使用 Configuration Manager 准备零接触安装 Windows 10Prepare for Zero Touch Installation of Windows 10 with Configuration Manager

适用于Applies to

  • Windows 10Windows 10

本主题将介绍使用 Microsoft Endpoint Manager (ConfigMgr) 与 Microsoft Deployment Toolkit (MDT) 集成的 Windows 10 操作系统部署 (OS) D) 的零接触安装过程。This topic will walk you through the Zero Touch Installation process of Windows 10 operating system deployment (OSD) using Microsoft Endpoint Manager (ConfigMgr) integrated with Microsoft Deployment Toolkit (MDT).

必备条件Prerequisites

在本主题中, 你将使用现有 Configuration Manager 基础结构的组件为 Windows 10 OSD 做好准备。In this topic, you will use components of an existing Configuration Manager infrastructure to prepare for Windows 10 OSD. 除了基本设置,还应在 Configuration Manager 环境中进行以下配置:In addition to the base setup, the following configurations should be made in the Configuration Manager environment:

  • Configuration Manager 当前分支 + 已安装所有安全和关键更新。Configuration Manager current branch + all security and critical updates are installed.
    • 注意:本指南中的过程使用 ConfigMgr 1910。Note: Procedures in this guide use ConfigMgr 1910. 有关 ConfigMgr 支持的 Windows 10 版本的信息,请参阅 Windows 10 支持For information about the version of Windows 10 supported by ConfigMgr, see Support for Windows 10.
  • 已扩展 Active Directory 架构并创建了系统管理容器。The Active Directory Schema has been extended and System Management container created.
  • Active Directory 林发现和 Active Directory 系统发现 已启用Active Directory Forest Discovery and Active Directory System Discovery are enabled.
  • 已创建 IP 范围边界以及 内容和网站分配的边界组。IP range boundaries and a boundary group for content and site assignment have been created.
  • 已添加 和配置 Configuration Manager 报告服务点角色。The Configuration Manager reporting services point role has been added and configured.
  • 已创建程序包的文件系统文件夹结构和 Configuration Manager 控制台文件夹结构。A file system folder structure and Configuration Manager console folder structure for packages has been created. 下面提供了验证或创建此文件夹 结构的步骤Steps to verify or create this folder structure are provided below.
  • 已安装 WINDOWS ADK (,包括 USMT) 版本 1903、Windows PE 加载项、WSIM 1903 更新、MDT版本 8456 和 DaRT 10 (MDOP 2015) 部分。The Windows ADK (including USMT) version 1903, Windows PE add-on, WSIM 1903 update, MDT version 8456, and DaRT 10 (part of MDOP 2015) are installed.
  • CMTrace (cmtrace.exe) 安装在分发点上。The CMTrace tool (cmtrace.exe) is installed on the distribution point.
    • 注意:CMTrace 会自动随 Configuration Manager 的当前分支一起安装在**Program Files\Microsoft Configuration Manager\tools\cmtrace.exe。 **Note: CMTrace is automatically installed with the current branch of Configuration Manager at Program Files\Microsoft Configuration Manager\tools\cmtrace.exe. 在以前的 ConfigMgr 版本中,必须单独安装 configuration Manager Toolkit才能获取 CMTrace 工具,但不再需要这样做。In previous releases of ConfigMgr it was necessary to install the Configuration Manager Toolkit separately to get the CMTrace tool, but this is no longer needed. Configuraton Manager 版本 1910 安装了 CMTrace 工具的版本 5.0.8913.1000。Configuraton Manager version 1910 installs version 5.0.8913.1000 of the CMTrace tool.

出于本指南的目的,我们将使用三台服务器计算机:DC01、CM01 和 HV01。For the purposes of this guide, we will use three server computers: DC01, CM01 and HV01.

  • DC01 是域的域控制器和 DNS contoso.com服务器。DC01 is a domain controller and DNS server for the contoso.com domain. DHCP 服务也可用,并且可以选择安装在 DC01 或其他服务器上。DHCP services are also available and optionally installed on DC01 or another server.
  • CM01 是域成员服务器和 Configuration Manager 软件分发点。CM01 is a domain member server and Configuration Manager software distribution point. 在本指南中,CM01 是一台独立的主站点服务器。In this guide CM01 is a standalone primary site server.
  • HV01 是Hyper-V Windows 10 引用映像的一个主计算机。HV01 is a Hyper-V host computer that is used to build a Windows 10 reference image. 此计算机不需要是域成员。This computer does not need to be a domain member.

