OSDCloud
About
Operating System Deployment in the Cloud
OSDCloud is a solution for deploying Windows 10/11 x64 over the internet using the OSD PowerShell Module. This works by booting to WinPE where the OSDisk is wiped and partitioned. Once this is complete, the Windows Operating System is downloaded from Microsoft Update (using CuRL), before finally being staged (expanded) on the OSDisk. Driver Packs from Dell, Lenovo, and HP are downloaded directly from each of the manufacturers where they are installed in WinPE or in the Windows Specialize Phase. For computers that do not have a Driver Pack, hardware drivers are downloaded from Microsoft Update, so this should work on just about any computer model out there.
Full instructions are detailed on this site on how to create and customize WinPE to use OSDCloud, or you can use your own WinPE with PowerShell and try it out using OSDCloud Sandbox
Contributors
OSDCloud
Local Setup
OSD 23.5.21.1+ Updated May 21, 2023
Prerequisites
Admin Rights
You are going to be mounting wim files, so yes, this is an absolute with no way around it
Open Internet
You are going to be downloading lots of stuff, so you need Internet access. There is no Proxy or Firewall configuration in OSDCloud yet, but it is planned
OSD PowerShell Module
This changes frequently until OSDCloud is working fully, so I recommend that you wash, rinse, and repeat this command frequently
PowerShell Capable
Finally, you need to be PowerShell capable, or at least be willing to learn how to use PowerShell. I do not offer individual training sessions
Machine Configuration
The first decision you need to make is whether or not you want Wireless to work in WinPE. If you do, then you must create your OSDCloud Template on Windows 10 as you will be using Windows 10's WinRE. Windows 11 WinRE isn't compatible with older systems, and virtual machines.
If your HOST Operating System is running Windows 11, you can use the Windows 11 ADK's winpe.wim, or you can create a Hyper-V Virtual Machine and install Windows 10 21H2 and use that
Install the Windows ADK
Once you have your OS sorted out, you will need to install the Microsoft Windows ADK. Download the proper ADK and make sure you install the Deployment Tools
After the ADK Deployment Tools install is complete, download and install the Windows PE add-on for the ADK
Microsoft DaRT Integration
If you have Microsoft Desktop Optimization Pack 2015, you can install Microsoft DaRT 10. This will allow you to have DaRT Tools in your OSDCloud WinPE Media
Microsoft Deployment Toolkit
If you don't have DaRT installed, skip this step
For DaRT 10 to work in WinPE you will also need a Dart Config file. The easiest way to get this is to install Microsoft Deployment Toolkit
PowerShell
The final steps are to make sure that your Execution Policy is set properly, and to install the OSD PowerShell Module if you haven't already
OSDCloud Template
OSD 23.5.16.2+ Updated May 18, 2023
Now that you have your Machine Configuration complete, the next thing to do is to create an OSDCloud Template. This is called a Template as it will be used to create multiple OSDCloud Workspaces (multiple variations). You'll understand why this is needed over the next few pages
New-OSDCloudTemplate
This function requires elevated Admin Rights
The default OSDCloud Template exists at C:\ProgramData\OSDCloud. You can create one here using the following command
Once you run this command, an OSDCloud Template will be created from the Windows ADK, there's really nothing to it. If you want to learn more, go through the next few pages
Build Process
OSD 23.5.15.1+ Updated May 15, 2023
The next few screenshots will detail the steps that are needed to make OSDCloud work
Initialize
Start writing the PowerShell Transcript
Mirror the ADK Media directory to the OSDCloud Template
Copy the ADK winpe.wim to the OSDCloud Template boot.wim
Mount the boot.wim
Mount the WinPE registry to get the WinPE Info
ADK Packages
Inject ADK Packages for PowerShell functionality
Save the Windows Image
Tweaks
Copy some helper files from the running OS
If MDT is installed, add the Dart Configuration
If Microsoft Dart is installed, inject the Tools
Save the Windows Image
Set the WinPE PowerShell ExecutionPolicy
Enable PowerShell Gallery support
Remove winpeshl.ini if it is present
Change some settings for a better Command Prompt experience
Packages
Display the installed Windows Packages
Complete
Dismount the Windows Image
Export the Boot.wim to compress the file
Create empty configuration directories
Create the ISOs
Set the OSDCloud Template to the new path
Stop writing the PowerShell Transcript
Logs
OSD 23.5.15.1+ Updated May 15, 2023
Named Templates
OSD 23.5.15.1+ Updated May 15, 2023
There may come a time when you need to create multiple OSDCloud Templates. I'll get into this further in the next few pages, but let's cover the basics here
-Name
To create a named OSDCloud Template, simply use the Name parameter
Get-OSDCloudTemplate
When you create a new OSDCloud Template, that will be the one that gets used by default going forward, until it is changed. To find out what your current OSDCloud Template is, use this function
Get-OSDCloudTemplateNames
This function will return all the OSDCloud Templates that have been registered
Set-OSDCloudTemplate
This function will If you have more than one OSDCloud Template, you can change between OSDCloud Templates using this function and the Name parameter
By the way, there is Tab-Complete to make your life easier
WinRE WiFi
OSD 23.5.15.1+ Updated May 15, 2023
In addition to using the winpe.wim that is in the ADK, you can also create an OSDCloud Template using WinRE
-WinRE
To do this, use the WinRE parameter. The benefit of using WinRE is you gain Wireless support. One thing you need to remember is that the ADK you are using needs to match your running OS, so if your OS is Windows 11 22H2, you need to use the ADK for Windows 11 22H2. Finally, make sure you use the Name parameter to keep things tidy
In my example below, you can see the WinPE-WiFi Packages that come with WinRE
Additional Information
Public Content
OSD 23.5.15.1+ Updated May 15, 2023
I really enjoy having Microsoft DaRT in my WinPE so I can use Explorer, but I also share out my ISO's sometimes and I can't really do that as Microsoft DaRT is licensed. The way I get around this is by adding the word 'Public' in the Name and DaRT won't be added. This makes it easy to share out some of my work and not forgetting about breaking the Microsoft rules
Languages
OSD 23.5.15.1+ Updated May 15, 2023
-Language
You can add additional languages to your WinPE by using the Language parameter. In my example, I used the ADK winpe.wim and added Spanish and French to my English US WinPE so I gave a Name that will help me identify the added languages
-SetInputLocale
This parameter allows me to set the default keyboard to something else, like English (US) Dvorak
-SetAllIntl
Finally, I can change all the International Defaults to one of the added Languages using this parameter. This will make the following changes
UI language
System locale
User locale
Input locale
Cumulative Updates
OSD 23.5.15.1+ Updated May 15, 2023
I've added the ability to apply a Cumulative Update to an OSDCloud Template due to the Secure Boot vulnerability. The next two links give some details on the issue
Download the Cumulative Update
Start by downloading the update from Microsoft Update Catalog and specifying the path to the downloaded update. Start by downloading the x64 version at this link if you are using the ADK for Windows 11 version 22H2
Apply the Cumulative Update
Once you have the update downloaded, use the CumulativeUpdate parameter and supply the Path to the downloaded MSU. In the example below I applied this in my default OSDCloud Template as this will be the one I use the most
Cumulative Update is applied
Updated Windows Information is displayed
Boot files are updated
DISM Component Cleanup is run
Apply the WRONG Cumulative Update
It's absolutely possible to apply the wrong Cumulative Update for WinPE, so make sure you understand that the Cumulative Update that you download must match your ADK. So if you are using the ADK for Windows 11 version 22H2, you need the Windows 11 22H2 x64 Cumulative Update
Cumulative Update is applied
Updated Windows Information is displayed. In this case, the UBR did not change
Warning is displayed that the UBR has not been changed. The Boot files will not be updated
DISM Component Cleanup is run
I'm not properly staffed to answer individual questions about which Cumulative Update you need for the ADK you have installed. If this is not something you can resolve on your own, then you should probably wait for updated Media from Microsoft that already has the Secure Boot updates applied
