In some environments, security concerns are a primary driver, and thus the following questions come up: what can we do to secure the share, and what can we do to validate that the image is not tampered with?
For the first question about securing the share, the following rights are needed to allow MDT to work properly:
In Sharing, remove
EVERYONEand add the user account specified specifically in your
NTFS rights would be the following:
Creator Owner: Full control of subfolders and files only
Administrators: Full control of this folder, subfolders and files
System: Full control of this folder, subfolders, and files
Users: Check the following check boxes:
Read and Execute
List Folder Contents
In Sharing, again remove
EVERYONEand add your user account used in the capture process for
NTFS no changes needed
For the second part, how do we validate the image integrity?
The simplest way is to use PowerShell to generate a file hash of your WIM file. Use the PowerShell
cmdlet get-filehash. The following command is simple enough to add to your process:
Get-FileHash .\install.wim | format-list
You can then validate the returned value by checking the deployment time or in audit processes in same way as the security requires.