所有服务器都运行 Windows Server 2019。All servers are running Windows Server 2019. 但是,也可以使用受支持的早期版本的 Windows Server。However, an earlier, supported version of Windows Server can also be used.

本指南中引用的所有服务器和客户端计算机都位于同一子网中。All server and client computers referenced in this guide are on the same subnet. 这不是必需的,但每个服务器和客户端计算机必须能够相互连接以共享文件,并解析域的所有 DNS 名称和 Active Directory contoso.com信息。This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. 下载操作系统和应用程序更新还需要 Internet 连接。Internet connectivity is also required to download OS and application updates.

域凭据Domain credentials

本指南使用了以下通用凭据。The following generic credentials are used in this guide. 应在每个过程中显示这些凭据时将其替换为您的凭据。You should replace these credentials as they appear in each procedure with your credentials.

Active Directory 域名:contoso.comActive Directory domain name: contoso.com
域管理员用户名: 管理员Domain administrator username: administrator
域管理员密码:pass@word1Domain administrator password: pass@word1

创建 OU 结构Create the OU structure

备注

如果已创建在 MDT 的 OSD 指南中使用的 OU 结构,则此处使用相同的结构,可以跳过此部分。If you have already created the OU structure that was used in the OSD guide for MDT, the same structure is used here and you can skip this section.

DC01 上On DC01:

若要创建 OU 结构,可以使用 Active Directory 用户和计算机控制台 (dsa.msc) ,或者可以使用 Windows PowerShell。To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. 下面的过程使用Windows PowerShell。The procedure below uses Windows PowerShell.

若要使用Windows PowerShell,请复制以下命令到文本文件,并将其另存为 C:\Setup\Scripts\ou.ps1。To use Windows PowerShell, copy the following commands into a text file and save it as C:\Setup\Scripts\ou.ps1. 确保你正在查看文件扩展名,并且使用 .ps1 扩展名保存文件。Be sure that you are viewing file extensions and that you save the file with the .ps1 extension.

$oulist = Import-csv -Path c:\oulist.txt
ForEach($entry in $oulist){
    $ouname = $entry.ouname
    $oupath = $entry.oupath
    New-ADOrganizationalUnit -Name $ouname -Path $oupath -WhatIf
    Write-Host -ForegroundColor Green "OU $ouname is created in the location $oupath"
}

接下来,将以下 OU 名称和路径列表复制到文本文件中,并将其另存为C:\Setup\Scripts\oulist.txt Next, copy the following list of OU names and paths into a text file and save it as C:\Setup\Scripts\oulist.txt

OUName,OUPath
Contoso,"DC=CONTOSO,DC=COM"
Accounts,"OU=Contoso,DC=CONTOSO,DC=COM"
Computers,"OU=Contoso,DC=CONTOSO,DC=COM"
Groups,"OU=Contoso,DC=CONTOSO,DC=COM"
Admins,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
Service Accounts,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
Users,"OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM"
Servers,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
Workstations,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
Security Groups,"OU=Groups,OU=Contoso,DC=CONTOSO,DC=COM"

最后,在 DC01 上Windows PowerShell提升的ou.ps1脚本:Lastly, open an elevated Windows PowerShell prompt on DC01 and run the ou.ps1 script:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\ou.ps1

创建 Configuration Manager 服务帐户Create the Configuration Manager service accounts

基于角色的模型用于配置 Configuration Manager 中操作系统部署所需的服务帐户的权限。A role-based model is used to configure permissions for the service accounts needed for operating system deployment in Configuration Manager. 执行以下步骤以创建 Configuration Manager加入域****和网络访问帐户:Perform the following steps to create the Configuration Manager join domain and network access accounts:

DC01 上On DC01:

  1. 在 Active Directory 用户和计算机控制台中,浏览 contoso.com /Contoso / 服务帐户In the Active Directory Users and Computers console, browse to contoso.com / Contoso / Service Accounts.

