Building a Windows 11 21H2 Reference Image using Microsoft Deployment Toolkit (MDT)

Here is a step-by-step quick guide on building the perfect Windows 11 21H2 reference image using Microsoft Deployment Toolkit (MDT) 8456.

Real World Note: Since Windows Vista, there is no technical requirement to create reference images in order to deploy Windows. After all, the ISO that you download from Microsoft contains WIM images that are in a deployable state. The main reason for creating reference images, meaning images with one or more applications in them, is often just deployment speed, and to some extent network efficiency (WIM images are highly compressed). However, in a world with better and better peer to peer solutions, better networking, better hardware, you can make deployments go quite fast even without a reference image. While more and more organizations are moving to use a thin image, and deploy settings and applications at deployment time instead, if you still need a reference image. Here is how to create one.

Block Internet Access

Due to how aggressive Windows 11 is regarding updating its native applications, which is known for breaking Sysprep, make sure the virtual machine does not have Internet access during the build and capture process.

Registry and state.ini Options

Tip: Daniel Barras (thank you), commented about a solution I was not aware of, removing the need for blocking Internet access. Please see the discussion in the comments section. The use of state.ini reduces some cleanup options you may want to to do. Also, thanks to Steyrs for providing the below steps:

Adding a registry key.
Add a "Run command line" in your task sequence.
Enter this as your Command line:

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState /t REG_SZ /d "IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE" /f

Create the state.ini file

Here is the example of a state.ini

[State]
ImageState=IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBE

Replace state.ini file
Add a "Run command line" in your task sequence.
Enter this as your Command line:
xcopy "%SCRIPTROOT%\State.ini" %windir%\setup\state\ /H /Y

Place your modified State.ini file in your "scripts" folder (e.g.: C:\DeploymentShare\Scripts).
That way it will get copied to your client when running the task sequence.

Add those two command lines before the Sysprep step.
I added them in my State Restore section of the task sequence.

Software Requirements

MDT can be installed either on a file server, or on your own laptop, but in this scenario, I use a file server named MDT01. Deployment of Windows 11 21H2 is only supported using Windows ADK for Windows 11 21H2, that supports both Windows 10 21H2 and Windows 11 21H2, but in my testing I found it working well even on older version of Windows ADK, like the Windows ADK 2004.

Note: Please don't use the newly released (May 2022) Windows ADK for Windows 11 22H2. It's not fully compatible with MDT 8456 since it no longer contains the x86 version of WinPE which MDT expects to find.

For this guide you need the following software.

Step-by-Step Guide

The entire process for creating a Windows 11 image using MDT takes about 20 – 30 minutes, fully automated. This guide covers the following seven steps:

  • Step 1 – Install Windows ADK for Windows 11, and MDT 8456
  • Step 2 – Create the MDT Build Lab Deployment Share
  • Step 3 – Import the Windows 10 operating system
  • Step 4 – Add applications
  • Step 5 – Create the MDT Task Sequence
  • Step 6 – Configure the deployment share
  • Step 7 – Create Windows Reference Images

Step 1 – Install Windows ADK for Windows 11, and MDT 8456

In this example I have a virtual machine named MDT01, running Windows Server 2022 LTSC (Windows Server 2016 LTSC or Windows Server 2019 LTSC is fine too). The VM has 2 vCPUs and 4 GB RAM.

1. On MDT01, install Windows ADK for Windows 11, and select the following components:

  • Deployment Tools
  • Imaging and Configuration Designer (ICD)
  • Configuration Designer
  • User State Migration Tool (USMT    
Windows ADK 1Setup

2. Install WinPE Addon for Windows ADK for Windows 11, and select the following component:

Windows Preinstallation Environment (Windows PE)

Installing WinPE Addon for Windows ADK

3.  Install MDT 8456 using the default settings.

Installing MDT.

4. Install the MDT 8456 HotFix by extracting MDT_KB4564442.exe and extract it to a folder. In my lab, I extracted it to the E:\Setup\MDT 8456 HotFix folder.

