Create bootable media
Applies to: System Center Configuration Manager (Current Branch)
Bootable media in Configuration Manager contains the boot image, optional prestart commands and associated files, and Configuration Manager files. Use prestaged media for the following OS deployment scenarios:
The following process occurs when you boot to bootable media:
- The destination computer starts
- It connects to the network
- It retrieves the following content from the site:
- The specified task sequence
- OS image
- Any other required content
Because the task sequence isn't on the media, you can change the task sequence or content without having to recreate the media.
The packages on bootable media aren't encrypted. To make sure that the package contents are secured from unauthorized users, take appropriate security measures. For example, add a password to the media.
Before you create bootable media by using the Create Task Sequence Media Wizard, be sure that all of these conditions are met.
Consider the following points about the boot image that you use in the task sequence to deploy the OS:
- The architecture of the boot image must be appropriate for the architecture of the destination computer. For example, an x64 destination computer can boot and run an x86 or x64 boot image. However, an x86 destination computer can boot and run only an x86 boot image.
- Make sure that the boot image contains the network and storage drivers that are required to provision the destination computer.
Create a task sequence to deploy an OS
As part of the bootable media, specify the task sequence to deploy the OS. For more information, see Create a task sequence to install an OS.
Distribute all content associated with the task sequence
Distribute all content that the task sequence requires to at least one distribution point. This content includes the boot image and other associated prestart files. The wizard gathers the content from the distribution point when it creates the bootable media.
Your user account needs at least Read access rights to the content library on that distribution point. For more information, see Distribute content.
Prepare the removable USB drive
If you're using a removable USB drive, connect it to the computer where you run the Create Task Sequence Media wizard. The USB drive must be detectable by Windows as a removal device. The wizard writes directly to the USB drive when it creates the media.
Create an output folder
Before you run the Create Task Sequence Media Wizard to create media for a CD or DVD set, create a folder for the output files it creates. Media that it creates for a CD or DVD set is written as an .ISO file directly in the folder.
In the Configuration Manager console, go to the Software Library workspace, expand Operating Systems, and select the Task Sequences node.
On the Home tab of the ribbon, in the Create group, select Create Task Sequence Media. This action starts the Create Task Sequence Media Wizard.
On the Select Media Type page, specify the following options:
Select Bootable media.
Optionally, if you want to only allow the OS to be deployed without requiring user input, select Allow unattended operating system deployment.
When you select this option, the user isn't prompted for network configuration information or for optional task sequences. If you configure the media for password protection, the user is still prompted for a password.
On the Media Management page, specify one of the following options:
Dynamic media: Allow a management point to redirect the media to another management point, based on the client location in the site boundaries.
Site-based media: The media only contacts the specified management point.
On the Media Type page, specify whether the media is a Removable USB drive or a CD/DVD set. Then configure the following options:
Media uses a FAT32 file system. You can't create media on a USB drive whose content contains a file over 4 GB in size.
If you select Removable USB drive, select the drive where you want to store the content.
- Format removable USB drive (FAT32) and make bootable: By default, let Configuration Manager prepare the USB drive. Many newer UEFI devices require a bootable FAT32 partition. However, this format also limits the size of files and overall capacity of the drive. If you've already formatted and configured the removable drive, disable this option.
If you select CD/DVD set, specify the capacity of the media (Media size) and the name and path of the output file (Media file). The wizard writes the output files to this location. For example:
If the capacity of the media is too small to store the entire content, it creates multiple files. Then you need to store the content on multiple CDs or DVDs. When it requires multiple media files, Configuration Manager adds a sequence number to the name of each output file that it creates.
If you select an existing .iso image, the Task Sequence Media Wizard deletes that image from the drive or share as soon as you proceed to the next page of the wizard. The existing image is deleted, even if you then cancel the wizard.
Staging folder: The media creation process can require a lot of temporary drive space. By default this location is similar to the following path:
%UserProfile%\AppData\Local\Temp. Starting in version 1902, to give you greater flexibility with where to store these temporary files, change this value to another drive and path.