  2. 选择“服务帐户”OU 并使用以下设置创建 CM_JD 帐户。Select the Service Accounts OU and create the CM_JD account using the following settings:

    • 名称:CM_JDName: CM_JD
    • 用户登录名称:CM_JDUser logon name: CM_JD
    • 密码:pass@word1Password: pass@word1
    • 用户下次登录时须更改密码:清空User must change password at next logon: Clear
    • 用户不能更改密码:选中User cannot change password: Selected
    • 密码永不过期:选中Password never expires: Selected
  3. 为 CM_NAA 帐户重复步骤。Repeat the step, but for the CM_NAA account.

  4. 创建帐户后,分配以下描述:After creating the accounts, assign the following descriptions:

    • CM_JD: Configuration Manager 加入域帐户CM_JD: Configuration Manager Join Domain Account
    • CM_NAA: Configuration Manager 网络访问帐户CM_NAA: Configuration Manager Network Access Account

配置 Active Directory 权限Configure Active Directory permissions

为了使 Configuration Manager 加入域帐户 (CM_JD) 能够将计算机加入 contoso.com 域,你需要在 Active Directory 中配置权限。In order for the Configuration Manager Join Domain Account (CM_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. 这些步骤假定你已下载示例 Set-OUPermissions.ps1 脚本并将其复制到 DC01 上的 C:\Setup\Scripts。These steps assume you have downloaded the sample Set-OUPermissions.ps1 script and copied it to C:\Setup\Scripts on DC01.

DC01 上On DC01:

  1. 以 contoso\administrator 登录,在提升的Windows PowerShell输入:Sign in as contoso\administrator and enter the following at an elevated Windows PowerShell prompt:

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
    Set-Location C:\Setup\Scripts
    .\Set-OUPermissions.ps1 -Account CM_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
    
  2. Set-OUPermissions.ps1 脚本允许 CM_JD 用户帐户权限管理“Contoso / 计算机 / 工作站”OU 中的计算机帐户。The Set-OUPermissions.ps1 script allows the CM_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. 以下是待授予权限的列表:The following is a list of the permissions being granted:

    • 作用域:此对象及其所有后代对象Scope: This object and all descendant objects
    • 创建计算机对象Create Computer objects
    • 删除计算机对象Delete Computer objects
    • 作用域:后代计算机对象Scope: Descendant Computer objects
    • 读取所有属性Read All Properties
    • 写入所有属性Write All Properties
    • 读取权限Read Permissions
    • 修改权限Modify Permissions
    • 更改密码Change Password
    • 重置密码Reset Password
    • 经过验证的对 DNS 主机名的写入权限Validated write to DNS host name
    • 经过验证的对服务主体名称的写入权限Validated write to service principal name

查看源文件夹结构Review the Sources folder structure

CM01 上On CM01:

若要支持本文中创建的包,应在配置管理器主站点服务器或 CM01 (上创建) :To support the packages you create in this article, the following folder structure should be created on the Configuration Manager primary site server (CM01):

备注

在大多数生产环境中,程序包存储在分布式文件系统 (DFS) 共享或“常规”服务器共享中,但在实验室环境中,你可以将其存储在站点服务器上。In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server.

  • D:\SourcesD:\Sources
  • D:\Sources\OSDD:\Sources\OSD
  • D:\Sources\OSD\BootD:\Sources\OSD\Boot
  • D:\Sources\OSD\DriverPackagesD:\Sources\OSD\DriverPackages
  • D:\Sources\OSD\DriverSourcesD:\Sources\OSD\DriverSources
  • D:\Sources\OSD\MDTD:\Sources\OSD\MDT
  • D:\Sources\OSD\OSD:\Sources\OSD\OS
  • D:\Sources\OSD\SettingsD:\Sources\OSD\Settings
  • D:\Sources\OSD\BrandingD:\Sources\OSD\Branding
  • D:\Sources\SoftwareD:\Sources\Software
  • D:\Sources\Software\AdobeD:\Sources\Software\Adobe
  • D:\Sources\Software\MicrosoftD:\Sources\Software\Microsoft

你可以从提升的Windows PowerShell运行以下命令,以创建此文件夹结构:You can run the following commands from an elevated Windows PowerShell prompt to create this folder structure:

我们还将在此处创建 D:\Logs 文件夹,稍后将用来支持服务器端日志记录。We will also create the D:\Logs folder here which will be used later to support server-side logging.