4a. Copy the x86 version of the new Microsoft.BDD.Utility.dll from E:\Setup\MDT 8456 HotFix\x86 to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86. Replace the existing file.

4b. Copy the x64 version of the new Microsoft.BDD.Utility.dll from E:\Setup\MDT 8456 HotFix\x64 to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64. Replace the existing file.

Step 2 – Create the MDT Build Lab Deployment Share

  1. On MDT01, using the Deployment Workbench (available on the start screen), right-click Deployment Shares and select New Deployment Share. Use the following settings for the New Deployment Share Wizard (my data volume on MDT01 is E:)

a.    Deployment share path: E:\MDTBuildLab
b.    Share name: MDTBuildLab$
c.    Deployment share description: MDT Build Lab
d.    Options: (default)

MDT Build Lab deployment share created

2. Once the deployment share is created you also want to relax the security a bit. MDT locks it down to hard by default. Use the following PowerShell script (named Set-MDTBuildLabPermissions.ps1) to set some better permissions (modify script to fit your environment):

#Requires -RunAsAdministrator

# Configure NTFS Permissions for the MDT Build Lab deployment share
$DeploymentShareNTFS = "E:\MDTBuildLab"
icacls $DeploymentShareNTFS /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(RX)'
icacls $DeploymentShareNTFS /grant '"Administrators":(OI)(CI)(F)'
icacls $DeploymentShareNTFS /grant '"SYSTEM":(OI)(CI)(F)'
icacls "$DeploymentShareNTFS\Captures" /grant '"VIAMONSTRA\MDT_BA":(OI)(CI)(M)'

# Configure Sharing Permissions for the MDT Build Lab deployment share
$DeploymentShare = "MDTBuildLab$"
Grant-SmbShareAccess -Name $DeploymentShare -AccountName "EVERYONE" -AccessRight Change -Force
Revoke-SmbShareAccess -Name $DeploymentShare -AccountName "CREATOR OWNER" -Force

Note: In my environment the MDT01 server is joined to a domain, and my service account used for the deployments is VIAMONSTRA\MDT_BA. If using a different domain, or if using a workgroup server for your build and capture modify the Set-MDTBuildLabPermissions.ps1 script to reflect that.

Running the Set-MDTBuildLabPermissions.ps1 script

Step 3 – Import the Windows 10 operating system

Note: Make sure to always download the latest version of Windows 10 Enterprise 21H2. Microsoft releases new media monthly.

On MDT01, mount the Windows 11 Enterprise x64 21H2.iso media (or whatever you named it). On my server it was mounted to the D: drive.

  1. Using the Deployment Workbench, expand the Deployment Shares node, expand MDT Build Lab, select the Operating Systems node and create a folder
    named Windows 11.
  2. Right-click the Windows 11 node, and select Import Operating System. Use the following settings for the Import Operating System Wizard.
    1. Full set of source files
    2. Source directory: D:
    3. Destination directory name: REFW11X64-21H2
    4. After adding the operating system, in the Windows 11 node, remove the indexes/images you don't need, and rename the remaining operating system to Windows 11 Enterprise x64 21H2

Note: The Windows 10 media comes with many Windows version, in the below example I simply removed all but the Enterprise version, and gave it a better name.

The Windows 11 Enterprise x64 operating system imported to deployment workbench.

Step 4 – Add applications

In this example you add Microsoft 365 Apps for enterprise (formerly named Microsoft Office 365 ProPlus) to MDT. Use the Office Deployment Toolkit (ODT) to create a package of Microsoft 365 Apps for enterprise before continuing with these steps.

1. On MDT01, download the Office Deployment Toolkit (ODT), and extract it to E:\Setup\ODT.

2. Using an elevated Command prompt, download the installers by running the following command:

setup.exe /download configuration-Office365-x64.xml

Microsoft 365 Apps for enterprise (well, Office) downloaded via setup.exe from ODT.

3. Using the Deployment Workbench, expand Deployment Shares / MDT Build Lab / Applications and create a folder named Microsoft.

