upgrade-errors.md
- name: Quick fixes
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: SetupDiag
href: upgrade/setupdiag.md
- name: Troubleshooting upgrade errors
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows error reporting
href: upgrade/windows-error-reporting.md
- name: Upgrade error codes
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Log files
href: upgrade/log-files.md
- name: Resolution procedures
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Submit Windows client upgrade errors
href: upgrade/submit-errors.md
- name: Troubleshoot Windows Update
items:
- name: How to troubleshoot Windows Update
href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Opt out of safeguard holds
href: update/safeguard-opt-out.md
- name: Determine the source of Windows Updates
href: ./update/how-windows-update-works.md
- name: Windows Update security
href: ./update/windows-update-security.md
- name: Common Windows Update errors
href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows Update error code reference
href: update/windows-update-error-reference.md
- name: Troubleshoot the Windows Update for Business deployment service
href: update/deployment-service-troubleshoot.md
- name: Reference
items:
@ -434,7 +436,7 @@
- name: User State Migration Tool (USMT) technical reference
items:
- name: USMT overview topics
- name: USMT overview articles
items:
- name: USMT overview
href: usmt/usmt-overview.md
@ -442,7 +444,7 @@
href: usmt/getting-started-with-the-user-state-migration-tool.md
- name: Windows upgrade and migration considerations
href: upgrade/windows-upgrade-and-migration-considerations.md
- name: USMT How-to topics
- name: USMT How-to articles
items:
- name: Exclude Files and Settings
href: usmt/usmt-exclude-files-and-settings.md

9
windows/deployment/Windows-AutoPilot-EULA-note.md
View File

@ -3,12 +3,13 @@ title: Windows Autopilot EULA dismissal important information
description: A notice about EULA dismissal through Windows Autopilot
ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 08/22/2017
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.date: 10/31/2022
author: frankroj
ms.author: frankroj
manager: aaroncz
ROBOTS: NOINDEX
ms.topic: article
ms.technology: itpro-deploy
---
# Windows Autopilot EULA dismissal important information

17
windows/deployment/add-store-apps-to-image.md
View File

@ -3,21 +3,23 @@ title: Add Microsoft Store for Business applications to a Windows 10 image
description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
author: frankroj
ms.author: frankroj
ms.reviewer:
manager: dougeby
manager: aaroncz
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.date: 10/31/2022
ms.technology: itpro-deploy
---
# Add Microsoft Store for Business applications to a Windows 10 image
**Applies to**
- Windows 10
- Windows 10
This topic describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. This will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. Adding Microsoft Store for Business applications to a Windows 10 image will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
>[!IMPORTANT]
>In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
@ -66,10 +68,9 @@ Now, on the machine where your image file is accessible:
>[!NOTE]
>Paths and file names are examples. Use your paths and file names where appropriate.
>
>For more information on Start customization see [Windows 10 Start Layout Customization](/archive/blogs/deploymentguys/windows-10-start-layout-customization)
>For more information on Start customization, see [Windows 10 Start Layout Customization](/archive/blogs/deploymentguys/windows-10-start-layout-customization)
## Related topics
## Related articles
* [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
* [Export-StartLayout](/powershell/module/startlayout/export-startlayout)
* [Import-StartLayout](/powershell/module/startlayout/import-startlayout)

31
windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
View File

@ -1,13 +1,15 @@
---
title: Configure a PXE server to load Windows PE (Windows 10)
description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
description: This article describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
manager: dougeby
ms.author: aaroncz
author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.date: 10/31/2022
ms.technology: itpro-deploy
---
# Configure a PXE server to load Windows PE
@ -16,11 +18,11 @@ ms.custom: seo-marvel-apr2020
- Windows 10
This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
## Prerequisites
- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) and the Windows PE add-on with ADK installed.
- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) and the Windows PE add-on with ADK installed.
- A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
- A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
- A file server: A server hosting a network file share.
@ -29,11 +31,11 @@ All four of the roles specified above can be hosted on the same computer or each
## Step 1: Copy Windows PE source files
1. On the deployment computer, click **Start**, and type **deployment**.
1. On the deployment computer, select **Start**, and type **deployment**.
2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
2. Right-click **Deployment and Imaging Tools Environment** and then select **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **<architecture>** can be **x86**, **amd64**, or **arm** and **<destination>** is a path to a local directory. If the directory doesn't already exist, it will be created.
3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **<architecture>** can be **x86**, **amd64**, or **arm** and **<destination>** is a path to a local directory. If the directory doesn't already exist, it will be created.
```
copype.cmd <architecture> <destination>
@ -53,7 +55,7 @@ All four of the roles specified above can be hosted on the same computer or each
C:\winpe_amd64\media
C:\winpe_amd64\mount
```
4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
```
Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
@ -77,7 +79,7 @@ All four of the roles specified above can be hosted on the same computer or each
```
copy C:\winpe_amd64\media\boot\boot.sdi y:\Boot
```
8. Copy the bootable Windows PE image (boot.wim) to the \boot folder.
8. Copy the bootable Windows PE image (boot.wim) to the \boot folder.
```
copy C:\winpe_amd64\media\sources\boot.wim y:\Boot
@ -109,7 +111,7 @@ All four of the roles specified above can be hosted on the same computer or each
```
Copy this GUID for use in the next set of commands. In each command shown, replace "GUID1" with your GUID.
3. Create a new boot application entry for the Windows PE image:
3. Create a new boot application entry for the Windows PE image:
```
bcdedit /store c:\BCD /set {GUID1} device ramdisk=[boot]\Boot\boot.wim,{ramdiskoptions}
@ -173,14 +175,13 @@ The following process summarizes the PXE client boot.
1. A client is directed by DHCP options 066 and 067 to download boot\\PXEboot.n12 from the TFTP server.
2. PXEboot.n12 immediately begins a network boot.
3. The client downloads boot\\bootmgr.exe and the boot\\BCD file from the TFTP server. Note: The BCD store must reside in the \\boot directory on the TFTP server and must be named BCD.
5. Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
6. Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
5. Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
6. Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
7. Windows PE loads, a command prompt opens and wpeinit.exe is run to initialize Windows PE.
8. The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. With the help of these tools accompanied by a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
## See Also
### Concepts
[Windows PE Walkthroughs](/previous-versions/windows/it-pro/windows-vista/cc748899(v=ws.10))

11
windows/deployment/deploy-enterprise-licenses.md
View File

@ -1,9 +1,9 @@
---
title: Deploy Windows Enterprise licenses
description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows Enterprise E3 or E5 subscription activation, or for Windows Enterprise E3 in CSP.
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
@ -12,6 +12,7 @@ ms.collection: highpri
appliesto:
-<b>Windows 10</b>
-<b>Windows 11</b>
ms.date: 10/31/2022
---
# Deploy Windows Enterprise licenses
@ -227,7 +228,7 @@ Figure 11 illustrates a device on which the Windows 10 Pro is activated, but the
Figure 11: Windows 10 Enterprise subscription lapsed or removed in Settings.
It displays the following error: "Windows 10 Enterprise subscription is not valid."
It displays the following error: "Windows 10 Enterprise subscription isn't valid."
#### Device that's not activated and without an Enterprise subscription
@ -287,7 +288,7 @@ If a device isn't able to connect to Windows Update, it can lose activation stat
- Make sure that the device doesn't have the following registry value: `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations = 1 (REG_DWORD)`. If this registry value exists, it must be set to `0`.
- Make sure that the following group policy setting is **disabled**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not connect to any Windows Update Internet locations.
- Make sure that the following group policy setting is **disabled**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Don't connect to any Windows Update Internet locations.
## Virtual Desktop Access (VDA)

28
windows/deployment/deploy-m365.md
View File

@ -1,24 +1,26 @@
---
title: Deploy Windows 10 with Microsoft 365
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.collection: M365-modern-desktop
ms.custom: seo-marvel-apr2020
ms.date: 10/31/2022
ms.technology: itpro-deploy
---
# Deploy Windows 10 with Microsoft 365
**Applies to**
- Windows 10
- Windows 10
This topic provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
This article provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
@ -27,8 +29,8 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
- Windows Autopilot
- In-place upgrade
- Deploying Windows 10 upgrade with Intune
- Deploying Windows 10 upgrade with Microsoft Endpoint Configuration Manager
- Deploying a computer refresh with Microsoft Endpoint Configuration Manager
- Deploying Windows 10 upgrade with Microsoft Configuration Manager
- Deploying a computer refresh with Microsoft Configuration Manager
## Free trial account
@ -49,12 +51,14 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview).
That's all there's to it!
Examples of these two deployment advisors are shown below.
- [Microsoft 365 deployment advisor example](#microsoft-365-deployment-advisor-example)
- [Windows Analytics deployment advisor example](#windows-analytics-deployment-advisor-example)
- [Deploy Windows 10 with Microsoft 365](#deploy-windows-10-with-microsoft-365)
- [Free trial account](#free-trial-account)
- [Microsoft 365 deployment advisor example](#microsoft-365-deployment-advisor-example)
- [Windows Analytics deployment advisor example](#windows-analytics-deployment-advisor-example)
- [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster)
- [Related articles](#related-articles)
## Microsoft 365 deployment advisor example
![Microsoft 365 deployment advisor.](images/m365da.png)
@ -66,7 +70,7 @@ Examples of these two deployment advisors are shown below.
[![Microsoft 365 Enterprise poster.](images/m365e.png)](https://aka.ms/m365eposter)
## Related Topics
## Related articles
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)<br>
[Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home)

33
windows/deployment/deploy-whats-new.md
View File

@ -1,14 +1,16 @@
---
title: What's new in Windows client deployment
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
ms.localizationpriority: medium
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.collection: highpri
ms.date: 10/31/2022
ms.technology: itpro-deploy
---
# What's new in Windows client deployment
@ -17,9 +19,7 @@ ms.collection: highpri
- Windows 10
- Windows 11
## In this topic
This topic provides an overview of new solutions and online content related to deploying Windows client in your organization.
This article provides an overview of new solutions and online content related to deploying Windows client in your organization.
- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](/windows/whats-new/index).
@ -41,7 +41,7 @@ The [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is a
[SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later, and Windows 11.<br>
New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).<br>
VPN support is added to [Windows Autopilot](#windows-autopilot)<br>
An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).<br>
An in-place upgrade wizard is available in [Configuration Manager](#microsoft-configuration-manager).<br>
The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with more content added and more content coming soon.<br>
## The Modern Desktop Deployment Center
@ -63,14 +63,14 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic
Windows PowerShell cmdlets for Delivery Optimization have been improved:
- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
- Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
- Automatic cloud-based congestion detection is available for PCs with cloud service support.
- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!
- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content.
The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
@ -89,7 +89,7 @@ The following Delivery Optimization policies are removed in the Windows 10, vers
- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and run normally.
- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
- **Pause updates**: We've extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you'll need to update your device before pausing again.
- **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
@ -125,7 +125,7 @@ The following Windows Autopilot features are available in Windows 10, version 19
- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
- Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
### Microsoft Endpoint Configuration Manager
### Microsoft Configuration Manager
An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
@ -133,7 +133,7 @@ An in-place upgrade wizard is available in Configuration Manager. For more infor
Windows 10 Education support has been added to Windows 10 Subscription Activation.
With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
With Windows 10, version 1903, you can step up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions - Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
### SetupDiag
@ -151,12 +151,11 @@ Upgrade Readiness helps you ensure that applications and drivers are ready for a
The development of Upgrade Readiness has been heavily influenced by input from the community; the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
For more information about Upgrade Readiness, see the following topics:
For more information about Upgrade Readiness, see the following articles:
- [Windows Analytics blog](https://aka.ms/blog/WindowsAnalytics/)
- [Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview)
### Update Compliance
Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date.
@ -203,13 +202,13 @@ For more information, see the following guides:
- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
- [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
## Troubleshooting guidance
[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The article provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
## Related topics
## Related articles
[Overview of Windows as a service](update/waas-overview.md)<br>
[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)<br>

2
windows/deployment/deploy-windows-cm/TOC.yml
View File

@ -1,4 +1,4 @@
- name: Deploy Windows 10 with Microsoft Endpoint Configuration Manager
- name: Deploy Windows 10 with Microsoft Configuration Manager
items:
- name: Prepare for Windows 10 deployment with Configuration Manager
items:

27
windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
View File

@ -2,23 +2,24 @@
title: Add a Windows 10 operating system image using Configuration Manager
description: Operating system images are typically the production image used for deployment throughout the organization.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Add a Windows 10 operating system image using Configuration Manager
**Applies to**
- Windows 10
- Windows 10
Operating system images are typically the production image used for deployment throughout the organization. This topic shows you how to add a Windows 10 operating system image created with Microsoft Endpoint Configuration Manager, and how to distribute the image to a distribution point.
Operating system images are typically the production image used for deployment throughout the organization. This article shows you how to add a Windows 10 operating system image created with Microsoft Configuration Manager, and how to distribute the image to a distribution point.
## Infrastructure
@ -40,22 +41,22 @@ An existing Configuration Manager infrastructure that is integrated with MDT is
![figure 17.](../images/ref-image.png)
The Windows 10 image being copied to the Sources folder structure.
The Windows 10 image being copied to the Sources folder structure.
3. Using the Configuration Manager Console, in the Software Library workspace, right-click **Operating System Images**, and select **Add Operating System Image**.
4. On the **Data Source** page, in the **Path:** text box, browse to \\\\CM01\\Sources$\\OSD\\OS\\Windows 10 Enterprise x64 RTM\\REFW10-X64-001.wim, select x64 next to Architecture and choose a language, then click **Next**.
5. On the **General** page, assign the name Windows 10 Enterprise x64 RTM, click **Next** twice, and then click **Close**.
6. Distribute the operating system image to the CM01 distribution point by right-clicking the **Windows 10 Enterprise x64 RTM** operating system image and then clicking **Distribute Content**.
7. In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
8. View the content status for the Windows 10 Enterprise x64 RTM package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
4. On the **Data Source** page, in the **Path:** text box, browse to \\\\CM01\\Sources$\\OSD\\OS\\Windows 10 Enterprise x64 RTM\\REFW10-X64-001.wim, select x64 next to Architecture and choose a language, then select **Next**.
5. On the **General** page, assign the name Windows 10 Enterprise x64 RTM, select **Next** twice, and then select **Close**.
6. Distribute the operating system image to the CM01 distribution point by right-clicking the **Windows 10 Enterprise x64 RTM** operating system image and then clicking **Distribute Content**.
7. In the Distribute Content Wizard, add the CM01 distribution point, select **Next** and select **Close**.
8. View the content status for the Windows 10 Enterprise x64 RTM package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
![figure 18.](../images/fig18-distwindows.png)
The distributed Windows 10 Enterprise x64 RTM package.
The distributed Windows 10 Enterprise x64 RTM package.
Next, see [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

33
windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
View File

@ -2,23 +2,24 @@
title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
**Applies to**
- Windows 10
- Windows 10
In this topic, you'll learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it's likely you'll have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
In this article, you'll learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it's likely you'll have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
For the purposes of this guide, we'll use one server computer: CM01.
- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
@ -41,12 +42,12 @@ Driver folder structure on CM01
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click the **Drivers** node and select **Import Driver**.
2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**.
3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**.
4. On the **Select the packages to add the imported driver** page, click **Next**.
5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image and click **Next**.
6. In the popup window that appears, click **Yes** to automatically update the distribution point.
7. Click **Next**, wait for the image to be updated, and then click **Close**.
2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and select **Next**.
3. On the **Specify the details for the imported driver** page, select **Categories**, create a category named **WinPE x64**, and then select **Next**.
4. On the **Select the packages to add the imported driver** page, select **Next**.
5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image and select **Next**.
6. In the popup window that appears, select **Yes** to automatically update the distribution point.
7. Select **Next**, wait for the image to be updated, and then select **Close**.
![Add drivers to Windows PE step 1.](../images/fig21-add-drivers1.png)<br>
![Add drivers to Windows PE step 2.](../images/fig21-add-drivers2.png)<br>
@ -68,15 +69,15 @@ Driver folder structure on CM01
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click the **Drivers** node and select **Import Driver**.
2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder and click **Next**. Wait a minute for driver information to be validated.
3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **Windows 10 x64 - HP EliteBook 8560w**, click **OK**, and then click **Next**.
2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder and select **Next**. Wait a minute for driver information to be validated.
3. On the **Specify the details for the imported driver** page, select **Categories**, create a category named **Windows 10 x64 - HP EliteBook 8560w**, select **OK**, and then select **Next**.
![Create driver categories.](../images/fig22-createcategories.png "Create driver categories")
Create driver categories
4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
4. On the **Select the packages to add the imported driver** page, select **New Package**, use the following settings for the package, and then select **Next**:
* Name: Windows 10 x64 - HP EliteBook 8560w
* Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w
@ -84,7 +85,7 @@ On **CM01**:
>[!NOTE]
>The package path does not yet exist, so you've to type it in. The wizard will create the new package using the path you specify.
5. On the **Select drivers to include in the boot image** page, don't select anything, and click **Next** twice. After the package has been created, click **Close**.
5. On the **Select drivers to include in the boot image** page, don't select anything, and select **Next** twice. After the package has been created, select **Close**.
>[!NOTE]
>If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
@ -95,7 +96,7 @@ On **CM01**:
Next, see [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

29
windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
View File

@ -1,24 +1,25 @@
---
title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Configuration Manager.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Create a custom Windows PE boot image with Configuration Manager
**Applies to**
- Windows 10
- Windows 10
In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
In Microsoft Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This article shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
- The boot image that is created is based on the version of ADK that is installed.
For the purposes of this guide, we'll use one server computer: CM01.
@ -28,7 +29,7 @@ For the purposes of this guide, we'll use one server computer: CM01.
## Add DaRT 10 files and prepare to brand the boot image
The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you don't wish to add DaRT, skip the steps below to copy DaRT tools and later skip adding the DaRT component to the boot image.
The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you don't wish to add DaRT, skip the steps below to copy DaRT tools, and later skip adding the DaRT component to the boot image.
We assume you've downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you've created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named <a href="../images/ContosoBackground.png">ContosoBackground.bmp</a>.
@ -48,14 +49,14 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**.
2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**.
2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and select **Next**.
>[!NOTE]
>The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**.
4. On the **Options** page, select the **x64** platform, and click **Next**.
5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box and click **Next**.
3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and select **Next**.
4. On the **Options** page, select the **x64** platform, and select **Next**.
5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box and select **Next**.
![Add the DaRT component to the Configuration Manager boot image.](../images/mdt-06-fig16.png "Add the DaRT component to the Configuration Manager boot image")
@ -63,7 +64,7 @@ On **CM01**:
>Note: Another common component to add here is Windows PowerShell to enable PowerShell support within Windows PE.
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then click **Next** twice. Wait a few minutes while the boot image is generated, and then click **Finish**.
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then select **Next** twice. Wait a few minutes while the boot image is generated, and then select **Finish**.
7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
9. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Don't continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
@ -74,7 +75,7 @@ On **CM01**:
Content status for the Zero Touch WinPE x64 boot image
10. Using the Configuration Manager Console, in the Software Library workspace, under **Boot Images**, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
11. On the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and click **OK**.
11. On the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and select **OK**.
12. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: **Expanding PS100009 to D:\\RemoteInstall\\SMSImages**.
13. Review the **D:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS100009) is from your new boot image with DaRT. See the examples below:
@ -85,7 +86,7 @@ On **CM01**:
Next, see [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>

49
windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
View File

@ -2,20 +2,21 @@
title: Create a task sequence with Configuration Manager (Windows 10)
description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Create a task sequence with Configuration Manager and MDT
**Applies to**
- Windows 10
- Windows 10
In this article, you'll learn how to create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
@ -31,11 +32,11 @@ This section walks you through the process of creating a Configuration Manager t
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
2. On the **Choose Template** page, select the **Client Task Sequence** template and click **Next**.
3. On the **General** page, assign the following settings and then click **Next**:
2. On the **Choose Template** page, select the **Client Task Sequence** template and select **Next**.
3. On the **General** page, assign the following settings and then select **Next**:
* Task sequence name: Windows 10 Enterprise x64 RTM
* Task sequence comments: Production image with Office 365 Pro Plus x64
4. On the **Details** page, assign the following settings and then click **Next**:
4. On the **Details** page, assign the following settings and then select **Next**:
* Join a Domain
* Domain: contoso.com
* Account: contoso\\CM\_JD
@ -45,18 +46,18 @@ On **CM01**:
* Organization name: Contoso
* Product key: &lt;blank&gt;
5. On the **Capture Settings** page, accept the default settings, and click **Next**.
6. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**.
7. On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\MDT\\MDT**. Then click **Next**.
8. On the **MDT Details** page, assign the name **MDT** and click **Next**.
9. On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then click **Next**.
10. On the **Deployment Method** page, accept the default settings (Zero Touch installation) and click **Next**.
11. On the **Client Package** page, browse and select the **Microsoft Corporation Configuration Manager Client Package** and click **Next**.
12. On the **USMT Package** page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package and click **Next**.
13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Settings\\Windows 10 x64 Settings** and click **Next**.
14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and click **Next**.
15. On the **Sysprep Package** page, click **Next** twice.
16. On the **Confirmation** page, click **Finish**.
5. On the **Capture Settings** page, accept the default settings, and select **Next**.
6. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then select **Next**.
7. On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\MDT\\MDT**. Then select **Next**.
8. On the **MDT Details** page, assign the name **MDT** and select **Next**.
9. On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then select **Next**.
10. On the **Deployment Method** page, accept the default settings (Zero Touch installation) and select **Next**.
11. On the **Client Package** page, browse and select the **Microsoft Corporation Configuration Manager Client Package** and select **Next**.
12. On the **USMT Package** page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package and select **Next**.
13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Settings\\Windows 10 x64 Settings** and select **Next**.
14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and select **Next**.
15. On the **Sysprep Package** page, select **Next** twice.
16. On the **Confirmation** page, select **Finish**.
## Edit the task sequence
@ -64,7 +65,7 @@ After you create the task sequence, we recommend that you configure the task seq
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and click **Edit**.
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, select **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Edit**.
2. In the **Install** group (about halfway down), select the **Set Variable for Drive Letter** action and configure the following:
* OSDPreserveDriveLetter: True
@ -110,7 +111,7 @@ On **CM01**:
* Task Sequence Variable
* USMTLOCAL not equals True
11. Click **OK**.
11. Select **OK**.
## Organize your packages (optional)
@ -121,13 +122,13 @@ To create a folder for packages:
On **CM01**:
1. Using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**, and then select **Packages**.
2. Right-click **Packages**, point to **Folder**, click **Create Folder** and create the OSD folder. This process will create the Root \ OSD folder structure.
2. Right-click **Packages**, point to **Folder**, select **Create Folder** and create the OSD folder. This process will create the Root \ OSD folder structure.
3. Select the **MDT**, **User State Migration Tool for Windows**, and **Windows 10 x64 Settings** packages, right-click and select **Move**.
4. In the **Move Selected Items** dialog box, select the **OSD** folder, and click **OK**.
4. In the **Move Selected Items** dialog box, select the **OSD** folder, and select **OK**.
Next, see [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](../deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

29
windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
View File

@ -1,15 +1,16 @@
---
title: Create an app to deploy with Windows 10 using Configuration Manager
description: Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process.
description: Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Create an application to deploy with Windows 10 using Configuration Manager
@ -17,9 +18,9 @@ ms.technology: itpro-deploy
**Applies to**
- Windows 10
- Windows 10
Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Endpoint Manager that you later configure the task sequence to use.
Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Configuration Manager that you later configure the task sequence to use.
For the purposes of this guide, we'll use one server computer: CM01.
- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
@ -43,8 +44,8 @@ On **CM01**:
3. Using File Explorer, copy the **D:\\Setup\\Adobe** folder to the **D:\\Sources\\Software\\Adobe** folder.
4. In the Configuration Manager Console, in the Software Library workspace, expand **Application Management**.
5. Right-click **Applications**, point to **Folder** and then click **Create Folder**. Assign the name **OSD**.
6. Right-click the **OSD** folder, and click **Create Application**.
5. Right-click **Applications**, point to **Folder** and then select **Create Folder**. Assign the name **OSD**.
6. Right-click the **OSD** folder, and select **Create Application**.
7. In the Create Application Wizard, on the **General** page, use the following settings:
* Automatically detect information about this application from installation files
@ -55,9 +56,9 @@ On **CM01**:
The Create Application Wizard
8. Click **Next**, and wait while Configuration Manager parses the MSI file.
9. On the **Import Information** page, review the information and then click **Next**.
10. On the **General Information** page, name the application Adobe Acrobat Reader DC - OSD Install, click **Next** twice, and then click **Close**.
8. Select **Next**, and wait while Configuration Manager parses the MSI file.
9. On the **Import Information** page, review the information and then select **Next**.
10. On the **General Information** page, name the application Adobe Acrobat Reader DC - OSD Install, select **Next** twice, and then select **Close**.
>[!NOTE]
>Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
@ -66,12 +67,12 @@ On **CM01**:
Add the "OSD Install" suffix to the application name
11. In the **Applications** node, select the Adobe Reader - OSD Install application, and click **Properties** on the ribbon bar (this path is another place to view properties, you can also right-click and select properties).
12. On the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and click **OK**.
11. In the **Applications** node, select the Adobe Reader - OSD Install application, and select **Properties** on the ribbon bar (this path is another place to view properties, you can also right-click and select properties).
12. On the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and select **OK**.
Next, see [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