New-Item -ItemType Directory -Path "D:\Sources"
New-Item -ItemType Directory -Path "D:\Sources\OSD"
New-Item -ItemType Directory -Path "D:\Sources\OSD\Boot"
New-Item -ItemType Directory -Path "D:\Sources\OSD\DriverPackages"
New-Item -ItemType Directory -Path "D:\Sources\OSD\DriverSources"
New-Item -ItemType Directory -Path "D:\Sources\OSD\OS"
New-Item -ItemType Directory -Path "D:\Sources\OSD\Settings"
New-Item -ItemType Directory -Path "D:\Sources\OSD\Branding"
New-Item -ItemType Directory -Path "D:\Sources\OSD\MDT"
New-Item -ItemType Directory -Path "D:\Sources\Software"
New-Item -ItemType Directory -Path "D:\Sources\Software\Adobe"
New-Item -ItemType Directory -Path "D:\Sources\Software\Microsoft"
New-SmbShare -Name Sources$ -Path D:\Sources -FullAccess "NT AUTHORITY\INTERACTIVE", "BUILTIN\Administrators"
New-Item -ItemType Directory -Path "D:\Logs"
New-SmbShare -Name Logs$ -Path D:\Logs -ChangeAccess EVERYONE

将 Configuration Manager 与 MDT 集成Integrate Configuration Manager with MDT

若要使用 MDT 向导和模板扩展 Configuration Manager 控制台,请安装具有默认设置的 MDT 并运行 Configure ConfigManager 集成 桌面应用。To extend the Configuration Manager console with MDT wizards and templates, install MDT with the default settings and run the Configure ConfigManager Integration desktop app. 在以下步骤中,我们假定你已 下载 MDT, 并且已使用默认设置安装 MDT。In these steps, we assume you have already downloaded MDT and installed it with default settings.

CM01 上On CM01:

  1. 以 contoso\administrator 登录。Sign in as contoso\administrator.

  2. 请确保 Configuration Manager 控制台已关闭,然后再继续。Ensure the Configuration Manager Console is closed before continuing.

  3. 单击"开始",键入 "配置 ConfigManager 集成",然后运行应用程序以下设置:Click Start, type Configure ConfigManager Integration, and run the application the following settings:

    • 站点服务器名称:CM01.contoso.comSite Server Name: CM01.contoso.com
    • 站点代码:PS1Site code: PS1

图 8

MDT 与 Configuration Manager 集成。MDT integration with Configuration Manager.

配置客户端设置Configure the client settings

大多数组织都希望在部署过程中显示其名称。Most organizations want to display their name during deployment. 在此部分中,使用 Contoso 组织名称配置默认的 Configuration Manager 客户端设置。In this section, you configure the default Configuration Manager client settings with the Contoso organization name.

CM01 上On CM01:

  1. 打开 Configuration Manager 控制台,选择管理工作区,然后单击"客户端设置"。Open the Configuration Manager Console, select the Administration workspace, then click Client Settings.
  2. 在右侧窗格中,右键单击 "默认客户端设置",然后单击"属性"。In the right pane, right-click Default Client Settings and then click Properties.
  3. 在“计算机代理”**** 节点中的“在软件中心显示的组织名称”**** 文本框中,键入“Contoso”**** 并单击“确定”****。In the Computer Agent node, in the Organization name displayed in Software Center text box, type in Contoso and click OK.

图 9

在客户端设置中配置组织名称。Configure the organization name in client settings.

图 10

在部署过程中显示的 Contoso 组织名称。The Contoso organization name displayed during deployment.

配置网络访问帐户Configure the Network Access account

Configuration Manager 在 Windows 10 部署过程中使用网络访问帐户访问分发点上的内容。Configuration Manager uses the Network Access account during the Windows 10 deployment process to access content on the distribution points. 在此部分中,配置网络访问帐户。In this section, you configure the Network Access account.

