Archive: Best Practices to Capture an Image for Deployment

Capturing a solid image is the first step to managing your systems properly, and I have never covered it specifically on this site until now (even though I do it frequently). This post should help guide you in using best practices for the best possible image.

Typically, I do all of my image captures through MDT, even though SCCM can capture a perfectly good image, as well. If you didn’t know already, WIMs captured by MDT can be used for OS deployment in both MDT and SCCM.  I use MDT for capturing because you actually get some additional features when capturing the WIM. One of these settings is the CopyProfile variable. This allows you to make changes to the local admin profile when customizing your reference system prior to capture – these changes are then wrapped into the WIM file and can be applied to the user profile of the target system.

Another reason I like to use MDT for capturing images is the reliability. If you’re someone who likes to use “build & capture” task sequences for a completely automated image build process, you may know that scripting installs and configurations tends to be friendlier in MDT. This is because MDT runs these scripted actions using the local administrator account, while SCCM uses the local system account. Not all installers or tasks are compiled to handle execution under the local system account.

Lastly, capturing an image in MDT is very simple. If you’ve been using imagex to create WIMs, you’ll find this process much easier but just as effective.

While building your system to capture an image from, consider these tips:

  • Always build your capture systems on VMs. Capturing an image from hardware will result in driver injection failure on several new models coming out now. When building a universal image for deployment, you absolutely do not want any hardware-specific configurations in your image. Also avoid installing VM-specific applications, such as VMware Tools. Building your image from a VM also allows you to use snapshots/state restores, which are very useful to run right before you begin the capture process.
  • Use Windows Audit Mode – it’s extremely useful and can save you a lot of hassle. Audit Mode is specifically designed for creating images and prevents you from having to create a local user account, password, or other “first logon” configurations. To boot into Windows Audit Mode, hit Control+ Shift + F3 when Windows Setup prompts you to set up a user account after installing the OS. A screenshot can be found later in this article. This will work across all versions of Windows.
  • Don’t worry about finding and applying drivers during the build process. You shouldn’t have to worry about this since you’re building it on a VM, anyway, right?
  • Take this opportunity to fully patch your build system. Patch, reboot, patch, reboot, etc. You may run into issues trying to run Windows Update on Window 8 under Audit Mode, but see my blog post here for a workaround.
  • If capturing Windows 7, apply these two hotfixes for the UMDF and KMDF. They fix issues with driver injection but must be present in the captured image to work. These are critical on several new systems.
  • Make your life easy and build as few images as possible. Having a separate image for every hardware model or user configuration isn’t necessary anymore and multiplies the amount of maintenance you have to do. Task sequence variables are very powerful and can be leveraged to handle several different scenarios. For instance, you can have a VPN client install only on laptops by using the IsLaptop task sequence variable. The most common example here is probably driver injection – you can handle drivers for multiple models in your environment by using conditional task sequence variables or even modifying your customsettings.ini file. More tips on driver injection can be seen in my blog post here.
  • Before capturing, clean up your system. Run Disk Cleanup, empty the Recycle Bin, delete the Windows Update cache (C:\windows\softwaredistribution\download). Some other common directories that can be cleaned up include: C:\temp, C:\swsetup, C:\dell, C:\intel. Also, be sure to uninstall any unnecessary applications – a lot of drivers will install applications now.
  • Consider that some applications have unique GUIDs and need to be rearmed. If you don’t rearm some applications, they will not function properly when deployed to multiple systems. Office and Symantec Endpoint Protection are two examples of applications that have GUIDs. Rearm these immediately before initiating the capture task sequence.
  • Don’t worry about your local admin account/password. You can set these later in your unattend.xml during deployment.

Now for the walk-through- this assumes you already have MDT installed and functioning properly.

Create a new task sequence in a local deployment share that can process capturing an image. Right-click Task Sequences and choose New Task Sequence.

capture1

The capture task sequence needs to match the architecture of the image that will be captured, so you may need to create two if capturing both 32-bit and 64-bit images.

capture2

Use the Sysprep and Capture template.

capture3

Choose a WIM or set of imported source files that match the architecture of the image that will be captured.

capture4

On the next few screens, choose to not specify a key, administrator password, organization, or IE homepage (these don’t apply to captures). Complete the wizard and verify that your task sequence appears. Update your deployment share to generate boot media if it hasn’t been done previously.

capture5

Optionally, you can set the CopyProfile variable to True in the unattend.xml file for this task sequence to save any changes made to the administrator profile into the image, as well. Otherwise, any changed made to the user profile will not be saved (things like wallpaper, desktop icons, favorites, etc). To copy these settings into the WIM, right-click your Capture task sequence and open the properties. Under the OS Info tab, click the Edit Unattend.xml button.