25
windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
View File

@ -1,14 +1,15 @@
---
title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
description: In this topic, you'll learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences.
description: In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences.
ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Deploy Windows 10 using PXE and Configuration Manager
@ -17,9 +18,9 @@ ms.technology: itpro-deploy
- Windows 10
In this topic, you'll learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences. This article will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this article.
This topic assumes that you've completed the following prerequisite procedures:
This article assumes that you've completed the following prerequisite procedures:
- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
@ -39,7 +40,7 @@ For the purposes of this guide, we'll use a minimum of two server computers (DC0
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
All server and client computers referenced in this guide are on the same subnet. This connection isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
All server and client computers referenced in this guide are on the same subnet. This connection isn't required. But each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the `contoso.com` domain. Internet connectivity is also required to download OS and application updates.
>[!NOTE]
>No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
@ -47,11 +48,11 @@ All server and client computers referenced in this guide are on the same subnet.
## Procedures
1. Start the PC0001 computer. At the Pre-Boot Execution Environment (PXE) boot menu, press **Enter** to allow it to PXE boot.
2. On the **Welcome to the Task Sequence Wizard** page, type in the password **pass\@word1** and click **Next**.
3. On the **Select a task sequence to run** page, select **Windows 10 Enterprise x64 RTM** and click **Next**.
4. On the **Edit Task Sequence Variables** page, double-click the **OSDComputerName** variable, and in the **Value** field, type **PC0001** and click **OK**. Then click **Next**.
2. On the **Welcome to the Task Sequence Wizard** page, type in the password **pass\@word1** and select **Next**.
3. On the **Select a task sequence to run** page, select **Windows 10 Enterprise x64 RTM** and select **Next**.
4. On the **Edit Task Sequence Variables** page, double-click the **OSDComputerName** variable, and in the **Value** field, type **PC0001** and select **OK**. Then select **Next**.
5. The operating system deployment will take several minutes to complete.
6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following steps:
6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then select **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following steps:
* Install the Windows 10 operating system.
* Install the Configuration Manager client and the client hotfix.
@ -86,7 +87,7 @@ Examples are provided below of various stages of deployment:
Next, see [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

39
windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
View File

@ -2,23 +2,24 @@
title: Finalize operating system configuration for Windows 10 deployment
description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
**Applies to**
- Windows 10
- Windows 10
This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enabling optional MDT monitoring for Configuration Manager, logs folder settings, rules configuration, content distribution, and deployment of the previously created task sequence.
This article walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enabling optional MDT monitoring for Configuration Manager, logs folder settings, rules configuration, content distribution, and deployment of the previously created task sequence.
For the purposes of this guide, we'll use one server computer: CM01.
- CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
@ -31,14 +32,14 @@ This section will walk you through the process of creating the D:\\MDTProduction
On **CM01**:
1. Open the Deployment Workbench, right-click **Deployment Shares** and click **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
1. Open the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
* Deployment share path: D:\\MDTProduction
* Share name: MDTProduction$
* Deployment share description: MDT Production
* Options: &lt;default settings&gt;
2. Right-click the **MDT Production** deployment share, and click **Properties**. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and click **OK**.
2. Right-click the **MDT Production** deployment share, and select **Properties**. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and select **OK**.
![Enable MDT monitoring for Configuration Manager.](../images/mdt-06-fig31.png)
@ -80,7 +81,7 @@ On **CM01**:
The Settings package, holding the rules and the Unattend.xml template used during deployment
3. In the Configuration Manager console, update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. Click **OK** in the popup dialog box.
3. In the Configuration Manager console, update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. Select **OK** in the popup dialog box.
>[!NOTE]
>Although you haven't yet added a distribution point, you still need to select Update Distribution Points. This process also updates the Configuration Manager content library with changes.
@ -92,7 +93,7 @@ In Configuration Manager, you can distribute all packages needed by a task seque
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**. Right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Distribute Content**.
2. In the Distribute Content Wizard, click **Next** twice then on the **Specify the content destination** page add the Distribution Point: **CM01.CONTOSO.COM**, and then complete the wizard.
2. In the Distribute Content Wizard, select **Next** twice then on the **Specify the content destination** page add the Distribution Point: **CM01.CONTOSO.COM**, and then complete the wizard.
3. Using the CMTrace tool, verify the distribution to the CM01 distribution point by reviewing the distmgr.log file, or use the Distribution Status / Content Status option in the Monitoring workspace. Don't continue until you see all the new packages being distributed successfully.
![Content status.](../images/cm01-content-status1.png)
@ -105,9 +106,9 @@ This section provides steps to help you create a deployment for the task sequenc
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** and then click **Deploy**.
2. In the Deploy Software Wizard, on the **General** page, select the **All Unknown Computers** collection and click **Next**.
3. On the **Deployment Settings** page, use the following settings and then click **Next**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** and then select **Deploy**.
2. In the Deploy Software Wizard, on the **General** page, select the **All Unknown Computers** collection and select **Next**.
3. On the **Deployment Settings** page, use the below settings and then select **Next**:
* Purpose: Available
* Make available to the following: Only media and PXE
@ -116,10 +117,10 @@ On **CM01**:
Configure the deployment settings
4. On the **Scheduling** page, accept the default settings and click **Next**.
5. On the **User Experience** page, accept the default settings and click **Next**.
6. On the **Alerts** page, accept the default settings and click **Next**.
7. On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**.
4. On the **Scheduling** page, accept the default settings and select **Next**.
5. On the **User Experience** page, accept the default settings and select **Next**.
6. On the **Alerts** page, accept the default settings and select **Next**.
7. On the **Distribution Points** page, accept the default settings, select **Next** twice, and then select **Close**.
![Task sequence deployed.](../images/fig32-deploywiz.png)
@ -133,14 +134,14 @@ This section provides steps to help you configure the All Unknown Computers coll
On **CM01**:
1. Using the Configuration Manager console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and click **Properties**.
1. Using the Configuration Manager console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**.
2. On the **Collection Variables** tab, create a new variable with the following settings:
* Name: OSDComputerName
* Clear the **Do not display this value in the Configuration Manager console** check box.
3. Click **OK**.
3. Select **OK**.
>[!NOTE]
>Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
@ -151,7 +152,7 @@ On **CM01**:
Next, see [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

13
windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
View File

@ -2,13 +2,14 @@
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: how-to
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
@ -17,7 +18,7 @@ ms.technology: itpro-deploy
- Windows 10
This article walks you through the Zero Touch Installation (ZTI) process of Windows 10 OS deployment using Microsoft Endpoint Configuration Manager [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
This article walks you through the Zero Touch Installation (ZTI) process of Windows 10 OS deployment using Microsoft Configuration Manager [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
## Prerequisites
@ -64,7 +65,7 @@ On **DC01**:
To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. The procedure below uses Windows PowerShell.
To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1` Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1`. Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
```powershell
$oulist = Import-csv -Path c:\oulist.txt
@ -285,7 +286,7 @@ Next, see [Create a custom Windows PE boot image with Configuration Manager](cre
## Components of Configuration Manager operating system deployment
Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are more components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which isn't used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are more components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which isn't used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
- **State migration point (SMP).** The state migration point is used to store user state migration data during computer replace scenarios.
- **Distribution point (DP).** The distribution point is used to store all packages in Configuration Manager, including the operating system deployment-related packages.

25
windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
View File

@ -2,23 +2,24 @@
title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
**Applies to**
- Windows 10
- Windows 10
This topic will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refresh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
This article will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refresh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
A computer refresh with Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager has the following steps:
@ -53,7 +54,7 @@ To verify that PC003 is correctly assigned to the PS1 site:
On **PC0003**:
1. Open the Configuration Manager control panel (control smscfgrc).
2. On the **Site** tab, click **Configure Settings**, then click **Find Site**.
2. On the **Site** tab, select **Configure Settings**, then select **Find Site**.
3. Verify that Configuration Manager has successfully found a site to manage this client is displayed. See the following example.
![Found a site to manage this client.](../images/pc0003a.png)
@ -75,7 +76,7 @@ On **CM01**:
* Select Resources
* Select **PC0003**
Use the default settings to complete the remaining wizard pages and click **Close**.
Use the default settings to complete the remaining wizard pages and select **Close**.
2. Review the Install Windows 10 Enterprise x64 collection. Don't continue until you see the PC0003 machine in the collection.
@ -86,7 +87,7 @@ On **CM01**:
On **CM01**:
Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then click **Deploy**. Use the following settings:
Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the below settings:
- General
- Collection: Install Windows 10 Enterprise x64
@ -112,12 +113,12 @@ Now you can start the computer refresh on PC0003.
On **CM01**:
1. Using the Configuration Manager console, in the Assets and Compliance workspace, click the **Install Windows 10 Enterprise x64** collection, right-click **PC0003**, point to **Client Notification**, click **Download Computer Policy**, and then click **OK** in the popup dialog box that appears.
1. Using the Configuration Manager console, in the Assets and Compliance workspace, select the **Install Windows 10 Enterprise x64** collection, right-click **PC0003**, point to **Client Notification**, select **Download Computer Policy**, and then select **OK** in the popup dialog box that appears.
On **PC0003**:
1. Open the Software Center (click Start and type **Software Center**, or click the **New software is available** balloon in the system tray), select **Operating Systems** and click the **Windows 10 Enterprise x64 RTM** deployment, then click **Install**.
2. In the **Software Center** warning dialog box, click **Install Operating System**.
1. Open the Software Center (select Start and type **Software Center**, or select the **New software is available** balloon in the system tray), select **Operating Systems** and select the **Windows 10 Enterprise x64 RTM** deployment, then select **Install**.
2. In the **Software Center** warning dialog box, select **Install Operating System**.
3. The client computer will run the Configuration Manager task sequence, boot into Windows PE, and install the new OS and applications. See the following examples:
![Task sequence example 1.](../images/pc0003b.png)<br>
@ -133,7 +134,7 @@ On **PC0003**:
Next, see [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

55
windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
View File

@ -1,27 +1,28 @@
---
title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
description: In this topic, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
description: In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager.
ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
**Applies to**
- Windows 10
- Windows 10
In this topic, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.
In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.
In this topic, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This process is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
In this article, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This process is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
## Infrastructure
@ -48,18 +49,18 @@ All server and client computers referenced in this guide are on the same subnet.
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and click **Next**.
3. On the **General** page, assign the following settings and click **Next**:
2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and select **Next**.
3. On the **General** page, assign the following settings and select **Next**:
* Task sequence name: Replace Task Sequence
* Task sequence comments: USMT backup only
4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**.
5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then click **Next**.
6. On the **USMT Package** page, browse and select the **OSD / Microsoft Corporation User State Migration Tool for Windows** package. Then click **Next**.
7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then click **Next**.
8. On the **Summary** page, review the details and then click **Next**.
9. On the **Confirmation** page, click **Finish**.
4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then select **Next**.
5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then select **Next**.
6. On the **USMT Package** page, browse and select the **OSD / Microsoft Corporation User State Migration Tool for Windows** package. Then select **Next**.
7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then select **Next**.
8. On the **Summary** page, review the details and then select **Next**.
9. On the **Confirmation** page, select **Finish**.
10. Review the Replace Task Sequence.
@ -80,9 +81,9 @@ On **HV01** (if PC0006 is a VM) or in the PC0006 BIOS:
On **CM01**:
2. When you're using the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices**, and then click **Import Computer Information**.
3. On the **Select Source** page, select **Import single computer** and click **Next**.
4. On the **Single Computer** page, use the following settings and then click **Next**:
2. When you're using the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices**, and then select **Import Computer Information**.
3. On the **Select Source** page, select **Import single computer** and select **Next**.
4. On the **Single Computer** page, use the following settings and then select **Next**:
* Computer Name: PC0006
* MAC Address: &lt;the mac address that you wrote down&gt;
@ -92,12 +93,12 @@ On **CM01**:
Creating the computer association between PC0004 and PC0006.
5. On the **User Accounts** page, select **Capture and restore all user accounts** and click **Next**.
6. On the **Data Preview** page, click **Next**.
7. On the **Choose additional collections** page, click **Add** and then select the **Install Windows 10 Enterprise x64** collection. Now, select the checkbox next to the Install Windows 10 Enterprise x64 collection you just added, and then click **Next**.
8. On the **Summary** page, click **Next**, and then click **Close**.
5. On the **User Accounts** page, select **Capture and restore all user accounts** and select **Next**.
6. On the **Data Preview** page, select **Next**.
7. On the **Choose additional collections** page, select **Add** and then select the **Install Windows 10 Enterprise x64** collection. Now, select the checkbox next to the Install Windows 10 Enterprise x64 collection you just added, and then select **Next**.
8. On the **Summary** page, select **Next**, and then select **Close**.
9. Select the **User State Migration** node and review the computer association in the right hand pane.
10. Right-click the **PC0004/PC0006** association and click **View Recovery Information**. A recovery key has been assigned already, but a user state store location hasn't.
10. Right-click the **PC0004/PC0006** association and select **View Recovery Information**. A recovery key has been assigned already, but a user state store location hasn't.
11. Review the **Install Windows 10 Enterprise x64** collection. Don't continue until you see the **PC0006** computer in the collection. You might have to update membership and refresh the collection again.
## Create a device collection and add the PC0004 computer
@ -117,7 +118,7 @@ On **CM01**:
* Select Resources:
* Select **PC0004**
Use default settings for the remaining wizard pages, then click **Close**.
Use default settings for the remaining wizard pages, then select **Close**.
2. Review the **USMT Backup (Replace)** collection. Don't continue until you see the **PC0004** computer in the collection.
@ -148,12 +149,12 @@ This section assumes that you have a computer named PC0004 with the Configuratio
On **PC0004**:
1. If it's not already started, start the PC0004 computer and open the Configuration Manager control panel (control smscfgrc).
2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and then select **OK** in the popup dialog box that appears.
>[!NOTE]
>You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
3. Open the Software Center, select the **Replace Task Sequence** deployment and then click **Install**.
3. Open the Software Center, select the **Replace Task Sequence** deployment and then select **Install**.
4. Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
5. Allow the Replace Task Sequence to complete. The PC0004 computer will gather user data, boot into Windows PE and gather more data, then boot back to the full OS. The entire process should only take a few minutes.
@ -200,7 +201,7 @@ When the process is complete, you'll have a new Windows 10 computer in your doma
Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuration-manager.md).
## Related topics
## Related articles
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>

71
windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
View File

@ -1,15 +1,16 @@
---
title: Perform in-place upgrade to Windows 10 via Configuration Manager
description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Manager task sequence.
description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Configuration Manager task sequence.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/27/2022
---
# Perform an in-place upgrade to Windows 10 using Configuration Manager
@ -17,9 +18,9 @@ ms.technology: itpro-deploy
**Applies to**
- Windows 10
- Windows 10
The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Endpoint Manager task sequence to completely automate the process.
The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Configuration Manager task sequence to completely automate the process.
>[!IMPORTANT]
>Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must be removed from a device before performing an in-place upgrade to Windows 10.
@ -34,7 +35,7 @@ For the purposes of this article, we'll use one server computer (CM01) and one c
All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required. But each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the `contoso.com` domain. Internet connectivity is also required to download OS and application updates.
## Add an OS upgrade package
@ -42,30 +43,30 @@ Configuration Manager Current Branch includes a native in-place upgrade task. Th
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and click **Add Operating System Upgrade Package**.
2. On the **Data Source** page, under **Path**, click **Browse** and enter the UNC path to your media source. In this example, we've extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and select **Add Operating System Upgrade Package**.
2. On the **Data Source** page, under **Path**, select **Browse** and enter the UNC path to your media source. In this example, we've extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
3. If you have multiple image indexes in the installation media, select **Extract a specific image index from install.wim...** and choose the image index you want from the dropdown menu. In this example, we've chosen **Windows 10 Enterprise**.
4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then click **Next**.
4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then select **Next**.
5. Next to **Name**, enter **Windows 10 x64 RTM** and then complete the wizard by clicking **Next** and **Close**.
6. Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
7. In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
8. View the content status for the Windows 10 x64 RTM upgrade package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
6. Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
7. In the Distribute Content Wizard, add the CM01 distribution point, select **Next** and select **Close**.
8. View the content status for the Windows 10 x64 RTM upgrade package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
## Create an in-place upgrade task sequence
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create Task Sequence**.
2. On the **Create a new task sequence** page, select **Upgrade an operating system from an upgrade package** and click **Next**.
3. Use the following settings to complete the wizard:
2. On the **Create a new task sequence** page, select **Upgrade an operating system from an upgrade package** and select **Next**.
3. Use the below settings to complete the wizard:
* Task sequence name: Upgrade Task Sequence
* Description: In-place upgrade
* Upgrade package: Windows 10 x64 RTM
* Include software updates: Do not install any software updates
* Include software updates: Don't install any software updates
* Install applications: OSD \ Adobe Acrobat Reader DC
4. Complete the wizard, and click **Close**.
4. Complete the wizard, and select **Close**.
5. Review the Upgrade Task Sequence.
![The upgrade task sequence.](../images/cm-upgrade-ts.png)
@ -74,13 +75,13 @@ The Configuration Manager upgrade task sequence
## Create a device collection
After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0004 computer running Windows 7 SP1, with the Configuration Manager client installed.
After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0004 computer running Windows 7 SP1, with the Configuration Manager client installed.
On **CM01**:
1. When you're using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
- General
- Name: Windows 10 x64 in-place upgrade
- Name: Windows 10 x64 in-place upgrade
- Limited Collection: All Systems
- Membership rules:
- Direct rule
@ -90,37 +91,37 @@ On **CM01**:
- Select Resources
- Select PC0004
2. Review the Windows 10 x64 in-place upgrade collection. Don't continue until you see PC0004 in the collection.
2. Review the Windows 10 x64 in-place upgrade collection. Don't continue until you see PC0004 in the collection.
## Deploy the Windows 10 upgrade
## Deploy the Windows 10 upgrade
In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
On **CM01**:
1. Using the Configuration Manager console, in the Software Library workspace, right-click the **Upgrade Task Sequence** task sequence, and then click **Deploy**.
2. On the **General** page, browse and select the **Windows 10 x64 in-place upgrade** collection, and then click **Next**.
3. On the **Content** page, click **Next**.
4. On the **Deployment Settings** page, click **Next**:
5. On the **Scheduling** page, accept the default settings, and then click **Next**.
6. On the **User Experience** page, accept the default settings, and then click **Next**.
7. On the **Alerts** page, accept the default settings, and then click **Next**.
7. On the **Distribution Points** page, accept the default settings, and then click **Next**.
8. On the **Summary** page, click **Next**, and then click **Close**.
1. Using the Configuration Manager console, in the Software Library workspace, right-click the **Upgrade Task Sequence** task sequence, and then select **Deploy**.
2. On the **General** page, browse and select the **Windows 10 x64 in-place upgrade** collection, and then select **Next**.
3. On the **Content** page, select **Next**.
4. On the **Deployment Settings** page, select **Next**:
5. On the **Scheduling** page, accept the default settings, and then select **Next**.
6. On the **User Experience** page, accept the default settings, and then select **Next**.
7. On the **Alerts** page, accept the default settings, and then select **Next**.
7. On the **Distribution Points** page, accept the default settings, and then select **Next**.
8. On the **Summary** page, select **Next**, and then select **Close**.
## Start the Windows 10 upgrade
## Start the Windows 10 upgrade
Next, run the in-place upgrade task sequence on PC0004.
On **PC0004**:
1. Open the Configuration Manager control panel (control smscfgrc).
2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
2. On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and then select **OK** in the popup dialog box that appears.
>[!NOTE]
>You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
3. Open the Software Center, select the **Upgrade Task Sequence** deployment and then click **Install**.
3. Open the Software Center, select the **Upgrade Task Sequence** deployment and then select **Install**.
4. Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
5. Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the install.wim file, perform an in-place upgrade, and install your added applications. See the following examples:
@ -132,7 +133,7 @@ On **PC0004**:
![Upgrade task sequence example 6.](../images/pc0004-f.png)<br>
![Upgrade task sequence example 7.](../images/pc0004-g.png)
## Related topics
## Related articles
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
[Configuration Manager Team blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/bg-p/ConfigurationManagerBlog)

21
windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
View File

@ -1,19 +1,20 @@
---
title: Assign applications using roles in MDT (Windows 10)
description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
description: This article will show you how to add applications to a role in the MDT database and then assign that role to a computer.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Assign applications using roles in MDT
This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this topic, the application we are adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
This article will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this article, the application we're adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
## <a href="" id="sec01"></a>Create and assign a role entry in the database
@ -40,9 +41,9 @@ Figure 13. The Standard PC role added to PC00075 (having ID 1 in the database).
## <a href="" id="sec03"></a>Verify database access in the MDT simulation environment
When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications are not installed, but you can see which applications would be installed if you did a full deployment of the computer.
When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications aren't installed, but you can see which applications would be installed if you did a full deployment of the computer.
1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
2. Modify the C:\\MDT\\CustomSettings.ini file to look like the following:
2. Modify the C:\\MDT\\CustomSettings.ini file to look like below:
```
[Settings]
@ -119,7 +120,7 @@ When the database is populated, you can use the MDT simulation environment to si
Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe Reader XI application that would have been installed if you deployed this machine.
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
<BR>[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
@ -127,6 +128,4 @@ Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe
<BR>[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
<BR>[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
<BR>[Use web services in MDT](use-web-services-in-mdt.md)
<BR>[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
 
 
<BR>[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)

75
windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
View File

@ -1,31 +1,32 @@
---
title: Build a distributed environment for Windows 10 deployment (Windows 10)
description: In this topic, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
description: In this article, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Build a distributed environment for Windows 10 deployment
**Applies to**
- Windows 10
- Windows 10
Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
Four computers are used in this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
Four computers are used in this article: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
![figure 1.](../images/mdt-10-fig01.png)
Computers used in this topic.
Computers used in this article.
>HV01 is also used in this topic to host the PC0006 virtual machine.
@ -42,7 +43,7 @@ LDS is a built-in feature in MDT for replicating content. However, LDS works bes
### Why DFS-R is a better option
DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your master deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your main deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
## Set up Distributed File System Replication (DFS-R) for replication
@ -111,7 +112,7 @@ On **MDT02**:
### Configure the deployment share
When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT that can be done by using the DefaultGateway property.
On **MDT01**:
@ -158,29 +159,29 @@ On **MDT01**:
### Create the replication group
6. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and click **New Replication Group**.
7. On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**.
8. On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**.
9. On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**.
6. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and select **New Replication Group**.
7. On the **Replication Group Type** page, select **Multipurpose replication group**, and select **Next**.
8. On the **Name and Domain** page, assign the **MDTProduction** name, and select **Next**.
9. On the **Replication Group Members** page, select **Add**, add **MDT01** and **MDT02**, and then select **Next**.
![figure 6.](../images/mdt-10-fig06.png)
Adding the Replication Group Members.
10. On the **Topology Selection** page, select the **Full mesh** option and click **Next**.
11. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**.
12. On the **Primary Member** page, select **MDT01** and click **Next**.
13. On the **Folders to Replicate** page, click **Add**, enter **D:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**.
14. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**.
15. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**.
16. On the **Review Settings and Create Replication Group** page, click **Create**.
17. On the **Confirmation** page, click **Close**.
10. On the **Topology Selection** page, select the **Full mesh** option and select **Next**.
11. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and select **Next**.
12. On the **Primary Member** page, select **MDT01** and select **Next**.
13. On the **Folders to Replicate** page, select **Add**, enter **D:\\MDTProduction** as the folder to replicate, select **OK**, and then select **Next**.
14. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and select **Edit**.
15. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, select **OK**, and then select **Next**.
16. On the **Review Settings and Create Replication Group** page, select **Create**.
17. On the **Confirmation** page, select **Close**.
### Configure replicated folders
18. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
19. In the middle pane, right-click the **MDT01** member and click **Properties**.
20. On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**:
19. In the middle pane, right-click the **MDT01** member and select **Properties**.
20. On the **MDT01 (MDTProduction) Properties** page, configure the following and then select **OK**:
1. In the **Staging** tab, set the quota to **20480 MB**.
2. In the **Advanced** tab, set the quota to **8192 MB**.
In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Below is a Windows PowerShell example that calculates the size of the 16 largest files in the D:\\MDTProduction deployment share:
@ -190,7 +191,7 @@ On **MDT01**:
```
21. In the middle pane, right-click the **MDT02** member and select **Properties**.
22. On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**:
22. On the **MDT02 (MDTProduction) Properties** page, configure the following and then select **OK**:
1. In the **Staging** tab, set the quota to **20480 MB**.
2. In the **Advanced** tab, set the quota to **8192 MB**.
@ -212,11 +213,11 @@ On **MDT02**:
1. Wait until you start to see content appear in the **D:\\MDTProduction** folder.
2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and click **Next**.
4. On the **Path and Name** page, accept the default settings and click **Next**.
5. On the **Members to Include** page, accept the default settings and click **Next**.
6. On the **Options** page, accept the default settings and click **Next**.
7. On the **Review Settings and Create Report** page, click **Create**.
3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and select **Next**.
4. On the **Path and Name** page, accept the default settings and select **Next**.
5. On the **Members to Include** page, accept the default settings and select **Next**.
6. On the **Options** page, accept the default settings and select **Next**.
7. On the **Review Settings and Create Report** page, select **Create**.
8. Open the report in Internet Explorer, and if necessary, select the **Allow blocked content** option.
![figure 9.](../images/mdt-10-fig09.png)
@ -227,13 +228,13 @@ The DFS Replication Health Report.
## Configure Windows Deployment Services (WDS) in a remote site
Like you did in the previous topic for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
Like you did in the previous article for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
1. On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
2. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
## Deploy a Windows 10 client to the remote site
## Deploy a Windows 10 client to the remote site
Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure.
Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure.
>For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the Boostrap.ini file.
@ -246,21 +247,21 @@ Now you should have a solution ready for deploying the Windows 10 client to the
6. Install an operating system from a network-based installation server
2. Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
2. Computer Name: PC0006
3. Applications: Select the Install - Adobe Reader
4. Setup will now start and perform the following steps:
1. Install the Windows 10 Enterprise operating system.
1. Install the Windows 10 Enterprise operating system.
2. Install applications.
3. Update the operating system using your local Windows Server Update Services (WSUS) server.
![pc0001.](../images/pc0006.png)
## Related topics
## Related articles
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
[Configure MDT settings](configure-mdt-settings.md)
[Configure MDT settings](configure-mdt-settings.md)

17
windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
View File

@ -2,18 +2,19 @@
title: Configure MDT deployment share rules (Windows 10)
description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Configure MDT deployment share rules
In this topic, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
In this article, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
## <a href="" id="sec01"></a>Assign settings
@ -30,7 +31,7 @@ Before adding the more advanced components like scripts, databases, and web serv
### Set computer name by MAC Address
If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. If you have many machines, it makes sense to use the database instead.
If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. When you have many machines, it makes sense to use the database instead.
```
[Settings]
@ -71,10 +72,10 @@ OSDComputerName=PC-%SerialNumber%
```
In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7.
**Note**  
**Note**
Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
 
### Generate a limited computer name based on a serial number
To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
@ -104,7 +105,7 @@ Subsection=Laptop-%IsLaptop%
MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com
```
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)