CM01 上On CM01:

  1. 使用 Configuration Manager 控制台在“管理”工作区中展开“站点配置”****,然后选择“站点”****。Using the Configuration Manager Console, in the Administration workspace, expand Site Configuration and select Sites.
  2. 右键单击PS1 - 主站点 1, 指向"配置站点组件",然后选择"软件分发"。Right-click PS1 - Primary Site 1, point to Configure Site Components, and then select Software Distribution.
  3. 在"**** 网络访问帐户"选项卡上****,选择"指定访问网络位置的帐户",并添加**"新帐户**CONTOSO\CM_NAA"** 作为网络访问帐户 (密码:pass@word1) 。On the Network Access Account tab, select Specify the account that accesses network locations and add the New Account CONTOSO\CM_NAA as the Network Access account (password: pass@word1). 使用新的“验证”**** 选项验证该帐户是否能够连接到“\\DC01\sysvol”**** 网络共享。Use the new Verify option to verify that the account can connect to the \\DC01\sysvol network share.

图 11

测试网络访问帐户的连接。Test the connection for the Network Access account.

在 CM01 分发点上启用 PXEEnable PXE on the CM01 distribution point

Configuration Manager 具有许多启动部署的选项,但在大环境中通过 PXE 启动通常最为灵活。Configuration Manager has many options for starting a deployment, but starting via PXE is certainly the most flexible in a large environment. 在此部分中,在 CM01 分发点上启用 PXE。In this section, you enable PXE on the CM01 distribution point.

CM01 上On CM01:

  1. 在 Configuration Manager 控制台的“管理”工作区中,选择“分发点”****。In the Configuration Manager Console, in the Administration workspace, select Distribution Points.

  2. 右键单击“\\CM01.CONTOSO.COM 分发点”****,然后选择“属性”****。Right-click the \\CM01.CONTOSO.COM distribution point and select Properties.

  3. "PXE" 选项卡上,使用以下设置:On the PXE tab, use the following settings:

    • 启用对客户端的 PXE 支持Enable PXE support for clients
    • 允许此分发点响应传入 PXE 请求Allow this distribution point to respond to incoming PXE requests
    • 启用未知计算机Enable unknown computer
    • 计算机使用 PXE 时需要密码Require a password when computers use PXE
    • 密码和确认密码:pass@word1Password and Confirm password: pass@word1

    图 12

    为 PXE 配置 CM01 分发点。Configure the CM01 distribution point for PXE.

    备注

    如果选择"启用不带 Windows 部署服务的 PXE响应器",将不会安装 WDS,或者如果已安装 WDS,它将暂停,并且 使用 ConfigMgr PXE 响应器服务 (SccmPxe) 而不是 WDS。If you select Enable a PXE responder without Windows Deployment Service, then WDS will not be installed, or if it is already installed it will be suspended, and the ConfigMgr PXE Responder Service (SccmPxe) will be used instead of WDS. ConfigMgr PXE 响应器不支持多播。The ConfigMgr PXE Responder does not support multicast. 有关详细信息,请参阅安装和 配置分发点For more information, see Install and configure distribution points.

  4. 使用 CMTrace 工具,查看 C:\Program Files\Microsoft Configuration Manager\Logs\distmgr.日志文件。Using the CMTrace tool, review the C:\Program Files\Microsoft Configuration Manager\Logs\distmgr.log file. 查找 ConfigurePXE 和 CcmInstallPXE 行。Look for ConfigurePXE and CcmInstallPXE lines.

    图 13

    distmgr.log 显示分配点上成功配置了 PXE。The distmgr.log displays a successful configuration of PXE on the distribution point.

  5. 验证每个文件夹 D:\RemoteInstall\SMSBoot\x86D:\RemoteInstall\SMSBoot\x64中都有七个文件。Verify that you have seven files in each of the folders D:\RemoteInstall\SMSBoot\x86 and D:\RemoteInstall\SMSBoot\x64.

    图 14

    启用 PXE 后 D:\RemoteInstall\SMSBoot\x64 文件夹的内容。The contents of the D:\RemoteInstall\SMSBoot\x64 folder after you enable PXE.

    注意:这些文件由 WDS 使用。Note: These files are used by WDS. ConfigMgr PXE 响应器不会使用它们。They are not used by the ConfigMgr PXE Responder. 本文不使用 ConfigMgr PXE 响应器。This article does not use the ConfigMgr PXE Responder.

接下来,请参阅 使用 Configuration Manager 创建自定义 Windows PE 启动映像Next, see Create a custom Windows PE boot image with Configuration Manager.

