Make an existing MDT (2012 update 1) enviroment ready for Windows 10

In this post, I will describe the steps needed to update a existing Microsoft Deployment Toolkit (MDT) 2012 environment to MDT 2013 Update 2. This MDT update is needed to prepare for a new automated Windows 10 deployment.

Requirements

MDT 2013 Update 2 has the following requirements

Install Windows ADK for Windows 10

On the existing MDT server, download the Windows ADK for Windows 10 update files. I have placed these files on D:\Downloads\ADK.

  1. Log on to the server with an account that has administrator rights.
  2. Start the ADK Setup (D:\Downloads\ADK\adksetup.exe), and click Continue.
  3. On the Select the features you want to change page, select the features below and complete the wizard using the default settings:
    1. Deployment Tools
    2. Windows Preinstallation Environment (Windows PE)
    3. User State Migration Tool (UMST)

Install MDT 2013 Update 2

Download the MDT 2013 Update 2 files to D:\Downloads\MDT

  1. Install MDT (D:\Downloads\MDT 2013\MicrosoftDeploymentToolkit2013_x64.msi) with the default settings
  2. Start the Deployment Workbench
  3. Right click on your Deployment Share and click ‘Upgrade Deployment Share’. This update can take a while, depending on the size of your MDT environment.

Use WMIC to get the exact model/make of your computer

A short tip and note to myself. A quick way to get the exact model and manufacturer from a Windows PC using the command line.

wmic computersystem get model,name,manufacturer,systemtype

This command gives me all the information I need to add the client for MDT deployments..

We usually configure MDT to look for the Model + Manufacturer to locate the drivers needed for the computer. We will add a driver group on the MDT Deployment share and inject the drivers in the MDT Task Sequence to filter the drivers like ‘Windows 7 x64\%make%\%model%. These are Windows variables.

This will give us the following folder tree for the Out-of-Box Drivers folder in MDT.

MDTdrivesr

 

Allow change password via RDP

I’ve experienced a few times that i’m not allowed to login using RDP because my password is expired or that ‘use must change password at next login’ is enabled in the Active Directory.

Today was one of those moments. I could not login to an customer environment i havent logged in to for a while, because my password was expired. So ehm.. I had to login to change my password, but I could not login to change my password because my password was expired.. right..
Now what? The customer wasn’t available at that time and I had to get to work.

I have found the following work around for that.

Lokaal

  1. Start mstsc.exe
  2. enter the remote desktop connection
  3. Click ‘Save as..’
  4. Save the RDP file as something like: ChangePassword.RDP
  5. Open notepad.exe and open the RDP file you just created.
  6.  add enablecredsspsupport:i:0 at the bottom of the file.clip_image003_thumb

Save the file, start the RDP connection using this file. Now you will have the possibility to change your password!

What if CredSSP is required?

If CredSSP (Credential Security Support Provider is required to login to the remote desktop, you will get the following error message:
Try to make an RDP connection using the full FQDN (servername.domain.local) in stead of just the servername. Otherwise, the above solution is not possible. Except when you disable CredSSP.

CredSSP can be disabled to change de RDP settings on the remote desktop to disable ‘Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended).’