19
windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
View File

@ -1,19 +1,20 @@
---
title: Configure MDT for UserExit scripts (Windows 10)
description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
description: In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Configure MDT for UserExit scripts
In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
## Configure the rules to call a UserExit script
@ -28,7 +29,7 @@ UserExit=Setname.vbs
OSDComputerName=#SetName("%MACADDRESS%")#
```
The UserExit=Setname.vbs calls the script and then assigns the computer name to what the SetName function in the script returns. In this sample the %MACADDRESS% variable is passed to the script
The UserExit=Setname.vbs calls the script and then assigns the computer name to what the SetName function in the script returns. In this sample, the %MACADDRESS% variable is passed to the script
## The Setname.vbs UserExit script
@ -49,10 +50,10 @@ End Function
```
The first three lines of the script make up a header that all UserExit scripts have. The interesting part is the lines between Function and End Function. Those lines add a prefix (PC), remove the colons from the MAC Address, and return the value to the rules by setting the SetName value.
**Note**  
The purpose of this sample is not to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
>[!NOTE]
>The purpose of this sample isn't to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)

15
windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
View File

@ -3,23 +3,24 @@ title: Configure MDT settings (Windows 10)
description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization.
ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Configure MDT settings
One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
For the purposes of this topic, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this article, you learn about configuring customizations for your environment.
For the purposes of this article, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
![figure 1.](../images/mdt-09-fig01.png)
The computers used in this topic.
The computers used in this article.
## In this section
@ -32,7 +33,7 @@ The computers used in this topic.
- [Use web services in MDT](use-web-services-in-mdt.md)
- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
## Related topics
## Related articles
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>