Configuration Manager 操作系统部署组件Components of Configuration Manager operating system deployment

借助 Configuration Manager 的操作系统部署是正常的软件分发基础结构的一部分,但还存在其他组件。Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are additional components. 例如,使用 Configuration Manager 部署操作系统时可能会使用状态迁移点角色,而使用 Configuration Manager 进行正常应用程序部署时不会使用它。For example, operating system deployment in Configuration Manager may use the State Migration Point role, which is not used by normal application deployment in Configuration Manager. 本部分介绍 Windows 10 等操作系统的部署所涉及的 Configuration Manager 组件。This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.

  • 状态迁移点 (SMP)。State migration point (SMP). 状态迁移点用于在计算机替换方案期间存储用户状态迁移数据。The state migration point is used to store user state migration data during computer replace scenarios.

  • 分发点 (DP)。Distribution point (DP). 分发点用于存储 Configuration Manager 中的所有程序包,包括与操作系统部署相关的程序包。The distribution point is used to store all packages in Configuration Manager, including the operating system deployment-related packages.

  • 软件更新点 (SUP)。Software update point (SUP). 软件更新点通常用于将更新部署到现有计算机,还可以用于在部署过程中更新操作系统。The software update point, which is normally used to deploy updates to existing machines, also can be used to update an operating system as part of the deployment process. 你还可以使用脱机服务在 Configuration Manager 服务器上直接更新映像。You also can use offline servicing to update the image directly on the Configuration Manager server.

  • 报告服务点。Reporting services point. 报告服务点可用于监视操作系统部署过程。The reporting services point can be used to monitor the operating system deployment process.

  • 启动映像。Boot images. 启动映像是 Configuration Manager 用于启动部署的 Windows 预安装环境 (Windows PE) 映像。Boot images are the Windows Preinstallation Environment (Windows PE) images Configuration Manager uses to start the deployment.

  • 操作系统映像。Operating system images. 操作系统映像程序包仅包含一个文件:自定义 .wim 映像。The operating system image package contains only one file, the custom .wim image. 这通常是生产部署映像。This is typically the production deployment image.

  • 操作系统安装程序。Operating system installers. 最初添加操作系统安装程序的目的是使用 Configuration Manager 创建引用映像。The operating system installers were originally added to create reference images using Configuration Manager. 但是,我们建议你使用 MDT Lite Touch 创建引用映像。Instead, we recommend that you use MDT Lite Touch to create your reference images. 有关如何创建引用映像的详细信息,请参阅创建 Windows 10 引用映像For more information on how to create a reference image, see Create a Windows 10 reference image.

  • 驱动程序。Drivers. 与 MDT Lite Touch 相似,Configuration Manager 也提供包含托管的设备驱动程序的存储库(目录)。Like MDT Lite Touch, Configuration Manager also provides a repository (catalog) of managed device drivers.

  • 任务序列。Task sequences. Configuration Manager 中任务序列的外观非常类似于 MDT Lite Touch 中的序列,它们的用途也相同。The task sequences in Configuration Manager look and feel pretty much like the sequences in MDT Lite Touch, and they are used for the same purpose. 但是,在 Configuration Manager 中,任务序列将通过管理点 (MP) 作为策略交付到客户端。However, in Configuration Manager the task sequence is delivered to the clients as a policy via the Management Point (MP). MDT 为 Configuration Manager 提供附加任务序列模板。MDT provides additional task sequence templates to Configuration Manager.

    注意 Windows 10 (ADK) 的 Windows 评估和部署工具包也是支持 Windows 10 管理和部署所需的。Note The Windows Assessment and Deployment Kit (ADK) for Windows 10 is also required to support management and deployment of Windows 10.

为什么要将 MDT 与 Configuration Manager 集成Why integrate MDT with Configuration Manager

如上所述,MDT 可将多项增强功能添加到 Configuration Manager。As noted above, MDT adds many enhancements to Configuration Manager. 尽管这些增强功能称为零接触,但其名称并不能反映部署的执行方式。While these enhancements are called Zero Touch, that name does not reflect how deployment is conducted. 以下部分提供了 MDT 添加到 Configuration Manager 中的 280 项增强功能的一些示例。The following sections provide a few samples of the 280 enhancements that MDT adds to Configuration Manager.