The Code
If you are interested in reviewing how this works, here is a snipped from the New-OSDCloudTemplate function
ISO Boot Media
OSD 23.5.15.1+ Updated May 15, 2023
Just a quick note, every time you make a new OSDCloud Template, ISO's are automatically generated for you to test with right away and located in the root of the OSDCloud Template
OSDCloud_NoPrompt.iso will skip this message below and boot straight to WinPE
Universal WinPE
OSDCloud Template contains a Universal WinPE that can be used with Microsoft Deployment Toolkit and Configuration Manager
If you were to boot the OSDCloud Template, you will see it looks virtually identical to the ADK WinPE
Universal WinPE Configuration
wgl4_boot.ttf is applied to Media to fix bad display resolution in WinPE UEFI
.\Media\boot\fonts\wgl4_boot.ttf
.\Media\efi\microsoft\boot\fonts\wgl4_boot.ttf
ADK Packages are installed for .NET and PowerShell support
Curl.exe is added to $MountPath\Windows\System32
Setx.exe is added to $MountPath\Windows\System32
WinPE PowerShell Execution Policy is set to Bypass
PowerShell Gallery support is added
System Variables are added for APPDATA and LOCALAPPDATA
PackageManagement
PowerShellGet
Microsoft DaRT is added to WinPE from C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab
WinPE winpeshl.ini is removed
Microsoft DaRT Config is added from C:\Program Files\Microsoft Deployment Toolkit\Templates\DartConfig8.dat
Console Registry Changes are applied to mounted Registry (ForceV2, Buffers)
On Screen Keyboard
As you can see, nothing OSD, OSDCloud, or OSDeploy has been added to the boot.wim. This can easily be copied back into ADK for MDT or Config Manager (make a backup of you ADK winpe.wim)
On Screen Keyboard
Microsoft DaRT
Requires "C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab" and "C:\Program Files\Microsoft Deployment Toolkit\Templates\DartConfig8.dat"
OSDCloud Workspace
OSD 23.5.21.1+ Updated May 21, 2023
Before getting too deep on how to create an OSDCloud Workspace, let me first explain what an OSDCloud Workspace is. In a nutshell, an OSDCloud Workspace is a copy of the OSDCloud Template that you can customize with Configuration Files, Wallpaper, Drivers, and Startup Configuration. Since it is a copy of your OSDCloud Template, this allows you to create multiple OSDCloud Workspaces that are customized with different configurations. The best example I can give as to why you might need separate OSDCloud Workspaces is to keep one for Development and the second for Production
Get-OSDCloudWorkspace
OSD 23.5.21.1+ Updated May 21, 2023
It's a good idea to remember how to know what your current OSDCloud Workspace is. You can find out with this function. On a system that has never created an OSDCloud Workspace, you will receive the following Warning and nothing will be returned
Here is an example of how to test if you have an OSDCloud Workspace
Ideally, you should get a path returned if you have an OSDCloud Workspace
The current OSDCloud Workspace is stored in the OSDCloud Template at C:\ProgramData\OSDCloud\workspace.json
Set-OSDCloudWorkspace
OSD 23.5.21.1+ Updated May 21, 2023
This function requires elevated Admin Rights
The OSDCloud Workspace can also be set. This is typically handled automatically when you create a new OSDCloud Workspace, but you can also set this with the Set-OSDCloudWorkspace function. Here are some examples
New-OSDCloudWorkspace
OSD 23.5.21.1+ Updated May 21, 2023
This function requires elevated Admin Rights
This is the function that will create an OSDCloud Workspace from your active OSDCloud Template. If you have multiple OSDCloud Templates, it's a good idea to check the one you are currently using and to change it if necessary. In this example below I'm changing to a patched WinRE as my OSDCloud Template
Now that I've checked my OSDCloud Template, I'll create a new OSDCloud Workspace. By default, the OSDCloud Workspace is created at C:\OSDCloud but I can change the default by specifying a WorkspacePath
Restore from ISO
OSD 23.5.21.1+ Updated May 21, 2023
If you have an existing OSDCloud ISO, you can use this to create a new OSDCloud Workspace and the -fromIsoFile parameter. Here is an example of how this works
Restore from ISO URL
OSD 23.5.21.1+ Updated May 21, 2023
If your existing OSDCloud ISO is saved on the Internet, then use the -fromIsoUrl parameter. This will download the ISO, mount the ISO, create the OSDCloud Workspace, then dismount the ISO
Restore from USB
OSD 23.5.21.1+ Updated May 21, 2023
If you have an OSDCloud USB, you can use the -fromUsbDrive switch parameter to create the OSDCloud Workspace from the USB content
Update-OSDCloudWorkspace
Configuration Files
If you have any of the following OSDCloud Config Files, they can be added to your OSDCloud Template. This will ensure that they are always copied to any newly created Workspace
AutopilotJSON
Intune exported Autopilot Profiles can be copied to the following path
AutopilotOOBE
AutopilotOOBE configuration files can be copied into the following path
OOBEDeploy
OOBEDeploy configuration files can be copied into the following path
OSDCloud WinPE
OSD 23.5.22.1+ Updated May 22, 2023
Edit-OSDCloudWinPE
This function requires elevated Admin Rights
This is the function that is used to edit the WinPE in your OSDCloud Workspace. The basic design of this function is to edit the Startnet.cmd in WinPE to perform a startup to run OSDCloud
In the example below, the default configuration starts WinPE with 3 windows
Startnet.cmd. Closing this window will cause WinPE to restart
Normal PowerShell window. This is where you should run you OSDCloud commands
Minimized PowerShell window. This is a backup so you can run some commands while OSDCloud is running in the normal PowerShell window
Default Wallpaper
OSD 23.5.22.1+ Updated May 22, 2023
Wallpaper
OSD 23.5.22.1+ Updated May 22, 2023
Drivers
OSD 23.5.22.1+ Updated May 22, 2023
CloudDriver
I spent some time automating the download, extraction, and injecting the drivers in OSDCloud's WinPE. I call these CloudDrivers. For this parameter I recommend you use install everything with the following command line
This will download and inject the following drivers
Dell Enterprise Driver Cab
HP WinPE 10 Driver Pack
Intel Ethernet Drivers
Lenovo Dock Drivers (Microsoft Catalog)
Nutanix
USB Dongles (Microsoft Catalog)
VMware (Microsoft Catalog)
WiFi (Intel Wireless Drivers) [Requires WinRE]
These are handled by mixing and matching the following values
Here's an example using Dell, USB, and Intel WiFi
DriverHWID
If you have a HardwareID, you can specify that with this parameter. This will download the appropriate driver from Microsoft Catalog and inject it into WinPE. Here's an example
DriverPath
Finally, you can use a Driver Path to specify a folder containing driver INF's that you want to install
PSModule
OSD 23.5.22.1+ Updated May 22, 2023
PSModuleCopy
This parameter allows me to copy a PowerShell Module from my local computer to WinPE. I use this frequently in testing an updated OSD Module that I'm working on before publishing it to PowerShell Gallery. This parameter is also useful if you have your own custom PowerShell Modules that you do not publish in the PowerShell Gallery, but you need them in WinPE. This is ideal for adding a custom OSDCloud GUI
PSModuleInstall
If you want to add a PowerShell Module that is in the PowerShell Gallery, this parameter will download expand it into WinPE PowerShell Modules
Startup
OSD 23.5.22.1+ Updated May 22, 2023
Every time you run Edit-OSDCloudWinPE, even to add Drivers or change the Wallpaper, the WinPE Startup will reset to the Default
Default
The default for WinPE Startup is to open a PowerShell window. This is the method I prefer as it gives me the flexibility to do anything I want, rather than to be locked into something specific.
WinPE Startnet.cmd
This is the Startnet.cmd when using the Default WinPE Startup configuration. This is what is edited when you make one of the changes below
WinPE Startup Options
These are the available WinPE Start options that you can configure
StartOSDCloudGUI
This parameter will automatically launch Start-OSDCloudGUI
StartOSDCloudGUI -Brand
If you don't want OSDCloud displayed on the OSDCloud GUI, give it your own brand
StartOSDCloud
Yes, WinPE can start OSDCloud (CLI) automatically using this parameter. The value for this parameter need to be the parameters for Start-OSDCloud (CLI). Here's an example:
StartURL
Here is a cool example of putting your Command Line into a GitHub Gist
Then use the 'view raw' URL as the value for StartURL. This is great way to customize the launch of your WinPE, or make some last minute changes.
