pixel - Fotolia
How to automate Windows 10 imaging with Packer
Windows 10 imaging isn't easy, especially with Microsoft's continuous release model. Here's how IT can use Packer and MDT to reuse code for Windows images and automate the process.
Since the release of Windows 10, IT professionals that deploy and patch desktops have had to adjust the way they manage machine images. A free tool called Packer, however, can help IT admins create and manage Windows 10 images in a continuous delivery model.
With Packer, IT can create and maintain machine image configurations in code, which means that IT can create updated machine images rather than manually install the OS, configure the OS, install software and configure software on the image.
Packer provides a way, for example, to reuse the code for a Windows 10 image for version 1809 to create a Windows 10 image for the new 1903 version. This greatly reduces the overhead for managing machine images. When Microsoft releases a new version of Windows 10, the machine image will largely be the same as the previous version in Packer.
IT can combine Packer with Microsoft Deployment Toolkit (MDT) to help automate the creation of Windows 10 images. These two programs may not work cohesively by default, but IT can make modifications to make Packer a viable option for Windows 10 imaging.
Windows 10 imaging with Packer
Admins should first look at Stefan Scherer's Github repository, which features many Packer templates for getting started. When using this repository, there are two files that admins will work with a lot to create a machine image: the Windows 10 Packer template and the Windows 10 answer file. Both of these will automate much of how the image is created.
Packer template
IT pros will need to first choose a platform that the build will run on. Usually, this will be Hyper-V or VirtualBox for Windows 10. IT admins can actually use both in the same template, which the windows_10.json file in Scherer's repository shows. The builder must specify the hardware info of the virtual machine, the ISO file to use to install Windows with, any additional scripts to mount and the Windows Remote Management credentials that the local machine will use to connect to the VM with. All of these settings are customizable.
The provisioners section of the template will be where IT pros use scripts after they install Windows on the reference VM. IT can perform tasks such as enable User Account Control, install software with Chocolatey or enable Remote Desktop Protocol.
Answer file
IT can use the autounattend.xml file to automate Windows settings during the installation of Windows. In Packer, IT can add the file to the floppy_files section of the template so that Windows can automatically find it. IT can use the autounattend.xml file that Scherer created but modify it. For example, IT can change the username and password for the admin accounts, change the product key for Windows Volume Licensing and enable Windows updates to install in the last synchronous script.
Capturing the MDT image
One of the shortcomings of using Packer to create a Windows 10 image is that, if admins use MDT to deploy Windows 10 to desktops, there is no native way to integrate Packer with MDT. Packer doesn't provide a post-processor that will output a Windows Imaging Format (WIM) file, which is the format MDT needs to deploy Windows 10 to a computer.
To get around this, IT can use a PowerShell script as a provisioner in the Packer template to kick off the capturing process. This is the last thing IT should do in the Windows 10 imaging process.
This would be what the Packer template looks like, as this script is the last provisioner:
{
"scripts": [
"./scripts/MDT.ps1"
],
"type": "powershell",
"only": ["virtualbox-iso"],
"valid_exit_codes": [0,16001]
}
IT pros can use the only parameter in the template, which means that the script will only run when they use VirtualBox as the builder in Packer. Packer supports running a template on multiple platforms, such as VMware, Hyper-V and Azure.
The PowerShell script MDT.ps1 should have the following commands to simply mount the MDT shared drive and start the litetouch.vbs script:
net use S: '\\Server\MDT' /user:DOMAIN\MDT 'P@ssword'
cscript S:\Scripts\litetouch.vbs
In this case, the admin uses a specific MDT share to capture the Windows 10 image. In the customsettings.ini folder, the admin should automate the task sequence so that, when litetouch.vbs launches, the Packer user doesn't need to input anything. The file would look something like this:
[Default]
TimeZoneName=Eastern Standard Time
OSInstall=Y
UserDataLocation=NONE
JoinWorkGroup=WORKGROUP
TimeZoneName=Eastern Standard Time
DoNotCreateExtraPartition=YES
DoCapture=YES
ComputerBackupLocation=NETWORK
BackupShare=\\MDTServer\WIN10CAPTURE$
BackupDir=Captures
UserDomain=DOMAIN
UserID=mdt
UserPassword=P@ssword
TaskSequenceID=WIN10
BuildID=WIN10-CAP
SkipAdminPassword=YES
SkipApplications=YES
SkipAppsOnUpgrade=YES
SkipBitLocker=YES
SkipCapture=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipFinalSummary=YES
SkipLocaleSelection=YES
SkipProductKey=YES
SkipRoles=YES
SkipSummary=YES
SkipTaskSequence=YES
SkipTimeZone=YES
SkipUserData=YES
OSDComputerName=WIN-10
FinishAction=SHUTDOWN
One of the benefits of using MDT to capture the WIM file is that it also runs sysprep as part of the task sequence in MDT. Otherwise, IT admins must run sysprep with Packer.
Running Packer
In Scherer's repository, he includes build scripts, both in Bash and in PowerShell, to start Packer. Here is the build script for the Windows 10 template:
packer build --only=vmware-iso --var disk_size=136400 windows_10.json
This build script example specifies a variable to create the hard disk of the reference VM and only run the VMware builder from the windows_10.json template.
In this sample output, Packer runs the MDT.ps1 script to capture the image and import it into MDT:
==> virtualbox-iso: Connected to WinRM!
==> virtualbox-iso: Uploading VirtualBox version info (6.0.8)
==> virtualbox-iso: Provisioning with Powershell...
==> virtualbox-iso: Provisioning with powershell script: ./scripts/MDT.ps1
virtualbox-iso: The command completed successfully.