Book Image

Mastering the Microsoft Deployment Toolkit

By : Jeff Stokes, Manuel Singer
Book Image

Mastering the Microsoft Deployment Toolkit

By: Jeff Stokes, Manuel Singer

Overview of this book

Topic The Microsoft Deployment Toolkit (MDT) provides a comprehensive collection of tools, processes, and guidance for automating desktop and server deployments. It considerably reduces deployment time and standardizes desktop and server images. Moreover, MDT offers improved security and ongoing configuration management. Microsoft Deployment Toolkit is the official supported method of creating and customizing Windows images for deployment. Description: Starting from scratch, this book walks you through the MDT setup, task sequence creation, and image deployment steps in detail. Breaking down the various MDT concepts, this book will give you a thorough understanding of the deployment process. Beginning with imaging concepts and theory, you will go on to build a Microsoft Deployment Toolkit environment. You will understand the intricacies of customizing the default user profile in different versions of Windows. Driver handling can be a challenge for larger organizations; we’ll cover various driver concepts including mandatory driver profiles. ]Other important topics like the User State Migration Tool (USMT), configuration of XML files, and how to troubleshoot the USMT are also discussed in the book. We will cover the verifier and Windows Performance Toolkit for image validation scenarios. Furthermore, you will learn about MDT web frontend implementation as well as how to utilize the database capabilities of MDT for deeper deployment options. We’ll wrap it all up with some links to resources for more information, blogs to watch, and useful Twitter handles.
Table of Contents (18 chapters)
Mastering the Microsoft Deployment Toolkit
About the Authors
About the Reviewers

Securing the MDT process

In some environments, security concerns are a primary driver, and thus the following questions come up: what can we do to secure the share, and what can we do to validate that the image is not tampered with?

For the first question about securing the share, the following rights are needed to allow MDT to work properly:

  1. \\path\deploymentshare$ rights:

    • In Sharing, remove EVERYONE and add the user account specified specifically in your Bootstrap.ini and CustomSettings.ini file for READ access only

    • NTFS rights would be the following:

      Creator Owner: Full control of subfolders and files only

      Administrators: Full control of this folder, subfolders and files

      System: Full control of this folder, subfolders, and files

      Users: Check the following check boxes:

      • Read and Execute

      • List Folder Contents

      • Read

  2. \\path\referenceshare$ rights:

    • In Sharing, again remove EVERYONE and add your user account used in the capture process for READ and CHANGE rights

    • NTFS no changes needed

For the second part, how do we validate the image integrity?

The simplest way is to use PowerShell to generate a file hash of your WIM file. Use the PowerShell cmdlet get-filehash. The following command is simple enough to add to your process:

Get-FileHash .\install.wim | format-list

You can then validate the returned value by checking the deployment time or in audit processes in same way as the security requires.