In Cloud OS Deployment, Part 1, you learned how to run MDT task sequences via Microsoft Intune for Computer Refresh and Inplace Upgrade / Windows 10 Servicing scenarios. In this part you learn how to do bare metal deployments over Internet (http/https), with, or without any other corporate infrastructure.
Update September 25, 2022: This post has been updated to reflect changes in PSD 0.2.2.8 or later.
By setting up a VM in Azure/AWS, install Windows ADK and MDT on it, extend MDT with the open source PowerShell Deployment (PSD) extension and boot from WinPE, you can do bare metal deployments over Internet.
The Cloud OSD Challenge – Starting the deployment
While setting up a VM in Azure or AWS with MDT and PSD is somewhat straight forward, simply follow the PSD setup guide, the challenge is how to actually start the deployment without any local infrastructure. Using native Microsoft technologies, you are currently more or less limited to creating a USB stick holding the MDT boot media and boot the computer on that one. Once booted, the MDT boot media will connect to the MDT server in Azure or AWS and start the deployment.
Step 1 – Setting up the MDT Server and Extend it with PSD
Extend MDT with PSD is quick to setup, and if you know MDT already you have a good head start in terms of requirements for OSD.
Disclaimer: The PSD extension for MDT is a community solution and does not currently support every scenario that MDT supports. PSD currently only supports bare metal deployment scenarios with no domain join for deployments over Internet (but will join the domain if you're running the PSD server on your network, or if the client has line-of-sight to a domain controller).
Anyway, and again, for details of setting up MDT with the PSD extension, follow the guides in the PSD Documentation. Below are the high-level steps you need to do.
- Create a Windows Server 2016/2019/2022 VM in Azure/AWS. Pick at a VM template with at least 2 CPUs, 4 GB RAM, and 200 GB disk. This VM is the MDT Server, and can either be a standalone workgroup VM, or part of a larger infrastructure in Azure/AWS.
- In the Azure/AWS firewall, open port 443 (https) inbound.
- Install MDT, Windows ADK and the WinPE Addon for Windows ADK the MDT Server
- Download the PSD GitHub repository, and follow the installation guides in the PSD Documentation.
- Start with getting the PSD deployment share created using the steps in the PowerShell Deployment – Installation Guide document.
- Then enable HTTP or HTTPS (recommended) via the PowerShell Deployment – IIS Configuration Guide document.
- Optional – Configure the optional BranchCache (P2P) support by following the steps in the PowerShell Deployment – BranchCache Installation Guide document.
- Using the MDT Deployment Workbench, import an operating system, import some applications, drivers, and create a task sequence using one of the PSD templates.
Note: Unlike the normal MDT behavior, for PSD, after importing drivers to the Deployment Workbench, you need to run the New-PSDDriverPackage.ps1 script to generate the compressed driver packages used by PSD.
Step 2 – Creating the boot media
Once the MDT server setup is done, you need to create a USB stick and send the location where machines should be deployed. Or even better, have the staff/user on the location just download the boot image ISO, and create the USB stick themselves via tools like Rufus or plain PowerShell.
Going Fancy #1 – Booting via Wireless
While WinPE does not support wireless by default, limited support can be added with some creativity 🙂 See this post by Brooks Peppin: https://brookspeppin.com/2019/06/06/enable-full-wifi-support-in-winpe-for-dell-systems-in-mdt/
Going Fancy #2 – Adding Internet PXE and P2P Support
Its a shameless plug for sure (since I work there), but via solutions from 2Pint Software you can extend the MDT/PSD platform with an Internet-based PXE server (not free), as well as P2P support via BranchCache (free).
Having central PXE support simplifies updates and downloads of the MDT boot image and adding support for BranchCache reduces the network impact if you are deploying a few machines at the same location. Basically, only one client needs to download the image, and then it can share that image with others in that location.
The PSD open-source extension for MDT was developed with help from the following people:
- Mikael Nystrom (@mikael_nystrom)
- Johan Arwidmark (@jarwidmark)
- Michael Niehaus (@mniehaus)
- Steve Campbell (@SoupAtWork)
- Jordan Benzing (@JordanTheItGuy)
- Andreas Hammarskjold (@AndHammarskjold)
- Richard "Dick" Tracy (@rick2_1979)
- George Simos (@GSimos)
- Elias Markelius (@emarkelis)