10 Tips for a More Successful Windows Image Build & Capture

Posted on Updated on

In a recent build and capture (b&c) task sequence for ConfigMgr 2012 R2 that I was helping a customer with, I decided it was worthwhile to list the top things that can be overlooked.  If these are done prior to beginning the process, then it can help to shorten and troubleshooting time involved.  Also, be sure to see my tips for installing apps during OSD.

  1. Create an IP address range for content boundaries.  When doing a b&c, it is a best practice to not join the system to the domain.  So if AD Sites are used for the boundaries, then content cannot be found.  To workaround this, add a IP address range boundary for the subnet of the virtual system.
  2. In task sequence step “Setup Windows and Configuration Manager”, include entry “SMSMP=SiteMPServerFQDN”.  Example FQDN: CM1.contoso.com.
  3. Include installation of the latest cumulative update that is installed on the primary site.  The easiest trick for ensuring the latest CU is installed during OSD is to do:
    1. Copy the hotfix install package from “C:\Program Files\Microsoft Configuration Manager\hotfix\KBxxxxxx\Client\” into “C:\Program Files\Microsoft Configuration Manager\Client\hotfix\KBxxxxxx\”.
    2. In the task sequence step “Setup Windows and Configuration Manager”, include the line “PATCH=’%_SMSTSMDataPath%\OSD\PkgID\hotfix\KBxxxxxx\x64\patchKBinstallname.msp’.  Note that the path x64/i386 will need to be updated based upon the target OS.
  4. ConfigMgr boot media (.iso, USB, etc.) has been configured to allow unknown computers.
  5. Use the offline servicing functionality to pre-inject / install any Windows and .NET Framework 3.5.x security updates. Doing this to the original Windows image that was imported into the primary site will reduce the deployment time for the b&c.  Note that if you are deploying Win7 Hotfix Rollup 1 (KB2775511), it can be helpful to add it into the list for Software Updates (see http://blogs.technet.com/b/brandonlinton/archive/2013/03/13/how-to-deploy-phantom-updates-with-system-center-configuration-manager.aspx).
  6. Prepare for Software Updates (e.g. MS security updates)
    1. Use multiple Install Software Updates steps.  I like to use one immediately after installing core MS software (newer versions of .NET, MSXML, PowerShell, etc.) and then use two more at the very end of the task sequence.
    2. Optional: Create a script to which associates Microsoft Office with the Windows update agent so that those patches can be installed.
  7. Implement fixes and workarounds for installing packages and applications.
    1. KB2716946 fix/workaround to enable the software distribution agent during execution of the task sequence.
    2. KB2522623 fix for Windows 7 to allow applications to be installed
  8. Set additional task sequence variables to prevent “Error 80070002”.  This is outlined in a TechNet support tip blog post, but impacts more than just MDT.
    1. SMSTSDownloadRetryCount = 5
    2. SMSTSDownloadRetryDelay = 15
  9. Configure the Windows image to be able to “run from the server”.  In this way, the image does not need to download to the disk then finally extract … thereby causing a longer delay and more fragmentation.  To do this:
    1. On the properties of the image, go to the Data Access tab and select the option to “copy the content in this package to a package share on distribution points”.
    2. In the task sequence’s step for Apply Operating System, go to the Options tab and select “Access content directly from the distribution point”.
  10. Configure the distribution point to allow anonymous connections.

In general the above items should help you to be more successful when doing an OSD image b&c.  So that it’s not left unsaid, the below items could also prove useful.

  • Setup the Network Access Account for the ConfigMgr primary site.  For security, ensure that the account is a low rights domain user with a complex password and not an account with extended access rights to any systems on the network.
  • Deploy the task sequence to All Unknown Computers.  In this way an record of the ConfigMgr client will not need to be created first and added into a special collection.

11 thoughts on “10 Tips for a More Successful Windows Image Build & Capture

    Ronni Pedersen said:
    August 17, 2014 at 11:12 am

    Great and relevant tips when building images using SCCM, but if it was my list, I’ve add another tip to the list…
    Tip 11: Dont use SCCM for build and capture if it not a requirement. Use MDT LiteTouch :-)

      N. Moseley responded:
      August 18, 2014 at 5:03 pm

      Ronni, thanks for reading and providing the personal feedback. Unfortunately, I can’t agree that MDT is the solution. In fact, some of the items I listed were specifically written for fixes in MDT … it just happens that they also worked for ConfigMgr. Plus, when I weigh the pros/cons of MDT with my customers (as well as show them operational difference), I still have yet for a customer to choose MDT.

        npherson (@kidmystic) said:
        August 20, 2014 at 12:07 pm

        +1 to Nick’s response. While Applications and Software Updates have some complications with Workgroup devices, they are pretty well documented for how to deal with them. There isn’t a compelling business need to maintain two separate environments. When you can leverage the objects you’ve built out for existing devices and future devices, you reduce the amount of work required and help ensure consistency in your environment.

    Jay Connor said:
    August 17, 2014 at 4:49 pm

    Good tips. I haven’t had much luck completing a ts using a win7 sp1 wim that has had updates injected..

    I wouldn’t deploy to unknown computers. Just use the import computer feature, this lets you target updates to it, and hides it/keep things clean.

    – Tip 3 – I’m guessing you change your ccmsetup path to program files? Perhaps include that and change the patch line.
    ie I have a run command line
    xcopy.exe configmgr2012ac-sp1-kbxxxxxxx-x64.msp C:\windows\ccmsetup\ /y
    Then in the deploy ts “PATCH=’C:\windows\ccmsetup\KBxxxxxx-x64.msp’
    – Password the TS via exe or script.
    – Enabling Allow Fallback Source Location for Distribution Points can be a work around for not being in a boundary also.
    – Use a VM for capturing.

      N. Moseley responded:
      August 18, 2014 at 5:10 pm

      Jay, thanks for reading and providing the personal feedback. I’m surprised you’ve had problems injecting updates into a Win7 SP1 .wim (I’ve never had an issue!).

      Deploying to unknown computers is a personal preference IMHO – but if using unknown computers, I should really have also said that I then disable the TS after completion (so it doesn’t always appear).

      Thanks for the other tips, they should not be forgotten either. ;-)

      As for your response to Tip #3, I don’t do it the way you’ve suggested, but that certainly a possible route. Rather, I have a copy in the ConfigMgr client package files, which I use to call directly within the download CM client files.

    Glen said:
    August 19, 2014 at 11:16 pm

    An alternate way which we use to Step 3.2, is to copy the patch into a folder called \Program Files\Microsoft Configuration Manager \client\i386\ClientPatch.
    This eliminates the need to have line “PATCH=’%_SMSTSMDataPath%\hotfix\KBxxxxxx\x64\patchKBinstallname.msp within the task sequence

      N. Moseley responded:
      August 20, 2014 at 6:15 am

      Oh really? I shall try that some time, I wasn’t aware that was possible. Thanks!

        npherson (@kidmystic) said:
        August 20, 2014 at 11:58 am

        The %_SMSTSMDataPath% variable is set at the start of the task sequence and not updated. What you may experience is that it is set to D: while in WinPE, but then is C: when you boot into the target operating system (but the variable still equals D:). This will cause the patch inclusion to fail.

    […] to a previous post on 10 Tips for a More Successful Windows Image Build & Capture, this post outlines tips to help you successfully deploy ConfigMgr 2012 R2 Applications during […]

    mug8pm said:
    April 5, 2018 at 3:01 am

    Thank you for tip #1, that finally solved the inability to install software updates during B&C, cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s