Media label: Starting in version 1902, add a label to task sequence media. This label helps you better identify the media after you create it. The default value is
Configuration Manager. This text field appears in the following locations:
If you mount an ISO file, Windows displays this label as the name of the mounted drive
If you format a USB drive, it uses the first 11 characters of the label as its name
Configuration Manager writes a text file called
MediaLabel.txtto the root of the media. By default, the file includes a single line of text:
label=Configuration Manager. If you customize the label for media, this line uses your custom label instead of the default value.
Include autorun.inf file on media: Starting in version 1902, Configuration Manager doesn't add an autorun.inf file by default. This file is commonly blocked by antimalware products. For more information on the AutoRun feature of Windows, see Creating an AutoRun-enabled CD-ROM Application. If still necessary for your scenario, select this option to include the file.
On the Security page, specify the following options:
Enable unknown computer support: Allow the media to deploy an OS to a computer that's not managed by Configuration Manager. There's no record of these computers in the Configuration Manager database. For more information, see Prepare for unknown computer deployments.
Protect media with a password: Enter a strong password to help protect the media from unauthorized access. When you specify a password, the user must provide that password to use the bootable media.
As a security best practice, always assign a password to help protect the bootable media.
For HTTP communications, select Create self-signed media certificate. Then specify the start and expiration date for the certificate.
For HTTPS communications, select Import PKI certificate. Then specify the certificate to import and its password.
For more information about this client certificate that boot images use, see PKI certificate requirements.
User device affinity: To support user-centric management in Configuration Manager, specify how you want the media to associate users with the destination computer. For more information about how OS deployment supports user device affinity, see Associate users with a destination computer.
Allow user device affinity with auto-approval: The media automatically associates users with the destination computer. This functionality is based on the actions of the task sequence that deploys the OS. In this scenario, the task sequence creates a relationship between the specified users and destination computer when it deploys the OS to the destination computer.
Allow user device affinity pending administrator approval: The media associates users with the destination computer after approval is granted. This functionality is based on the scope of the task sequence that deploys the OS. In this scenario, the task sequence creates a relationship between the specified users and the destination computer, but waits for approval from an administrative user before the OS is deployed.
Do not allow user device affinity: The media doesn't associate users with the destination computer. In this scenario, the task sequence doesn't associate users with the destination computer when it deploys the OS.
On the Boot image page, specify the following options:
The architecture of the boot image that you distribute must be appropriate for the architecture of the destination computer. For example, an x64 destination computer can boot and run an x86 or x64 boot image. However, an x86 destination computer can boot and run only an x86 boot image.
Boot image: Select the boot image to start the destination computer.
Distribution point: Select the distribution point that has the boot image. The wizard retrieves the boot image from the distribution point and writes it to the media.
Your user account needs at least Read permissions to the content library on the distribution point.
Management point: Only for site-based media, select a management point from a primary site.
Associated management points: Only for dynamic media, select the primary site management points to use, and a priority order for the initial communication.
On the Customization page, specify the following options:
Add any variables that the task sequence uses.
Enable prestart command: Specify any prestart commands that you want to run before the task sequence runs. Prestart commands are a script or an executable that can interact with the user in Windows PE before the task sequence runs. For more information, see Prestart commands for task sequence media.
During media creation, the task sequence writes the package ID and prestart command-line, including the value for any task sequence variables, to the CreateTSMedia.log file on the computer that runs the Configuration Manager console. You can review this log file to verify the value for the task sequence variables.
If the prestart command requires any content, select the option to Include files for the prestart command.
Complete the wizard.
You can create bootable media on a removable USB drive when the drive isn't connected to the computer running the Configuration Manager console.
Create the task sequence boot media. On the Media type page, select CD/DVD set. The wizard writes the output files to the location that you specify. For example:
Prepare the removable USB drive. The drive must be formatted, empty, and bootable.
Mount the ISO from the share location and transfer the files from the ISO to the USB drive.