StartOSDPad
Example coming soon
StartPSCommand
Example coming soon
Startnet
Example coming soon
OSDCloud ISO
OSD 23.5.22.1+ Updated May 22, 2023
New-OSDCloudISO
This function requires elevated Admin Rights
If you have the Windows ADK installed, you can use New-OSDCloudISO to create bootable ISO Media for OSDCloud. There are no parameters for this function
Workspace
Two ISO's will be saved in your OSDCloud Workspace. The NoPrompt ISO will boot automatically into WinPE without prompting for a keyboard press
OSDCloud USB
OSD 23.5.22.1+ Updated May 22, 2023
New-OSDCloudUSB
OSD 23.5.22.1+ Updated May 22, 2023
This function requires elevated Admin Rights
There are two reasons for creating an OSDCloudUSB. The first reason is to simply boot to WinPE and let everything download from the Internet. The second reason is to support OSDCloud Offline, which works without any internet connection at all
To create an OSDCloud USB, use the New-OSDCloudUSB OSD function. This OSD Function is used for both OSDCloud WinPE and OSDCloud Offline
Requirements
[Default] fromWorkspace
To get started, open PowerShell with Admin rights. Simply enter New-OSDCloudUSBto prepare a new or used USB Drive
You will be presented with a table of the USB Drives that are present on your system, regardless of whether you have 1 or 5. Simply enter the DiskNumber to make a selection
After selecting a DiskNumber, you will be prompted to Confirm the selection as this is a destructive process. Once you Confirm, the USB Drive will be Cleared, Initialized, Partitioned, and Formatted. When the USB Volumes are ready, your OSDCloud Media will be copied to the Boot partition. The whole process should take between 1-2 minutes to complete
fromIsoFile
If you have an OSDCloud ISO, you can use this to create an OSDCloud USB using the -fromIsoFile parameter
fromIsoUrl
If you have an ISO saved on the Internet, you may be able to use the -fromIsoUrl parameter
This is not guaranteed to work in all situations due to firewall and proxy configuration
USB Content
When you create a new OSDCloud USB, only the WinPE partition will contain files. If you do not plan on using OSDCloud Offline, you can rename the OSDCloud partition and use it for something else
Disk Management
As you can see in Disk Management, the USB Drive will contain two partitions. The first partition will be the OSDCloud NTFS partition, with the second being the 2GB FAT32 Partition. Other guides may tell you to create the FAT32 partition first, but they are wrong, and I am right. For one reason, FAT32 gets corrupted all the time. Its easier to destroy and recreate at the end of the drive without messing with the NTFS partition. Secondly, you are free to shrink and extend this smaller partition. If the partitions were reversed, you would not be able to extend the start point of the second partition without losing all the NTFS data
Update-OSDCloudUSB
OSD 23.5.22.1+ Updated May 22, 2023
If you make changes to WinPE in your OSDCloud Workspace, you can easily update your OSDCloud USB WinPE volume by using Update-OSDCloudUSB
This OSD function easily works on multiple OSDCloud USB drives
Update-OSDCloudUSB -DriverPack
If you are ready to use OSDCloud Offline, then you can start by adding Driver Packs for your supported computers using Update-OSDCloudUSB with the DriverPack parameter. Supported manufacturers are Dell, HP, Lenovo, and Microsoft Surface
ThisPC
You can start by downloading the Driver Pack for your computer. Simply use the following command line
Manufacturers
You can also specify one or more of the supported Manufacturers. Each manufacturer specified will present a PowerShell GridView which will allow you to select multiple models.
Some models have Driver Packs for both Windows 10 and Windows 11. In the Dell example below, both Driver Packs should be downloaded for proper compatibility. During an OSDCloud deployment, Windows 11 Driver Packs are selected over Windows 10
The DriverPack parameter will accept multiple values, separated by a comma. Additionally, Driver Packs that have already been downloaded will show as Downloaded in the Status column of PowerShell gridview
Everything
If you want to download the Driver Pack for your computer, and to select Driver Packs from all available Manufacturers, use this command
Update-OSDCloudUSB -OS
Finally, you can save any Operating Systems (Windows 10 1809 - Windows 11 21H2) that OSDCloud uses to your OSDCloud USB. You can download all OSDCloud supported Operating Systems with the following command line
Once Update-OSDCloudUSB runs, you will be prompted to select one or more Operating Systems from PowerShell gridview. You can then press OK to download the ESD files
OSName
If you know which OS you want to download, you can use the OSName parameter with a supported value
OSLanguage
In my opinion, the best filter that you can select is OSLanguage. This will allow you select from all Operating Systems in your selected language
OSLicense
You can filter the OSLicense by Volume or Retail to narrow down the selections as well
USB Drives
There isn't a day that goes by that I get asked about what USB Drives should be used for OSDCloud, so let me get ahead of the apparent lack of curiosity and detail my findings anyway
The Brand
For starters, when it comes to USB Drives, there are only two brands that I use, and that is Samsung and Sandisk, which are the #1 and #2 USB Flash Drive manufacturers respectively. That said, Sandisk makes a considerable amount of junk budget USB Flash Drives, so the only Sandisk USB Flash Drive that I can recommend is the Extreme Pro
Size Matters
When it comes to USB Flash Drives, the general rule is that larger is better. This is because a larger capacity USB Flash Drive has more channels of memory that run in parallel
Read and Write Testing
I tested each of these drives by creating OSDCloud Offline using Update-OSDCloud.usb. This command was used to copy Windows 11 VOL (3.46GB) and the Lenovo P17 Driver Pack (1.06GB) for a total of 4.53GB. Keep in mind WRITE speeds are slower (creating the USB) then the READ speeds (deploying from USB), so there shouldn't be much difference in an OSDCloud deployment since only the copying of the OS and DriverPack to the OSDisk wlil be the only change. In plain english, the Deployment times consisted of preparing OSDisk, copying the OS and Driver Pack, and expanding the OS. Of that 2 minutes, only about 5-15 seconds were dependent on the USB Drive speed
Samsung USB Flash Drives
Samsung makes three USB Drives that can work equally well with booting to WinPE or imaging using OSDCloud. Each of these drives have a specific purpose, and they are quite inexpensive. You can find the 32GB drives for about $10, and the 256GB at $40. The price difference between the 32GB and 64GB is about $3, so I'd opt for the 64GB as the sweet spot. If speed is important, go with the 256GB.
Samsung BAR Plus USB 3.1 64GB
This is absolutely the most durable USB Drive that Samsung makes. You won't break this drive, ever. Additionally, it is as wide as the USB-A port it plugs into, meaning it will not block any other ports when connected to your computer. Finally, it has a hole so this can be attached to a keychain. While the write speeds seemed slow in my example below, this is due to the size tested. at 64GB, it is 4 x smaller than the other Samsung drives. If this were a 256GB, I would expect it to perform identically to the other Samsung drives.
2 minutes 45 seconds
2 minutes 2 seconds
Samsung FIT Plus USB 3.1 256GB
While the Samsung BAR is my favorite for general use, when I am writing code to create USB Drives, I enjoy using the Samsung FIT. This is because it fits almost flush with my computer, so there isn't much sticking out to get snagged on anything, or to get bent and broken. This form factor is best used for leaving in a USB port for an extended amount of time.
53 seconds
1 minute 57 seconds
Samsung DUO Plus USB 3.1 256GB
I'm only going to recommend this USB Drive if you need it for USB-C, but in all honestly, use a USB-A drive with a USB-C hub or dock. This USB drive is all plastic and it comes in three pieces. The USB Drive, a USB-C cap, and a USB-C to USB-A adapter. You're going lose one or two of these, and you are certain to break the USB drive after some extended use.
51 seconds
2 minutes 1 second
Sandisk USB SSD
Sandisk Extreme Pro USB 3.2 256GB
This isn't a Flash Drive like the Samsung drives, this is a legit SSD. While this sounds great, it will demand a $20 premium over the equivalent Samsung drives. When imaging a computer, you won't notice much difference, but when you are writing to the drive, it should be twice as fast.