备注

MDT 安装需要以下各项:MDT installation requires the following:

  • 上一过程中安装的适用于 Windows 10 (Windows ADK) The Windows ADK for Windows 10 (installed in the previous procedure)
  • Windows PowerShell (版本 5.1; 键入 $host 以检查) Windows PowerShell (version 5.1 is recommended; type $host to check)
  • Microsoft .NET FrameworkMicrosoft .NET Framework

MDT 支持动态部署MDT enables dynamic deployment

当 MDT 与 Configuration Manager 集成时,任务序列将从 MDT 规则获取附加说明。When MDT is integrated with Configuration Manager, the task sequence takes additional instructions from the MDT rules. 在其最简形式情况下,这些设置存储在文本文件(CustomSettings.ini 文件)中,但可将这些设置存储在 Microsoft SQL Server 数据库中,或者让 Microsoft Visual Basic Scripting Edition (VBScript) 或 Web 服务提供已使用的设置。In its most simple form, these settings are stored in a text file, the CustomSettings.ini file, but you can store the settings in Microsoft SQL Server databases, or have Microsoft Visual Basic Scripting Edition (VBScripts) or web services provide the settings used.

任务序列使用的说明可允许你减少 Configuration Manager 中的任务序列数量,并改为将设置存储在任务序列之外。The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. 以下是几个示例:Here are a few examples:

  • 以下设置指示任务序列安装 HP Hotkeys 程序包(但仅在硬件是 HP EliteBook 8570w 的情况下)。The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is a HP EliteBook 8570w. 请注意,不必将程序包添加到任务序列。Note that you don't have to add the package to the task sequence.

    [Settings] 
    Priority=Model
    [HP EliteBook 8570w] 
    Packages001=PS100010:Install HP Hotkeys
    
  • 以下设置指示任务序列在部署期间将笔记本电脑和台式机放入不同的组织单位 (OU)、分配不同的计算机名,最终使任务序列安装 Cisco VPN 客户端(但仅在计算机是笔记本电脑的情况下)。The following settings instruct the task sequence to put laptops and desktops in different organizational units (OUs) during deployment, assign different computer names, and finally have the task sequence install the Cisco VPN client, but only if the machine is a laptop.

    [Settings]
    Priority= ByLaptopType, ByDesktopType
    [ByLaptopType]
    Subsection=Laptop-%IsLaptop%
    [ByDesktopType]
    Subsection=Desktop-%IsDesktop%
    [Laptop-True]
    Packages001=PS100012:Install Cisco VPN Client
    OSDComputerName=LT-%SerialNumber%
    MachineObjectOU=ou=laptops,ou=Contoso,dc=contoso,dc=com
    [Desktop-True]
    OSDComputerName=DT-%SerialNumber%
    MachineObjectOU=ou=desktops,ou=Contoso,dc=contoso,dc=com
    

图 2

任务序列中的收集操作正在阅读规则。The Gather action in the task sequence is reading the rules.

MDT 将添加操作系统部署模拟环境MDT adds an operating system deployment simulation environment

测试部署时,务必要能够快速测试对部署所做的任何更改,而无需运行完整个部署。When testing a deployment, it is important to be able to quickly test any changes you make to the deployment without needing to run through an entire deployment. MDT 规则可快速进行测试,从而在部署项目中节省了大量测试时间。MDT rules can be tested very quickly, saving significant testing time in a deployment project. 有关详细信息,请参阅配置 MDT 设置For more information, see Configure MDT settings.

图 3

包含规则、一些 MDT 脚本和自定义脚本 (Gather.ps1) 的文件夹。The folder that contains the rules, a few scripts from MDT, and a custom script (Gather.ps1).

MDT 将添加实时监视MDT adds real-time monitoring

借助 MDT 集成,可实时跟踪部署进展,如果你有对 Microsoft 诊断和恢复工具包 (DaRT) 的访问权限,甚至还可以在部署期间远程访问 Windows 预安装环境 (Windows PE)。With MDT integration, you can follow your deployments in real time, and if you have access to Microsoft Diagnostics and Recovery Toolkit (DaRT), you can even remote into Windows Preinstallation Environment (Windows PE) during deployment. 实时监视数据可在 MDT 部署工作台中通过 Web 浏览器、Windows PowerShell、事件查看器或 Microsoft Excel 2013 进行查看。The real-time monitoring data can be viewed from within the MDT Deployment Workbench, via a web browser, Windows PowerShell, the Event Viewer, or Microsoft Excel 2013. 事实上,任何可以阅读开放式数据 (OData) 源的脚本或应用均可阅读此信息。In fact, any script or app that can read an Open Data (OData) feed can read the information.