4. Right-click the Microsoft folder, and select New Application. Use the following settings for the New Application Wizard:

  • Application with source files
  • Publisher:
  • Application name: Install – Microsoft 365 Apps for enterprise
  • Version:
  • Source Directory: E:\Setup\ODT
  • Specify the name of the directory that should be created: Install – Microsoft 365 Apps for enterprise
  • Command Line: setup.exe /configure configuration-Office365-x64.xml
  • Working directory: (default)
Microsoft 365 Apps for enterprise (Office) added as an application.

Step 5 – Create and Configure the MDT Task Sequence

  1. On MDT01, using the Deployment Workbench, in the MDT Build Lab deployment share, select the Task Sequences node, and create a folder named Windows 10.
  2. Expand the Task Sequences node, right-click on the Windows 10 node, and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
    1. Task sequence ID: REFW11-X64-001
    2. Task sequence name: Windows 11 Enterprise x64 21H2
    3. Task sequence comments: Reference Build
    4. Template: Standard Client Task Sequence
    5. Select OS: Windows 11 Enterprise x64 21H2
    6. Specify Product Key: Do not specify a product key at this time
    7. Full Name: ViaMonstra
    8. Organization: ViaMonstra
    9. Internet Explorer home page: about:blank
    10. Do not specify an Administrator password at this time
  3. Edit the task sequence by navigating to the Task Sequences / Windows 11 folder, right-click the Windows 11 Enterprise x64 21H2 task sequence, and select Properties.
  4. On the Task Sequence tab, configure the Windows 11 Enterprise x64 21H2 task sequence with the following settings:
    1. In the State Restore / Custom Tasks group, add a new Install Application action with the following settings:
      Name: Install – Microsoft 365 Apps for enterprise
      Install a Single Application: Install – Microsoft 365 Apps for enterprise
Task Sequence configured for the reference image build and capture.

Step 6 – Configure the deployment share

To configure the deployment settings, you modify the two rules files (Bootstrap.ini and CustomSettings.ini). You can do the either via the MDT Build Lab deployment share properties, or directly in the file system, in the E:\MDTBuildLab\Control folder. Below you find the configurations I used in this guide.

Bootstrap.ini

[Settings]
Priority=Default

[Default]
DeployRoot=\\MDT01\MDTBuildLab$
UserDomain=VIAMONSTRA
UserID=MDT_BA
UserPassword=P@ssw0rd
SkipBDDWelcome=YES

CustomSettings.ini

[Settings]
Priority=Default

[Default]
_SMSTSORGNAME=ViaMonstra
UserDataLocation=NONE
ComputerBackupLocation=NETWORK
DoCapture=YES
OSInstall=Y
AdminPassword=P@ssw0rd
TimeZoneName=Pacific Standard Time
JoinWorkgroup=WORKGROUP
HideShell=NO
FinishAction=SHUTDOWN
ApplyGPOPack=NO

BackupShare=\\MDT01\MDTBuildLab$
BackupDir=Captures
BackupFile=%TaskSequenceID%_#month(date) & "-" & day(date) & "-" & year(date)#.wim

SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipRoles=YES
SkipCapture=NO
SkipFinalSummary=YES
  1. On MDT01, modify the Bootstrap.ini and CustomSettings.ini per the preceding examples.
  2. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties.
    1. In the Windows PE tab, in the Platform dropdown list, make sure x86 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
      1. Image description: MDT Build Lab x86
      2. ISO file name: MDT Build Lab x86.iso
    2. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
      1. Selection profile: Nothing
      2. Select the Include all drivers from selection profile option
        image
        Configuring the deployment share not to add the Windows 10 CU into the boot image.
    3. In the Windows PE tab, in the Platform dropdown list, make sure x64 is selected. Then in the Lite Touch Boot Image Settings area, configure the following settings:
      1. Image description: MDT Build Lab x64
      2. ISO file name: MDT Build Lab x64.iso
    4. Still in the Windows PE tab, select the Drivers and Patches tab, and configure the following:
      1. Selection profile: Nothing
      2. Select the Include all drivers from selection profile option
    5. Click OK.
    6. Update the deployment share, by right-clicking the MDT Build Lab deployment share and select Update Deployment Share. Use the default Options for the Update Deployment Share wizard.
The contents of the E:MDTBuildLabBoot folder after updating the deployment share.