Sadly, while I love the speed of this drive, it is much larger than the Samsung drives. Additionally, the smoothness of the drive make it hard to get a grip when removing. Finally, I own three of these drives. The first was damaged because it got bent when I was trying to remove it, the second is headed to the same fate. At $60 a pop for 256GB, it won't last longer than the Samsung BAR or FIT. Pass on this USB Drive.
27 seconds
1 minute 51 seconds
Conclusion
If you need an USB Drive to boot WinPE, I can only recommend the Samsung USB Drives or Sandisk Extreme Pro, but pick a drive that best suits your purpose
Samsung BAR - Rugged. Ideal for general purpose
Samsung FIT - for Development and Long Term use
Samsung DUO - for USB-C only
Sandisk Extreme Pro - Don't do it
Secure USB Drives
If you plan on keeping secure content on your OSDCloud USB, then you should absolutely use a Secure Drive. I'll add to this page if I come across any other drives that will do, but so far, I have only found one, the Samsung S7 Touch which uses up to 4 Fingerprints to secure the content
Samsung S7 Touch (500GB - 2TB)
You can skip reading the rest of this page because this is absolutely the USB Drive you should be using for OSDCloud. This drive is portable, fast, and compatible with both USB-A and USB-C, so it should work on every device in your environment. Additionally, this USB Drive has a fingerprint sensor to keep things secure. Finally, once unlocked, this USB Drive is bootable, which makes it perfect for booting to WinPE and using OSDCloud
You can read more about this drive from Samsung's website at the following link
Software Installation
Before this drive can be used securely, you need to setup the Samsung PortableSSD software on a computer. The software that you need to install is on the drive itself, and can be installed on Windows, as well as Mac and Android
There isn't much to the Windows software, just do your best pressing Next
Software Configuration
Once the Samsung PortableSSD software is installed, you will need to configure it before the fingerprint sensor will work. The absolute first thing to check is for Software updates (which may also include Drive Firmware). One that is complete, you can rename the Drive (I chose my phone number) and enable Security with Password and Fingerprint
After setting a Password (I chose a 4-digit PIN) and then scanned my first Fingerprint, my Right Index. While I could have used any fingerprint, using your Index Finger instead of your Thumb allows you to hold the drive if necessary to get the job done. You can register up to 4 Fingerprints, which comes in handy if you work in a small team imaging devices.
One important thing to note is that the Password (PIN) allows you to register Fingerprints, so the Password (PIN) can be used to Administer the Drive. You can't register a new Fingerprint without the Password (PIN)
OSDCloud Setup
Once you have your Fingerprint setup on the S7 Touch, make sure it is unlocked and run New-OSDCloud.usb in PowerShell. This will wipe the S7 Touch and create WinPE and Data partitions. You can also run other commands to get OS Images and Driver Packs on the USB Drive. The following links will get you started
As you can see from the above image, copying the Windows 11 ESD and a Lenovo DriverPack took 8 seconds (27 seconds with the Sandisk Extreme Pro (USB SSD) and 51 seconds with the Samsung (USB Flash)
8 seconds
1 minute 50 seconds
OSDCloud VM
OSD 23.5.28.1+ Updated May 29, 2023
This page is under construction and the update hasn't even been released, so there is nothing you can do yet. Be patient
Let's have an intimate conversation about Hyper-V and OSDCloud. For starters, I do almost all of my testing in Hyper-V on my Workstation, and I've been creating Virtual Machines hundreds of times ... all of that wasted time. So how about automating this process for OSDCloud
Admin Rights
Let's start with the obvious, you will need Admin Rights. You won't even see the New-OSDCloudVM function without it. Got it?
Hyper-V
Get your Hyper-V in working order. This is a new function, and I don't have all the checks in place so expect things to go sour if you haven't at least created a Virtual Machine
Workspace
Your OSDCloud Workspace should be in good order as well. You can easily check this with Get-OSDCloudWorkspace. What is important to know is that OSDCloud VM uses the OSDCloud_NoPrompt.iso to boot.
If you need to change your OSDCloud Workspace, use the Set-OSDCloudWorkspace function
Get-OSDCloudVMDefaults
OSD 23.5.28.1+ Updated May 29, 2023
There function is used to return the OSDCloudVM defaults. The defaults are set in the OSD Module by importing the settings from the OSD.json file that exists in the root of the OSD Module. This file cannot be changed
When creating a new OSDCloud VM, these defaults will be used to create the Virtual Machine. Most of the values used are defaults that are required for Windows 11, although I would recommend using more powerful settings if your system can handle it. The defaults represent the Minimum level that should be used with an OSDCloud VM
Get-OSDCloudVMSettings
OSD 23.5.28.1+ Updated May 29, 2023
While you can't change the OSDCloud VM Defaults as those are OSD Module based, you can add OSDCloud VM Settings that overlay over the OSDCloud VM Defaults. Using the Get-OSDCloudVMSettings function, you are able to see the current effective settings that are a combination of the following. In this design, the last entry wins
OSD Module Defaults
OSDCloud Template Settings
OSDCloud Workspace Settings
If you have not made any changes to the Template or Workspace Settings, the current settings should mirror the OSD Module Defaults
Set-OSDCloudVMSettings
OSD 23.5.28.1+ Updated May 29, 2023
Using this function, you can use Parameters to change the OSDCloud VM Template settings. This creates a configuration file that is imported every time you create an OSDCloud VM. In the example below I have changed the Memory from 4GB to 10GB, the Processor Count from 1 to 2, and set the Switch from 'No connection' to 'Default Switch' using the following commands
Get-OSDCloudVMSettings will show the updated values and the inclusion of the configuration file
New-OSDCloudVM will show when Settings are being used, resulting in an OSDCloud VM being created with the updated Settings
Reset-OSDCloudVMSettings
OSD 23.5.28.1+ Updated May 29, 2023
You can reset the OSDCloud VM Settings to the OSD Module defaults using this function. It will simply delete all configuration files
New-OSDCloudVM
OSD 23.5.28.1+ Updated May 29, 2023
You can customize the defaults of the Virtual Machine by using the parameters of this function. When you change any of the parameters, it will save the configuration in the OSDCloud Workspace. Every subsequent OSDCloud VM that you create in the same OSDCloud Workspace will use these settings. In this example I have set my OSDCloud VM Settings (Template) with the following configuration
First Run
When I run New-OSDCloudVM, it will inherit my OSDCloud VM Settings that were created in my OSDCloud Template by Set-OSDCloudVMSettings
SwitchName
This should absolutely be one of the first things you set in your Virtual Machine. Ideally it should be inherited from Set-OSDCloudVMSettings
And yes, you will be able to Tab Complete through your available Virtual Switches
If you need your VM set to 'Not connected', just use a $null value
StartVM
By default, OSDCloud VM will startup automatically. I can prevent this from happening by using this parameter and setting the value to $false
CheckpointVM
This value determines if a New VM Checkpoint will be created or not, which is incredibly helpful if you need to reset the VM to a clean state. You can change this at the command line as well
NamePrefix
This Prefix is given to the Virtual Machine name created with New-OSDCloudVM. By default, this is OSDCloud, but you can also configure this at the command line
Generation
By default, the VM will be created as Generation 2, which is UEFI. But if you want to live in a world of pain, you can create a Generation 1 Virtual Machine.
Seriously don't do this. OSDCloud will partition your disk as GPT, which won't boot your Generation 1 VM. This feature was added for testing only. I will not address any questions about this parameter, so you're on your own here.
MemoryStartupGB
The minimum requirements for Windows 11 are 4GB, but I've seen some things not work right, so I suggest bumping this up a little
ProcessorCount
I recommend setting this to at least 2, but that's your call.
If you are curious as to how many processors you can use at the same time across all Virtual Machines ...
Can you create a Virtual Machine with a Processor Count greater than the number of Processors? Yes you can, but you'll have problems getting it to start
VHDSizeGB
Finally feel free to give your Virtual Machine a few extra GB's of space. Enjoy!
Final Words
As a reminder, you can reset things back to default if you need to
A TimeStamp is used in the Virtual Machine Name so you should always be able to quickly identify the last one you created. Finally, if you have a failed deployment, you can Apply the initial Checkpoint to reset the Virtual Machine to a newly created state
Deployment
OSD 23.5.21.1+ Updated May 21, 2023
WinPE
OSD 23.5.21.1+ Updated May 21, 2023
Start-OSDCloud
OSD 23.5.21.1+ Updated May 21, 2023
This is the OSDCloud Command Line which is useful for scripting. Parameters are optional, but you will be prompted to make Operating System selections
OS Parameters
OSD 23.5.21.1+ Updated May 21, 2023
You can specify Operating System parameters so you can deploy without being prompted for a selection
ZTI
OSD 23.5.21.1+ Updated May 21, 2023
The ZTI Parameter will automatically deploy using the defaults for any Operating System parameters that are not specified. You will not be prompted to confirm the Clear-Disk
Start-OSDCloudGUI
OSD 23.5.21.1+ Updated May 21, 2023
After WinPE startup is complete, enter Start-OSDCloudGUI at the PowerShell prompt
You will briefly see the OSDCloudGUI Configuration and the TPM/Autopilot status before this PowerShell window is minimized
Operating System
You can select an Operating System from the combobox. The default Operating System will always be the latest, which is currently Windows 11 22H2 x64
Currently, there are 760 Operating System combinations (OS, Language, Activation) that are available which you can review using the Get-OSDCloudOperatingSystems function
Edition
The Windows Edition is set to Enterprise by default
Language
The Windows Language is set to en-us by default
Activation (License)
The Windows Activation is set to Volume by default due to the default Windows Edition being set to Enterprise
DriverPack
Depending on the Computer Model and Operating System, a Driver Pack will automatically be selected for you. In the case of a Virtual Machine or an unknown Computer Model, Microsoft Update Catalog will be selected. You can also select None for a DriverPack if you would prefer to go a different route
Deployment Options
By default, you will need to confirm the Clear-Disk operation during a deployment. You can unselect this requirement from the Deployment Options menu. After the deployment is complete, the computer will automatically restart. This can be disabled from this menu
capture Screenshots isn't working at this time
Microsoft Update Catalog
Disk, Network, and SCSI Adapter drivers will be downloaded from Microsoft Update Catalog by default. Optionally, you can download Firmware updates for your device
Start
When you are ready to deploy, press the Start button. You should get prompted to confirm the Clear-Disk step
The Operating System ESD will be downloaded from Microsoft
Once the ESD has been downloaded, it is expanded to C:\
The DriverPack will be expanded in WinPE, or staged for first boot. PowerShell Modules that are required for Autopilot will be updated in the offline Operating System
Finally, the computer should reboot to OOBE. At this point, OSDCloud is complete
Parameters
OSD 23.5.21.1+ Updated May 21, 2023
This is the default OSDCloudGUI. There are a few parameters that you can use for minimal customization
-BrandName
Change the Brand Name
-BrandColor
Change the Brand Color
-ComputerManufacturer
This parameter is helpful in testing Manufacturer customizations in a Virtual Machine. You can see the Manufacturer displayed in the Title Bar
-ComputerProduct
OSDCloud matches the Driver Pack based on the computer Product. This parameter is helpful for testing a Driver Pack on a Virtual Machine. You can see the Computer Product displayed in the Title Bar
Defaults
OSD 23.5.21.1+ Updated May 21, 2023
Start-OSDCloudGUI has some defaults that are set using the $OSDCloudModuleResource Global Variable. These are initialized when the OSD PowerShell Module is imported.
These variables can be modified before launching Start-OSDCloudGUI
Global Variable
OSD 23.5.21.1+ Updated May 21, 2023
When you run Start-OSDCloudGUI, all of the settings are stored in the $OSDCloudGUI Global Variable. Invoke-OSDCloud digests this Global Variable when you press the Start button
Customize
OSD 23.5.21.1+ Updated May 21, 2023
Start-OSDCloud Wrapping
OSDCloud is heavily variable driven, similar to a ConfigMgr Task Sequence.
There are many variables in OSDCloud to control the process, similar to running OSDCloud with parameters to control a small set of the variables, you can script around Start-OSDCloud to configure so much more to get the exact zero touch scenario you're looking for.
Start-OSDCloud has about 60 variables in the Start-OSDCloud script beginning that are set, but along the way, several others can be used as well, which can be consumed by the OSDCloud engine which at last check, has about 130 variables.
At the start of the OSDCloud engine, it has a default set for these variables, then it looks at what you sent along the way with Start-OSDCloud, and it overwrites the defaults with the variables you set, but if you manually set any variables ahead of time using the global variable "MyOSDCloud", it will overwrite any previous variables with what you've set in that variable, I hope you're all tracking. Let's look at an example.
NOTE: See Start-OSDCloudGUI -> Global Variable for additional details
By Default, there is a $Global:OSDCloud variable with several sub keys, once of which is "OSVersion", which is set to "Windows 10" by default. If I run Start-OSDCloud with some parameters, I can see that a new Global variable $Global:StartOSDCloud is created with the information I just fed into it:
So now when OSDCloud runs, it will overwrite the defaults in $Global:OSDCloud with the ones in $Global:StartOSDCloud, updating $Global:OSDCloud.OSVersion from "Windows 10" to "Windows 11"
So, from this small example, you can see how OSDCloud overwrites the defaults with the variables you're setting along the way using parameters, but that's just one way to set them. The GUI? It's really just a front end that allows you to set several variables using a GUI interface. Each drop down and check box maps directly to a variable.
Now we're finally getting to the good part, this is how I have automated several unique experiences based on a simple PowerShell wrapper file that gets called. Lets look at some code examples. For instance, I have a Windows 11 wrapper script that sets several items and calls OSDCloud
When I trigger that script, it launches OSDCloud with the OS I want deployed, and presets several variables that are in the Global:MyOSDCloud variable.
You can see the variables in my script have been merged into the $global:OSDCloud variable
I keep a few variations of my wrapper scripts in GitHub, which I then call and based on hardware models, will also set additional variables, like for HP, I have it update TPM, BIOS, and run HPIA to update Drivers during Setup Complete.