图 4

使用 PowerShell 查看实时监视数据。View the real-time monitoring data with PowerShell.

MDT 将添加可选的部署向导MDT adds an optional deployment wizard

对于某些部署方案,可能需要在部署期间提示用户输入相关信息,例如计算机名称、计算机的正确组织单位 (OU),或任务序列应该安装的应用程序。For some deployment scenarios, you may need to prompt the user for information during deployment such as the computer name, the correct organizational unit (OU) for the computer, or which applications should be installed by the task sequence. 借助 MDT 集成,可使用户驱动的安装 (UDI) 向导收集所需信息,并使用 UDI 向导设计器自定义向导。With MDT integration, you can enable the User-Driven Installation (UDI) wizard to gather the required information, and customize the wizard using the UDI Wizard Designer.

图 5

可选 UDI 向导在 UDI 向导设计器中打开。The optional UDI wizard open in the UDI Wizard Designer.

MDT 零接触仅使用多个有用的内置操作系统部署组件扩展 Configuration Manager 。MDT Zero Touch simply extends Configuration Manager with many useful built-in operating system deployment components. 通过提供完善的受支持解决方案,MDT 可降低 Configuration Manager 部署的复杂性。By providing well-established, supported solutions, MDT reduces the complexity of deployment in Configuration Manager.

为什么使用 MDT Lite Touch 创建引用映像Why use MDT Lite Touch to create reference images

可在 Configuration Manager 中创建 Configuration Manager 的引用映像,但通常我们推荐在 MDT Lite Touch 中创建引用映像,原因如下:You can create reference images for Configuration Manager in Configuration Manager, but in general we recommend creating them in MDT Lite Touch for the following reasons:

  • 您可以对每种操作系统部署类型使用相同的映像 - Microsoft 虚拟桌面基础结构 (VDI) 、Microsoft System Center Virtual Machine Manager (VMM) 、MDT、Configuration Manager、Windows 部署服务 (WDS) 等。You can use the same image for every type of operating system deployment - Microsoft Virtual Desktop Infrastructure (VDI), Microsoft System Center Virtual Machine Manager (VMM), MDT, Configuration Manager, Windows Deployment Services (WDS), and more.
  • Configuration Manager 在 LocalSystem 上下文中执行部署。Configuration Manager performs deployment in the LocalSystem context. 这意味着无法使用希望包含在映像中的所有设置配置管理员帐户。This means that you cannot configure the Administrator account with all of the settings that you would like to be included in the image. MDT 在本地管理员的上下文中运行,这意味着可配置该配置的外观,然后在部署期间使用 CopyProfile 功能将这些更改复制到默认用户。MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
  • Configuration Manager 任务序列将不会阻止用户界面交互。The Configuration Manager task sequence does not suppress user interface interaction.
  • MDT Lite Touch 支持允许重新启动的暂停操作,在需要执行手动安装或在自动捕获引用映像前对其检查时,此操作会很有用。MDT Lite Touch supports a Suspend action that allows for reboots, which is useful when you need to perform a manual installation or check the reference image before it is automatically captured.
  • MDT Lite Touch 不要求任何基础结构,并且易于委派。MDT Lite Touch does not require any infrastructure and is easy to delegate.

相关主题Related topics

使用配置管理器创建自定义 Windows PE 启动映像Create a custom Windows PE boot image with Configuration Manager
使用 Configuration Manager 添加 Windows10 操作系统映像Add a Windows 10 operating system image using Configuration Manager
使用 Configuration Manager 创建与 Windows10 一起部署的应用程序Create an application to deploy with Windows 10 using Configuration Manager
使用 Configuration Manager 将驱动程序添加到带有 Windows PE 的 Windows 10 部署Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
使用 Configuration Manager 和 MDT 创建任务序列Create a task sequence with Configuration Manager and MDT
使用 PXE 和配置管理器部署 Windows10Deploy Windows 10 using PXE and Configuration Manager
使用 Configuration Manager 将 Windows 7 SP1 客户端刷新至 Windows 10Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
使用 Configuration Manager 将 Windows7 SP1 客户端替换为 Windows10Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager