deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md
DocsPreview ce500fde9b
Latest updates for issues content (#379) 
* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* updates for new vdi stuff

* Adding important note to solve #3493

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Typo "&lt;"→"<", "&gt;"→">"

https://docs.microsoft.com/en-us/windows/application-management/manage-windows-mixed-reality

* Issue #2297

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Clarification

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* update troubleshoot-np.md

* update configure-endpoints-gp.md

* Removing a part which is not supported

* Name change

* update troubleshoot-np.md

* removed on-premises added -hello

* Added link into Domain controller guide

* Line corections

* corrected formatting of xml code samples

When viewing the page in Win 10/Edge, the xml code samples stretched across the page, running into the side menu. The lack of line breaks also made it hard to read.

This update adds line breaks and syntax highlighting, replaces curly double quotes with standard double quotes, and adds a closing tag for <appv:appconnectiongroup>for each code sample

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* corrected formating of XML examples

The XML samples here present the same formatting problems as in about-the-connection-group-file51.md (see https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847/)

Perhaps we should open an issue to see if we have more versions of this code sample in the docs

* corrected formatting of XML example section

In the XML example on this page, the whitespace had been stripped out, so there were no spaces between adjacent attribute values or keys.

This made it hard to read, though the original formatting allowed for a scroll bar, so the text was not running into the side of the page (compare to https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847 and https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3850, where the uncorrected formatting forced the text to run into the side menu).

* update configure-endpoints-gp.md

* Fixed error in registry path and improved description

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Removing extra line in 25 

Suggested by

* update windows-analytics-azure-portal.md

* re: broken links, credential-guard-considerations

Context:
* #3513, MVA is being retired and producing broken links
* #3860 Microsoft Virtual Academy video links

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as I could not find a similar video available describing which credentials are covered by credential guard.

I replaced the second link with a video containing similar material, though it is not a "deep dive".

Suggestions on handling this problem, as many pages contain similar links, would be appreciated,.

* removed link to retired video re: #3867

Context:
* #3513, MVA is being retired and producing broken links
* #3867, Microsoft Virtual Academy video links

This page contains a broken link to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course is already retired, and no replacement course exists.

I removed the whole _See Also_ section, as I could not find a video narrowly or deeply addressing how to protect privelaged users with Credential Guard. The most likely candidate is too short and general: https://www.linkedin.com/learning/cism-cert-prep-1-information-security-governance/privileged-account-management

* addressing broken mva links, #3817

Context:
* #3513, MVA is being retired and producing broken links
* #3817, Another broken link

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as we no longer have a video with similar content for a similar audience. The most likely candidate is https://www.linkedin.com/learning/programming-foundations-web-security-2/types-of-credential-attacks, which is more general and for a less technical audience. 

I removed the second link and the _See Also_ section, as I could not find a similar video narrowly focused on which credentials are covered by Credential Guard. Most of the related material available now describes how to perform a task.

* Update deployment-vdi-windows-defender-antivirus.md

* typo fix re: #3876; DMSA -> DSMA

* Addressing dead MVA links, #3818

This page, like its fellows in the mva-links label, contains links to a retired video course on a website that is retiring soon.

The links listed by the user in issue #3818 were also on several other pages, related to Credentials Guard. 

These links were addressed in the pull requests #3875, #3872, and #3871

Credentials threat & lateral threat link: removed (see PR #3875 for reasoning) 
Virtualization link: replaced (see #3871 for reasoning)
Credentials protected link: removed (see #3872 for reasoning)

* Adding notes for known issue in script

Solves #3869

* Updated the download link admx files Windows 10

Added link for April 2018 and Oct 2018 ADMX files.

* added event logs path

Referenced : https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Suggestions applied.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update deployment-vdi-windows-defender-antivirus.md

* screenshot update

* Add files via upload

* update 4 scrrenshots

* Update deployment-vdi-windows-defender-antivirus.md

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Re: #3909

Top link is broken, #3909 

> The link here does not work:
> Applies to: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

The link to the pdf describing MDATP was broken.

Thankfully, PR #2897 updated the same link in another page some time ago, so I didn't have to go hunting for an equivalent

* CI Update

* Updated as per task 3405344

* Updated author

* Update windows-analytics-azure-portal.md

* added the example query

* Updated author fields

* Update office-csp.md

* update video for testing

* update video

* Update surface-hub-site-readiness-guide.md

line 134 Fixed  video link MD formatting

* fixing video url

* updates from Albert

* Bulk replaced author to manikadhiman

* Bulk replaced ms.author to v-madhi

* Latest content is published (#371)

* Added 1903 policy DDF link and fixed a typo

* Reverted the DDF version

* Latest update (#375)

* Update deployment-vdi-windows-defender-antivirus.md

* Update deployment-vdi-windows-defender-antivirus.md
2019-06-06 15:54:17 -07:00

9.9 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, keywords, ms.prod, ms.mktglfcycl, ms.localizationpriority, ms.sitesec, ms.pagetype, author, ms.date, ms.topic
title description ms.assetid ms.reviewer manager ms.author keywords ms.prod ms.mktglfcycl ms.localizationpriority ms.sitesec ms.pagetype author ms.date ms.topic
MDT Lite Touch components (Windows 10) This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) that support Lite Touch Installation (LTI) for Windows 10. 7d6fc159-e338-439e-a2e6-1778d0da9089 laurawi greglin deploy, install, deployment, boot, log, monitor w10 deploy medium library mdt greg-lindsay 07/27/2017 article

MDT Lite Touch components

Applies to

  • Windows 10

This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) that support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires very little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disc. When deploying the Windows operating system using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click View Script. That will give you the PowerShell command.

figure 4

Figure 4. If you click View Script on the right side, you will get the PowerShell code that was used to perform the task.

Deployment shares

A deployment share is essentially a folder on the server that is shared and contains all the setup files and scripts needed for the deployment solution. It also holds the configuration files (called rules) that are gathered when a machine is deployed. These configuration files can reach out to other sources, like a database, external script, or web server to get additional settings for the deployment. For Lite Touch deployments, it is common to have two deployment shares: one for creating the reference images and one for deployment. For Zero Touch, it is common to have only the deployment share for creating reference images because Microsoft System Center 2012 R2 Configuration Manager deploys the image in the production environment.

Rules

The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The rules control the Windows Deployment Wizard on the client and, for example, can provide the following settings to the machine being deployed:

  • Computer name
  • Domain to join, and organizational unit (OU) in Active Directory to hold the computer object
  • Whether to enable BitLocker
  • Regional settings You can manage hundreds of settings in the rules. For more information, see the Microsoft Deployment Toolkit resource center.

figure 5

Figure 5. Example of a MDT rule. In this example, the new computer name is being calculated based on PC- plus the first seven (Left) characters from the serial number

Boot images

Boot images are the Windows Preinstallation Environment (Windows PE) images that are used to start the deployment. They can be started from a CD or DVD, an ISO file, a USB device, or over the network using a Pre-Boot Execution Environment (PXE) server. The boot images connect to the deployment share on the server and start the deployment.

Operating systems

Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you have created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.

Applications

Using the Deployment Workbench, you also add the applications you want to deploy. MDT supports virtually every executable Windows file type. The file can be a standard .exe file with command-line switches for an unattended install, a Microsoft Windows Installer (MSI) package, a batch file, or a VBScript. In fact, it can be just about anything that can be executed unattended. MDT also supports the new Universal Windows apps.

Driver repository

You also use the Deployment Workbench to import the drivers your hardware needs into a driver repository that lives on the server, not in the image.

Packages

With the Deployment Workbench, you can add any Microsoft packages that you want to use. The most commonly added packages are language packs, and the Deployment Workbench Packages node works well for those. You also can add security and other updates this way. However, we generally recommend that you use Windows Server Update Services (WSUS) for operating system updates. The rare exceptions are critical hotfixes that are not available via WSUS, packages for the boot image, or any other package that needs to be deployed before the WSUS update process starts.

Task sequences

Task sequences are the heart and soul of the deployment solution. When creating a task sequence, you need to select a template. The templates are located in the Templates folder in the MDT installation directory, and they determine which default actions are present in the sequence.

You can think of a task sequence as a list of actions that need to be executed in a certain order. Each action can also have conditions. Some examples of actions are as follows:

  • Gather. Reads configuration settings from the deployment server.
  • Format and Partition. Creates the partition(s) and formats them.
  • Inject Drivers. Finds out which drivers the machine needs and downloads them from the central driver repository.
  • Apply Operating System. Uses ImageX to apply the image.
  • Windows Update. Connects to a WSUS server and updates the machine.

Task sequence templates

MDT comes with nine default task sequence templates. You can also create your own templates. As long as you store them in the Templates folder, they will be available when you create a new task sequence.

  • Sysprep and Capture task sequence. Used to run the System Preparation (Sysprep) tool and capture an image of a reference computer.

    Note   It is preferable to use a complete build and capture instead of the Sysprep and Capture task sequence. A complete build and capture can be automated, whereas Sysprep and Capture cannot.

  • Standard Client task sequence. The most frequently used task sequence. Used for creating reference images and for deploying clients in production.

  • Standard Client Replace task sequence. Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.

  • Custom task sequence. As the name implies, a custom task sequence with only one default action (one Install Application action).

  • Standard Server task sequence. The default task sequence for deploying operating system images to servers. The main difference between this template and the Standard Client task sequence template is that it does not contain any USMT actions because USMT is not supported on servers.

  • Lite Touch OEM task sequence. Used to preload operating systems images on the computer hard drive. Typically used by computer original equipment manufacturers (OEMs) but some enterprise organizations also use this feature.

  • Post OS Installation task sequence. A task sequence prepared to run actions after the operating system has been deployed. Very useful for server deployments but not often used for client deployments.

  • Deploy to VHD Client task sequence. Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.

  • Deploy to VHD Server task sequence. Same as the Deploy to VHD Client task sequence but for servers.

  • Standard Client Upgrade task sequence. A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.

Selection profiles

Selection profiles, which are available in the Advanced Configuration node, provide a way to filter content in the Deployment Workbench. Selection profiles are used for several purposes in the Deployment Workbench and in Lite Touch deployments. For example, they can be used to:

  • Control which drivers and packages are injected into the Lite Touch (and generic) boot images.
  • Control which drivers are injected during the task sequence.
  • Control what is included in any media that you create.
  • Control what is replicated to other deployment shares.
  • Filter which task sequences and applications are displayed in the Deployment Wizard.

Logging

MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.

Note   The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the System Center 2012 R2 Configuration Manager Toolkit.

Monitoring

On the deployment share, you also can enable monitoring. After you enable monitoring, you will see all running deployments in the Monitor node in the Deployment Workbench.

Related topics

Key features in MDT

Prepare for deployment with MDT