As all of the available variables do change, I'm not going to list them here, but feel free to look at things in the code in the module to see a full list. If you'd ever like to see my of my examples, please reach out via Discord (WinAdmins) or X - @gwblok
First Boot
OSD 23.5.21.1+ Updated May 21, 2023
During First Boot (Specialize Phase), any EXE based DriverPacks in C:\Drivers will be expanded. Once expanded, they will be applied using the following PowerShell commands
You can identify this phase by the "Getting ready"
Dell Systems
Dell uses CAB files or EXE files that can be expanded in WinPE, so there is no activity in First Boot other than a long delay. You can review the logs in C:\Windows\debug
HP Devices
HP DriverPacks are silent, so there is no progress displayed during this phase other than a long delay. You can review the logs in C:\Windows\debug
Lenovo Devices
Lenovo devices will display a progress when the DriverPacks is expanded
Microsoft Surface Devices
Microsoft uses MSI DriverPacks which expanded silently, so there is no activity in First Boot other than a long delay. You can review the logs in C:\Windows\debug
OOBE
OSD 23.5.21.1+ Updated May 21, 2023
Windows
OSD 23.5.21.1+ Updated May 21, 2023
Drivers
DriverPacks are downloaded and expanded to C:\Drivers. This directory is not removed when an OSDCloud deployment is complete
Logs
Logs can be found in C:\OSDCloud\Logs. This directory is not removed when an OSDCloud deployment is complete
Windows Image
The Windows Image that was downloaded can be found in C:\OSDCloud\OS. This directory is not removed when an OSDCloud deployment is complete
Sandbox
OSDCloud
OSD 23.5.21.1+ Updated May 21, 2023
The Sandbox is a way test OSDCloud without using a dedicated OSDCloud WinPE. It is a PowerShell that will setup all of the OSDCloud prerequesties, although you will need to have PowerShell working in your WinPE
Sandbox URL
The OSDCloud Sandbox can be accessed at this URL
If you open this URL in your web browser, you will be redirected to the following RAW link on GitHub where you can review the script
Invoke-RestMethod
You can return the script in PowerShell using this cmdlet
Invoke-Expression
This cmdlet is used to run a PowerShell script. Understanding that, you can use any of the following one-liners to execute the OSDCloud Sandbox PowerShell script in WinPE
WinPE Usage
OSD 23.5.21.1+ Updated May 21, 2023
OSDCloud Sandbox prepares your WinPE environment to run OSDCloud to image your device
Requirements
You can use OSDCloud Sandbox on any WinPE that has PowerShell Package added from the Microsoft ADK, so this should work on most MDT and CM Boot Images. The following example is using a simple WinPE created with the Microsoft ADK (and PowerShell)
Windows 10 or Windows 11 WinPE (ADK, MDT, or CM)
Microsoft ADK PowerShell added to WinPE
WinPE Drivers for your device (Network and Disk)
Internet connection
Boot to WinPE
If you booted to a USB, you can remove it at this time
Invoke Sandbox
In a Command Prompt, type the following command and press enter
If you receive an error, you may have to add the following command line in PowerShell
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Watch and Learn
Within a minute, PowerShell Gallery will be enabled, and OSDCloud requirements (OSD Module and Curl) will be set
Start OSDCloud or OSDCloudGUI
At this point, start PowerShell and run Start-OSDCloud in the new PowerShell window
MDT LiteTouchPE_x64.iso
Here's another example using an MDT LiteTouchPE_x64.iso. I exited the BDD Welcome Wizard to a Command Prompt and used the following commands
OOBE Usage
OSD 23.5.21.1+ Updated May 21, 2023
OSDCloud Sandbox is configured to get all your Autopilot requirements in OOBE (Out-of-Box Experience). This process works in both Windows 10 and Windows 11
Network Requirements
You will need an internet connection before getting started. If you need to connect to a Wireless Network, open Windows Settings by pressingShift + F10 to open a Command Prompt. Type in the following command line and press enter
Command Prompt
Press Shift + F10 to open a Command Prompt. Type in the following command line and press enter to start OSDCloud Sandbox
Windows Settings
You will be prompted to verify some Windows Settings during this process. OSDCloud Sandbox will continue after closing the open Windows Setting
You can navigate in Windows Settings to access other things like Networking and Wireless
Display Settings
This is the first Windows Setting that will open. This comes in handy when you want to expand the screen of a Virtual Machine for screenshots. OSDCloud Sandbox will continue when you close Display Settings
Language and Region
This Windows Setting will allow you to add additional Languages or a Keyboard Layout if necessary
Date and Time
This is probably the most important Windows Setting as this allows you to set the Time Zone for your location and to sync the clock. It is essential if you want to ensure that Autopilot registers and that certificates work properly
Autopilot Ready
All the required PowerShell Modules and Scripts needed for Autopilot Registration are installed and ready to go
Get-WindowsAutopilotInfo
To register the device in Windows Autopilot, use the following steps (with your own parameters)
Autopilot Registered
If the device is already Autopilot Registered (or has an AutopilotConfigurationFile.json), then OSDCloud Sandbox will display your Autopilot Configuration automatically. This is good for validation
Functions
OSD 23.5.21.1+ Updated May 21, 2023
I've added some functions to help you with customizing Windows in OOBE. You can access them by running either of the following commands in PowerShell
The PowerShell Prompt will display [OSDCloud] when they are enabled and ready for use
These functions only exist in the current PowerShell session. Additionally, they will only work in OOBE at this time, not full Windows
AddCapability
This function will let you add any Windows Capability as needed by GridView, or matching a String
NetFX
This should be self explanatory
RemoveAppx
This function will remove Appx Provisioned Packages by matching a string, or displaying a GridView if you do not add a string to the command line
Rsat
If you are looking to add some Rsat Tools, then this function will either match a string, or display a GridView to select from
TestAutopilot
This will check to see if an Autopilot Profile has been downloaded to the device
UpdateDrivers
This function will update Hardware Drivers from Microsoft. Alt + Tab to the minimized window to view progress
UpdateWindows
This function will do exactly what you think it does. Windows will be fully up to date including Defender
OSDCloud Azure
OSD 23.5.21.1+ Updated May 21, 2023
If you want to use OSDCloud Azure on a non-OSDCloud boot image, like an MDT or CM boot image, as long as you have PowerShell installed, follow this process
Open a Command Prompt and run the following command
WinPE Downloads
OSD 23.5.21.1+ Updated May 21, 2023
This media is being shared on a temporary basis only
WinPE Boot Media
The following ISO's are just WinPE with minor changes to support PowerShell Gallery and OSDCloud. There are no Drivers, and the OSD PowerShell Module is not installed. You can use these to replace the winpe.wim in your ADK for use with CM or MDT. This boot media will boot to wpeinit, but you can easily start PowerShell and install your favorite Modules
Windows 11 22H2 ADK
Windows 11 22H2 ADK winpe.wim
Windows 11 22H2 ADK with KB5026372
Windows 11 22H2 ADK winpe.wim
Windows 11 22H2 WinRE
Windows 11 22H2 WinRE
Supports Wi-Fi
Supports Recovery Environment
Windows 11 22H2 WinRE with KB5026372
Windows 11 22H2 WinRE
Supports Wi-Fi
Supports Recovery Environment
Create a bootable USB Drive
If you have the latest OSD PowerShell Module, use the New-OSDCloudUSB function to create a bootable USB
OSDCloud Automate
Basic Configuration
OSD 23.5.23.1+ Updated May 23, 2023
Create a new OSDCloud Workspace
For this demo, I decided to create a new OSDCloud Workspace for testing. You can use your existing OSDCloud Workspace, but it's easier if I start clean. Here's the script that I used
Automate Paths
OSDCloud Automate looks for content in the following relative path by scanning all drives. It does not include C:\
Understanding that requirement, there are two places that I can use this in my OSDCloud Workspace
A third option would be to mount my WinPE and add an OSDCloud\Automate directory so it resolves to X:\OSDCloud\Automate. This would be ideal for WDS, but that solution isn't covered in this guide
Finally, keep in mind that if you plan on having large Provisioning Packages, your WinPE Boot Partition on a USB may not be large enough for the PPKG file. Got it?
OSDCloudGUI Defaults
OSD 23.5.24.1+ Updated May 24, 2023
Several of you have been asking me about setting the OSDCloudGUI defaults. So let's get into it. First of all you need to be running OSD PowerShell Module 23.5.24.1 or newer, so make sure you have that updated
Start-OSDCloudGUI.json
In Windows, launch Start-OSDCloudGUI and focus on the first line. This is the default OSDCloudGUI configuration
Copy this file to your OSDCloud Automate directory in your OSDCloud Workspace
Edit Start-OSDCloudGUI.json
Start cleaning up this file and remove everything that does not need to be modified, especially the Computer information and the DriverPacks. You should end up with something similar to what I have below
Collapsing a few items will help you see the design of this file. There is Branding, Defaults, Values, and Menu Options
Branding
In my configuration, I'll change the default branding to the following. If you have no plans on changing the branding, you can remove these entries
Defaults
These can be difficult to configure since you have to get the OSImageIndex correct, but you can use the GUI to get that value. In my case I changed the defaults from Enterprise Volume to Pro Retail, as well as changing the Language to en-gb
Values
These are all the possible Values that appear in the combobox. I'll make some minor adjustments and limit my deployment to 22H2 only, as well as cleaning up the Editions
Menu Options
Finally some changes to the Menu Options, enabling Firmware updates and removing the Clear-Disk confirmation prompt (dangerous)
Complete JSON
Here's what my complete file looks like. I'll give it a quick save
Rebuild ISO
Now I can rebuild my OSDCloud ISO so my saved file will be available when OSDCloud starts. I'm also side-loading the OSD Module as I have unreleased changes that I haven't released to the PowerShell Gallery yet. Finally I set OSDCloudGUI to start automatically when WinPE starts up
Boot to WinPE and Test
When WinPE started up, OSDCloudGUI automatically launched. A quick check at my minimized PowerShell window shows that it found the configuration file and imported it. OSDCloudGUI shows the defaults that I selected and my custom David Cloud Branding
My Operating Systems are limited to Windows 10 and Windows 11 22H2, and the Windows 11 22H2 Business WIM that I had in my ISO:\OSDCloud\OS directory
Windows Edition is set properly and several values were removed
Languages are incredibly limited to just what I have configured
Finally my Deployment Options are set
Autopilot
OSD 23.5.23.1+ Updated May 23, 2023
In this example, I'm going to copy an AutopilotConfigurationFile.json in my OSDCloud Workspace in the Media\OSDCloud\Automate directory. Additionally, I'll copy a WIM to Media\OSDCloud\OS so that don't have to download an OS for my testing.