Step 7 – Create Windows Reference Images

Now it is time to create a Windows 10 Reference WIM Image, fully automated.

Note: To make sure Sysprep does not fail during the build and capture process, make sure the virtual machine you are using does not have Internet access during the entire process.

  1. On MDT01, copy the E:\MDTBuildLab\Boot\MDT Build Lab x64.iso file to your VMware or Hyper-V machine.
  2. Create a virtual machine named REF001, assign it 2 vCPUs and 4 GB RAM. Then mount MDT Build Lab x64.iso on the virtual machine.
  3. Start the REF001 virtual machine, and allow it to boot. Then complete the Deployment Wizard using the below settings:
    1. Select a task sequence to execute on this computer: Windows 11 Enterprise x64 21H2
    2. Specify whether to capture an image: Capture an image of this reference computer.
      1. Location:
      2. File name:

The task sequence will now do the following:

  • Install the Windows 10 Enterprise operating system.
  • Install the added applications, roles, and features.
  • Stage WinPE on the local disk.
  • Run Sysprep and reboot into WinPE.
  • Capture the Windows 10 installation to a WIM file.
Sysprep running.
MDT_thumb1_thumb
MDT capturing a Windows 11 Image.

Resources

Note: Please also check these posts:

Image Factory
Automate this process even further (you still need to do the step in this guide first), check out the Image Factory for Hyper-V solution by Mikael Nystrom (@mikael_nystrom).
http://github.com/DeploymentBunny/ImageFactoryV3ForHyper-V

About the author

Johan Arwidmark

5 5 votes
Article Rating
Subscribe
Notify of
guest
70 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Ray Dean
Ray Dean
2 months ago

What do I put in the State.ini file, exactly? Should I create a state.ini file, or am I modifying an existing one? I don't see anything under my Build share "scripts" folder…

Ray Dean
Ray Dean
1 month ago

I just wanted to report to all that all the steps worked — I noticed the NIC was indeed disabled during the sysprep phase. However, before that, I did see the Win 11 setup process still reach out to the internet for updates —- so I think the general recommendation to cut off internet access is best. Don't know how to do that in vSPhere.

James
James
2 months ago

Hello Johan, I create the server image of physical 2016 server. Should I have to follow the same procedure or is there any changes I have to make? Step 1 – I installed the ADK, Windows PE add on  and last I installed the MDT on the server.  2 – created the Deployment kit on workbench 3 – Imported the operating system on Deployment KIT  4 – Create the Task Sequence  5 . Advance Configuration > Media to capture the lite touch ISO When I follow the whole procedure I don't see the ISO in Media Folder.  Please assist for… Read more »

Ahmed
Ahmed
4 months ago

Hello Johan,

Thanks for the informative guide, what do you recommend during creating reference image:

  1. should i install latest windows update before capture WIM file?
  2. what you use to cleanup the windows before capture image?
  3. any other recommendation for building the reference image based on your experience?

Thanks,

Graham Perkins
Graham Perkins
11 months ago

If you happen to be putting Notepad++ in your images, be warned that version 8.5 and up install a UWP package that will cause Sysprep to fail. The registry key and state.ini will get around the error when capturing, but the image won't deploy correctly.

I disable Windows Store updates using the Deployment Research scripts mentioned in the v1809 guides

Hugo
Hugo
1 year ago

Anyone has this working with Windows 11 22H2?

When deploying at first reboot it doesn't auto login.
Can't see anything much in the logs.
Thank you very much.

Stig Bergene
Stig Bergene
8 months ago

22H2 Works for me as well, but not 23H2

Deewa
Deewa
8 months ago
Reply to  Hugo

I've got the same issue when trying to deploy windows 11 22H2.
For some reason Windows 10 22H2 works fine.
Did you manage to get this resolved Hugo?