116
windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
View File

@ -2,33 +2,34 @@
title: Create a Windows 10 reference image (Windows 10)
description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Create a Windows 10 reference image
**Applies to**
- Windows 10
- Windows 10
Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you 'll have a Windows 10 reference image that can be used in your deployment solution.
Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this article, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this article, you 'll have a Windows 10 reference image that can be used in your deployment solution.
>[!NOTE]
>For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
For the purposes of this topic, we'll use three computers: DC01, MDT01, and HV01.
For the purposes of this article, we'll use three computers: DC01, MDT01, and HV01.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is a contoso.com domain member server.
- HV01 is a Hyper-V server that will be used to build the reference image.
![devices.](../images/mdt-08-fig01.png)
Computers used in this topic.
Computers used in this article.
## The reference image
@ -40,21 +41,21 @@ The reference image described in this guide is designed primarily for deployment
## Set up the MDT build lab deployment share
With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
### Create the MDT build lab deployment share
On **MDT01**:
- Sign in as contoso\\administrator using a password of <b>pass@word1</b> (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) topic).
- Sign in as contoso\\administrator using a password of <b>pass@word1</b> (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) article).
- Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
- Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
- Use the following settings for the New Deployment Share Wizard:
- Deployment share path: **D:\\MDTBuildLab**
- Share name: **MDTBuildLab$**
- Deployment share description: **MDT Build Lab**
- Accept the default selections on the Options page and click **Next**.
- Review the Summary page, click **Next**, wait for the deployment share to be created, then click **Finish**.
- Accept the default selections on the Options page and select **Next**.
- Review the Summary page, select **Next**, wait for the deployment share to be created, then select **Finish**.
- Verify that you can access the <b>\\\\MDT01\\MDTBuildLab$</b> share.
![figure 2.](../images/mdt-08-fig02.png)
@ -63,7 +64,7 @@ On **MDT01**:
### Enable monitoring
To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, click **Properties**, click the **Monitoring** tab, and select **Enable monitoring for this deployment share**. This step is optional.
To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, select **Properties**, select the **Monitoring** tab, and select **Enable monitoring for this deployment share**. This step is optional.
### Configure permissions for the deployment share
@ -81,20 +82,20 @@ On **MDT01**:
## Add setup files
This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
### Add the Windows 10 installation files
### Add the Windows 10 installation files
MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
>[!NOTE]
>Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
>Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
### Add Windows 10 Enterprise x64 (full source)
### Add Windows 10 Enterprise x64 (full source)
On **MDT01**:
1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
![ISO.](../images/iso-data.png)
@ -112,16 +113,16 @@ On **MDT01**:
## Add applications
Before you create an MDT task sequence, you need to add any applications and scripts you wish to install to the MDT Build Lab share.
Before you create an MDT task sequence, you need to add applications and scripts you wish to install to the MDT Build Lab share.
On **MDT01**:
First, create an MDT folder to store the Microsoft applications that will be installed:
1. In the MDT Deployment Workbench, expand **Deployment Shares \\ MDT Build Lab \\ Applications**
2. Right-click **Applications** and then click **New Folder**.
2. Right-click **Applications** and then select **New Folder**.
3. Under **Folder name**, type **Microsoft**.
4. Click **Next** twice, and then click **Finish**.
4. Select **Next** twice, and then select **Finish**.
The steps in this section use a strict naming standard for your MDT applications.
- Use the "<b>Install - </b>" prefix for typical application installations that run a setup installer of some kind,
@ -147,7 +148,8 @@ Download links:
Download all three items in this list to the D:\\Downloads folder on MDT01.
**Note**: For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
>[!NOTE]
>For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder, and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
>[!NOTE]
>All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
@ -162,7 +164,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
> [!NOTE]
> 64-bit is now the default and recommended edition.
- Use the General Availability Channel and get updates directly from the Office CDN on the internet.
- Perform a silent installation. You wont see anything that shows the progress of the installation and you wont see any error messages.
- Perform a silent installation. You won't see anything that shows the progress of the installation and you won't see any error messages.
```xml
<Configuration>
@ -176,7 +178,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
</Configuration>
```
When you use these settings, any time you build the reference image youll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
When you use these settings, anytime you build the reference image you'll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
>[!TIP]
>You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
@ -193,14 +195,14 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
>After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you're prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
Additional information
- Microsoft 365 Apps for enterprise is updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel youre using). That means that once youve deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
- Microsoft 365 Apps for enterprise is updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you're using). That means that once you've deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
- **Note**: With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the users device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and wont have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
- When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, youll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, youll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
- **Note**: With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user's device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won't have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
- When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, you'll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, you'll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
### Connect to the deployment share using Windows PowerShell
If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive).
If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in, and then make the deployment share a PowerShell drive (PSDrive).
On **MDT01**:
@ -294,16 +296,16 @@ On **MDT01**:
## Create the reference image task sequence
In order to build and capture your Windows 10 reference image for deployment using MDT, you 'll create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
In order to build and capture your Windows 10 reference image for deployment using MDT, you 'll create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you're deploying.
### Drivers and the reference image
Because we use modern virtual platforms for creating our reference images, we dont need to worry about drivers when creating reference images for Windows 10. We use Hyper-V in our environment, and Windows Preinstallation Environment (Windows PE) already has all the needed drivers built-in for Hyper-V.
Because we use modern virtual platforms for creating our reference images, we don't need to worry about drivers when creating reference images for Windows 10. We use Hyper-V in our environment, and Windows Preinstallation Environment (Windows PE) already has all the needed drivers built-in for Hyper-V.
### Create a task sequence for Windows 10 Enterprise
To create a Windows 10 reference image task sequence, the process is as follows:
To create a Windows 10 reference image task sequence, the process is as follows:
On **MDT01**:
@ -320,18 +322,18 @@ On **MDT01**:
9. Internet Explorer home page: http://www.contoso.com
10. Admin Password: Don't specify an Administrator Password at this time
### Edit the Windows 10 task sequence
### Edit the Windows 10 task sequence
The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office365 ProPlus x64.
The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office365 ProPlus x64.
On **MDT01**:
1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
1. **State Restore > Windows Update (Pre-Application Installation)** action: Enable this action by clicking the **Options** tab and clearing the **Disable this step** check box.
2. **State Restore > Windows Update (Post-Application Installation)** action: Also enable this action.
3. **State Restore**: After the **Tattoo** action, add a new **Group** action (click **Add** then click **New Group**) with the following setting:
3. **State Restore**: After the **Tattoo** action, add a new **Group** action (select **Add** then select **New Group**) with the following setting:
- Name: **Custom Tasks (Pre-Windows Update)**
4. **State Restore**: After **Windows Update (Post-Application Installation)** action, rename **Custom Tasks** to **Custom Tasks (Post-Windows Update)**.
- **Note**: The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
@ -351,14 +353,14 @@ On **MDT01**:
1. Name: Microsoft Visual C++ Redistributable 2019 - x86
2. Install a Single Application: browse to **Install - MSVC 2019 - x86**
7. Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Microsoft 365 Apps for enterprise as well.
3. Click **OK**.
3. Select **OK**.
![apps.](../images/mdt-apps.png)
### Optional configuration: Add a suspend action
The goal when creating a reference image is to automate everything. But sometimes you've a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you click the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
The goal when creating a reference image is to automate everything. But sometimes you've a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you select the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
![figure 8.](../images/fig8-suspend.png)
@ -368,22 +370,22 @@ The goal when creating a reference image is to automate everything. But sometime
The Windows 10 desktop with the Resume Task Sequence shortcut.
### Edit the Unattend.xml file for Windows 10 Enterprise
### Edit the Unattend.xml file for Windows 10 Enterprise
When using MDT, you don't need to edit the Unattend.xml file often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you 'll want to use the Internet Explorer Administration Kit (IEAK).
When using MDT, you don't need to edit the Unattend.xml file often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you 'll want to use the Internet Explorer Administration Kit (IEAK).
>[!WARNING]
>Don't use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
>[!NOTE]
>You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
>You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
On **MDT01**:
1. When you're using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This file generation process will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
2. In the **OS Info** tab, select **Edit Unattend.xml**. MDT now generates a catalog file. This file generation process will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
> [!IMPORTANT]
> The ADK version 1903 has a [known issue](/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
@ -398,7 +400,7 @@ On **MDT01**:
5. Save the Unattend.xml file, and close Windows SIM.
> [!NOTE]
> If errors are reported that certain display values are incorrect, you can ignore this message or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
6. On the Windows 10 Enterprise x64 RTM Default Image Properties, click **OK**.
6. On the Windows 10 Enterprise x64 RTM Default Image Properties, select **OK**.
![figure 10.](../images/fig10-unattend.png)
@ -410,7 +412,7 @@ Understanding rules is critical to successfully using MDT. Rules are configured
### MDT deployment share rules overview
In MDT, there are always two rule files: the **CustomSettings.ini** file and the **Bootstrap.ini** file. You can add almost any rule to either. However, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file. For this reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK.
In MDT, there are always two rule files: the **CustomSettings.ini** file and the **Bootstrap.ini** file. You can add almost any rule to either. However, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file. For this reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you select OK.
To configure the rules for the MDT Build Lab deployment share:
@ -457,7 +459,7 @@ On **MDT01**:
The server-side rules for the MDT Build Lab deployment share.
3. Click **Edit Bootstrap.ini** and modify using the following information:
3. Select **Edit Bootstrap.ini** and modify using the following information:
```
[Settings]
@ -483,7 +485,7 @@ On **MDT01**:
7. In the **Lite Touch Boot Image Settings** area, configure the following settings:
1. Image description: MDT Build Lab x64
2. ISO file name: MDT Build Lab x64.iso
8. Click **OK**.
8. Select **OK**.
>[!NOTE]
>In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
@ -581,7 +583,8 @@ SkipFinalSummary=YES
- **AdminPassword.** Sets the local Administrator account password.
- **TimeZoneName.** Establishes the time zone to use. Don't confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).
**Note**: The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
>[!NOTE]
>The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
- **JoinWorkgroup.** Configures Windows to join a workgroup.
- **HideShell.** Hides the Windows Shell during deployment. This hide-operation is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
@ -602,7 +605,7 @@ SkipFinalSummary=YES
- **SkipSummary.** Skips the initial Windows Deployment Wizard summary pane.
- **SkipRoles.** Skips the Install Roles and Features pane.
- **SkipCapture.** Skips the Capture pane.
- **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to click OK before the machine shuts down.
- **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to select OK before the machine shuts down.
## Build the Windows 10 reference image
@ -614,7 +617,8 @@ The steps below outline the process used to boot a virtual machine using an ISO
1. Copy D:\\MDTBuildLab\\Boot\\MDT Build Lab x86.iso on MDT01 to C:\\ISO on your Hyper-V host (HV01).
**Note**: Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
>[!NOTE]
>Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
On **HV01**:
@ -628,11 +632,13 @@ On **HV01**:
8. Install OS with image file: C:\\ISO\\MDT Build Lab x86.iso
1. Before you start the VM, add a checkpoint for REFW10X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
**Note**: Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
>[!NOTE]
>Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
4. Start the REFW10X64-001 virtual machine and connect to it.
**Note**: Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers. You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
>[!NOTE]
>Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers. You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
@ -653,7 +659,7 @@ On **HV01**:
6. Captures the installation to a Windows Imaging (WIM) file.
7. Turns off the virtual machine.
After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
![image.](../images/image-captured.png)
@ -668,9 +674,9 @@ If you [enabled monitoring](#enable-monitoring), you can check the progress of t
If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log. From the command line in Windows PE, you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$.
After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
## Related topics
## Related articles
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>

83
windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
View File

@ -1,33 +1,34 @@
---
title: Deploy a Windows 10 image using MDT (Windows 10)
description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
description: This article will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.collection:
- highpri
ms.date: 10/28/2022
---
# Deploy a Windows 10 image using MDT
**Applies to**
- Windows 10
- Windows 10
This topic will show you how to take your reference image for Windows 10 (that was [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
This article will show you how to take your reference image for Windows 10 (that was [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
We'll prepare for this deployment by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We'll configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.
For the purposes of this topic, we'll use four computers: DC01, MDT01, HV01 and PC0005.
For the purposes of this article, we'll use four computers: DC01, MDT01, HV01 and PC0005.
- DC01 is a domain controller
- MDT01 is a domain member server
- HV01 is a Hyper-V server
- PC0005 is a blank device to which we'll deploy Windows 10
- PC0005 is a blank device to which we'll deploy Windows 10
MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation. HV01 used to test deployment of PC0005 in a virtual environment.
@ -38,7 +39,7 @@ MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contos
## Step 1: Configure Active Directory permissions
These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you've The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you've The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
On **DC01**:
@ -85,13 +86,13 @@ The steps for creating the deployment share for production are the same as when
1. Ensure you're signed on as: contoso\administrator.
2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and select **Next**.
4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and select **Next**.
5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and select **Next**.
6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
6. On the **Options** page, accept the default settings and select **Next** twice, and then select **Finish**.
7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
### Configure permissions for the production deployment share
@ -110,22 +111,22 @@ On **MDT01**:
## Step 3: Add a custom image
The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores other components in the Sources\\SxS folder that is outside the image and may be required when installing components.
The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores other components in the Sources\\SxS folder that is outside the image and may be required when installing components.
### Add the Windows 10 Enterprise x64 RTM custom image
### Add the Windows 10 Enterprise x64 RTM custom image
In these steps, we assume that you've completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you've a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
In these steps, we assume that you've completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) article, so you've a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
1. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**.
2. Right-click the **Windows 10** folder and select **Import Operating System**.
3. On the **OS Type** page, select **Custom image file** and click **Next**.
3. On the **OS Type** page, select **Custom image file** and select **Next**.
4. On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and click **Next**.
4. On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and select **Next**.
5. On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and click **Next**.
5. On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and select **Next**.
6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**.
6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, select **Next** twice, and then select **Finish**.
7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**.
>[!NOTE]
@ -142,22 +143,22 @@ When you configure your MDT Build Lab deployment share, you can also add applica
On **MDT01**:
1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100520060_en_US.exe) to **D:\\setup\\adobe** on MDT01.
2. Extract the .exe file that you downloaded to a .msi (ex: .\AcroRdrDC2100520060_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2200320263_en_US.exe) to **D:\\setup\\adobe** on MDT01.
2. Extract the .exe file that you downloaded to a .msi (ex: .\AcroRdrDC2200320263_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
4. Right-click the **Applications** node, and create a new folder named **Adobe**.
5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**.
6. On the **Application Type** page, select the **Application with source files** option and click **Next**.
6. On the **Application Type** page, select the **Application with source files** option and select **Next**.
7. On the **Details** page, in the **Application Name** text box, type **Install - Adobe Reader** and click *Next**.
7. On the **Details** page, in the **Application Name** text box, type **Install - Adobe Reader** and select *Next**.
8. On the **Source** page, in the **Source Directory** text box, browse to **D:\\setup\\adobe\\install** and click **Next**.
8. On the **Source** page, in the **Source Directory** text box, browse to **D:\\setup\\adobe\\install** and select **Next**.
9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and click **Next**.
9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and select **Next**.
10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, click **Next** twice, and then click **Finish**.
10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, select **Next** twice, and then select **Finish**.
![acroread image.](../images/acroread.png)
@ -165,7 +166,7 @@ On **MDT01**:
## Step 5: Prepare the drivers repository
In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
- Lenovo ThinkPad T420
- Dell Latitude 7390
- HP EliteBook 8560w
@ -250,12 +251,12 @@ On **MDT01**:
2. In the New Selection Profile Wizard, create a selection profile with the following settings:
1. Selection Profile name: WinPE x86
2. Folders: Select the WinPE x86 folder in Out-of-Box Drivers.
3. Click **Next**, **Next** and **Finish**.
3. Select **Next**, **Next** and **Finish**.
3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**.
4. In the New Selection Profile Wizard, create a selection profile with the following settings:
1. Selection Profile name: WinPE x64
2. Folders: Select the WinPE x64 folder in Out-of-Box Drivers.
3. Click **Next**, **Next** and **Finish**.
3. Select **Next**, **Next** and **Finish**.
![figure 5.](../images/fig5-selectprofile.png)
@ -381,7 +382,7 @@ On **MDT01**:
4. State Restore. Enable the **Windows Update (Post-Application Installation)** action.
3. Click **OK**.
3. Select **OK**.
![drivergroup.](../images/fig6-taskseq.png)
@ -438,7 +439,7 @@ On **MDT01**:
SkipFinalSummary=NO
```
3. Click **Edit Bootstrap.ini** and modify using the following information:
3. Select **Edit Bootstrap.ini** and modify using the following information:
```
[Settings]
@ -480,7 +481,7 @@ On **MDT01**:
10. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box.
11. Click **OK**.
11. Select **OK**.
>[!NOTE]
>It will take a while for the Deployment Workbench to create the monitoring database and web service.
@ -607,7 +608,7 @@ On **MDT01**:
9. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
10. Click **OK**.
10. Select **OK**.
### Update the deployment share
@ -640,9 +641,9 @@ On **MDT01**:
The boot image added to the WDS console.
### Deploy the Windows 10 client
### Deploy the Windows 10 client
At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you're confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. These tests help rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you're confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. These tests help rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
On **HV01**:
@ -721,7 +722,7 @@ Setting up MDT for multicast is straightforward. You enable multicast on the dep
On **MDT01**:
1. In the Deployment Workbench, right-click the **MDT Production** deployment share folder and select **Properties**.
2. On the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and click **OK**.
2. On the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and select **OK**.
3. Right-click the **MDT Production** deployment share folder and select **Update Deployment Share**.
4. After updating the deployment share, use the Windows Deployment Services console to, verify that the multicast namespace was created.
@ -729,9 +730,9 @@ On **MDT01**:
The newly created multicast namespace.
## Use offline media to deploy Windows 10
## Use offline media to deploy Windows 10
In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can easily generate an offline version of your deployment share - either the full deployment share or a subset of it - by using selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can easily generate an offline version of your deployment share - either the full deployment share or a subset of it - by using selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
Offline media are useful not only when you don't have network connectivity to the deployment share, but also when you've limited connection to the deployment share and don't want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.
@ -796,7 +797,7 @@ On **MDT01**:
6. On the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
7. Click **OK**.
7. Select **OK**.
### Generate the offline media
@ -837,7 +838,7 @@ As referenced in [Windows 10 deployment scenarios and tools](../windows-deployme
The partitions when deploying an UEFI-based machine.
## Related topics
## Related articles
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>

33
windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
View File

@ -1,22 +1,23 @@
---
title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
description: This article will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.collection:
- highpri
ms.date: 10/28/2022
---
# Get started with MDT
**Applies to**
- Windows 10
- Windows 10
This article provides an overview of the features, components, and capabilities of the [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/). When you have finished reviewing this information, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@ -26,7 +27,7 @@ MDT is a unified collection of tools, processes, and guidance for automating des
In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) with more guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](/configmgr/).
MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Configuration Manager](/configmgr/).
> [!IMPORTANT]
> For more information about MDT supported platforms, see [MDT Release Notes](/mem/configmgr/mdt/release-notes#supported-platforms) and [MDT FAQ](/mem/configmgr/mdt/faq#is-this-release-only-supported-with-version--x--of-windows-client--windows-adk--or-configuration-manager-).
@ -36,8 +37,8 @@ MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Wi
MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it's considered fundamental to Windows operating system and enterprise application deployment.
MDT has many useful features, such as:
- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
- **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), and Windows 8.1 Embedded Industry.
- **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
- **GPT support.** Supports deployment to machines that require the new GPT partition table format. This feature is related to UEFI.
@ -66,19 +67,19 @@ MDT has many useful features, such as:
- **Microsoft System Center Orchestrator integration.** Provides the capability to use Orchestrator runbooks as part of the task sequence.
- **Support for DaRT.** Supports optional integration of the DaRT components into the boot image.
- **Support for Microsoft Office.** Provides added support for deploying Microsoft Office.
- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
- **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
## MDT Lite Touch components
Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disk.
Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disk.
When the Windows operating system is being deployed using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click **View Script**. You're provided the PowerShell command.
When the Windows operating system is being deployed using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, select **View Script**. You're provided the PowerShell command.
![figure 4.](../images/mdt-05-fig04.png)
If you click **View Script** on the right side, you'll get the PowerShell code that was used to perform the task.
If you select **View Script** on the right side, you'll get the PowerShell code that was used to perform the task.
## Deployment shares
@ -104,7 +105,7 @@ share on the server and start the deployment.
## Operating systems
Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you've created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you've created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
## Applications
@ -145,7 +146,7 @@ MDT comes with nine default task sequence templates. You can also create your ow
- **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Useful for server deployments but not often used for client deployments.
- **Deploy to VHD Client task sequence.** Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
- **Deploy to VHD Server task sequence.** Same as the Deploy to VHD Client task sequence but for servers.
- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
## Selection profiles
@ -160,7 +161,7 @@ Selection profiles, which are available in the Advanced Configuration node, prov
MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
**Note**  
**Note**
The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
## Monitoring

45
windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
View File

@ -1,16 +1,17 @@
---
title: Prepare for deployment with MDT (Windows 10)
description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
description: This article will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.collection:
- highpri
ms.date: 10/28/2022
---
# Prepare for deployment with MDT
@ -26,12 +27,12 @@ The procedures in this guide use the following names and infrastructure.
### Network and servers
For the purposes of this topic, we will use three server computers: **DC01**, **MDT01**, and **HV01**.
For the purposes of this article, we'll use three server computers: **DC01**, **MDT01**, and **HV01**.
- All servers are running Windows Server 2019.
- You can use an earlier version of Windows Server with minor modifications to some procedures.
- Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is required to perform the procedures in this guide.
- **DC01** is a domain controller, DHCP server, and DNS server for <b>contoso.com</b>, representing the fictitious Contoso Corporation.
- **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
- **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200 GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
- A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-10-deployment.md) for Windows 10 deployment. This server is located on a different subnet than MDT01 and has a different default gateway.
- **HV01** is a Hyper-V host computer that is used to build a Windows 10 reference image.
- See [Hyper-V requirements](#hyper-v-requirements) below for more information about HV01.
@ -40,25 +41,25 @@ For the purposes of this topic, we will use three server computers: **DC01**, **
Several client computers are referenced in this guide with hostnames of PC0001 to PC0007.
- **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
- **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
- Client name: PC0001
- IP Address: DHCP
- **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
- **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
- Client name: PC0002
- IP Address: DHCP
- **PC0003 - PC0007**: These are other client computers similar to PC0001 and PC0002 that are used in this guide and another guide for various scenarios. The device names are incremented for clarity within each scenario. For example, PC0003 and PC0004 are running Windows 7 just like PC0002, but are used for Configuration Manager refresh and replace scenarios, respectively.
### Storage requirements
MDT01 and HV01 should have the ability to store up to 200 GB of files on a data drive (D:). If you use a computer with a single system partition (C:), you will need to adjust some procedures in this guide to specify the C: drive instead of the D: drive.
MDT01 and HV01 should have the ability to store up to 200 GB of files on a data drive (D:). If you use a computer with a single system partition (C:), you'll need to adjust some procedures in this guide to specify the C: drive instead of the D: drive.
### Hyper-V requirements
If you do not have access to a Hyper-V server, you can install Hyper-V on a Windows 10 or Windows 8.1 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](../windows-10-poc.md#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
If you don't have access to a Hyper-V server, you can install Hyper-V on a Windows 10 or Windows 8.1 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](../windows-10-poc.md#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
### Network requirements
All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
All server and client computers referenced in this guide are on the same subnet. This isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
### Domain credentials
@ -80,20 +81,20 @@ These steps assume that you have the MDT01 member server running and configured
On **MDT01**:
Visit the [Download and install the Windows ADK](/windows-hardware/get-started/adk-install) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you will need to create this folder):
Visit the [Download and install the Windows ADK](/windows-hardware/get-started/adk-install) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you'll need to create this folder):
- [The Windows ADK for Windows 10](https://go.microsoft.com/fwlink/?linkid=2086042)
- [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2087112)
- [The Windows System Image Manager (WSIM) 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334)
- (Optional) [The MDT_KB4564442 patch for BIOS firmware](https://download.microsoft.com/download/3/0/6/306AC1B2-59BE-43B8-8C65-E141EF287A5E/KB4564442/MDT_KB4564442.exe)
- This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines. If you have a UEFI deployment, you do not need this patch.
- This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines. If you have a UEFI deployment, you don't need this patch.
>[!TIP]
>You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties).
1. On **MDT01**, ensure that you are signed in as an administrator in the CONTOSO domain.
- For the purposes of this guide, we are using a Domain Admin account of **administrator** with a password of <b>pass@word1</b>. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page click **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
1. On **MDT01**, ensure that you're signed in as an administrator in the CONTOSO domain.
- For the purposes of this guide, we're using a Domain Admin account of **administrator** with a password of <b>pass@word1</b>. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), select **Next** twice to accept the default installation parameters, select **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), select **Next** twice to accept the default installation parameters, select **Accept** to accept the license agreement, and then on the **Select the features you want to install** page select **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
4. Extract the **WSIM 1903 update** (D:\\Downloads\ADK\\WSIM1903.zip) and then run the **UpdateWSIM.bat** file.
- You can confirm that the update is applied by viewing properties of the ImageCat.exe and ImgMgr.exe files at **C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM** and verifying that the **Details** tab displays a **File version** of **10.0.18362.144** or later.
5. If you downloaded the optional MDT_KB4564442 patch for BIOS based deployment, see [this support article](https://support.microsoft.com/en-us/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) for instructions on how to install the patch.
@ -133,7 +134,7 @@ To install WSUS on MDT01, enter the following at an elevated Windows PowerShell
On **MDT01**:
1. Visit the [MDT resource page](/mem/configmgr/mdt/) and click **Download MDT**.
1. Visit the [MDT resource page](/mem/configmgr/mdt/) and select **Download MDT**.
2. Save the **MicrosoftDeploymentToolkit_x64.msi** file to the D:\\Downloads\\MDT folder on MDT01.
- **Note**: As of the publishing date for this guide, the current version of MDT is 8456 (6.3.8456.1000), but a later version will also work.
3. Install **MDT** (D:\\Downloads\\MDT\\MicrosoftDeploymentToolkit_x64.exe) with the default settings.
@ -160,7 +161,7 @@ Workstations,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
Security Groups,"OU=Groups,OU=Contoso,DC=CONTOSO,DC=COM"
```
Next, copy the following commands into a file and save it as `~\Setup\Scripts\ou.ps1`. Be sure that you are viewing file extensions and that you save the file with the `.ps1` extension.
Next, copy the following commands into a file and save it as `~\Setup\Scripts\ou.ps1`. Be sure that you're viewing file extensions and that you save the file with the `.ps1` extension.
```powershell
Import-CSV -Path $home\Setup\Scripts\oulist.csv | ForEach-Object {
@ -215,7 +216,7 @@ If you have the Active Directory Users and Computers console open you can refres
## Create and share the logs folder
By default MDT stores the log files locally on the client. In order to capture a reference image, you will need to enable server-side logging and, to do that, you will need to have a folder in which to store the logs. For more information, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
By default MDT stores the log files locally on the client. In order to capture a reference image, you'll need to enable server-side logging and, to do that, you'll need to have a folder in which to store the logs. For more information, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
On **MDT01**:
@ -247,12 +248,12 @@ After installing the ConfigMgrTools.msi file, you can search for **cmtrace** and
## Next steps
When you have completed all the steps in this section to prepare for deployment, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
When you've completed all the steps in this section to prepare for deployment, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
## Appendix
**Sample files**
The following sample files are also available to help automate some MDT deployment tasks. This guide does not use these files, but they are made available here so you can see how some tasks can be automated with Windows PowerShell.
The following sample files are also available to help automate some MDT deployment tasks. This guide doesn't use these files, but they're made available here so you can see how some tasks can be automated with Windows PowerShell.
- [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.

41
windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
View File

@ -1,39 +1,40 @@
---
title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
description: This article will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Refresh a Windows 7 computer with Windows 10
**Applies to**
- Windows 10
- Windows 10
This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
This article will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
For the purposes of this topic, we'll use three computers: DC01, MDT01, and PC0001.
For the purposes of this article, we'll use three computers: DC01, MDT01, and PC0001.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more information on the setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
![computers.](../images/mdt-04-fig01.png "Computers used in this topic")
The computers used in this topic.
The computers used in this article.
## The computer refresh process
A computer refresh isn't the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will:
For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will:
1. Back up data and settings locally, in a backup folder.
2. Wipe the partition, except for the backup folder.
@ -41,7 +42,7 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w
4. Install other applications.
5. Restore data and settings.
During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's a lot of data.
During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's many files.
>[!NOTE]
>In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
@ -61,19 +62,19 @@ In addition to the command-line switches that control which profiles to migrate,
### Multicast
Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You'll need to update the deployment share after changing this setting.
Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment there are only a few computers. You'll need to update the deployment share after changing this setting.
## Refresh a Windows 7 SP1 client
## Refresh a Windows 7 SP1 client
In this section, we assume that you've already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
In this section, we assume that you've already performed the prerequisite procedures in the following articles, so that you have a deployment share named **MDTProduction$** on MDT01:
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
It's also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10. For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
### Upgrade (refresh) a Windows 7 SP1 client
### Upgrade (refresh) a Windows 7 SP1 client
>[!IMPORTANT]
>Domain join details [specified in the deployment share rules](deploy-a-windows-10-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process. If the Windows 7 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-10-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in Contoso > Computers > Workstations. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer.
@ -83,14 +84,14 @@ It is also assumed that you have a domain member client computer named PC0001 in
* Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
* Computer name: &lt;default&gt;
* Specify where to save a complete computer backup: Do not back up the existing computer
* Specify where to save a complete computer backup: Don't back up the existing computer
>[!NOTE]
>Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
* Select one or more applications to install: Install - Adobe Reader
![Computer refresh.](../images/fig2-taskseq.png "Start the computer refresh")
4. Setup starts and does the following:
4. Setup starts and performs the following actions:
* Backs up user settings and data using USMT.
* Installs the Windows 10 Enterprise x64 operating system.
@ -104,7 +105,7 @@ It is also assumed that you have a domain member client computer named PC0001 in
6. After the refresh process completes, sign in to the Windows 10 computer and verify that user accounts, data and settings were migrated.
## Related topics
## Related articles
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)<br>

35
windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
View File

@ -3,33 +3,34 @@ title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
description: In this article, you'll learn how to replace a Windows 7 device with a Windows 10 device.
ms.custom: seo-marvel-apr2020
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Replace a Windows 7 computer with a Windows 10 computer
**Applies to**
- Windows 10
- Windows 10
A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings.
For the purposes of this topic, we'll use four computers: DC01, MDT01, PC0002, and PC0007.
For the purposes of this article, we'll use four computers: DC01, MDT01, PC0002, and PC0007.
- DC01 is a domain controller for the contoso.com domain.
- MDT01 is domain member server that hosts your deployment share.
- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007.
- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007.
- PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
For more details on the setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
![The computers used in this topic.](../images/mdt-03-fig01.png)
The computers used in this topic.
The computers used in this article.
>HV01 is also used in this topic to host the PC0007 virtual machine for demonstration purposes, however typically PC0007 is a physical computer.
@ -63,7 +64,7 @@ On **MDT01**:
* Task sequence ID: REPLACE-001
* Task sequence name: Backup Only Task Sequence
* Task sequence comments: Run USMT to backup user data and settings
* Task sequence comments: Run USMT to back up user data and settings
* Template: Standard Client Replace Task Sequence
4. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions.
@ -74,7 +75,7 @@ On **MDT01**:
## Perform the computer replace
During a computer replace, these are the high-level steps that occur:
During a computer replace, the following are the high-level steps that occur:
1. On the computer you're replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
2. On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
@ -94,7 +95,7 @@ On **PC0002**:
>[!NOTE]
>If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
2. Specify where to save a complete computer backup: Do not back up the existing computer
2. Specify where to save a complete computer backup: Don't back up the existing computer
The task sequence will now run USMT (Scanstate.exe) to capture user data and settings of the computer.
@ -102,7 +103,7 @@ On **PC0002**:
The new task sequence running the Capture User State action on PC0002.
4. On **MDT01**, verify that you have an USMT.MIG compressed backup file in the **D:\\MigData\\PC0002\\USMT** folder.
4. On **MDT01**, verify that you have a USMT.MIG compressed backup file in the **D:\\MigData\\PC0002\\USMT** folder.
![The USMT backup.](../images/mdt-03-fig04.png "The USMT backup")
@ -134,14 +135,14 @@ On **HV01**:
* Select a task sequence to execute on this computer:
* Windows 10 Enterprise x64 RTM Custom Image
* Computer Name: PC0007
* Move Data and Settings: Do not move user data and settings.
* Move Data and Settings: Don't move user data and settings.
* User Data (Restore) > Specify a location: \\\\MDT01\\MigData$\\PC0002
* Applications: Adobe > Install - Adobe Reader
4. Setup now starts and does the following:
4. Setup now starts and does the following actions:
* Partitions and formats the disk.
* Installs the Windows 10 Enterprise operating system.
* Installs the Windows 10 Enterprise operating system.
* Installs the application.
* Updates the operating system via your local Windows Server Update Services (WSUS) server.
* Restores the USMT backup from PC0002.
@ -150,7 +151,7 @@ You can view progress of the process by clicking the Monitoring node in the Depl
![Monitor progress.](../images/mdt-replace.png)
## Related topics
## Related articles
[Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>

43
windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
View File

@ -1,25 +1,26 @@
---
title: Set up MDT for BitLocker (Windows 10)
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-mar2020
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Set up MDT for BitLocker
This topic will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
This article will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
- A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you can also use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
- Multiple partitions on the hard drive.
To configure your environment for BitLocker, you will need to do the following:
To configure your environment for BitLocker, you'll need to do the following actions:
1. Configure Active Directory for BitLocker.
2. Download the various BitLocker scripts and tools.
@ -33,11 +34,11 @@ If you have access to Microsoft BitLocker Administration and Monitoring (MBAM),
> [!NOTE]
> Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511.
For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
For the purposes of this article, we'll use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
## Configure Active Directory for BitLocker
To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we're running Windows Server 2012 R2, so you don't need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
> [!NOTE]
> Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.
@ -52,16 +53,16 @@ The BitLocker Recovery information on a computer object in the contoso.com domai
The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):
1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, click **Add roles and features**.
2. On the **Before you begin** page, click **Next**.
3. On the **Select installation type** page, select **Role-based or feature-based installation**, and click **Next**.
4. On the **Select destination server** page, select **DC01.contoso.com** and click **Next**.
5. On the **Select server roles** page, click **Next**.
6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then click **Next**:
1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, select **Add roles and features**.
2. On the **Before you begin** page, select **Next**.
3. On the **Select installation type** page, select **Role-based or feature-based installation**, and select **Next**.
4. On the **Select destination server** page, select **DC01.contoso.com** and select **Next**.
5. On the **Select server roles** page, select **Next**.
6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then select **Next**:
1. BitLocker Drive Encryption Administration Utilities
2. BitLocker Drive Encryption Tools
3. BitLocker Recovery Password Viewer
7. On the **Confirm installation selections** page, click **Install**, and then click **Close**.
7. On the **Confirm installation selections** page, select **Install**, and then select **Close**.
![figure 3.](../images/mdt-09-fig03.png)
@ -78,7 +79,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
1. Enable the **Choose how BitLocker-protected operating system drives can be recovered** policy, and configure the following settings:
1. Allow data recovery agent (default)
2. Save BitLocker recovery information to Active Directory Domain Services (default)
3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives
3. Don't enable BitLocker until recovery information is stored in AD DS for operating system drives
2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
@ -87,7 +88,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
### Set permissions in Active Directory for BitLocker
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://raw.githubusercontent.com/DeploymentArtist/DF4/master/BitLocker%20and%20TPM/Add-TPMSelfWriteACE.vbs) to C:\\Setup\\Scripts on DC01.
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you've downloaded the [Add-TPMSelfWriteACE.vbs script](https://raw.githubusercontent.com/DeploymentArtist/DF4/master/BitLocker%20and%20TPM/Add-TPMSelfWriteACE.vbs) to C:\\Setup\\Scripts on DC01.
1. On DC01, start an elevated PowerShell prompt (run as Administrator).
2. Configure the permissions by running the following command:
@ -110,7 +111,7 @@ If you want to automate enabling the TPM chip as part of the deployment process,
### Add tools from HP
The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here's a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
```dos
BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
@ -132,7 +133,7 @@ Embedded Security Device Availability
### Add tools from Lenovo
The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here is a sample command to enable TPM using the Lenovo tools:
The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here's a sample command to enable TPM using the Lenovo tools:
```dos
cscript.exe SetConfig.vbs SecurityChip Active
@ -140,12 +141,12 @@ cscript.exe SetConfig.vbs SecurityChip Active
## Configure the Windows 10 task sequence to enable BitLocker
When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](/archive/blogs/deploymentguys/check-to-see-if-the-tpm-is-enabled).
When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it's helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we're using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](/archive/blogs/deploymentguys/check-to-see-if-the-tpm-is-enabled).
In the following task sequence, we added five actions:
- **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
- **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
- **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip isn't already activated. Use the properties from the ZTICheckforTPM.wsf.
> [!NOTE]
> It is common for organizations to wrap these tools in scripts to get additional logging and error handling.
@ -154,7 +155,7 @@ In the following task sequence, we added five actions:
- **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time.
- **Enable BitLocker.** Runs the built-in action to activate BitLocker.
## Related topics
## Related articles
[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)<br>

17
windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
View File

@ -1,24 +1,25 @@
---
title: Simulate a Windows 10 deployment in a test environment (Windows 10)
description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
description: This article will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Simulate a Windows 10 deployment in a test environment
This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined client.
This article will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it's most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you're using a domain-joined client.
## Test environment
- A Windows 10 client named **PC0001** will be used to simulate deployment. The client is joined to the contoso.com domain and has access to the Internet to required download tools and scripts.
- It is assumed that you have performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
- It's assumed that you've performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
- [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
@ -72,13 +73,13 @@ On **PC0001**:
11. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder using CMTrace.
**Note**
Warnings or errors with regard to the Wizard.hta are expected. If the log file looks okay, you are ready to try a real deployment.
Warnings or errors regarding the Wizard.hta are expected. If the log file looks okay, you're ready to try a real deployment.
![ztigather.](../images/mdt-09-fig07.png)
The ZTIGather.log file from PC0001.
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)<br>
[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>

51
windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
View File

@ -1,37 +1,38 @@
---
title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Perform an in-place upgrade to Windows 10 with MDT
**Applies to**
- Windows 10
- Windows 10
The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
>[!TIP]
>In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple.
In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you cannot use a custom image to perform the in-place upgrade. In this article we will add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you can't use a custom image to perform the in-place upgrade. In this article, we'll add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
Three computers are used in this topic: DC01, MDT01, and PC0002.
Three computers are used in this article: DC01, MDT01, and PC0002.
- DC01 is a domain controller for the contoso.com domain
- MDT01 is a domain member server
- PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
- PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
![computers.](../images/mdt-upgrade.png)
The computers used in this topic.
The computers used in this article.
>[!NOTE]
>For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@ -42,12 +43,12 @@ Three computers are used in this topic: DC01, MDT01, and PC0002.
On **MDT01**:
1. Ensure you are signed on as: contoso\administrator.
1. Ensure you're signed on as: contoso\administrator.
2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and select **Next**.
4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and select **Next**.
5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and select **Next**.
6. On the **Options** page, accept the default settings and select **Next** twice, and then select **Finish**.
7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
## Add Windows 10 Enterprise x64 (full source)
@ -56,7 +57,7 @@ On **MDT01**:
On **MDT01**:
1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**.
3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
@ -65,30 +66,30 @@ On **MDT01**:
- Destination directory name: <b>W10EX64RTM</b>
5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**.
## Create a task sequence to upgrade to Windows 10 Enterprise
## Create a task sequence to upgrade to Windows 10 Enterprise
On **MDT01**:
1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**.
1. Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, then create a folder named **Windows 10**.
2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
- Task sequence ID: W10-X64-UPG
- Task sequence name: Windows 10 Enterprise x64 RTM Upgrade
- Template: Standard Client Upgrade Task Sequence
- Select OS: Windows 10 Enterprise x64 RTM Default Image
- Specify Product Key: Do not specify a product key at this time
- Specify Product Key: Don't specify a product key at this time
- Organization: Contoso
- Admin Password: Do not specify an Administrator password at this time
- Admin Password: Don't specify an Administrator password at this time
## Perform the Windows 10 upgrade
## Perform the Windows 10 upgrade
To initiate the in-place upgrade, perform the following steps on PC0002 (the device to be upgraded).
On **PC0002**:
1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**
2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then click **Next**.
2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then select **Next**.
3. Select one or more applications to install (will appear if you use custom image): Install - Adobe Reader
4. On the **Ready** tab, click **Begin** to start the task sequence.
4. On the **Ready** tab, select **Begin** to start the task sequence.
When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
![upgrade1.](../images/upgrademdt-fig5-winupgrade.png)
@ -101,9 +102,9 @@ On **PC0002**:
![upgrade3.](../images/mdt-post-upg.png)
After the task sequence completes, the computer will be fully upgraded to Windows 10.
After the task sequence completes, the computer will be fully upgraded to Windows 10.
## Related topics
## Related articles
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
[Microsoft Deployment Toolkit downloads and resources](/mem/configmgr/mdt/)

50
windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
View File

@ -2,35 +2,35 @@
title: Use Orchestrator runbooks with MDT (Windows 10)
description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
---
# Use Orchestrator runbooks with MDT
This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
This article will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
**Note**  
If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
>[!Note]
>If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
## <a href="" id="sec01"></a>Orchestrator terminology
Before diving into the core details, here is a quick course in Orchestrator terminology:
Before diving into the core details, here's a quick course in Orchestrator terminology:
- **Orchestrator Server.** This is a server that executes runbooks.
- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
- **Runbooks.** A runbook is similar to a task sequence; it's a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
**Note**  
**Note**
To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](/previous-versions/system-center/packs/hh295851(v=technet.10)).
## <a href="" id="sec02"></a>Create a sample runbook
@ -40,7 +40,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
**Note**
Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt.
Make sure File Explorer is configured to show known file extensions so the file isn't named DeployLog.txt.txt.
![figure 23.](../images/mdt-09-fig23.png)
@ -53,7 +53,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
Figure 24. Folder created in the Runbooks node.
4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
5. On the ribbon bar, click **Check Out**.
5. On the ribbon bar, select **Check Out**.
6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
1. Runbook Control / Initialize Data
@ -65,7 +65,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
Figure 25. Activities added and connected.
9. Right-click the **Initialize Data** activity, and select **Properties**
10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**.
10. On **the Initialize Data Properties** page, select **Add**, change **Parameter 1** to **OSDComputerName**, and then select **Finish**.
![figure 26.](../images/mdt-09-fig26.png)
@ -86,23 +86,23 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
Figure 28. Subscribing to data.
16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**.
16. In the **Published Data** window, select the **OSDComputerName** item, and select **OK**.
17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**.
18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and select **OK**.
![figure 29.](../images/mdt-09-fig29.png)
Figure 29. The expanded text box after all subscriptions have been added.
19. On the **Append Line Properties** page, click **Finish**.
19. On the **Append Line Properties** page, select **Finish**.
## <a href="" id="sec03"></a>Test the demo MDT runbook
After the runbook is created, you are ready to test it.
20. On the ribbon bar, click **Runbook Tester**.
21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**:
After the runbook is created, you're ready to test it.
20. On the ribbon bar, select **Runbook Tester**.
21. Select **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then select **OK**:
- OSDComputerName: PC0010
22. Verify that all activities are green (for additional information, see each target).
22. Verify that all activities are green (for more information, see each target).
23. Close the **Runbook Tester**.
24. On the ribbon bar, click **Check In**.
24. On the ribbon bar, select **Check In**.
![figure 30.](../images/mdt-09-fig30.png)
@ -126,7 +126,7 @@ Figure 30. All tests completed.
7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
1. Orchestrator Server: OR01.contoso.com
2. Use Browse to select **1.0 MDT / MDT Sample**.
8. Click **OK**.
8. Select **OK**.
![figure 31.](../images/mdt-09-fig31.png)
@ -134,9 +134,9 @@ Figure 31. The ready-made task sequence.
## Run the orchestrator sample task sequence
Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
**Note**  
Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](/previous-versions/system-center/system-center-2012-R2/hh403774(v=sc.12)).
Since this task sequence just starts a runbook, you can test the task sequence on the PC0001 client that you used for the MDT simulation environment.
**Note**
Make sure the account you're using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](/previous-versions/system-center/system-center-2012-R2/hh403774(v=sc.12)).
1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
2. Using an elevated command prompt (run as Administrator), type the following command:
@ -156,7 +156,7 @@ Make sure the account you are using has permissions to run runbooks on the Orche
Figure 32. The ready-made task sequence.
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)

29
windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
View File

@ -2,41 +2,42 @@
title: Use MDT database to stage Windows 10 deployment info (Windows 10)
description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Use the MDT database to stage Windows 10 deployment information
This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many additional settings for the machines.
This article is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many more settings for the machines.
## <a href="" id="sec01"></a>Database prerequisites
MDT can use either SQL Server Express or full SQL Server, but since the deployment database isn't big, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
MDT can use either SQL Server Express or full SQL Server. However, since the deployment database isn't large, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
>[!NOTE]
>Be sure to enable Named Pipes when configuring the SQL Server 2012 SP1 Express database. Although it is a legacy protocol, Named Pipes has proven to work well when connecting from Windows Preinstallation Environment (Windows PE) to the SQL Server database.
 
## <a href="" id="sec02"></a>Create the deployment database
The MDT database is by default created and managed from the Deployment Workbench. In these steps, we assume you have installed SQL Server 2012 SP1 Express on MDT01.
>[!NOTE]
>Since SQL Server 2012 SP1 Express runs by default on a separate instance (SQLEXPRESS), the SQL Server Browser service must be running, and the firewall configured to allow traffic to it. Port 1433 TCP and port 1434 UDP need to be opened for inbound traffic on MDT01.
 
1. On MDT01, using Deployment Workbench, expand the MDT Production deployment share, expand **Advanced Configuration**, right-click **Database**, and select **New Database**.
2. In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and click **Next**:
2. In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and select **Next**:
1. SQL Server Name: MDT01
2. Instance: SQLEXPRESS
3. Port: &lt;blank&gt;
4. Network Library: Named Pipes
3. On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and click **Next**.
4. On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and click **Next**. Click **Next** again and then click **Finish**.
3. On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and select **Next**.
4. On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and select **Next**. Select **Next** again and then select **Finish**.
![figure 8.](../images/mdt-09-fig08.png)
@ -46,18 +47,18 @@ Figure 8. The MDT database added to MDT01.
After creating the database, you need to assign permissions to it. In MDT, the account you used to run the deployment is used to access the database. In this environment, the network access account is MDT\_BA.
1. On MDT01, start SQL Server Management Studio.
2. In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and click **Connect**.
2. In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and select **Connect**.
3. In the **Object Explorer** pane, expand the top-level **Security** node, right-click **Logins**, and select **New Login**.
![figure 9.](../images/mdt-09-fig09.png)
Figure 9. The top-level Security node.
4. On the **Login - New** page, next to the **Login** name field, click **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
4. On the **Login - New** page, next to the **Login** name field, select **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
1. db\_datareader
2. db\_datawriter
3. public (default)
5. Click **OK**, and close SQL Server Management Studio.
5. Select **OK**, and close SQL Server Management Studio.
![figure 10.](../images/mdt-09-fig10.png)
@ -76,7 +77,7 @@ To start using the database, you add a computer entry and assign a description a
Figure 11. Adding the PC00075 computer to the database.
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)

29
windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
View File

@ -1,24 +1,25 @@
---
title: Use web services in MDT (Windows 10)
description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
description: Learn how to create a web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Use web services in MDT
In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. Web services provide a powerful way to assign settings during a deployment. Simply put, web services are web applications that run code on the server side, and MDT has built-in functions to call these web services.
Using a web service in MDT is straightforward, but it does require that you have enabled the Web Server (IIS) role on the server. Developing web services involves a little bit of coding, but for most web services used with MDT, you can use the free Microsoft Visual Studio Express 2013 for Web.
In this article, you'll learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. Web services provide a powerful way to assign settings during a deployment. Web services are web applications that run code on the server side, and MDT has built-in functions to call these web services.
Using a web service in MDT is straightforward, but it does require that you've enabled the Web Server (IIS) role on the server. Developing web services involves some coding, but for most web services used with MDT, you can use the free Microsoft Visual Studio Express 2013 for Web.
## <a href="" id="sec01"></a>Create a sample web service
In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
In these steps, we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
1. On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
2. On the ribbon bar, verify that Release is selected.
3. In the **Debug** menu, select the **Build MDTSample** action.
@ -34,15 +35,15 @@ Figure 15. The sample project in Microsoft Visual Studio Express 2013 for Web.
## <a href="" id="sec02"></a>Create an application pool for the web service
This section assumes that you have enabled the Web Server (IIS) role on MDT01.
This section assumes that you've enabled the Web Server (IIS) role on MDT01.
1. On MDT01, using Server Manager, install the **IIS Management Console** role (available under Web Server (IIS) / Management Tools).
2. Using Internet Information Services (IIS) Manager, expand the **MDT01 (CONTOSO\\Administrator)** node. If prompted with the "Do you want to get started with Microsoft Web Platform?" question, select the **Do not show this message** check box and then click **No**.
2. Using Internet Information Services (IIS) Manager, expand the **MDT01 (CONTOSO\\Administrator)** node. If prompted with the **Do you want to get started with Microsoft Web Platform?** question, select the **Do not show this message** check box and then select **No**.
3. Right-click **Application Pools**, select **Add Application Pool**, and configure the new application pool with the following settings:
1. Name: MDTSample
2. .NET Framework version: .NET Framework 4.0.30319
3. Manage pipeline mode: Integrated
4. Select the **Start application pool immediately** check box.
5. Click **OK**.
5. Select **OK**.
![figure 16.](../images/mdt-09-fig16.png)
@ -70,12 +71,12 @@ Figure 18. Configuring Authentication for the MDTSample web service.
## <a href="" id="sec04"></a>Test the web service in Internet Explorer
1. On PC0001, using Internet Explorer, navigate to: **http://MDT01/MDTSample/mdtsample.asmx**.
2. Click the **GetComputerName** link.
2. Select the **GetComputerName** link.
![figure 19.](../images/mdt-09-fig19.png)
Figure 19. The MDT Sample web service.
3. On the **GetComputerName** page, type in the following settings, and click **Invoke**:
3. On the **GetComputerName** page, type in the following settings, and select **Invoke**:
1. Model: Hewlett-Packard
2. SerialNumber: 123456789
@ -85,7 +86,7 @@ Figure 20. The result from the MDT Sample web service.
## <a href="" id="sec05"></a>Test the web service in the MDT simulation environment
After verifying the web service using Internet Explorer, you are ready to do the same test in the MDT simulation environment.
After verifying the web service using Internet Explorer, you're ready to do the same test in the MDT simulation environment.
1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following:
```
@ -114,7 +115,7 @@ After verifying the web service using Internet Explorer, you are ready to do the
Figure 22. The OSDCOMPUTERNAME value obtained from the web service.
## Related topics
## Related articles
[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)