capture6

In Windows System Image Manager, find the CopyProfile setting under the Specialize phase. Set it to True and save your unattend.xml file.

capture7

At this point, MDT configuration is complete. Install Windows on your build system from media. Proceed normally until you reach the Settings or User Account setup page. This is the first pause for user input once OS installation is initiated. At this screen, hold Control + Shift + F3 to skip setup and boot into Audit Mode. It will look like this on Windows 8:

2015-01-19_10-14-50

Audit mode is designed specifically for capture builds. You will see the following Audit Mode window every time you start the system until Sysprep is run- be sure to cancel out of it each time.

capture8

From here, customize your system. Patch your system with updates, install any applications, and make any necessary changes. You can reboot your system as many times as needed. Remember to disregard drivers and to clean up files are mentioned in the tips earlier in this post.

Now that you’re ready to create the WIM, initiate the capture from within the OS. Connect to the UNC path of your deployment share. By default, it’s set as \\mdtserver\deploymentshare$ . From this share, open the Scripts folder and launch LiteTouch.vbs or LiteTouch.wsf.

capture9

Select the task sequence that matches your OS architecture (if you created more than one).

capture10

On the next screen, choose to capture an image of this reference computer and enter a valid UNC path to store the captured WIM. You must have read/write access to this UNC path.

capture11

Enter your network credentials with read/write permissions when prompted.

capture12

Review the settings and begin the capture process.

capture13

At this point, no further interaction is required. You can watch the system run a Sysprep and reboot into WinPE where it will capture and upload the WIM on its own. The system will notify you when the capture has completed successfully.

From here, you can upload the WIM directly into MDT or SCCM.

capture14

Remember to set the CaptureProfile setting to true for your deployment task sequence as well- it is not enabled by default!

Thanks for reading – leave some feedback if I can answer anything on this topic.

31 thoughts on “Archive: Best Practices to Capture an Image for Deployment”

  1. Excellent article. I hope you create this kind of stuff as and when needed so people like me can take benefit/learn from it.

    Thanks once again.

    Regards,V

  2. Should we capture from audit mode or do i need to enter “normal” mode when i’m dong with customization and then capture?

    1. I would recommend using audit mode if at all possible – it’s built to capture images. That being said, you can definitely capture under a normal OS with a regular user account.

  3. Hello – is it necessary to have copyprofile set to true in the deployment sequence as well?

    I’ve been using WDS to capture monolithic images in the past, setting the copyprofile in the sysprep specialize phase of the local answer file – if it is set for the image capture, why would it be required for the deployment as well?

    Thanks,

    1. Copyprofile is not required, but it can retain *some* user profile settings to the default user profile when redeploying a captured image.

  4. Jeg har også et par Dr. Martens serena modelen i sort nubuck og jeg knus elsker dem! varme og tørre fødder til mig igennem vinteren. Men ja de er nok mest by-støvler

  5. Very nice article and right to the point. I am not sure if this is in fact the best place to ask but do you folks have any thoughts on where to hire some professional writers? Thanks :)

  6. “At this point, MDT configuration is complete. Install Windows on your build system from OEM media.”

    WHAT MEDIA?

  7. I am trying to build my windows 7 image with oracle VM and everytime after I install IE11, I reboot the VM and it gets stuck in a loop saying “Windows could not complete the installation. To install windows on this computer, restart the installation.” And other similar error messages. I have tried the regedit fix under HKLM\System\Setup\Status\ChildCompletion and the value data is already set to 3. I change it to 1, and get a different error, same result. Is there something I may be missing?

    1. Rick,

      Interesting error… did you find a solution? Are you using audit mode when building out the capture system? You might try some different media, too.

  8. “Remember to set the CaptureProfile setting to true for your deployment task sequence as well- it is not enabled by default!” <— How is this done exactly?

  9. I need any help you can provide. I have built the reference image and captured it off to a WIM. Imported the Ref build WIN into a deployment media build. Created a deployment VM and I added some specific applications for my initial deployment to a VM. I want to capture that VM, but nothing I do using LITETOUCH from within the deployment VM ever gives me the option to capture…
    I have tried to make changes to the deployment share reference rules and updated the deployment share. If I run litetouch in the reference build VM, I get capture options, but not the deployment VM.
    I have read a 1000 articles and followed them out to the letter….I still do not get the capture image prompts in my deployment VM using litetouch…..

    HELP!!!!