Donato Brea
Donato Brea
1 year ago

Hi, thank you for this post.
Followed it (Using Win11 22H2 Enterprise Volume License) but having an issue after the sysprep step. Instead of booting into the WinPE to do capture, it boots to the OS takes like 15 minutes on "Working on things…" and finally show an error: Could not find script "C:\LTIBootStrap.vbs"
Could someone point me the right direction?
Thanks

Foegi
Foegi
7 months ago
Reply to  Donato Brea

The error appears only on UEFI VMs at the execute sysprep step when sysprepping and capturing within VMware. This does not happen on legacy BIOS VMs.
The task sequence should reboot and get back into WinPE, but it is booting back into Windows. This bug is caused by a pending Windows reboot. The sysprep step will reboot the VM, but MDT already set up the VM to reboot into WinPE, so the pending Windows reboot is still there.
This error can be fixed by adding a Restart Computer step just before the Imaging step in State Restore.

Runa Anderson
Runa Anderson
1 year ago

Thanks for Article, Johan. I think about Virtual Machine, can I use VirtualBox for alternative from VMware or Hyper-V? My laptop was too potato or low-end for using VM besides VirtualBox. And, Do you think I can do deploying Windows without Virtual Machine and do it in Real Hardware?

Matt Partain
Matt Partain
1 year ago

With steyrs and others advice, Adding state.ini and the registry key DO work to allow sysprep to work properly, PROVIDED TWO additional things: Do not at any point remove modern apps (remove-appx… PowerShell command or manually). This will cause Sysprep to fail with the error that an application was installed for a user, but not for all users. We can probably fine-tune what can and cannot be safely removed before sysprep, but I just kept all pre-installed modern apps. If you enable long paths in the registry ("LongPathsEnabled" = 1 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem), you must disable it before sysprep, or sysprep… Read more »

Tim
Tim
1 year ago

I've been looking around the internet but can't find if there is a way to reset "Smart App Control" for these captured images, it was enabled during the time of capture. It kind of looks this is automatically disable if the hardware is not the same source, because I have reimaged to a VM on the same hardware and it was still enabled. If it was "on" during capture, I don't see why this would be an issue to maintained it on the new hardware.

Last edited 1 year ago by Tim
Matt Partain
Matt Partain
1 year ago

There is just no good way to keep the Windows 11 machine off the internet as I build it and sysprep it. So, I have followed the advice about setting the registry key and state.ini, but am still unable to sysprep. I have tried this in multiple places, even incorporating it into the unattend.xml in the oobeSystem pass. In every case, the setuperr log during (attempted) sysprep is: SYSPRP Package Microsoft.SecHealthUI_1000.22621.1.0_x64__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image. 2023-03-01 10:45:44, Error         SYSPRP Failed to remove apps for the current user: 0x80073cf2. 2023-03-01 10:45:44, Error         … Read more »

Jason
Jason
1 year ago

Sysprep never runs. It just reboots the VM back to a login prompt. The disable Internet script doesn't do anything. The VM has WWW access after first reboot. Neither running a script or entering the command directly disables WWW for the VM. Also, the registry add and state.ini steps don't seem to do anything either. What am I missing?

Mark
Mark
1 year ago

Ever since 22H2 it seems that the Unattend.xml file is not processed.
I can create and capture fine, but when we go to redploy it once it loads into Windows it doesn't autologin and just stops at the login screen. The password we set for administrator also doesn't work.

Hugo
Hugo
1 year ago
Reply to  Mark

Hi Mark.
I have exactly the same problem. Did you manage to fix it?
Thank you.

Hugo
Hugo
1 year ago
Reply to  Mark

Hi Mark.
I have exactly the same problem with Windows 11 22H2.
Did you manage to fix it?
Please let me know.
Thank you very much.

Craig
Craig
1 year ago

I am having an issue where the VM locks up right as sysprep is finishing. It will not reboot to actually capture the image. If I force the VM to shut down and come back up it just loads into windows 11 and does not capture the image. Any thoughts?

Christian
Christian
1 year ago
Reply to  Craig

Hey, how did you resolve this ? I am facing the same issue…

steyrs
1 year ago

https://www.deploymentresearch.com/building-a-windows-11-21h2-reference-image-using-microsoft-deployment-toolkit-mdt/#comment-3020 @Dean Here is how I did it. Adding a registry key. Add a "Run command line" in your task sequence. Enter this as your Command line: reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState /t REG_SZ /d "IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE" /f Replace state.ini file Add a "Run command line" in your task sequence. Enter this as your Command line: xcopy "%SCRIPTROOT%\State.ini" %windir%\setup\state\ /H /Y Place your modified State.ini file in your "scripts" folder (e.g.: C:\DeploymentShare\Scripts). That way it will get copied to your client when running the task sequence. Add those two command lines before the sysprep step. I added them in my State… Read more »

Last edited 1 year ago by steyrs
Matt Partain
Matt Partain
1 year ago
Reply to  steyrs

How early in the State restore process do you do this? I have this step just before "Install Applications", but when I try to sysprep and capture later on, sysprep gives me "SYSPRP Package Microsoft.SecHealthUI_1000.22621.1.0_x64__8wekyb3d8bbwe was installed for a user, but not provisioned for all users." And SecHealthUI (Defender) is not easily removed using the normal means.

Dana Simison
Dana Simison
3 months ago
Reply to  steyrs

It says to put the modified State.ini file in the scripts folder. But I don't see where we are modifying the state.ini file.

RomS
RomS
1 year ago

so just thought I'd add to the discussion, based on our recent experience trying to build our first reference image using latest MDT, win 11 21h2 ADK and july media. think our network blocks most of our internet traffic when building the reference image in VM, so didn't find (as far as I could tell) that I needed to do anything to block internet access or do the setup\state reg key posted by some others in chat. we also have, still in our ref creation TS to run the config-disablewindowsstoreupdates.wsf, so assuming that still works on win 11, I'm hoping… Read more »

Kelly Smith
Kelly Smith
2 years ago

I added to my task sequence using these commands.
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState /t REG_SZ /d IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE /f

Then edit the state.ini and use xcopy to move to destination.
cmd /c xcopy "%SCRIPTROOT%\custom\State.ini" "C:\Windows\Setup\State" /Q /H /E /I /Y
Added a custom group just before imaging step in sequence

Last edited 2 years ago by Kelly Smith
Keith Hemmelman
Keith Hemmelman
2 years ago

Johan, you reference to download and use the "Windows ADK for Windows 11 21H2" for compatibility with MDT 8456. The download link you posted doesn't have a download named like "Windows ADK for Windows 11 21H2". Is the ADK download you mean the one under 'Other ADK downloads' and named "Windows ADK for Windows 10, version 2004"? Thank you.

Keith Hemmelman
Keith Hemmelman
2 years ago

Thank you Johan for your quick reply and clarification.

Andrew
Andrew
2 years ago

Hi Johan, is there a process for removing the consumer apps in Windows 11? I'm using the old method RemoveApps.ps1 which works but doesn't help with the social apps like tiktok, facebook, amazon prime sitting there after the image completes.

Ryan Janzen
Ryan Janzen
2 years ago

Great article and works like a charm. Is there a way of customizing the default user profile throughout this process?

Ryan Janzen
Ryan Janzen
2 years ago

Any chance you may have a link to an article of yours or someone else's who has gone through the process and has it documented?

Thanks in advance

Daniel Barras
Daniel Barras
2 years ago

Your "Block Internet Access" is not needed. Change the registry key at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State
ImageState to IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE

Then replace the State.ini file at C:\Windows\Setup\State to read:
[State]
ImageState=IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBE

In the Custom Tasks area of your Task Sequence, before the capture, and you won't have an issue.

In my suspend task (cscript.exe "%SCRIPTROOT%\LTISuspend.wsf"), I even update all of the apps.

Last edited 2 years ago by Daniel Barras
Daniel Barras
Daniel Barras
2 years ago

Happy I could help. This will also work with Windows 10.

Brian Klish
Brian Klish
1 year ago

Johan, I think you also need to update the post to include the new contents of state.ini. I read that section several times and ended up very confused what I was putting in the new state.ini file.

Dean
Dean
2 years ago
Reply to  Daniel Barras

Can you provide some more details about how you accomplish this? I assume it's a reg key add… the second part about replacing the state.ini file is the part that confuses me more.

MDT User
MDT User
2 years ago
Reply to  Daniel Barras

Thank You Barras for posting this registry key. Can you pls mention how to include both these keys in the MDT and/or WDS ? that way the image system will get these changes and won't need reimaging, thank you.

Jason
Jason
1 year ago
Reply to  Daniel Barras

This did absolutely nothing in my tests. Sysprep doesn't run.

Matt Partain
Matt Partain
1 year ago
Reply to  Daniel Barras

I have tried this in multiple places, even incorporating it into the unattend.xml in the oobeSystem pass. In every case, the setuperr log during (attempted) sysprep is:

SYSPRP Package Microsoft.SecHealthUI_1000.22621.1.0_x64__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
2023-03-01 10:45:44, Error                 SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2023-03-01 10:45:44, Error                

What can I do to prevent this error? I'm trying to build my first thick w11 image, and it just doesn't work.

Dana Simison
Dana Simison
3 months ago
Reply to  Daniel Barras

I have modified State.ini to read as follows:
[State]
ImageState=IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBE

I've placed the modified state.ini file in E:\MDTBuildLab\Scripts\
And I've created a Custom Tasks item called Replace state.ini file with the following command line: xcopy "%SCRIPTROOT%\State.ini" %windir%\setup\state\ /H /Y

Unfortunately, this is continually failing. Seems the task sequence can't find the file.

Kevin Bishop
2 years ago

Thank you for the article Johan! In Step 6 I've found with the latest ADK and WinPE add on that x86 WinPE is no longer supported, and then it does not install the x86 folder in the Windows Preinstallation Environment folder which the Deployment Workbench MMC requires (or crashes if it can't find it). I had to extract the x86 folder from the the Windows 10 WinPE add on to make the MMC console happy.

Brendon
Brendon
2 years ago

Hi Team. I've noticed that when installing the latest Windows 11 ADK version 22H2 (10.1.22621.1) WinPE Add-On Components for use with MDT version 8456, the x86 Win PE Components do not appear to be installed as they were with the Windows 11 ADK version 21H2 (10.1.22000.1) WinPE Addon. This leads to an issue that when you right click on the Deployment Share in MDT, click Properties and then click on the 'Windows PE' Tab. An exception message appears that states: 'Could not find a part of the path 'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs'. My work around… Read more »

Last edited 2 years ago by Brendon
NBN
NBN
1 year ago

Hi Johan,

Windows 11 Deployment via MDT.
ADK and ADK WinPE latest.
MDT also updated.

Issue is, after OS installation system reboots to OS. But the final tasks are not running. The success screen also not showing.

Could you please advice any suggestions..

Robert Rathbun
Robert Rathbun
1 year ago

For those interested, you'll find the references to the State.ini and other very interesting settings here: Windows Setup States | Microsoft Learn

I'm also trying to locate scripts I previously found that appears to be MS's version of MDT in pure PowerShell that OEM's are using on these newest builds. If I come across it again, I'll add it to this thread.

For those struggling with State.ini, it's explained in verbose detail in the link provided above.

In short, the contents of the "State.ini" file should look like this:

[State]
ImageState="IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBE"

Robert Rathbun
Robert Rathbun
1 year ago

Here's the link to the Windows 11 image framework:

https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/system-builder-deployment?source=recommendations&view=windows-11

Looks like you could leverage a lot of this for customized deployments. Not as easy as MDT though.

Rune
Rune
1 year ago
Reply to  Brendon

Just copy the AMD X64 one and rename the folder to x86 also works.
At least to the point of not hanging. Since I don't use the x86 image I haven't tested the resulting image, but the rest works just fine.

Ricky Moreno
Ricky Moreno
2 years ago

Nice! Thanks.


>