Cloud OS Deployment, Part 2 – Bare Metal Deployment via MDT from the Cloud

In Cloud OS Deployment, Part 1, you learned how to run MDT task sequences via Microsoft Intune for Computer Refresh and Inplace Upgrade / Windows 10 Servicing scenarios. In this part you learn how to do bare metal deployments over Internet (http/https), with, or without any other corporate infrastructure.

Update September 25, 2022: This post has been updated to reflect changes in PSD or later.


By setting up a VM in Azure/AWS, install Windows ADK and MDT on it, extend MDT with the open source PowerShell Deployment (PSD) extension and boot from WinPE, you can do bare metal deployments over Internet.

The Cloud OSD Challenge – Starting the deployment

While setting up a VM in Azure or AWS with MDT and PSD is somewhat straight forward, simply follow the PSD setup guide, the challenge is how to actually start the deployment without any local infrastructure. Using native Microsoft technologies, you are currently more or less limited to creating a USB stick holding the MDT boot media and boot the computer on that one. Once booted, the MDT boot media will connect to the MDT server in Azure or AWS and start the deployment.

Step 1 – Setting up the MDT Server and Extend it with PSD

Extend MDT with PSD is quick to setup, and if you know MDT already you have a good head start in terms of requirements for OSD.

Disclaimer: The PSD extension for MDT is a community solution and does not currently support every scenario that MDT supports. PSD currently only supports bare metal deployment scenarios with no domain join for deployments over Internet (but will join the domain if you're running the PSD server on your network, or if the client has line-of-sight to a domain controller).

Anyway, and again, for details of setting up MDT with the PSD extension, follow the guides in the PSD Documentation. Below are the high-level steps you need to do.

  • Create a Windows Server 2016/2019/2022 VM in Azure/AWS. Pick at a VM template with at least 2 CPUs, 4 GB RAM, and 200 GB disk. This VM is the MDT Server, and can either be a standalone workgroup VM, or part of a larger infrastructure in Azure/AWS.
  • In the Azure/AWS firewall, open port 443 (https) inbound.
  • Install MDT, Windows ADK and the WinPE Addon for Windows ADK the MDT Server
  • Download the PSD GitHub repository, and follow the installation guides in the PSD Documentation.
  • Start with getting the PSD deployment share created using the steps in the PowerShell Deployment – Installation Guide document.
  • Then enable HTTP or HTTPS (recommended) via the PowerShell Deployment – IIS Configuration Guide document.
  • Optional – Configure the optional BranchCache (P2P) support by following the steps in the PowerShell Deployment – BranchCache Installation Guide document.
  • Using the MDT Deployment Workbench, import an operating system, import some applications, drivers, and create a task sequence using one of the PSD templates.

Note: Unlike the normal MDT behavior, for PSD, after importing drivers to the Deployment Workbench, you need to run the New-PSDDriverPackage.ps1 script to generate the compressed driver packages used by PSD.

The MDT Workbench showing imported drivers
The DriverPath modified for an OS/Model folder structure.
Imaging a computer from a HTTPS location.

Step 2 – Creating the boot media

Once the MDT server setup is done, you need to create a USB stick and send the location where machines should be deployed. Or even better, have the staff/user on the location just download the boot image ISO, and create the USB stick themselves via tools like Rufus or plain PowerShell.

Going Fancy #1 – Booting via Wireless

While WinPE does not support wireless by default, limited support can be added with some creativity 🙂 See this post by Brooks Peppin:

Going Fancy #2 – Adding Internet PXE and P2P Support

Its a shameless plug for sure (since I work there), but via solutions from 2Pint Software you can extend the MDT/PSD platform with an Internet-based PXE server (not free), as well as P2P support via BranchCache (free).

Having central PXE support simplifies updates and downloads of the MDT boot image and adding support for BranchCache reduces the network impact if you are deploying a few machines at the same location. Basically, only one client needs to download the image, and then it can share that image with others in that location.

PSD Credits

The PSD open-source extension for MDT was developed with help from the following people:

  • Mikael Nystrom (@mikael_nystrom)
  • Johan Arwidmark (@jarwidmark)
  • Michael Niehaus (@mniehaus)
  • Steve Campbell (@SoupAtWork)
  • Jordan Benzing (@JordanTheItGuy)
  • Andreas Hammarskjold (@AndHammarskjold)
  • Richard "Dick" Tracy (@rick2_1979)
  • George Simos (@GSimos)
  • Elias Markelius (@emarkelis)
About the author

Johan Arwidmark

5 1 vote
Article Rating
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
1 year ago

After configuring the IIS as per the steps you mentioned.

The deployment share in the Listtouch iso is still trying to access the UNC path.

Because of which, the internet deployment is not working

Please suggest how to fix this?

1 year ago

Hi Johan, I've downloaded OSDToolkit and create a folder: PSDResources\Plugins\OSDToolkit, but on the regular task MDT fails, It cannot find a file. Do you know how this folder structure should look like?
I'm also missing: Set-PSDBootImage2PintEnabled.log when regenerating the boot ISO.

1 year ago

Hey Guys! I've been reading and been interested in that kind of solution for a very long time and good I've found it here. Everything is setup and deploying a TS with only OS looks good, but whenever I try to add Application it keeps failing with "Incorrect Function 00000001 Source Windows". I have also noticed that if I want to apply a provisioning package offline, which happens right after OS gets expanded, execution of the command fails with File cannot be found. What I noticed is that PSD stores files in MININT\Cache folder and looks like it gets cleaned… Read more »

2 years ago

Johan – Please disregard my last two posts. My issue turned out to be that I had dynamic memory enabled for the Hyper-V VM I was using. Once I turned that off it worked great. Thanks for this series of articles and your contributions to PSD!!!

2 years ago

Johan – please disregard my last post. I pasted a screenshot in and it didn't work. I'm attaching the image so you can see the message I'm getting. I'm able to boot from the ISO in Hyper-V VM, but it gets stuck at "Checking for a valid network configuration". Thanks for creating this post!.

1 year ago
Reply to  Carlton

Facing the similar issue now, Is it fixed for you? If yes, how?

Scott Schmidt
Scott Schmidt
2 years ago

After completing the setup instructions, from both here and the Brooks Peppin site, it looks like my PE environment is having an issue loading the PSD tools (ISO Boot Hyper-V Gen 1 Machine). I have tried with FQDN, IP, CERT, no Cert Any advice or pointers would be much appreciated. Thanks in Advance –

2 years ago

ah seen in part 3…sorry

2 years ago

Hello Johan, great article, would the same way or similar way ( create bootstick) also work for MECM Cloud management gateway/ dp or might there be a general issue ?

br thomas

Ant Pro
Ant Pro
2 years ago

I've setup PSD but it does not automatically load the new task sequence menu, i have to manually start the start.ps1 script from a command prompt and it does not complete the full task sequenc, any ideas why?


[…] and enables remote re-imaging scenarios which are even more important in today's environment. Johan and Donna have great blogs on this so you should check those out. I'll just be adding more […]

4 months ago

the user state capture step is missing from task sequence because of this user seeting are not transferd when creating new user