159
windows/deployment/deploy-windows-to-go.md
View File

@ -1,37 +1,36 @@
---
title: Deploy Windows To Go in your organization (Windows 10)
description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell.
description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface and programatically with Windows PowerShell.
ms.reviewer:
manager: dougeby
author: aczechowski
ms.author: aaroncz
manager: aaroncz
author: frankroj
ms.author: frankroj
ms.prod: windows-client
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.date: 10/31/2022
---
# Deploy Windows To Go in your organization
**Applies to**
- Windows 10
This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment.
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
## Deployment tips
The following is a list of items that you should be aware of before you start the deployment process:
The below list is items that you should be aware of before you start the deployment process:
* Only use recommended USB drives for Windows To Go. Use of other drives isn't supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
* After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
* When running a Windows To Go workspace, always shut down the workspace before unplugging the drive.
* Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
@ -39,7 +38,7 @@ The following is a list of items that you should be aware of before you start th
## Basic deployment steps
Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined, and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain, and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The steps that follow are used in both small-scale and large-scale Windows To Go deployment scenarios.
Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For more information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
@ -59,18 +58,18 @@ In this step we're creating the operating system image that will be used on the
2. Insert the USB drive that you want to use as your Windows To Go drive into your PC.
3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
3. Verify that the .wim file location (which can be a network share, a DVD, or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
>[!NOTE]
>For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824929(v=win.10)). For more information about using sysprep, see [Sysprep Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825209(v=win.10)).
4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. The **Windows To Go Creator Wizard** opens.
5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then select **Next.**
6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
6. On the **Choose a Windows image** page, select **Add Search Location** and then navigate to the .wim file location and select select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then select **Next**.
7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, select **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
r
>[!WARNING]
@ -86,12 +85,12 @@ r
>The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](/previous-versions/windows/it-pro/windows-8.1-and-8/jj592683(v=ws.11)).
~~~
8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then select **Create** to start the Windows To Go workspace creation process.
>[!WARNING]
>The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.
9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page, you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using the Windows To Go startup options and boot your Windows To Go drive.
@ -110,22 +109,22 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
#
# To skip the confirmation prompt, append confirm:$False
Clear-Disk InputObject $Disk[0] -RemoveData
# To skip the confirmation prompt, append -confirm:$False
Clear-Disk -InputObject $Disk[0] -RemoveData
# This command initializes a new MBR disk
Initialize-Disk InputObject $Disk[0] -PartitionStyle MBR
Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
# This command creates a 350 MB system partition
$SystemPartition = New-Partition InputObject $Disk[0] -Size (350MB) -IsActive
$SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
# This formats the volume with a FAT32 Filesystem
# To skip the confirmation dialog, append Confirm:$False
# To skip the confirmation dialog, append -Confirm:$False
Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
-Partition $SystemPartition
# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
$OSPartition = New-Partition InputObject $Disk[0] -UseMaximumSize
$OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
-Partition $OSPartition
@ -137,7 +136,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
```
3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
>[!TIP]
>The index number must be set correctly to a valid Enterprise image in the .WIM file.
@ -149,7 +148,6 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
4. Now use the [bcdboot](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824874(v=win.10)) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
~~~
```
W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
@ -225,62 +223,58 @@ W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
>[!IMPORTANT]
>Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
If you do not wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
If you don't wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)), or [enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)).
### To prepare a host computer
Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it's attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
>[!TIP]
>If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
If you want to use the Windows To Go workspace, simply shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
If you want to use the Windows To Go workspace, shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
To set the Windows To Go Startup options for host computers running Windows 10:
1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then select **Save Changes** to configure the computer to boot from USB
For host computers running Windows 8 or Windows 8.1:
1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then select **Save Changes** to configure the computer to boot from USB.
You can configure your organization's computers to automatically start from the USB drive by enabling the following Group Policy setting:
**\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\Windows To Go Default Startup Options**
After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it is started. Users will not be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected will not occur unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it's started. Users won't be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected won't occur unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) and [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)).
Your host computer is now ready to boot directly into Windows To Go workspace when it's inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) and [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)).
### Booting your Windows To Go workspace
After you have configured your host PC to boot from USB, you can use the following procedure to boot your Windows To Go workspace:
After you've configured your host PC to boot from USB, you can use the following procedure to boot your Windows To Go workspace:
**To boot your workspace**
1. Make sure that the host PC is not in a sleep state. If the computer is in a sleep state, either shut it down or hibernate it.
1. Make sure that the host PC isn't in a sleep state. If the computer is in a sleep state, either shut it down or hibernate it.
2. Insert the Windows To Go USB drive directly into a USB 3.0 or USB 2.0 port on the PC. Do not use a USB hub or extender.
2. Insert the Windows To Go USB drive directly into a USB 3.0 or USB 2.0 port on the PC. Don't use a USB hub or extender.
3. Turn on the PC. If your Windows To Go drive is protected with BitLocker you will be asked to type the password, otherwise the workspace will boot directly into the Windows To Go workspace.
3. Turn on the PC. If your Windows To Go drive is protected with BitLocker you'll be asked to type the password, otherwise the workspace will boot directly into the Windows To Go workspace.
## Advanced deployment steps
The following steps are used for more advanced deployments where you want to have further control over the configuration of the Windows To Go drives, ensure that they are correctly configured for remote access to your organizational resources, and have been protected with BitLocker Drive Encryption.
The following steps are used for more advanced deployments where you want to have further control over the configuration of the Windows To Go drives, ensure that they're correctly configured for remote access to your organizational resources, and have been protected with BitLocker Drive Encryption.
### Configure Windows To Go workspace for remote access
Making sure that Windows To Go workspaces are effective when used off premises is essential to a successful deployment. One of the key benefits of Windows To Go is the ability for your users to use the enterprise managed domain joined workspace on an unmanaged computer which is outside your corporate network. To enable this usage, typically you would provision the USB drive as described in the basic deployment instructions and then add the configuration to support domain joining of the workspace, installation of any line-of-business applications, and configuration of your chosen remote connectivity solution such as a virtual private network client or DirectAccess. Once these configurations have been performed the user can work from the workspace using a computer that is off-premises. The following procedure allows you to provision domain joined Windows To Go workspaces for workers that do not have physical access to your corporate network.
Making sure that Windows To Go workspaces are effective when used off premises is essential to a successful deployment. One of the key benefits of Windows To Go is the ability for your users to use the enterprise managed domain joined workspace on an unmanaged computer that is outside your corporate network. To enable this usage, typically you would provision the USB drive as described in the basic deployment instructions and then add the configuration to support domain joining of the workspace, installation of any line-of-business applications, and configuration of your chosen remote connectivity solution such as a virtual private network client or DirectAccess. Once these configurations have been performed the user can work from the workspace using a computer that is off-premises. The following procedure allows you to provision domain joined Windows To Go workspaces for workers that don't have physical access to your corporate network.
**Prerequisites for remote access scenario**
@ -301,7 +295,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
```
>[!NOTE]
>The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd392267(v=ws.10)).
>The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information, see the [Offline Domain Join Step-by-Step guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd392267(v=ws.10)).
2. Insert the Windows To Go drive.
@ -316,22 +310,22 @@ Making sure that Windows To Go workspaces are effective when used off premises i
#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
#
# To skip the confirmation prompt, append confirm:$False
Clear-Disk InputObject $Disk[0] -RemoveData
# To skip the confirmation prompt, append -confirm:$False
Clear-Disk -InputObject $Disk[0] -RemoveData
# This command initializes a new MBR disk
Initialize-Disk InputObject $Disk[0] -PartitionStyle MBR
Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
# This command creates a 350 MB system partition
$SystemPartition = New-Partition InputObject $Disk[0] -Size (350MB) -IsActive
$SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
# This formats the volume with a FAT32 Filesystem
# To skip the confirmation dialog, append Confirm:$False
# To skip the confirmation dialog, append -Confirm:$False
Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
-Partition $SystemPartition
# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
$OSPartition = New-Partition InputObject $Disk[0] -UseMaximumSize
$OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
-Partition $OSPartition
@ -343,8 +337,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
```
5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
~~~
>[!TIP]
@ -362,7 +355,7 @@ dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /ind
djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows
```
7. Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](/previous-versions/windows/it-pro/windows-8.1-and-8/ff716016(v=win.10)):
7. Next, we'll need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we're hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you've configured for your organization if desired. For more information about the OOBE settings, see [OOBE](/previous-versions/windows/it-pro/windows-8.1-and-8/ff716016(v=win.10)):
```
<?xml version="1.0" encoding="utf-8"?>
@ -413,7 +406,7 @@ You should now be able to access your organization's network resources and work
### Enable BitLocker protection for your Windows To Go drive
Enabling BitLocker on your Windows To Go drive will help ensure that your data is protected from unauthorized use and that if your Windows To Go drive is lost or stolen it will not be easy for an unauthorized person to obtain confidential data or use the workspace to gain access to protected resources in your organization. When BitLocker is enabled, each time you boot your Windows To Go drive, you will be asked to provide the BitLocker password to unlock the drive. The following procedure provides the steps for enabling BitLocker on your Windows To Go drive:
Enabling BitLocker on your Windows To Go drive will help ensure that your data is protected from unauthorized use and that if your Windows To Go drive is lost or stolen it will not be easy for an unauthorized person to obtain confidential data or use the workspace to gain access to protected resources in your organization. When BitLocker is enabled, each time you boot your Windows To Go drive, you'll be asked to provide the BitLocker password to unlock the drive. The following procedure provides the steps for enabling BitLocker on your Windows To Go drive:
#### Prerequisites for enabling BitLocker scenario
@ -423,26 +416,26 @@ Enabling BitLocker on your Windows To Go drive will help ensure that your data i
* Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary:
**\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup**. This policy allows the use of a password key protector with an operating system drive; this policy must be enabled to configure BitLocker from within the Windows To Go workspace. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). You must enable this setting and select the **Allow BitLocker without a compatible TPM** check box and then enable the **Configure use of passwords for operating system drives** setting.
**\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup**. This policy allows the use of a password key protector with an operating system drive; this policy must be enabled to configure BitLocker from within the Windows To Go workspace. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you're using BitLocker with or without a Trusted Platform Module (TPM). You must enable this setting and select the **Allow BitLocker without a compatible TPM** check box and then enable the **Configure use of passwords for operating system drives** setting.
**\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Configure use of passwords for operating system drives**. This policy setting enables passwords to be used to unlock BitLocker-protected operating system drives and provides the means to configure complexity and length requirements on passwords for Windows To Go workspaces. For the complexity requirement setting to be effective the Group Policy setting **Password must meet complexity requirements** located in **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\** must be also enabled.
**\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Enable use of BitLocker authentication requiring preboot keyboard input on slates**. This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability. If this setting is not enabled, passwords cannot be used to unlock BitLocker-protected operating system drives.
**\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Enable use of BitLocker authentication requiring preboot keyboard input on slates**. This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability. If this setting isn't enabled, passwords can't be used to unlock BitLocker-protected operating system drives.
You can choose to enable BitLocker protection on Windows To Go drives before distributing them to users as part of your provisioning process or you can allow your end-users to apply BitLocker protection to them after they have taken possession of the drive. A step-by-step procedure is provided for both scenarios.
Enabling BitLocker during provisioning ensures that your operating system image is always protected by BitLocker. When enabling BitLocker during the provisioning process you can significantly reduce the time required for encrypting the drive by enabling BitLocker after configuring the disk and just prior to applying the image. If you use this method, you will need to give users their BitLocker password when you give then their Windows To Go workspace. Also, you should instruct your users to boot their workspace and change their BitLocker password as soon as possible (this can be done with standard user privileges).
Enabling BitLocker during provisioning ensures that your operating system image is always protected by BitLocker. When enabling BitLocker during the provisioning process you can significantly reduce the time required for encrypting the drive by enabling BitLocker after configuring the disk and just prior to applying the image. If you use this method, you'll need to give users their BitLocker password when you give then their Windows To Go workspace. Also, you should instruct your users to boot their workspace and change their BitLocker password as soon as possible (this can be done with standard user privileges).
Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker see the [BitLocker Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831713(v=ws.11)).
Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker, see the [BitLocker Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831713(v=ws.11)).
#### BitLocker recovery keys
BitLocker recovery keys are the keys that can be used to unlock a BitLocker protected drive if the standard unlock method fails. It is recommended that your BitLocker recovery keys be backed up to Active Directory Domain Services (AD DS). If you do not want to use AD DS to store recovery keys you can save recovery keys to a file or print them. How BitLocker recovery keys are managed differs depending on when BitLocker is enabled.
BitLocker recovery keys are the keys that can be used to unlock a BitLocker protected drive if the standard unlock method fails. It's recommended that your BitLocker recovery keys be backed up to Active Directory Domain Services (AD DS). If you don't want to use AD DS to store recovery keys you can save recovery keys to a file or print them. How BitLocker recovery keys are managed differs depending on when BitLocker is enabled.
- If BitLocker protection is enabled during provisioning, the BitLocker recovery keys will be stored under the computer account of the computer used for provisioning the drives. If backing up recovery keys to AD DS is not used, the recovery keys will need to be printed or saved to a file for each drive. The IT administrator must track which keys were assigned to which Windows To Go drive.
- If BitLocker protection is enabled during provisioning, the BitLocker recovery keys will be stored under the computer account of the computer used for provisioning the drives. If backing up recovery keys to AD DS isn't used, the recovery keys will need to be printed or saved to a file for each drive. The IT administrator must track which keys were assigned to which Windows To Go drive.
- **Warning**
If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS is not used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place.
If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS isn't used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place.
#### To enable BitLocker during provisioning
@ -464,22 +457,22 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
#
# To skip the confirmation prompt, append confirm:$False
Clear-Disk InputObject $Disk[0] -RemoveData
# To skip the confirmation prompt, append -confirm:$False
Clear-Disk -InputObject $Disk[0] -RemoveData
# This command initializes a new MBR disk
Initialize-Disk InputObject $Disk[0] -PartitionStyle MBR
Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
# This command creates a 350 MB system partition
$SystemPartition = New-Partition InputObject $Disk[0] -Size (350MB) -IsActive
$SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
# This formats the volume with a FAT32 Filesystem
# To skip the confirmation dialog, append Confirm:$False
# To skip the confirmation dialog, append -Confirm:$False
Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
-Partition $SystemPartition
# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
$OSPartition = New-Partition InputObject $Disk[0] -UseMaximumSize
$OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
-Partition $OSPartition
@ -491,7 +484,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
```
Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
>[!TIP]
>The index number must be set correctly to a valid Enterprise image in the .WIM file.
@ -501,7 +494,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\
```
5. In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
5. In the same PowerShell session, use the following cmdlet to add a recovery key to the drive:
```
$BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
@ -521,31 +514,31 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
```
# Create a variable to store the password
$spwd = ConvertTo-SecureString -String <password> -AsplainText Force
$spwd = ConvertTo-SecureString -String <password> -AsplainText -Force
Enable-BitLocker W: -PasswordProtector $spwd
```
>[!WARNING]
>To have BitLocker only encrypt used space on the disk append the parameter `UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
>To have BitLocker only encrypt used space on the disk append the parameter `-UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
8. Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten.
>[!WARNING]
>If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key.
If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker).
If you want to have the recovery information stored under the account of the Windows To Go workspace, you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker).
9. Safely remove the Windows To Go drive.
The Windows To Go drives are now ready to be distributed to users and are protected by BitLocker. When you distribute the drives, make sure the users know the following:
The Windows To Go drives are now ready to be distributed to users and are protected by BitLocker. When you distribute the drives, make sure the users know the following information:
* Initial BitLocker password that they will need to boot the drives.
* Initial BitLocker password that they'll need to boot the drives.
* Current encryption status.
* Instructions to change the BitLocker password after the initial boot.
* Instructions for how to retrieve the recovery password if necessary. This may be a help desk process, an automated password retrieval site, or a person to contact.
* Instructions for how to retrieve the recovery password if necessary. These instructions may be a help desk process, an automated password retrieval site, or a person to contact.
<a href="" id="enable-bitlocker"></a>
#### To enable BitLocker after distribution
@ -554,7 +547,7 @@ The Windows To Go drives are now ready to be distributed to users and are protec
2. Press **Windows logo key+W** to open **Search Settings**, type BitLocker and then select the item for BitLocker Drive Encryption.
3. The drives on the workspace are displayed, click **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
3. The drives on the workspace are displayed, select **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
4. Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option.
@ -565,13 +558,13 @@ The Windows To Go drives are now ready to be distributed to users and are protec
The following sample script supports the provisioning of multiple Windows To Go drives and the configuration of offline domain join.
The sample script creates an unattend file that streamlines the deployment process so that the initial use of the Windows To Go drive does not prompt the end user for any additional configuration information before starting up.
The sample script creates an unattend file that streamlines the deployment process so that the initial use of the Windows To Go drive doesn't prompt the end user for any additional configuration information before starting up.
#### Prerequisites for running the advanced deployment sample script
* To run this sample script you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
* To run this sample script, you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
* Using offline domain join is required by this script, since the script does not create a local administrator user account. However, domain membership will automatically put "Domain admins" into the local administrators group. Review your domain policies. If you are using DirectAccess you will need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
* Using offline domain join is required by this script, since the script doesn't create a local administrator user account. However, domain membership will automatically put "Domain admins" into the local administrators group. Review your domain policies. If you're using DirectAccess, you'll need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
* The script needs to use drive letters, so you can only provision half as many drives as you have free drive letters.
@ -837,7 +830,7 @@ if ($Disks -eq $null)
#We want to make sure that all non-boot connected USB drives are online, writeable and cleaned.
#This command will erase all data from all USB drives larger than 20Gb connected to your machine
#To automate this step you can add: -confirm:$False
Clear-Disk InputObject $Disks -RemoveData -erroraction SilentlyContinue
Clear-Disk -InputObject $Disks -RemoveData -erroraction SilentlyContinue
# Currently the provisioning script needs drive letters (for dism and bcdboot.exe) and the script is more
# reliable when the main process determines all of the free drives and provides them to the sub-processes.
@ -863,15 +856,15 @@ foreach ($disk in $Disks)
$policyFilePath = $args[6]
#For compatibility between UEFI and legacy BIOS we use MBR for the disk.
Initialize-Disk InputObject $Disk -PartitionStyle MBR
Initialize-Disk -InputObject $Disk -PartitionStyle MBR
#A short sleep between creating a new partition and formatting helps ensure the partition
#is ready before formatting.
$SystemPartition = New-Partition InputObject $Disk -Size (350MB) -IsActive
$SystemPartition = New-Partition -InputObject $Disk -Size (350MB) -IsActive
Sleep 1
Format-Volume -Partition $SystemPartition -FileSystem FAT32 -NewFileSystemLabel "UFD-System" -confirm:$False | Out-Null
$OSPartition = New-Partition InputObject $Disk -UseMaximumSize
$OSPartition = New-Partition -InputObject $Disk -UseMaximumSize
Sleep 1
Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS -Partition $OSPartition -confirm:$False | Out-Null
@ -979,7 +972,7 @@ In the PowerShell provisioning script, after the image has been applied, you can
reg unload HKLM\WTG-Keyboard
```
## Related topics
## Related articles
[Windows To Go: feature overview](planning/windows-to-go-overview.md)

37
windows/deployment/deploy.md
View File

@ -2,34 +2,35 @@
title: Deploy Windows 10 (Windows 10)
description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
ms.reviewer:
manager: dougeby
author: aczechowski
ms.author: aaroncz
manager: aaroncz
author: frankroj
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.date: 10/31/2022
ms.technology: itpro-deploy
---
# Deploy Windows 10
Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and topics are available.
Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and articles are available.
|Topic |Description |
|Article |Description |
|------|------------|
|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |This topic provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. |
|[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md). |
|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
|[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) |If you have Microsoft Endpoint Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |This article provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This article provides information about support for upgrading directly to Windows 10 from a previous operating system. |
|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This article provides information about support for upgrading from one edition of Windows 10 to another. |
|[Windows 10 volume license media](windows-10-media.md) |This article provides information about updates to volume licensing media in the current version of Windows 10. |
|[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they're known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After you complete this guide, more guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md). |
|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to help Windows 10 deployment planning. |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
|[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) |If you have Microsoft Configuration Manager in your environment, you'll most likely want to use it to deploy Windows 10. This article will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT). |
|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install more fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
## Related topics
## Related articles
[Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home)

14
windows/deployment/do/delivery-optimization-endpoints.md
View File

@ -26,12 +26,12 @@ This article lists the endpoints that need to be allowed through the firewall to
|Domain Name |Protocol/Port(s) | Content Type | Additional Information | Version |
|---------|---------|---------------|-------------------|-----------------|
| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com | HTTP / 80 | Windows Update </br> Windows Defender </br> Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Endpoint Configuration Manager Distribution Point |
| *.delivery.mp.microsoft.com | HTTP / 80 | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Endpoint Configuration Manager Distribution Point |
| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Endpoint Configuration Manager Distribution Point |
| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80 </br> HTTPs / 443 | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Endpoint Configuration Manager Distribution Point |
| *.statics.teams.cdn.office.net | HTTP / 80 </br> HTTPs / 443 | Teams | | Microsoft Endpoint Configuration Manager Distribution Point |
| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Microsoft Endpoint Configuration Manager Distribution Point |
| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Endpoint Configuration Manager Distribution Point |
| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com | HTTP / 80 | Windows Update </br> Windows Defender </br> Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Configuration Manager Distribution Point |
| *.delivery.mp.microsoft.com | HTTP / 80 | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Configuration Manager Distribution Point |
| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Configuration Manager Distribution Point |
| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80 </br> HTTPs / 443 | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Configuration Manager Distribution Point |
| *.statics.teams.cdn.office.net | HTTP / 80 </br> HTTPs / 443 | Teams | | Microsoft Configuration Manager Distribution Point |
| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Microsoft Configuration Manager Distribution Point |
| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Configuration Manager Distribution Point |
| *.do.dsp.mp.microsoft.com | HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only. | Microsoft Connected Cache Managed in Azure |
| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com | AMQP / 5671 </br> MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |

2
windows/deployment/do/index.yml
View File

@ -54,7 +54,7 @@ landingContent:
url: https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332
# Card (optional)
- title: Configure Delivery Optimization on Microsoft Endpoint Manager
- title: Configure Delivery Optimization on Microsoft Intune or Configuration Manager
linkLists:
- linkListType: how-to-guide
links:

2
windows/deployment/do/mcc-enterprise.md
View File

@ -241,7 +241,7 @@ Files contained in the mccinstaller.zip file:
1. Enable Nested Virtualization
```powershell
Set -VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true
Set-VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true
```
2. Enable Mac Spoofing
```powershell