    1. Chris,

      If you using MDT, make sure that you have a capture task sequence created in your deployment share, as this is not done automatically. You may also need to match the architecture of the system you’re capturing (32/64) when creating the capture task sequence. Make sure you update your deployment share in MDT before proceeding, and then retry capture. Good luck!

    1. Hi Chris,

      I am also facing the same issue, in case if you find any solution, please let me know.

  10. I’ve created a captured Win7 image via a VM, but when I deploy it to a workstation it doesnt have quite a few drivers installed, even tho I’ve got the drivers specified in the T’S, and Because of this it doesn’t join the domain

    HELP

    1. Hey Kevin,

      It’s likely a problem with your driver injection in the TS and not the image. Make sure that you’re checking the box for unattended installation of drivers and allowing unsigned drivers to be imported into SCCM. Are you using a driver pack from your manufacturer?

  11. please Help..
    I enjoy building image from my VMware workstation 12.5 to use for my SCCM deployment. We are Dell shop here and I used the Dell OEM windows 7 Pro disc to build the image. Problem I am facing is the OEM version of the windows won’t active in VMware environment because of the SLP can’t identify the hardware in the vm-bios, it only given me 30 days to work on it. I usually like to re-flash my image quarterly but since it only last 30days, I need to rebuild the whole things quarterly … I have been searching everywhere on how to activate OEM license on a VM and got nowhere..

    anyone please help if there work around or alternative solution, pain to have to rebuild the image quarterly …

    thank you

    1. Mitchell,

      You will not be able to activate a Dell OEM image on Vmware, unfortunately. I wouldn’t recommend using OEM media for your capture system, either, but you may be able to extend the evaluation time on the capture system by running “slmgr /rearm” whenever the evaluation period ends. The best solution is to use licensed, non-OEM media from Microsoft.

      Josh

      1. Thx Josh,
        i have been using the rearm too..

        But, if i use a VL windows image, and not Dell OEM… when this image apply to the Dell laptop, would it cause issue on activation and license count.

  12. Hi,

    I originally used a laptop as a reference machine and captured the image as a .wim. I installed on this on a VM and made it as clean as possible. Audit mode was not used initially when creating the .wim. Now I want to use audit mode and used sysprep to enter audit mode. Now I’m being stopped at the logon prompt, but if I put in the Administrator pwd, it works. Any work around?
    Thanks

  13. I’m not sure how well audit mode is going to work for you if there are already accounts on the system. You’d be better off starting clean with a new build on a new VM.

  14. This is all sorts of broken/different now since the time of writing. The LiteTouch script you mention doesn’t show any of the capture options anymore… something from MS has changed (update to ADK I assume) and no longer reflects the step presented here. It would be nice to see you update/follow-up this how-to…

  15. Jeremy, Per the resolution:

    Look for this line:

    If (oTS.SelectSingleNode(“//step[@type=’BDD_InstallOS’]”) is nothing) and (oTS.SelectSingleNode(“//step[@type=’BDD_UpgradeOS’]”) is nothing) then

    And change it to:

    If (oTS.SelectSingleNode(“//step[@type=’BDD_InstallOS’ and @disable=’false’]”) is nothing) and (oTS.SelectSingleNode(“//step[@type=’BDD_UpgradeOS’ and @disable=’false’]”) is nothing) then

    I got the same problem and I found the solution from here: https://social.technet.microsoft.com/Forums/en-US/e4418f2d-cf0b-4a76-8f2d-8f776d004c24/capture-image-is-missing-from-mdt-8443?forum=mdt

  16. Your post says to install Windows using OEM media. If you’re customizing your image in any way, including accepting the EULA and going through the OOBE, VL media is required. This is because OEM and FPP licenses don’t grant reimaging rights. With Windows, media has to match the license.

    1. You’re absolutely right – I used the term “OEM” a little too loosely, as there are OEM editions of Windows for hardware out there. I meant that original media should always be used, and should obtained through the VLSC or other provider.

  17. Mashkoor Qadir

    Thanks for the great help.

    Can you please elaborate a bit more in the section of capturing image. e.g. The option

    ====> Specify whether to capture an image <=====
    – capture an image of this reference computer.
    – sysperp this computer
    – prepare to capture the machine
    – do not capture an image of this computer

    As we know the purpose of "capture an image of this reference computer" option. What about the rest of the option what do they do?

  18. Awesome post. I have had a lot of trouble getting the Ref Image captured. I can get my image to install, make the minor changes while it is suspended, but when I restart the TS I am getting a failed capture. I believe the issues was in the WIM file I was using. Pulled a new W10 v1709 ISO from VLSC and started again. Working on it now and hopefully it will resolve the issue. I will re-post as soon as I know. Thanks again for this great info. Helping a lot.

Comments are closed.