Boot to WinPE
Now I'll boot to a Virtual Machine to this ISO and start an OSDCloud deployment. The screenshot below should help you visualize where the Autopilot file is on the ISO
You will see the AutopilotConfigurationFile.json is identified before the disk is wiped. This is for you to validate that your process worked.
At the end of the OSDCloud deployment, the OSDCloud Automate will inject the Autopilot Configuration File automatically
Provisioning
OSD 23.5.23.1+ Updated May 23, 2023
Hopefully you read the how to add your Autopilot configuration. This will be similar. Don't worry if you don't know how to create a Provisioning Package, that will be detailed in the next few pages. This guide will detail how you add a Provisioning Package to your OSDCloud deployment
Here are the paths for you to add your Provisioning Package to either ISO Media or USB
I'll start by adding my Google Chrome Enterprise Provisioning Package and updating my OSDCloud ISO
Boot to WinPE
Now I'll boot to a Virtual Machine to this ISO and start an OSDCloud deployment. The screenshot below should help you visualize where the Provisioning Package is on the ISO. Invoke-OSDCloud will pick this up automatically before the disk is wiped. This is for you to validate that your process worked.
Towards the end of my OSDCloud Deployment, the Provisioning Package will be applied to the offline OS
First Boot
After my computer restarts from WinPE, the Provisioning Package should be applied. You may or may not see any progress during this Phase
OOBE
A quick check in OOBE shows that Google Chrome was installed as it is in my Program Files
Windows Desktop
Now when I login for the first time, Google Chrome is already installed and ready to go
Windows Configuration Designer
OSD 23.5.23.1+ Updated May 23, 2023
Before you can create a Provisioning Package, you will need to install Windows Configuration Designer. Use the link below to open the Microsoft Store
References
MSI Application PPKG
OSD 23.5.23.1+ Updated May 23, 2023
I'll walk you through how to create a Provisioning Package for OS Deployment. In this example, I'll be working with Google Chrome Enterprise. Start by downloading the MSI from this link
On that link, you can select the Google Chrome you want to download. I'm following these options
Stable
MSI (not bundle)
64 bit Architecture
Make a note of the version, in my case it is 113.0.5672.127
Download the file to your Downloads directory
Windows Configuration Designer
You should have Windows Configuration Designer installed. Open it and select Advanced provisioning
Enter the details of your Project. The Name field doesn't take periods well, so keep that in mind. Pres Next
Runtime settings
Complete the following steps
Expand Runtime settings
Expand to ProvisoiningCommands, Primary Context, Command
Add a Name for the install. I chose Install
Press the Add button
Complete the following steps
Select the Name that you selected for step 3 in the last screenshot. For me, this is Install
CommandFile: Browse to the Google Chrome Enterprise that was downloaded earlier
Commands
CommandLine: msiexec /i "googlechromestandaloneenterprise64.msi" /passive /norestart
ContinueInstall: TRUE. You don't want this to kill your deployment if the installation fails
RestartRequired: FALSE.
Export Provisioning Package
Bulk Enroll PPKG
OSD 23.5.23.1+ Updated May 23, 2023
Until I complete this documentation, this silent video below will show you all the steps needed to create a Bulk Enroll Provisioning Package
References
PowerShell Script PPKG
OSD 23.5.23.1+ Updated May 23, 2023
In this example, I'm going to detail how to wrap a PowerShell script in a Provisioning Package. The best example I can use is the Provisioning Package that I created to expand Driver Packs in First Boot.
PowerShell Script
First you need to make sure you have a standalone PowerShell Script that does not require interaction as Provisioning Packages won't allow that. Here's my script that is saved in a PS1 file
Windows Configuration Designer
Open Windows Configuration Designer and select Advanced Provisioning
Complete the details for your project and press Next
Select All Windows desktop editions and press Next
Runtime settings
Complete the following steps:
Expand Runtime settings
Expand ProvisoiningCommands, DeviceContext, CommandFiles
Press Browse
Find and select your PowerShell script
Press the Open button
Press the Add button
Complete the following steps:
Select CommandLine
Enter the following command line (change the name of the PowerShell script to your file name)
Press Export and Provisioning package
Scripts
OSDCloud Azure
Azure Setup
Considerations
Before taking a Deep Dive at imaging from Azure, it's only fair to discuss some considerations
#1: This is New
It's so new that there isn't anything I can copy from, so I'm going to share as much information as possible so the Community can make some decisions going forward. I'm just making this up as I go
#2: I'm no Expert
See #1
#3: Change is Likely
At this point, nothing is set in stone, so things will likely change, and you will need to adapt and get over it. If you prefer things being more stable, come back in a few months
#4: Feedback
I'm not a mind reader. Hit me up on Twitter and let's get a Community Pulse
#5: Goal
To deploy a Windows Image from Azure (Storage). For now, this is a WIM file. Nothing else at this time
#6: Differences
What works for me may not work for you
#7: Custom Development
Unless I'm on your Payroll, not likely. See #4
#8: Training
I'll gladly help you with OSDCloud, but if you have specific Azure questions, consult Microsoft Docs. I'll link where applicable
#9: Costs
Azure is not free, and Storage has costs, but it's cheap. It should cost about $.50 per deployment. Do the math to determine if this is a good fit for you
Azure Portal
This section is going to detail how to run OSD from Azure Storage. If you know nothing about Azure Storage, then you may find this helpful
Storage AccountsThe first thing you will need to create is a Storage Account. Think of this as your Deployment Server. Your Azure environment may consist of one or hundreds of Storage Accounts which are used for all kinds of things, such as Azure Functions, or Web Services. For OSDCloud to find the correct Storage Account to use, the Storage Account contains a Tag, which is a Key Value pair. OSDCloud ignores all Storage Accounts that do not have a Tag Key of OSDCloud (the Value doesn't matter yet, just the Key). For the Tag to be read, the Deployment User needs to have Reader role on the Storage Account. This design makes it able to find the proper Storage Accounts to use for OSDCloud in generally less than a second.
Storage Containers (Public)Storage ContainersStorage Containers exist within a Storage Account. Think as these as Deployment Shares, which can either be Public or Private. It may be quite helpful to put a WinPE Boot ISO that contains no sensitive information in your Public Storage Container, or don't may one at all. Public Storage Containers are optional, OSDCloud doesn't need them
What OSDCloud does need are Storage Containers with WIM files (ISO support is coming soon). These should be kept in a Private (Secure) Storage Container.
Files that exist in the Storage Containers are called Blobs. In the scope of OSDCloud, these Blobs would be WIM files. The only role that is needed to access the Blob is Storage Blob Data Reader
When you are ready to set the required access to your Storage Account and Storage Containers, review the following page
Storage Access Control (IAM)Once you have these steps complete, simply upload your WIM files into your Storage Containers and they will be ready for OSDCloud to use. For now, only Image Index 1 is used, but more functionalities will be added soon, including a GUI
Feedback is critical at this point as this is being designed from scratch. If you have some ideas for improvement, please reach out
Sponsor
Storage Accounts
Basics
To deploy from Azure, you will first need a Storage Account. Make sure you pick a good Region as this will impact costs. Don't go crazy here, you are serving up a 4GB WIM, so Standard Performance and Local Redundancy should work fine
Advanced
You will need to decide if you want Public Access or not. This does not enable it by default, it only gives the option to enable it later. I recommend this as a method of keeping a WinPE ISO that can be easily accessed if needed, but you will need to decide what is best for your environment
Yes, default to Azure Active Directory authorization
Do the math on the calculator. You will be accessing date more frequently than writing data, and I have found that the Hot comes out cheaper than Cool for the Access Tier
Networking
This will vary, but I generally leave the defaults
Data Protection
You should not need Recovery ... but that's your call
It's a good idea to enable Tracking if multiple people have write access to the Storage Account. Versioning is not necessary, just upload an image with a different name as that should contain version information as a best practice anyway
Encryption
I leave this as Default
Tags
OSDCloud requires a Storage Account Tag for proper integration. The Name should be OSDCloud and the Value can be anything you want. Make sure to select the Tag only for the Storage Account
During the WIM selection of the Azure OSDCloud Deployment, the Tag is displayed with the Storage Account
Review + Create
Do it.