4
windows/deployment/do/waas-delivery-optimization.md
View File

@ -24,7 +24,7 @@ ms.technology: itpro-updates
> **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Manager (when installation of Express Updates is enabled).
Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Configuration Manager (when installation of Express Updates is enabled).
Access to the Delivery Optimization cloud services and the Internet, are both requirements for using the peer-to-peer functionality of Delivery Optimization.
@ -96,7 +96,7 @@ To gain a deeper understanding of the Delivery Optimization client-service commu
## Set up Delivery Optimization for Windows
[Learn more](waas-delivery-optimization-setup.md) about the Delivery Optimization settings to ensure proper set up in your environment.
[Learn more](waas-delivery-optimization-setup.md) about the Delivery Optimization settings to ensure proper setup in your environment.
## Delivery Optimization reference

16
windows/deployment/do/waas-optimize-windows-10-updates.md
View File

@ -27,14 +27,14 @@ Two methods of peer-to-peer content distribution are available.
- [Delivery Optimization](waas-delivery-optimization.md) is a peer-to-peer distribution method in Windows. Windows clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfill peer-to-peer requests.
Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources and the time it takes for clients to retrieve the updates.
- [BranchCache](../update/waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of Windows Server 2016 and Windows operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
>[!NOTE]
>Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations.
Windows Server Update Services (WSUS) and Microsoft Endpoint Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
Windows Server Update Services (WSUS) and Microsoft Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
<br/><br/>
@ -44,9 +44,9 @@ Two methods of peer-to-peer content distribution are available.
| BranchCache | ![no.](images/crossmark.png) | ![no](images/crossmark.png) |![yes](images/checkmark.png) | ![yes](images/checkmark.png) |
> [!NOTE]
> Microsoft Endpoint Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use Microsoft Endpoint Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](/configmgr/core/plan-design/hierarchy/client-peer-cache).
> Microsoft Configuration Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use Configuration Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](/configmgr/core/plan-design/hierarchy/client-peer-cache).
>
> In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with Microsoft Endpoint Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in Microsoft Endpoint Configuration Manager](/configmgr/osd/get-started/prepare-windows-pe-peer-cache-to-reduce-wan-traffic).
> In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with Configuration Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in Microsoft Configuration Manager](/configmgr/osd/get-started/prepare-windows-pe-peer-cache-to-reduce-wan-traffic).
## Express update delivery
@ -56,7 +56,7 @@ Windows client quality update downloads can be large because every package conta
> Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business.
### How Microsoft supports Express
- **Express on Microsoft Endpoint Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
- **Express on Microsoft Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
- **Express on WSUS Standalone**
Express update delivery is available on [all support versions of WSUS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc708456(v=ws.10)).
@ -78,7 +78,7 @@ The Windows Update client will try to download Express first, and under certain
1. When the Windows Update client initiates an Express download, **Windows Update first downloads a stub**, which is part of the Express package.
2. **The Windows Update client passes this stub to the Windows installer**, which uses the stub to do a local inventory, comparing the deltas of the file on the device with what is needed to get to the latest version of the file being offered.
3. **The Windows installer then requests the Windows Update client to download the ranges**, which have been determined to be required.
4. **The client downloads these ranges and passes them to the Windows Installer**, which applies the ranges and then determines if additional ranges are needed. This repeats until the Windows installer tells the Windows Update client that all necessary ranges have been downloaded.
4. **The client downloads these ranges and passes them to the Windows Installer**, which applies the ranges and then determines if more ranges are needed. This step repeats until the Windows installer tells the Windows Update client that all necessary ranges have been downloaded.
At this point, the download is complete and the update is ready to be installed.
@ -93,5 +93,5 @@ At this point, the download is complete and the update is ready to be installed.
| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](../update/waas-servicing-strategy-windows-10-updates.md) |
| ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](../update/waas-deployment-rings-windows-10-updates.md) |
| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](../update/waas-servicing-channels-windows-10-updates.md) |
| ![done.](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this topic) |
| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](../update/waas-manage-updates-wufb.md)<br/>or [Deploy Windows client updates using Windows Server Update Services](../update/waas-manage-updates-wsus.md)<br/>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
| ![done.](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this article) |
| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](../update/waas-manage-updates-wufb.md)<br/>or [Deploy Windows client updates using Windows Server Update Services](../update/waas-manage-updates-wsus.md)<br/>or [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |

8
windows/deployment/index.yml
View File

@ -13,10 +13,10 @@ metadata:
ms.collection:
- windows-10
- highpri
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.date: 02/08/2022 #Required; mm/dd/yyyy format.
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.date: 10/31/2022 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

81
windows/deployment/mbr-to-gpt.md
View File

@ -2,14 +2,15 @@
title: MBR2GPT
description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk.
ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
ms.date: 02/13/2018
manager: dougeby
author: frankroj
ms.author: frankroj
ms.date: 10/31/2022
manager: aaroncz
ms.localizationpriority: high
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.collection: highpri
ms.technology: itpro-deploy
---
# MBR2GPT.EXE
@ -17,7 +18,7 @@ ms.collection: highpri
**Applies to**
- Windows 10
**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool runs from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
@ -29,12 +30,12 @@ See the following video for a detailed description and demonstration of MBR2GPT.
You can use MBR2GPT to:
- Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT.
- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
- Convert any attached MBR-formatted system disk to the GPT partition format. You can't use the tool to convert non-system disks from MBR to GPT.
- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you'll need to delete the existing protectors and recreate them.
- Convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
- Convert an operating system disk from MBR to GPT using Configuration Manager or MDT provided that your task sequence uses Windows PE version 1703 or later.
- Convert an operating system disk from MBR to GPT using Configuration Manager or MDT if your task sequence uses Windows PE version 1703 or later.
Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 aren't officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
> [!IMPORTANT]
> After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
@ -45,17 +46,17 @@ Offline conversion of system disks with earlier versions of Windows installed, s
Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
- The disk is currently using MBR
- There is enough space not occupied by partitions to store the primary and secondary GPTs:
- 16KB + 2 sectors at the front of the disk
- 16KB + 1 sector at the end of the disk
- There are at most 3 primary partitions in the MBR partition table
- There's enough space not occupied by partitions to store the primary and secondary GPTs:
- 16 KB + 2 sectors at the front of the disk
- 16 KB + 1 sector at the end of the disk
- There are at most three primary partitions in the MBR partition table
- One of the partitions is set as active and is the system partition
- The disk does not have any extended/logical partition
- The disk doesn't have any extended/logical partition
- The BCD store on the system partition contains a default OS entry pointing to an OS partition
- The volume IDs can be retrieved for each volume which has a drive letter assigned
- The volume IDs can be retrieved for each volume that has a drive letter assigned
- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
If any of these checks fails, the conversion will not proceed and an error will be returned.
If any of these checks fails, the conversion won't proceed, and an error will be returned.
## Syntax
@ -67,10 +68,10 @@ If any of these checks fails, the conversion will not proceed and an error will
|----|-------------|
|/validate| Instructs MBR2GPT.exe to perform only the disk validation steps and report whether the disk is eligible for conversion. |
|/convert| Instructs MBR2GPT.exe to perform the disk validation and to proceed with the conversion if all validation tests pass. |
|/disk:\<diskNumber\>| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as that used by the diskpart.exe tool **SELECT DISK SYSTEM** command.|
|/disk:\<diskNumber\>| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as used by the diskpart.exe tool **SELECT DISK SYSTEM** command.|
|/logs:\<logDirectory\>| Specifies the directory where MBR2GPT.exe logs should be written. If not specified, **%windir%** is used. If specified, the directory must already exist, it will not be automatically created or overwritten.|
|/map:\<source\>=\<destination\>| Specifies additional partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexadecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
|/allowFullOS| By default, MBR2GPT.exe is blocked unless it is run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment. <br>**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it cannot be reused. In this case, a new ESP is created by shrinking the OS partition.|
|/map:\<source\>=\<destination\>| Specifies other partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexadecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
|/allowFullOS| By default, MBR2GPT.exe is blocked unless it's run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment. <br>**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it can't be reused. In this case, a new ESP is created by shrinking the OS partition.|
## Examples
@ -225,9 +226,9 @@ Offset in Bytes: 524288000
The following steps illustrate high-level phases of the MBR-to-GPT conversion process:
1. Disk validation is performed.
2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist.
2. The disk is repartitioned to create an EFI system partition (ESP) if one doesn't already exist.
3. UEFI boot files are installed to the ESP.
4. GPT metadata and layout information is applied.
4. GPT metadata and layout information are applied.
5. The boot configuration data (BCD) store is updated.
6. Drive letter assignments are restored.
@ -236,14 +237,14 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules:
1. The existing MBR system partition is reused if it meets these requirements:
1. It is not also the OS or Windows Recovery Environment partition.
1. It is at least 100MB (or 260MB for 4K sector size disks) in size.
1. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.
1. The conversion is not being performed from the full OS. In this case, the existing MBR system partition is in use and cannot be repurposed.
1. It isn't also the OS or Windows Recovery Environment partition.
1. It is at least 100 MB (or 260 MB for 4K sector size disks) in size.
1. It's less than or equal to 1 GB in size. This size is a safety precaution to ensure it isn't a data partition.
1. The conversion isn't being performed from the full OS. In this case, the existing MBR system partition is in use and can't be repurposed.
2. If the existing MBR system partition cannot be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100MB (or 260MB for 4K sector size disks) and is formatted FAT32.
2. If the existing MBR system partition can't be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100 MB (or 260 MB for 4K sector size disks) and is formatted FAT32.
If the existing MBR system partition is not reused for the ESP, it is no longer used by the boot process after the conversion. Other partitions are not modified.
If the existing MBR system partition isn't reused for the ESP, it's no longer used by the boot process after the conversion. Other partitions aren't modified.
>[!IMPORTANT]
>If the existing MBR system partition is not reused for the ESP, it might be assigned a drive letter. If you do not wish to use this small partition, you must manually hide the drive letter.
@ -268,7 +269,7 @@ For more information about partition types, see:
### Persisting drive letter assignments
The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter.
The conversion tool will attempt to remap all drive letter assignment information contained in the registry that corresponds to the volumes of the converted disk. If a drive letter assignment can't be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter.
> [!IMPORTANT]
> This code runs after the layout conversion has taken place, so the operation cannot be undone at this stage.
@ -277,11 +278,11 @@ The conversion tool will obtain volume unique ID data before and after the layou
1. Check if the unique ID corresponds to any of the unique IDs for any of the volumes that are part of the converted disk.
2. If found, set the value to be the new unique ID, obtained after the layout conversion.
3. If the new unique ID cannot be set and the value name starts with \DosDevices, issue a console and log warning about the need for manual intervention in properly restoring the drive letter assignment.
3. If the new unique ID can't be set and the value name starts with \DosDevices, issue a console and log warning about the need for manual intervention in properly restoring the drive letter assignment.
## Troubleshooting
The tool will display status information in its output. Both validation and conversion are clear if any errors are encountered. For example, if one or more partitions do not translate properly, this is displayed and the conversion not performed. To view more detail about any errors that are encountered, see the associated [log files](#logs).
The tool will display status information in its output. Both validation and conversion are clear if any errors are encountered. For example, if one or more partitions don't translate properly, this is displayed and the conversion not performed. To view more detail about any errors that are encountered, see the associated [log files](#logs).
### Logs
@ -354,18 +355,17 @@ MBR2GPT has the following associated return codes:
|4| Conversion failed due to invalid command-line parameters. |
|5| Conversion failed due to error reading the geometry and layout of the selected disk.|
|6| Conversion failed because one or more volumes on the disk is encrypted.|
|7| Conversion failed because the geometry and layout of the selected disk do not meet requirements.|
|7| Conversion failed because the geometry and layout of the selected disk don't meet requirements.|
|8| Conversion failed due to error while creating the EFI system partition.|
|9| Conversion failed due to error installing boot files.|
|10| Conversion failed due to error while applying GPT layout.|
|100| Conversion to GPT layout succeeded, but some boot configuration data entries could not be restored.|
|100| Conversion to GPT layout succeeded, but some boot configuration data entries couldn't be restored.|
### Determining the partition type
You can type the following command at a Windows PowerShell prompt to display the disk number and partition type. Example output is also shown:
```powershell
PS C:\> Get-Disk | ft -Auto
@ -379,8 +379,7 @@ You can also view the partition type of a disk by opening the Disk Management to
:::image type="content" alt-text="Volumes." source="images/mbr2gpt-volume.png":::
If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:
If Windows PowerShell and Disk Management aren't available, such as when you're using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:
```console
X:\>DiskPart
@ -400,18 +399,17 @@ DISKPART> list disk
In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT.
## Known issue
### MBR2GPT.exe cannot run in Windows PE
### MBR2GPT.exe can't run in Windows PE
When you start a Windows 10, version 1903-based computer in the Windows Preinstallation Environment (Windows PE), you encounter the following issues:
**Issue 1** When you run the MBR2GPT.exe command, the process exits without converting the drive.
**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there is no output from the tool.
**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there's no output from the tool.
**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a Microsoft Endpoint Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a Microsoft Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
#### Cause
@ -419,7 +417,7 @@ This issue occurs because in Windows 10, version 1903 and later versions, MBR2GP
#### Workaround
To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. To do this, follow these steps:
To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. Use follow these steps:
1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
@ -458,8 +456,7 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
## Related topics
## Related articles
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
<BR>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)

17
windows/deployment/planning/act-technical-reference.md
View File

@ -2,12 +2,13 @@
title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10)
description: The Microsoft Application Compatibility Toolkit (ACT) helps you see if the apps and devices in your org are compatible with different versions of Windows.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Application Compatibility Toolkit (ACT) Technical Reference
@ -18,11 +19,11 @@ ms.technology: itpro-deploy
>[!IMPORTANT]
>We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with [Windows Analytics](/mem/configmgr/desktop-analytics/overview), a solution in the Microsoft Operations Management Suite. Windows Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft's experience upgrading millions of devices to Windows 10.
With Windows diagnostic data enabled, Windows Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Windows Analytics to get:
- A visual workflow that guides you from pilot to production
- Detailed computer and application inventory
@ -30,7 +31,7 @@ Use Windows Analytics to get:
- Guidance and insights into application and driver compatibility issues, with suggested fixes
- Data driven application rationalization tools
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
- Data export to commonly used software deployment tools, including Microsoft Endpoint Configuration Manager
- Data export to commonly used software deployment tools, including Microsoft Configuration Manager
The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.

21
windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
View File

@ -2,26 +2,25 @@
title: Applying Filters to Data in the SUA Tool (Windows 10)
description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Applying Filters to Data in the SUA Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you.

12
windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
View File

@ -2,18 +2,17 @@
title: Available Data Types and Operators in Compatibility Administrator (Windows 10)
description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Available Data Types and Operators in Compatibility Administrator
**Applies to**
- Windows 10
@ -27,7 +26,6 @@ The Compatibility Administrator tool provides a way to query your custom-compati
## Available Data Types
Customized-compatibility databases in Compatibility Administrator contain the following data types.
- **Integer**. A numerical value with no fractional part. All integers are unsigned because none of the attributes can have a negative value.
@ -38,7 +36,6 @@ Customized-compatibility databases in Compatibility Administrator contain the fo
## Available Attributes
The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
|Attribute|Description|Data type|
@ -78,4 +75,3 @@ The following table shows the operators that you can use for querying your custo
## Related topics
[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)

13
windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
View File

@ -2,12 +2,13 @@
title: Best practice recommendations for Windows To Go (Windows 10)
description: Learn about best practice recommendations for using Windows To Go, like using a USB 3.0 port with Windows to Go if it's available.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Best practice recommendations for Windows To Go
@ -15,7 +16,7 @@ ms.technology: itpro-deploy
**Applies to**
- Windows 10
- Windows 10
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@ -40,9 +41,9 @@ Additionally, we recommend that when you plan your deployment you should also pl
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)<br>
 
 

20
windows/deployment/planning/compatibility-administrator-users-guide.md
View File

@ -1,27 +1,27 @@
---
title: Compatibility Administrator User's Guide (Windows 10)
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows.
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-mar2020
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Compatibility Administrator User's Guide
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides:

9
windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
View File

@ -1,12 +1,12 @@
---
title: Compatibility Fix Database Management Strategies and Deployment (Windows 10)
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database.
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.custom: seo-marvel-mar2020
ms.technology: itpro-deploy
@ -14,7 +14,6 @@ ms.technology: itpro-deploy
# Compatibility Fix Database Management Strategies and Deployment
**Applies to**
- Windows 10

9
windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
View File

@ -2,11 +2,11 @@
title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista
description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
@ -14,7 +14,6 @@ ms.technology: itpro-deploy
# Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
**Applies to**
- Windows 10

9
windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
View File

@ -2,17 +2,17 @@
title: Creating a Custom Compatibility Fix in Compatibility Administrator (Windows 10)
description: The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Creating a Custom Compatibility Fix in Compatibility Administrator
**Applies to**
- Windows 10
@ -45,7 +45,6 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
## Creating a New Compatibility Fix
If you are unable to find a preloaded compatibility fix for your application, you can create a new one for use by your customized database.
**To create a new compatibility fix**

27
windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
View File

@ -2,18 +2,17 @@
title: Create a Custom Compatibility Mode (Windows 10)
description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Creating a Custom Compatibility Mode in Compatibility Administrator
**Applies to**
- Windows 10
@ -27,19 +26,15 @@ Windows® provides several *compatibility modes*, groups of compatibility fixes
## What Is a Compatibility Mode?
A compatibility mode is a group of compatibility fixes. A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can be anything from disabling a new feature in Windows to emulating a particular behavior of an older version of the Windows API.
## Searching for Existing Compatibility Modes
The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility mode, you can search for an existing application and then copy and paste the known fixes into your custom database.
> [!IMPORTANT]
> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
**To search for an existing application**
1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
@ -48,14 +43,11 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
## Creating a New Compatibility Mode
If you are unable to find a preloaded compatibility mode for your application, you can create a new one for use by your custom database.
> [!IMPORTANT]
> A compatibility mode includes a set of compatibility fixes and must be deployed as a group. Therefore, you should include only fixes that you intend to deploy together to the database.
**To create a new compatibility mode**
1. In the left-side pane of Compatibility Administrator, underneath the **Custom Databases** heading, right-click the name of the database to which you will apply the compatibility mode, click **Create New**, and then click **Compatibility Mode**.
@ -73,13 +65,4 @@ If you are unable to find a preloaded compatibility mode for your application, y
The compatibility mode is added to your custom database.
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

31
windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
View File

@ -2,46 +2,41 @@
title: Create AppHelp Message in Compatibility Administrator (Windows 10)
description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Creating an AppHelp Message in Compatibility Administrator
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
## Blocking Versus Non-Blocking AppHelp Messages
A blocking AppHelp message prevents the application from starting and displays a message to the user. You can define a specific URL where the user can download an updated driver or other fix to resolve the issue. When using a blocking AppHelp message, you must also define the file-matching information to identify the version of the application and enable the corrected version to continue.
A non-blocking AppHelp message doesn't prevent the application from starting, but provides a message to the user that includes information such as security issues, updates to the application, or changes to the location of network resources.
## Searching for Existing Compatibility Fixes
The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new AppHelp message, you can search for an existing application and then copy and paste the known fixes into your custom database.
> [!IMPORTANT]
> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
**To search for an existing application**
1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
@ -50,7 +45,6 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
## Creating a New AppHelp Message
If you're unable to find a preloaded AppHelp message for your application, you can create a new one for use by your custom database.
**To create a new AppHelp message**
@ -79,10 +73,9 @@ If you're unable to find a preloaded AppHelp message for your application, you c
6. Type the website URL and the message text to appear when the user starts the application, and then click **Finish**.
## Issues with AppHelp Messages and Computers Running Windows 2000
## Issues with AppHelp Messages and Computers Running Windows 2000
The following issues might occur with computers running Windows 2000:
The following issues might occur with computers running Windows 2000:
- You might be unable to create a custom AppHelp message.

7
windows/deployment/planning/deployment-considerations-for-windows-to-go.md
View File

@ -2,13 +2,14 @@
title: Deployment considerations for Windows To Go (Windows 10)
description: Learn about deployment considerations for Windows To Go, such as the boot experience, deployment methods, and tools that you can use with Windows To Go.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Deployment considerations for Windows To Go

27
windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
View File

@ -2,26 +2,26 @@
title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Enabling and Disabling Compatibility Fixes in Compatibility Administrator
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
@ -32,8 +32,6 @@ Customized compatibility databases can become quite complex as you add your fixe
>[!IMPORTANT]
>Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
**To disable a compatibility fix within a database**
1. In the left-sde pane of Compatibility Administrator, expand the custom database that includes the compatibility fix that you want to disable, and then select the specific compatibility fix.
@ -42,14 +40,11 @@ Customized compatibility databases can become quite complex as you add your fixe
2. On the **Database** menu, click **Disable Entry**.
**Important**  
**Important**
When you disable an entry, it will remain disabled even if you do not save the database file.
## Enabling Compatibility Fixes
You can enable your disabled compatibility fixes at any time.
**To enable a compatibility fix within a database**

7
windows/deployment/planning/features-lifecycle.md
View File

@ -3,12 +3,13 @@ title: Windows client features lifecycle
description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
manager: dougeby
ms.author: aaroncz
author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-fundamentals
ms.date: 10/28/2022
---
# Windows client features lifecycle

34
windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
View File

@ -2,26 +2,25 @@
title: Fixing Applications by Using the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Fixing Applications by Using the SUA Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
@ -37,15 +36,4 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can apply f
|--- |--- |
|**Apply Mitigations**|Opens the **Mitigate AppCompat Issues** dialog box, in which you can select the fixes that you intend to apply to the application.|
|**Undo Mitigations**|Removes the application fixes that you just applied.<p>This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using **Programs and Features** in Control Panel.|
|**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|
 
 
 
|**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|

17
windows/deployment/planning/index.md
View File

@ -3,23 +3,24 @@ title: Plan for Windows 10 deployment (Windows 10)
description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Plan for Windows 10 deployment
Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. Together, these changes require that you rethink the traditional deployment process.
Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. Together, these changes require that you rethink the traditional deployment process.
## In this section
|Topic |Description |
|------|------------|
|[Windows 10 Enterprise: FAQ for IT professionals](windows-10-enterprise-faq-itpro.yml) | Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise. |
|[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
|[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
|[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
|[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
|[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
|[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
|[Features removed or planned for replacement](features-lifecycle.md) |Information is provided about Windows 10 features and functionality that are removed or planned for replacement. |
|[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. |
@ -30,4 +31,4 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
- [Upgrade to Windows 10 with MDT](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
 

24
windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
View File

@ -2,11 +2,11 @@
title: Install/Uninstall Custom Databases (Windows 10)
description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
@ -16,21 +16,21 @@ ms.technology: itpro-deploy
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.
By default, the Windows® operating system installs a System Application Fix database for use with the Compatibility Administrator. This database can be updated through Windows Update, and is stored in the %WINDIR% \\AppPatch directory. Your custom databases are automatically stored in the %WINDIR% \\AppPatch\\Custom directory and are installed by using the Sdbinst.exe tool provided with the Compatibility Administrator.
By default, the Windows® operating system installs a System Application Fix database for use with the Compatibility Administrator. This database can be updated through Windows Update, and is stored in the %WINDIR% \\AppPatch directory. Your custom databases are automatically stored in the %WINDIR% \\AppPatch\\Custom directory and are installed by using the Sdbinst.exe tool provided with the Compatibility Administrator.
> [!IMPORTANT]
> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
In addition, you must deploy your databases to your organizations computers before the included fixes will have any effect on the application issue. For more information about deploying your database, see [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md).
In addition, you must deploy your databases to your organization's computers before the included fixes will have any effect on the application issue. For more information about deploying your database, see [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md).

21
windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
View File

@ -2,26 +2,25 @@
title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Managing Application-Compatibility Fixes and Custom Fix Databases
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.

39
windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
View File

@ -1,21 +1,22 @@
---
title: Prepare your organization for Windows To Go (Windows 10)
description: Though Windows To Go is no longer being developed, you can find info here about the what, why, and when of deployment.
description: Though Windows To Go is no longer being developed, you can find info here about the "what", "why", and "when" of deployment.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Prepare your organization for Windows To Go
**Applies to**
- Windows 10
- Windows 10
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@ -24,7 +25,7 @@ The following information is provided to help you plan and design a new deployme
## What is Windows To Go?
Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. Offering a new mobility option, a Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. A Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are:
@ -34,24 +35,24 @@ Enterprise customers utilizing Volume Activation Windows licensing will be able
- Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM isn't a supported processor for Windows To Go.
- Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace
Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
The following topics will familiarize you with how you can use a Windows To Go workspace and give you an overview of some of the things you should consider in your design.
The following articles will familiarize you with how you can use a Windows To Go workspace. They also give you an overview of some of the things you should consider in your design.
## Usage scenarios
The following scenarios are examples of situations in which Windows To Go workspaces provide a solution for an IT implementer:
- **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the very first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
- **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection, or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker where they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive and run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker. Then they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive. And run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
- **Managed free seating.** The employee is issued a Windows To Go drive that is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return they use the same USB flash drive but use a different host computer.
- **Managed free seating.** The employee is issued a Windows To Go drive. This drive is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return, they use the same USB flash drive but use a different host computer.
- **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Endpoint Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work, which caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
- **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work. This boot caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
- **Travel lightly.** In this situation you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
- **Travel lightly.** In this situation, you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
> [!NOTE]
> If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object isn't potentially deleted from Active Directory Domain Services (AD DS).
@ -64,14 +65,14 @@ Because Windows To Go requires no other software and minimal configuration, the
Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This method is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
You should investigate other software manufacturer's licensing requirements to ensure they're compatible with roaming usage before deploying them to a Windows To Go workspace.
> [!NOTE]
> Using Multiple Activation Key (MAK) activation isn't a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
See [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)) for more information about these activation methods and how they can be used in your organization.
For more information about these activation methods and how they can be used in your organization, see [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)).
## Organizational unit structure and use of Group Policy Objects
@ -83,19 +84,19 @@ For more information about Group Policy settings that can be used with Windows T
## Computer account management
If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule, or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
## User account and data management
People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with and to keep it accessible when the workspace isn't being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with, and to keep it accessible when the workspace isn't being used. For this reason, we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
## Remote connectivity
If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
If you want Windows To Go to be able to connect back to organizational resources when it's being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
## Related topics
## Related articles
[Windows To Go: feature overview](windows-to-go-overview.md)

36
windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
View File

@ -2,26 +2,25 @@
title: Searching for Fixed Applications in Compatibility Administrator (Windows 10)
description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Searching for Fixed Applications in Compatibility Administrator
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.
@ -32,8 +31,6 @@ The **Query Compatibility Databases** tool provides additional search options. F
> [!IMPORTANT]
> You must perform your search with the correct version of the Compatibility Administrator tool. If you are searching for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. If you are searching for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
**To search for previous fixes**
1. On the Compatibility Administrator toolbar, click **Search**.
@ -48,12 +45,10 @@ The **Query Compatibility Databases** tool provides additional search options. F
## Viewing Your Query Results
Your query results display the affected files, the application location, the application name, the type of compatibility fix, and the custom database that provided the fix.
## Exporting Your Query Results
You can export your search results to a text (.txt) file for later review or archival.
**To export your search results**
@ -63,13 +58,4 @@ You can export your search results to a text (.txt) file for later review or arc
2. Browse to the location where you want to store your search result file, and then click **Save**.
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

10
windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
View File

@ -2,17 +2,17 @@
title: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator (Windows 10)
description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
**Applies to**
- Windows 10
@ -103,7 +103,7 @@ You can use the **Fix Description** tab of the Query tool to add parameters that
## Querying by Using the Advanced Tab
You can use the **Fix Description** tab of the Query tool to add additional SQL Server SELECT and WHERE clauses to your search criteria.
You can use the **Fix Description** tab of the Query tool to add additional SQL Server SELECT and WHERE clauses to your search criteria.
**To query by using the Advanced tab**

26
windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
View File

@ -2,20 +2,19 @@
title: Security and data protection considerations for Windows To Go (Windows 10)
description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
---
# Security and data protection considerations for Windows To Go
**Applies to**
- Windows 10
- Windows 10
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@ -24,38 +23,32 @@ One of the most important requirements to consider when you plan your Windows To
## Backup and restore
When you don't save data on the Windows To Go drive, you don't need for a backup and restore solution for Windows To Go. If you're saving data on the drive and aren't using folder redirection and offline files, you should back up all of your data to a network location such as cloud storage or a network share, after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement.
If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
## BitLocker
We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) can't be used by BitLocker to protect the drive. Instead, you'll be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
**Tip**  
If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
> [!Tip]
> If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
## Disk discovery and data leakage
We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive won't appear in Windows Explorer and an Auto-Play prompt won't be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - "4" to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)).
## Security certifications for Windows To Go
Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution providers specific hardware environment. For more information about Windows security certifications, see the following articles.
Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider's specific hardware environment. For more information about Windows security certifications, see the following articles.
- [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria)
@ -63,7 +56,6 @@ Windows to Go is a core capability of Windows when it's deployed on the drive an
## Related articles
[Windows To Go: feature overview](windows-to-go-overview.md)
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)

30
windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
View File

@ -2,26 +2,25 @@
title: Showing Messages Generated by the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Showing Messages Generated by the SUA Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
@ -38,11 +37,4 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can show th
|**Error Messages**|When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.<p>This command is selected by default.|
|**Warning Messages**|When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.|
|**Information Messages**|When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.|
|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|
 
|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|

25
windows/deployment/planning/sua-users-guide.md
View File

@ -3,26 +3,25 @@ title: SUA User's Guide (Windows 10)
description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
ms.custom: seo-marvel-apr2020
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# SUA User's Guide
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
@ -37,6 +36,4 @@ You can use SUA in either of the following ways:
|Topic|Description|
|--- |--- |
|[Using the SUA wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.|
|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|
|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|

23
windows/deployment/planning/tabs-on-the-sua-tool-interface.md
View File

@ -2,26 +2,25 @@
title: Tabs on the SUA Tool Interface (Windows 10)
description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Tabs on the SUA Tool Interface
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
@ -32,7 +31,7 @@ The following table provides a description of each tab on the user interface for
|App Info|Provides the following information for the selected application:<li>Debugging information<li>Error, warning, and informational messages (if they are enabled)<li>Options for running the application|
|File|Provides information about access to the file system.<p>For example, this tab might show an attempt to write to a file that only administrators can typically access.|
|Registry|Provides information about access to the system registry.<p>For example, this tab might show an attempt to write to a registry key that only administrators can typically access.|
|INI|Provides information about WriteProfile API issues.<p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
|INI|Provides information about WriteProfile API issues.<p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
|Token|Provides information about access-token checking.<p>For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.|
|Privilege|Provides information about permissions.<p>For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.|
|Name Space|Provides information about creation of system objects.<p>For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.|

26
windows/deployment/planning/testing-your-application-mitigation-packages.md
View File

@ -2,32 +2,30 @@
title: Testing Your Application Mitigation Packages (Windows 10)
description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Testing Your Application Mitigation Packages
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.
## Testing Your Application Mitigation Packages
Testing your application mitigation package strategies is an iterative process, whereby the mitigation strategies that prove unsuccessful will need to be revised and retested. The testing process includes a series of tests in the test environment and one or more pilot deployments in the production environment.
**To test your mitigation strategies**
@ -50,7 +48,6 @@ Testing your application mitigation package strategies is an iterative process,
## Reporting the Compatibility Mitigation Status to Stakeholders
After testing your application mitigation package, you must communicate your status to the appropriate stakeholders before deployment begins. We recommend that you perform this communication by using the following status ratings.
- **Resolved application compatibility issues**. This status indicates that the application compatibility issues are resolved and that these applications represent no risk to your environment.
@ -63,7 +60,6 @@ After testing your application mitigation package, you must communicate your sta
## Resolving Outstanding Compatibility Issues
At this point, you probably cannot resolve any unresolved application compatibility issues by automated mitigation methods or by modifying the application. Resolve any outstanding application compatibility issues by using one of the following methods.
- Apply specific compatibility modes, or run the program as an Administrator, by using the Compatibility Administrator tool.
@ -71,8 +67,6 @@ At this point, you probably cannot resolve any unresolved application compatibil
> [!NOTE]
> For more information about using Compatibility Administrator to apply compatibility fixes and compatibility modes, see [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md).
- Run the application in a virtual environment.
Run the application in a version of Windows supported by the application in a virtualized environment. This method ensures application compatibility, because the application is running on a supported operating system.

9
windows/deployment/planning/understanding-and-using-compatibility-fixes.md
View File

@ -2,12 +2,13 @@
title: Understanding and Using Compatibility Fixes (Windows 10)
description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Understanding and Using Compatibility Fixes
@ -38,8 +39,6 @@ Specifically, the process modifies the address of the affected Windows function
>[!NOTE]
>For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API.
## Design Implications of the Compatibility Fix Infrastructure
There are important considerations to keep in mind when determining your application fix strategy, due to certain characteristics of the Compatibility Fix infrastructure.

28
windows/deployment/planning/using-the-compatibility-administrator-tool.md
View File

@ -2,32 +2,30 @@
title: Using the Compatibility Administrator Tool (Windows 10)
description: This section provides information about using the Compatibility Administrator tool.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Using the Compatibility Administrator Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
This section provides information about using the Compatibility Administrator tool.
## In this section
|Topic|Description|
|--- |--- |
|[Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)|The Compatibility Administrator tool provides a way to query your custom-compatibility databases.|
@ -38,8 +36,4 @@ This section provides information about using the Compatibility Administrator to
|[Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)|The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.|
|[Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)|The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.|
|[Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)|You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.|
|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|
|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|

25
windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
View File

@ -2,27 +2,26 @@
title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Using the Sdbinst.exe Command-Line Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2016
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2016
- Windows Server 2012
- Windows Server 2008 R2
Deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations.
@ -67,4 +66,4 @@ The following table describes the available command-line options.
## Related articles
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

33
windows/deployment/planning/using-the-sua-tool.md
View File

@ -2,26 +2,25 @@
title: Using the SUA Tool (Windows 10)
description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Using the SUA Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
@ -33,7 +32,6 @@ In the SUA tool, you can choose to run the application as **Administrator** or a
## Testing an Application by Using the SUA Tool
Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
The following flowchart shows the process of using the SUA tool.
@ -77,13 +75,4 @@ The following flowchart shows the process of using the SUA tool.
[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
 
 
[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)

33
windows/deployment/planning/using-the-sua-wizard.md
View File

@ -2,26 +2,25 @@
title: Using the SUA wizard (Windows 10)
description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
author: frankroj
ms.date: 10/28/2022
ms.topic: article
ms.technology: itpro-deploy
---
# Using the SUA wizard
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.
@ -29,7 +28,6 @@ For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.
## Testing an Application by Using the SUA wizard
Install Application Verifier before you can use the SUA wizard. If Application Verifier isn't installed on the computer that is running the SUA wizard, the SUA wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA wizard.
The following flowchart shows the process of using the SUA wizard.
@ -75,13 +73,4 @@ The following flowchart shows the process of using the SUA wizard.
If the remedies don't fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies don't fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md).
## Related articles
[SUA User's Guide](sua-users-guide.md)
 
 
[SUA User's Guide](sua-users-guide.md)

25
windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
View File

@ -2,40 +2,37 @@
title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Viewing the Events Screen in Compatibility Administrator
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
>[!IMPORTANT]
>The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list.
**To open the Events screen**
**To open the Events screen**
- On the **View** menu, click **Events**.
## Handling Multiple Copies of Compatibility Fixes
Compatibility Administrator enables you to copy your compatibility fixes from one database to another, which can become confusing after adding multiple fixes, compatibility modes, and databases. For example, you can copy a fix called MyFix from Database 1 to Database 2. However, if there is already a fix called MyFix in Database 2, Compatibility Administrator renames the fix as MyFix (1) to avoid duplicate names.
If you open the **Events** screen and then perform the copy operation, you can see a description of the action, along with the time stamp, which enables you to view your fix information without confusion.

33
windows/deployment/planning/windows-10-compatibility.md
View File

@ -1,41 +1,40 @@
---
title: Windows 10 compatibility (Windows 10)
description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Windows 10 compatibility
**Applies to**
- Windows 10
- Windows 10
Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Those applications that interface with Windows at a low level, those applications that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](/internet-explorer/ie11-deploy-guide/)
For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](/internet-explorer/ie11-deploy-guide/)
## Recommended application testing process
Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level:
Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level:
- Identify mission-critical applications and websites, those applications and websites that are essential to the organization's operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
- Identify mission-critical applications and websites, those applications and websites that are essential to the organizations operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
- For less critical applications, apply an “internal flighting” or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
- For less critical applications, apply an "internal flighting" or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
## Related articles
@ -44,8 +43,4 @@ Historically, organizations have performed extensive, and often exhaustive, test
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
 
 
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)

44
windows/deployment/planning/windows-10-deployment-considerations.md
View File

@ -1,32 +1,32 @@
---
title: Windows 10 deployment considerations (Windows 10)
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Windows 10 deployment considerations
**Applies to**
- Windows 10
- Windows 10
There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
For many years, organizations have deployed new versions of Windows using a wipe and load deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
For many years, organizations have deployed new versions of Windows using a "wipe and load" deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
Windows 10 also introduces two additional scenarios that organizations should consider:
Windows 10 also introduces two additional scenarios that organizations should consider:
- **In-place upgrade**, which provides a simple, automated process that leverages the Windows setup process to automatically upgrade from an earlier version of Windows. This process automatically migrates existing data, settings, drivers, and applications.
- **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
- **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
Both of these scenarios eliminate the image creation process altogether, which can greatly simplify the deployment process.
@ -35,33 +35,32 @@ Windows 10 also introduces two additional scenarios that organizations should c
| Consider ... | For these scenarios |
|---|---|
| In-place upgrade | - When you want to keep all (or at least most) existing applications<br/>- When you do not plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)<br/>- To migrate from Windows 10 to a later Windows 10 release |
| Traditional wipe-and-load | - When you upgrade significant numbers of applications along with the new Windows OS<br/>- When you make significant device or operating system configuration changes<br/>- When you start clean. For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs<br/>- When you migrate from Windows Vista or other previous operating system versions |
| Dynamic provisioning | - For new devices, especially in choose your own device scenarios when simple configuration (not reimaging) is all that is required. <br/>- When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps |
| Traditional wipe-and-load | - When you upgrade significant numbers of applications along with the new Windows OS<br/>- When you make significant device or operating system configuration changes<br/>- When you "start clean". For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs<br/>- When you migrate from Windows Vista or other previous operating system versions |
| Dynamic provisioning | - For new devices, especially in "choose your own device" scenarios when simple configuration (not reimaging) is all that is required. <br/>- When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps |
## Migration from previous Windows versions
For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
For PCs running operating systems older than Windows 7, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
For organizations that did not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
For organizations that did not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
## Setting up new computers
For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
- **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their work or school account within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
- **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their "work or school account" within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
- **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
In either of these scenarios, you can make a variety of configuration changes to the PC:
- Transform the edition (SKU) of Windows 10 that is in use.
- Transform the edition (SKU) of Windows 10 that is in use.
- Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
- Install apps, language packs, and updates.
- Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
@ -81,10 +80,5 @@ The upgrade process is also optimized to reduce the overall time and network ban
## Related topics
[Windows 10 compatibility](windows-10-compatibility.md)<br>
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
 
 
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)

14
windows/deployment/planning/windows-10-deprecated-features.md
View File

@ -1,20 +1,20 @@
---
title: Deprecated features in Windows client
description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
ms.date: 07/21/2022
ms.date: 10/28/2022
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.reviewer:
ms.topic: article
---
# Deprecated features for Windows client
_Applies to:_
**Applies to**
- Windows 10
- Windows 11
@ -72,11 +72,11 @@ The features in this article are no longer being actively developed, and might b
|Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
|Trusted Platform Module (TPM): TPM.msc and TPM Remote Management | To be replaced by a new user interface in a future release. | 1709 |
|Trusted Platform Module (TPM) Remote Management |This functionality within TPM.msc will be migrated to a new user interface. | 1709 |
|Windows Hello for Business deployment that uses Microsoft Endpoint Manager |Windows Server 2016 Active Directory Federation Services - Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
|Windows Hello for Business deployment that uses Microsoft Configuration Manager |Windows Server 2016 Active Directory Federation Services - Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
|Windows PowerShell 2.0 | Applications and components should be migrated to PowerShell 5.0+. | 1709 |
|Apndatabase.xml | Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This replacement includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | 1703 |
|Tile Data Layer | The [Tile Data Layer](/windows/configuration/start-layout-troubleshoot#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 |
|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
|IPsec Task Offload| [IPsec Task Offload](/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and shouldn't be used. | 1703 |
|`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019.|
|`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019.|

18
windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
View File

@ -7,11 +7,11 @@ metadata:
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
ms.date: 05/12/2022
ms.date: 10/28/2022
ms.reviewer:
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: itpro
ms.topic: faq
title: 'Windows 10 Enterprise: FAQ for IT professionals'
@ -49,7 +49,7 @@ sections:
For many devices, drivers will be automatically installed in Windows 10 and there will be no need for further action.
- For some devices, Windows 10 may be unable to install drivers that are required for operation. If your device drivers aren't automatically installed, visit the manufacturer's support website for your device to download and manually install the drivers. If Windows 10 drivers aren't available, the most up-to-date drivers for Windows 8.1 will often work in Windows 10.
- For some devices, the manufacturer may provide more up-to-date drivers or drivers that enable more functionality than the drivers installed by Windows 10. Always follow the recommendations of the device manufacturer for optimal performance and stability.
- Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
- Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
- [HP driver pack](https://www.hp.com/us-en/solutions/client-management-solutions/drivers-pack.html)
- [Dell driver packs for enterprise client OS deployment](https://www.dell.com/support/kbdoc/en-us/000124139/dell-command-deploy-driver-packs-for-enterprise-client-os-deployment)
- [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/solutions/ht074984)
@ -70,9 +70,9 @@ sections:
- question: |
Which deployment tools support Windows 10?
answer: |
Updated versions of Microsoft deployment tools, including Microsoft Endpoint Configuration Manager, MDT, and the Windows Assessment and Deployment Kit (Windows ADK) support Windows 10.
Updated versions of Microsoft deployment tools, including Microsoft Configuration Manager, MDT, and the Windows Assessment and Deployment Kit (Windows ADK) support Windows 10.
- [Microsoft Endpoint Configuration Manager](/mem/configmgr) simplifies the deployment and management of Windows 10. If you aren't currently using it, download a free 180-day trial of [Microsoft Endpoint Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager).
- [Microsoft Configuration Manager](/mem/configmgr) simplifies the deployment and management of Windows 10. If you aren't currently using it, download a free 180-day trial of [Microsoft Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager).
- [MDT](/mem/configmgr/mdt) is a collection of tools, processes, and guidance for automating desktop and server deployment.
@ -81,7 +81,7 @@ sections:
- question: |
Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
answer: |
Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
- question: |
Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
@ -114,7 +114,7 @@ sections:
- Windows Update
- Windows Update for Business
- Windows Server Update Services
- Microsoft Endpoint Configuration Manager
- Microsoft Configuration Manager
For more information, see [Servicing Tools](../update/waas-overview.md#servicing-tools).

62
windows/deployment/planning/windows-10-infrastructure-requirements.md
View File

@ -2,27 +2,27 @@
title: Windows 10 infrastructure requirements (Windows 10)
description: Review the infrastructure requirements for deployment and management of Windows 10, prior to significant Windows 10 deployments within your organization.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.date: 10/28/2022
---
# Windows 10 infrastructure requirements
**Applies to**
- Windows 10
- Windows 10
There are specific infrastructure requirements that should be in place for the deployment and management of Windows 10. Fulfill these requirements before any Windows 10-related deployments take place.
There are specific infrastructure requirements that should be in place for the deployment and management of Windows 10. Fulfill these requirements before any Windows 10-related deployments take place.
## High-level requirements
For initial Windows 10 deployments, and for subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage.
For initial Windows 10 deployments, and for subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to use local server storage.
For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.)
@ -30,21 +30,21 @@ For persistent VDI environments, carefully consider the I/O impact from upgradin
The latest version of the Windows Assessment and Deployment Toolkit (ADK) is available for download [here](/windows-hardware/get-started/adk-install).
Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which use the Windows Imaging and Configuration Designer (Windows ICD). There's also updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
The latest version of the Microsoft Deployment Toolkit (MDT) is available for download [here](/mem/configmgr/mdt/release-notes).
For Configuration Manager, Windows 10 version specific support is offered with [various releases](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
For Configuration Manager, Windows 10 version specific support is offered with [various releases](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
For more details about Microsoft Endpoint Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
For more information about Microsoft Configuration Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
## Management tools
In addition to Microsoft Endpoint Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) to update the ADMX files stored in that central store.
In addition to Microsoft Configuration Manager, Windows 10 also uses other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you're using a central policy store, follow the steps outlined [here](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) to update the ADMX files stored in that central store.
No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these schema updates to support new features.
Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows:
Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows:
| Product | Required version |
|----------------------------------------------------------|--------------------------|
@ -56,50 +56,46 @@ Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 
For more information, see the [MDOP TechCenter](/microsoft-desktop-optimization-pack/).
For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](/windows/client-management/mdm/) for more information.
For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10. New Windows 10 MDM settings and capabilities will require updates to the MDM services. For more information, see [Mobile device management](/windows/client-management/mdm/).
Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
Windows Server Update Services (WSUS) requires some more configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
1. Select the **Options** node, and then click **Products and Classifications**.
2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**.
1. Select the **Options** node, and then select **Products and Classifications**.
2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Select **OK**.
3. From the **Synchronizations** node, right-click and choose **Synchronize Now**.
![figure 1.](images/fig4-wsuslist.png)
WSUS product list with Windows 10 choices
WSUS product list with Windows 10 choices
Because Windows 10 updates are cumulative in nature, each months new update will supersede the previous month's update. Consider using express installation packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)) for more information.
Because Windows 10 updates are cumulative in nature, each month's new update will supersede the previous month's update. Consider using "express installation" packages to reduce the size of the payload that needs to be sent to each PC each month. For more information, see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)).
> [!NOTE]
> The usage of "express installation" packages will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.
## Activation
Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
| Product | Required update |
|----------------------------------------|---------------------------------------------------------------------------------------------|
| Windows 10 | None |
| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) |
| Windows 10 | None |
| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) |
Also see: [Windows Server 2016 Volume Activation Tips](/archive/blogs/askcore/windows-server-2016-volume-activation-tips)
Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation). These keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.)
- For KMS keys, select **Licenses** and then select **Relationship Summary**. Select the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
- For MAK keys, select **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Select the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys won't work on Windows servers running KMS.)
Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
## Related articles
[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)<br>
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)<br>
[Windows 10 compatibility](windows-10-compatibility.md)<br>
 
 
[Windows 10 compatibility](windows-10-compatibility.md)<br>

13
windows/deployment/planning/windows-10-removed-features.md
View File

@ -3,17 +3,18 @@ title: Features and functionality removed in Windows client
description: In this article, learn about the features and functionality that have been removed or replaced in Windows client.
ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.technology: itpro-fundamentals
ms.date: 10/28/2022
---
# Features and functionality removed in Windows client
_Applies to:_
**Applies to**
- Windows 10
- Windows 11
@ -52,7 +53,7 @@ The following features and functionalities have been removed from the installed
|Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or HoloLens with the Mixed Reality Viewer.| 1809 |
|limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| 1809 |
|Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| 1809 |
|Future updates through [Windows Embedded Developer Update](/previous-versions/windows/embedded/ff770079(v=winembedded.60)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|Were no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
|Future updates through [Windows Embedded Developer Update](/previous-versions/windows/embedded/ff770079(v=winembedded.60)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We're no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
|People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| 1803 |
|Language control in the Control Panel| Use the Settings app to change your language settings.| 1803 |
@ -75,4 +76,4 @@ The following features and functionalities have been removed from the installed
|Microsoft Paint | This application won't be available for languages that aren't on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |
|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |

65
windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
View File

@ -4,9 +4,9 @@ metadata:
description: Though Windows To Go is no longer being developed, these frequently asked questions (FAQ) can provide answers about the feature.
ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e
ms.reviewer:
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: frankroj
ms.author: frankroj
manager: aaroncz
keywords: FAQ, mobile, device, USB
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,11 +14,12 @@ metadata:
ms.sitesec: library
audience: itpro
ms.topic: faq
ms.date: 10/28/2022
title: 'Windows To Go: frequently asked questions'
summary: |
**Applies to**
- Windows 10
- Windows 10
> [!IMPORTANT]
> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@ -114,12 +115,12 @@ sections:
- question: |
What is Windows To Go?
answer: |
Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
- question: |
Does Windows To Go rely on virtualization?
answer: |
No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
- question: |
Who should use Windows To Go?
@ -133,9 +134,9 @@ sections:
- A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware)
- A Windows 10 Enterprise or Windows 10 Education image
- A Windows 10 Enterprise or Windows 10 Education image
- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you're creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
@ -147,7 +148,7 @@ sections:
- question: |
Is Windows To Go supported on USB 2.0 and USB 3.0 ports?
answer: |
Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
- question: |
How do I identify a USB 3.0 port?
@ -162,22 +163,22 @@ sections:
- question: |
Can the user self-provision Windows To Go?
answer: |
Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
- question: |
How can Windows To Go be managed in an organization?
answer: |
Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Endpoint Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
- question: |
How do I make my computer boot from USB?
answer: |
For host computers running Windows 10
For host computers running Windows 10
- Using Cortana, search for **Windows To Go startup options**, and then press Enter.
- In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
For host computers running Windows 8 or Windows 8.1:
For host computers running Windows 8 or Windows 8.1:
Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter.
@ -198,7 +199,7 @@ sections:
For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
**Warning**  
**Warning**
Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
@ -206,7 +207,7 @@ sections:
- question: |
Why isn't my computer booting from USB?
answer: |
Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device.
@ -221,7 +222,7 @@ sections:
answer: |
If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive isn't reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds.
**Warning**  
**Warning**
You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive.
@ -229,7 +230,7 @@ sections:
- question: |
Can I use BitLocker to protect my Windows To Go drive?
answer: |
Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
- question: |
Why can't I enable BitLocker from Windows To Go Creator?
@ -265,12 +266,12 @@ sections:
- question: |
Does Windows To Go support crash dump analysis?
answer: |
Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
- question: |
Do "Windows To Go Startup Options" work with dual boot computers?
answer: |
Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
If you have configured a dual boot computer with a Windows operating system and another operating system, it might work occasionally and fail occasionally. Using this configuration is unsupported.
@ -279,7 +280,7 @@ sections:
answer: |
Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That's why you can't see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter.
**Warning**  
**Warning**
It's strongly recommended that you don't plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised.
@ -289,8 +290,8 @@ sections:
answer: |
Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you're booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive.
**Warning**  
It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
**Warning**
It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
@ -307,7 +308,7 @@ sections:
- question: |
Does Windows To Go work with ARM processors?
answer: |
No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
- question: |
Can I synchronize data from Windows To Go with my other computer?
@ -332,7 +333,7 @@ sections:
- question: |
Can I use all my applications on Windows To Go?
answer: |
Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
- question: |
Does Windows To Go work slower than standard Windows?
@ -347,14 +348,14 @@ sections:
- question: |
Can I boot Windows To Go on a Mac?
answer: |
We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
- question: |
Are there any APIs that allow applications to identify a Windows To Go workspace?
answer: |
Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true, it means that the operating system was booted from an external USB device.
Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
For more information, see the MSDN article on the [Win32\_OperatingSystem class](/windows/win32/cimwin32prov/win32-operatingsystem).
@ -371,17 +372,17 @@ sections:
- question: |
Why won't Windows To Go work on a computer running Windows XP or Windows Vista?
answer: |
Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
- question: |
Why does the operating system on the host computer matter?
answer: |
It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
- question: |
My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
answer: |
The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
You can reset the BitLocker system measurements to incorporate the new boot order using the following steps:
@ -404,7 +405,7 @@ sections:
The host computer will now be able to be booted from a USB drive without triggering recovery mode.
> [!NOTE]
> The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
> The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
@ -429,7 +430,7 @@ sections:
- question: |
Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?
answer: |
One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
In certain cases, third-party drivers for different hardware models or versions can reuse device ID's, driver file names, registry keys (or any other operating system constructs that don't support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver.

33
windows/deployment/planning/windows-to-go-overview.md
View File

@ -2,19 +2,19 @@
title: Windows To Go feature overview (Windows 10)
description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: aczechowski
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
ms.collection:
- highpri
ms.date: 10/28/2022
---
# Windows To Go: feature overview
**Applies to**
- Windows 10
@ -24,12 +24,15 @@ ms.collection:
Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif)
- [Roaming with Windows To Go](#bkmk-wtgroam)
- [Prepare for Windows To Go](#wtg-prep-intro)
- [Hardware considerations for Windows To Go](#wtg-hardware)
- [Windows To Go: feature overview](#windows-to-go-feature-overview)
- [<a href="" id="bkmk-wtgdif"></a>Differences between Windows To Go and a typical installation of Windows](#differences-between-windows-to-go-and-a-typical-installation-of-windows)
- [<a href="" id="bkmk-wtgroam"></a>Roaming with Windows To Go](#roaming-with-windows-to-go)
- [<a href="" id="wtg-prep-intro"></a>Prepare for Windows To Go](#prepare-for-windows-to-go)
- [<a href="" id="wtg-hardware"></a>Hardware considerations for Windows To Go](#hardware-considerations-for-windows-to-go)
- [Additional resources](#additional-resources)
- [Related topics](#related-topics)
> [!NOTE]
> Windows To Go is not supported on Windows RT.
@ -38,12 +41,12 @@ PCs that meet the Windows 7 or later [certification requirements](/previous-vers
Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are:
- **Internal disks are offline.** To ensure data isnt accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer.
- **Internal disks are offline.** To ensure data isn't accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer.
- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturers standard for the computer doesnt apply when running a Windows To Go workspace, so the feature was disabled.
- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer's standard for the computer doesn't apply when running a Windows To Go workspace, so the feature was disabled.
- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
## <a href="" id="bkmk-wtgroam"></a>Roaming with Windows To Go
@ -53,7 +56,7 @@ The applications that you want to use from the Windows To Go workspace should be
## <a href="" id="wtg-prep-intro"></a>Prepare for Windows To Go
Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Endpoint Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) to review deployment tools available.
@ -120,7 +123,7 @@ As of the date of publication, the following are the USB drives currently certif
- Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
**For host computers**
@ -167,4 +170,4 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your Wi
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)

20
windows/deployment/s-mode.md
View File

@ -3,11 +3,13 @@ title: Windows 10 Pro in S mode
description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
ms.localizationpriority: high
ms.prod: windows-client
manager: dougeby
author: aczechowski
ms.author: aaroncz
manager: aaroncz
author: frankroj
ms.author: frankroj
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.date: 10/31/2022
ms.technology: itpro-deploy
---
# Windows 10 in S mode - What is it?
@ -20,22 +22,21 @@ S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update
**Microsoft-verified security**
With Windows 10 in S mode, youll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where theyre Microsoft-verified for security. You can also feel secure when youre online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware.
With Windows 10 in S mode, you'll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they're Microsoft-verified for security. You can also feel secure when you're online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware.
**Performance that lasts**
Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, youll enjoy a smooth, responsive experience, whether youre streaming HD video, opening apps, or being productive on the go.
Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you'll enjoy a smooth, responsive experience, whether you're streaming HD video, opening apps, or being productive on the go.
**Choice and flexibility**
Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you dont find exactly what you want, you can easily [switch out of S mode](./windows-10-pro-in-s-mode.md) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don't find exactly what you want, you can easily [switch out of S mode](./windows-10-pro-in-s-mode.md) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
![Switching out of S mode flow chart.](images/s-mode-flow-chart.png)
## Deployment
Windows 10 in S mode is built for [modern management](/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Autopilot](/mem/autopilot/windows-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired.
Windows 10 in S mode is built for [modern management](/windows/client-management/manage-windows-10-in-your-organization-modern-management), which means using [Windows Autopilot](/mem/autopilot/windows-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired.
## Keep line of business apps functioning with Desktop Bridge
@ -43,8 +44,7 @@ Worried about your line of business apps not working in S mode? [Desktop Bridge]
## Repackage Win32 apps into the MSIX format
The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your device and upload to the Microsoft Store. This is another way to get your apps ready to run on Windows 10 in S mode.
The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through the MSIX Packaging Tool interactively and obtain an MSIX package that you can install on your device and upload to the Microsoft Store. The MSIX Packaging Tool is another way to get your apps ready to run on Windows 10 in S mode.
## Related links

2
windows/deployment/update/PSFxWhitepaper.md
View File

@ -68,7 +68,7 @@ numerous advantages:
Historically, download sizes of Windows 10 quality updates (Windows 10, version 1803 and older supported versions of Windows 10) are optimized by using express download. Express download is optimized such that updating Windows 10 systems will download the minimum number of bytes. This is achieved by generating differentials for every updated file based on selected historical base revisions of the same file + its base or RTM version.
For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
The flip side of express download is that the size of PSF files can be very large depending on the number of historical baselines against which differentials were calculated. Downloading and caching large PSF files to on-premises or remote update distribution servers is problematic for most organizations, hence they are unable to leverage express updates to keep their fleet of devices running Windows 10 up to date. Secondly, due to the complexity of generating differentials and size of the express files that need to be cached on update distribution servers, it is only feasible to generate express download files for the most common baselines, thus express updates are only applicable to selected baselines. Finally, calculation of optimal differentials is expensive in terms of system memory utilization, especially for low-cost systems, impacting their ability to download and apply an update seamlessly.

34
windows/deployment/update/create-deployment-plan.md
View File

@ -20,7 +20,7 @@ ms.technology: itpro-updates
A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. Weve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method to separate devices into a deployment timeline.
When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. Weve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
At the highest level, each “ring” comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
@ -39,7 +39,7 @@ A common ring structure uses three deployment groups:
## How many rings should I have?
There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large organization, you might want to consider assigning devices to rings based on geographic location or the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large organization, you might want to consider assigning devices to rings based on geographic location. Or assign based on the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
## Advancing between rings
@ -60,17 +60,17 @@ The purpose of the Preview ring is to evaluate the new features of the update. I
### Who goes in the Preview ring?
The Preview ring users are the most tech savvy and resilient people, who will not lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
The Preview ring users are the most tech savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
During your plan and prepare phases, you should focus on the following activities:
- Work with Windows Insider Preview builds.
- Identify the features and functionality your organization can or wants to use.
- Establish who will use the features and how they will benefit.
- Understand why you are putting out the update.
- Establish who will use the features and how they'll benefit.
- Understand why you're putting out the update.
- Plan for usage feedback.
Remember, you are working with pre-release software in the Preview ring and you will be evaluating features and testing the update for a targeted release.
Remember, you're working with pre-release software in the Preview ring and you'll be evaluating features and testing the update for a targeted release.
> [!IMPORTANT]
> If you are using Windows Insider (pre-release) releases for your preview ring and you are using WSUS or Windows Update for Business, be sure to set the following policies to allow for Preview builds:
@ -80,11 +80,11 @@ Remember, you are working with pre-release software in the Preview ring and you
## Limited ring
The purpose of the Limited ring is to validate the update on representative devices across the network. During this period, data, and feedback are generated to enable the decision to move forward to broader deployment. Desktop
Analytics can help with defining a good Limited ring of representative devices and assist in monitoring the deployment.
Analytics can help with defining a good Limited ring of representative devices and help monitor the deployment.
### Who goes in the Limited ring?
The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented, and it's important that the people selected for this ring are using their devices regularly in order to generate the data you will need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually dont have the applications or device drivers that are truly a representative sample of your network.
The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually dont have the applications or device drivers that are truly a representative sample of your network.
During your pilot and validate phases, you should focus on the following activities:
@ -93,7 +93,7 @@ During your pilot and validate phases, you should focus on the following activit
- Assess and act if issues are encountered.
- Move forward unless blocked.
When you deploy to the Limited ring, youll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring, because your Limited ring represents your organization across the board, and when you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
When you deploy to the Limited ring, youll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring. Your Limited ring represents your organization across the board. When you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
## Broad deployment
@ -101,7 +101,7 @@ Once the devices in the Limited ring have had a sufficient stabilization period,
### Who goes in the Broad deployment ring?
In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision) broad deployment can occur relatively quickly.
In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision), a broad deployment can occur relatively quickly.
> [!NOTE]
> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission critical-devices.
@ -109,19 +109,19 @@ In most businesses, the Broad ring includes the rest of your organization. Becau
During the broad deployment phase, you should focus on the following activities:
- Deploy to all devices in the organization.
- Work through any final unusual issues that were not detected in your Limited ring.
- Work through any final unusual issues that weren't detected in your Limited ring.
## Ring deployment planning
Previously, we have provided methods for analyzing your deployments, but these have been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We have combined many of these tasks, and more, into a single interface with Desktop Analytics.
Previously, we have provided methods for analyzing your deployments, but these have been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We've combined many of these tasks, and more, into a single interface with Desktop Analytics.
[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Microsoft Endpoint Manager](/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Configuration Manager](/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
make informed decisions about the readiness of your Windows devices.
In Windows client deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Microsoft Endpoint Manager can help you assess app compatibility with the latest
feature update and create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
In Windows client deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Configuration Manager can help you assess app compatibility with the latest
feature update. You can create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
> [!IMPORTANT]
> Desktop Analytics does not support preview (Windows Insider) builds; use Configuration Manager to deploy to your Preview ring. As noted previously, the Preview ring is a small group of devices represents your ecosystem very well in terms of app, driver, and hardware diversity.
@ -130,8 +130,8 @@ feature update and create groups that represent the broadest number of hardware
There are two ways to implement a ring deployment plan, depending on how you manage your devices:
- If you are using Configuration Manager: Desktop Analytics provides end-to-end deployment plan integration so that you can also kick off phased deployments within a ring. Learn more about [deployment plans in Desktop Analytics](/mem/configmgr/desktop-analytics/about-deployment-plans).
- If you are using Microsoft Intune, see [Create deployment plans directly in Intune](/mem/intune/fundamentals/planning-guide).
- If you're using Configuration Manager: Desktop Analytics provides end-to-end deployment plan integration so that you can also kick off phased deployments within a ring. Learn more about [deployment plans in Desktop Analytics](/mem/configmgr/desktop-analytics/about-deployment-plans).
- If you're using Microsoft Intune, see [Create deployment plans directly in Intune](/mem/intune/fundamentals/planning-guide).
For more about Desktop Analytics, see these articles:

2
windows/deployment/update/deploy-updates-configmgr.md
View File

@ -18,4 +18,4 @@ ms.technology: itpro-updates
- Windows 10
- Windows 11
See the Microsoft Endpoint Manager [documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.
See the [Microsoft Configuration Manager documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.

22
windows/deployment/update/deployment-service-overview.md
View File

@ -44,16 +44,16 @@ Windows Update for Business comprises three elements:
- Deployment service APIs to approve and schedule specific updates available through the Microsoft Graph and associated SDKs (including PowerShell)
- Update Compliance to monitor update deployment available through the Azure Marketplace
Unlike existing client policy, the deployment service does not interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro.
Unlike existing client policy, the deployment service doesn't interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro.
:::image type="content" source="media/wufbds-interaction-small.png" alt-text="Process described in following text.":::
Using the deployment service typically follows a common pattern:
1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Endpoint Manager.
1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Intune.
2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service.
3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.
The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager.
The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Intune.
## Prerequisites
@ -78,9 +78,9 @@ Additionally, your organization must have one of the following subscriptions:
To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application.
### Using Microsoft Endpoint Manager
### Using Microsoft Intune
Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
Intune integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
### Scripting common actions using PowerShell
@ -92,7 +92,7 @@ Microsoft Graph makes deployment service APIs available through. Get started wit
- Learning path: [Microsoft Graph Fundamentals](/training/paths/m365-msgraph-fundamentals/)
- Learning path: [Build apps with Microsoft Graph](/training/paths/m365-msgraph-associate/)
Once you are familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more.
Once you're familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more.
## Deployment protections
@ -107,9 +107,9 @@ The deployment service allows any update to be deployed over a period of days or
3. Start deploying to earlier waves to build coverage of device attributes present in the population.
4. Continue deploying at a uniform rate until all waves are complete and all devices are updated.
This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service does not provide a workflow for creating rings themselves.
This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service doesn't provide a workflow for creating rings themselves.
You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring.
You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and other protections within each ring.
### Safeguard holds against likely and known issues
@ -139,9 +139,9 @@ To enroll devices in Windows Update for Business cloud processing, set the **All
| GPO for Windows 10, version 1809 or later: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow WUfB Cloud Processing** | `\Policies\Microsoft\Windows\DataCollection\AllowWUfBCloudProcessing` |
| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | `\Microsoft\PolicyManager\current\device\System\AllowWUfBCloudProcessing` |
Following is an example of setting the policy using Microsoft Endpoint Manager:
Following is an example of setting the policy using Intune:
1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
1. Sign in to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** > **Configuration profiles** > **Create profile**.
@ -175,7 +175,7 @@ Follow these suggestions for the best results with the service.
### General
Avoid using different channels to manage the same resources. If you use Microsoft Endpoint Manager along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
Avoid using different channels to manage the same resources. If you use Microsoft Intune along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
## Next steps

2
windows/deployment/update/get-started-updates-channels-tools.md
View File

@ -44,7 +44,7 @@ We include information here about many different update types you'll hear about,
There are three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
### General Availability Channel

22
windows/deployment/update/includes/update-compliance-admin-center-permissions.md
View File

@ -1,22 +0,0 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-enable.md and the update/update-status-admin-center.md articles. Headings may be driven by article context. -->
[Enabling Update Compliance](../update-compliance-v2-enable.md) requires access to the [Microsoft admin center software updates (preview) page](../update-status-admin-center.md) as does displaying Update Compliance data in the admin center. The following permissions are needed for access to the [Microsoft 365 admin center](https://admin.microsoft.com):
- To enable Update Compliance, edit Update Compliance configuration settings, and view the **Windows** tab in the **Software Updates** page:
- [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
- To view the **Windows** tab in the **Software Updates** page:
- [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
> [!NOTE]
> These permissions for the Microsoft 365 admin center apply specifically to the **Windows** tab of the **Software Updates** page. For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status).

23
windows/deployment/update/includes/update-compliance-onboard-admin-center.md
View File

@ -1,23 +0,0 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-enable.md and the update/update-status-admin-center.md articles. Headings are driven by article context. -->
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
1. In the **Software Updates** page, select the **Windows** tab.
1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](../update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance:
- The Azure subscription
- The Log Analytics workspace
1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**.
1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts.
> [!Tip]
> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).

21
windows/deployment/update/includes/wufb-reports-admin-center-permissions.md Normal file
View File

@ -0,0 +1,21 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/wufb-reports-enable.md and the update/wufb-reports-admin-center.md articles. Headings may be driven by article context. -->
To enroll into Windows Update for Business reports, edit configuration settings, display and edit the workbook, and view the **Windows** tab in the **Software Updates** page from the [Microsoft 365 admin center](https://admin.microsoft.com) use one of the following roles:
- [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
- [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator)
- This role allows enrollment through the [workbook](../wufb-reports-enable.md#bkmk_enroll-workbook) but not the Microsoft 365 admin center
To display the workbook and view the **Windows** tab in the **Software Updates** page [Microsoft 365 admin center](https://admin.microsoft.com) use the following role:
- [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)

4
windows/deployment/update/includes/update-compliance-endpoints.md → windows/deployment/update/includes/wufb-reports-endpoints.md
View File

@ -8,13 +8,13 @@ ms.topic: include
ms.date: 04/06/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-prerequisites.md and the update/update-compliance-configuration-manual.md articles. Headings are driven by article context. -->
<!--This file is shared by updates/wufb-reports-prerequisites.md and the update/update-compliance-configuration-manual.md articles. Headings are driven by article context. -->
Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data:
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Update Compliance. |
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Windows Update for Business reports. |
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
| `https://adl.windows.com` | Required for Windows Update functionality. |

23
windows/deployment/update/includes/wufb-reports-onboard-admin-center.md Normal file
View File

@ -0,0 +1,23 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/wufb-reports-enable.md and the update/wufb-reports-admin-center.md articles. Headings are driven by article context. -->
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
- If you don't see an entry for **Software updates** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).
1. In the **Software Updates** page, select the **Windows** tab.
1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Windows Update for Business reports](../wufb-reports-overview.md). Verify or supply the following information about the settings for Windows Update for Business reports:
- The Azure subscription
- The Log Analytics workspace
1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Windows Update for Business reports data**.
1. After the initial setup is complete, the **Windows** tab will display your Windows Update for Business reports data in the charts.
> [!Note]
> The device counts in the **Windows** tab may vary from the **Microsoft 365 Apps** tab since their requirements are different.

14
windows/deployment/update/includes/wufb-reports-recommend.md Normal file
View File

@ -0,0 +1,14 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 11/04/2022
ms.localizationpriority: medium
---
<!--This file is shared by all Update Compliance v1 articles. -->
> [!Important]
> If you're using Update Compliance, it's highly recommended that you start transitioning to Windows Update for Business reports. For more information, see [Windows Update for Business reports overview](..\wufb-reports-overview.md).

4
windows/deployment/update/includes/update-compliance-script-error-codes.md → windows/deployment/update/includes/wufb-reports-script-error-codes.md
View File

@ -8,7 +8,7 @@ ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context. -->
<!--This file is shared by updates/wufb-reports-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context. -->
|Error |Description |
|---------|---------|
| 1 | General unexpected error|
@ -58,5 +58,5 @@ ms.localizationpriority: medium
| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
| 99 | Device isn't Windows 10.|
| 100 | Device must be AADJ or hybrid AADJ to use Update Compliance |
| 100 | Device must be AADJ or hybrid AADJ to use Windows Update for Business reports or Update Compliance |
| 101 | Check AADJ failed with unexpected exception |

6
windows/deployment/update/includes/update-compliance-verify-device-configuration.md → windows/deployment/update/includes/wufb-reports-verify-device-configuration.md
View File

@ -8,7 +8,7 @@ ms.topic: include
ms.date: 08/10/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-help.md and the update/update-compliance-v2-configuration-script.md articles. Headings are driven by article context. -->
<!--This file is shared by updates/wufb-reports-help.md and the update/wufb-reports-configuration-script.md articles. Headings are driven by article context. -->
In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
@ -35,9 +35,9 @@ In some cases, you may need to manually verify the device configuration has the
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
- The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for the [preview version of Updates Compliance](../update-compliance-v2-overview.md), but the value may still be listed in this field.
- The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for [Windows Update for Business reports](../wufb-reports-overview.md), but the value may still be listed in this field.
- The **MSP** field value under **protocol** should be either `16` or `18`.
- If you need to send this data to Microsoft Support, select **Export data**.
:::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="../media/update-compliance-diagnostic-data-viewer.png" lightbox="../media/update-compliance-diagnostic-data-viewer.png":::
:::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="../media/wufb-reports-diagnostic-data-viewer.png" lightbox="../media/wufb-reports-diagnostic-data-viewer.png":::

10
windows/deployment/update/index.md
View File

@ -20,14 +20,14 @@ ms.technology: itpro-updates
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them.
Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly. It spreads out the required effort into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them.
## In this section
| Topic | Description|
| Article | Description|
| --- | --- |
| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the servicing model for Windows client. |
| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
@ -37,10 +37,10 @@ Windows as a service provides a new way to think about building, deploying, and
| [Optimize update delivery](../do/waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
| [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. |
| [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. |
| [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates. |
| [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates. |
| [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. |
| [Manage additional Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
| [Manage more Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
| [Windows Insider Program for Business](/windows-insider/business/register) | Explains how the Windows Insider Program for Business works and how to become an insider. |
>[!TIP]
>For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Endpoint Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.
>For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.

BIN
windows/deployment/update/media/33771278-update-compliance-workbook-summary.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 372 KiB

Some files were not shown because too many files have changed in this diff Show More