Sponsor
Storage Containers
Storage Containers exist within the Azure Storage Account. These can be set to be Public, but for the scope of OSDCloud Azure, these should be kept Private and Secure.
Container Naming
Containers can be named whatever you want them to be to help you organize your Windows Images. In the example below, I've created Storage Containers to separate the different Windows Image types
Containers can also be named to separate your Teams, there isn't a wrong way to design this
One thing to remember is that each Container can have different Roles for Access
Create an Images Storage Container
In this example, I will create a simple Storage Container called Images that will contain my Windows Images
Upload WIM
Now you can upload a WIM to your images Container. Select Upload and then browse to your WIM. You will need to select Overwrite since we have not added any Access Control yet, and use the Account key option for the upload
Sponsor
BootImage
BootImage is an optional Storage Container in your OSDCloud Storage Account (tagged) that is used for delivering OSDCloud ISO's or any other ISO Boot Image. Accounts must have the Storage Blob Data Reader role for this Storage Container to download the Boot Images. Simply upload your latest OSDCloud ISO or other Boot Image to this Container
Sponsor
DriverPack
DriverPack is an optional Storage Container in your OSDCloud Storage Account (tagged) that is used for mirroring vendor Driver Packs. Accounts must have the Storage Blob Data Reader role for this Storage Container to download the Driver Packs
It is recommended that you separate Device Manufacturers to help filter the content. This is not a requirement, but this may be added at a later date without warning. You create these paths during the upload of a Driver Pack
The contents of the dell folder contain Dell Driver Packs that are simply copied without any conversion. This purpose of mirroring the Dell Driver Packs is because downloading content from Dell's site may run slow on occasion, and this allows my deployments to run faster
For Lenovo, I opt to convert the EXE to a ZIP or CAB file and Upload the new file in the Azure Container. This is recommended to allow the Lenovo (HP and Surface) drivers to install in WinPE instead of the Specialize Phase
Obtaining Driver Packs
You can easily download the DriverPacks that OSDCloud uses to a USB Drive using the following
You can use this function to download the Driver Packs you need from any of the Device Manufacturers that are supported by OSDCloud
You can then Upload them to the DriverPack Storage Container, or convert the EXE files to CAB or ZIP before uploading
Remember to keep the same BaseName as the original DriverPack as this is what is matched in Azure Storage. The Extension can be ZIP, CAB, MSI, or EXE
Deployment
During OSDCloud Azure deployment, if a Driver Pack BaseName is matched in the DriverPack Storage Container, it will be downloaded from Azure instead of the Device Manufacturer's site
Sponsor
Storage Access Control (IAM)
Reader
For OSDCloud to work with Azure Storage, the Technician will need Reader access to the Storage Account. This allows for the reading of Tags which are used by OSDCloud, and the listing of the Containers
Storage Blob Data Reader
Additionally, the Storage Blob Data Reader must be added for the Containers in the Storage Account that contains the WIM files. This can be added at the Storage Account level, or a specific Container
Azure Role Assignments
Verify the proper permissions in Azure Active Directory
Sponsor
Infrastructure As Code
Infrastructure As Code
In this section we will use infrastructure as code tools to help you configure Azure Storage Accounts and containers with tools like Bicep and Terraform. We therefore need a number of prerequisites to install the two providers Bicep and Terraform with their respective dependencies.
Sponsor
Prerequisites
Admin Rights
You are going to be mounting wim files, so yes, this is an absolute with no way around it
For that a function is available, it will allow us to install the following tools :
Terraform for windows
Bicep for windows
Azure CLI
Az.Accounts
Az.Resources
If you launch again the same function we need to find all the version for all tools
Sponsor
Technicien
With OSDCloud we need a technician account to access the storage account in azure as well as the containers. For this we need to reset his ID. This ID will be used in the declarative files of Bicep and Terraform.
Sponsor
Workspace
By default a folder with several subfolders and files will be created at the root of the disk c:\ with the name osdcloud.
In Windows Terminal you need to use Cascadia Font
It is also possible to open the file directly with Visual Code, this means that it is already installed on PC.
Sponsor
Bicep
With Bicep we need only one file which is located in the directory c:\osdcloud\bicep.
Here is the content of the bicep file, we are only interested in line 62-63 we must come here and insert the Technicien Id.
Once this Bicep file is executed your Azure environment will be configured with two storage accounts, one for wim image storage and a second one still expiring for powershell scripts, packages, unattend and others.
Sponsor
Terraform
Unlike Bicep Terraform allows us to separate the variables of the definition files from the state of our infrastructure, the working folder is c:\osdcloud\terraform
File main.tf
This is the main file of terraform and contains the complete description of the future infrastructure.
File provider.tf
The providers file contains the information to connect to Azure.
File variables.tf
This file allows you to understand the role of each variable as well as the type that accepts variables, objects, lists, integer etc...
file terraform.tfvars
It is in this file that we must fill in all the necessary information.
Sponsor
Configure Azure
Admin Right
You are going to be mounting wim files, so yes, this is an absolute with no way around it
Function
For this we have a single function invoke-AzOSDAzureConfig that admits several parameters. It has two parameterSetName one for Bicep and one for Terraform
ParameterSetName Bicep
Location : corresponding Azure region
ResourceGroupName : corresponding the resource group create in Azure
ParameterSetName Terraform
UseTerraform : Is boolean parameter
The function uses the command Connect-AzAccount -UseDeviceAuthentication for the authentication part with Bicep and for the Terraform part we will use Azure Cli with az login --use-device-code
Terraform execution
Terraform.tfvars
Execution
Verify in Azure
Resource groups
Storage account properties
Acces Control (IAM)
Deployment
If your OSDCloud Azure Setup is complete, and you're run a quick test, here is how to make things work in WinPE. You will need the OSD PowerShell Module 22.6.1+
OSDCloud Boot Image
If you are using an OSDCloud boot image, then the OSD PowerShell Module should be updated automatically. In a PowerShell prompt, run Start-OSDCloudAzure. You will be prompted for Azure Device Authentication
Device Authentication Flow
Follow the instructions and authenticate to Azure on a separate device running a full OS (not WinPE) or a Mobile Web Browser
Multiple Azure Subscriptions
You may have multiple Azure Subscriptions, you will be required to select one using the crude menu pictured below
OSDCloud Azure
Once you are connected to Azure, you'll be presented with OSDCloud Azure where you can select an appropriate Operating System
Deployment Options
This will change from time to time as more features are added. They should look identical to OSDCloud "Classic"
Microsoft Update Catalog
In addition to Network Drivers, Disk and SCSIAdapter Drivers are also downloaded from Microsoft Update Catalog. This is to ensure that you are able to boot to Specialize for EXE Driver Extraction. You have the option to download System Firmware on supported devices as well
Driver Pack
You are able to select a different Driver Pack, Microsoft Update Catalog, or None as needed
Start
Once you have sorted out your options, press Start
OSDCloud Variables
Invoke-OSDCloud is the Task Sequence and it is Variable driven. You will see the Variables that you have set prior to starting Invoke-OSDCloud
Invoke-OSDCloud
The Windows Image or ISO that you selected will be download during this process
ISO Deployment
If you selected an ISO instead of a WIM, and the Index was set to Auto, you will be prompted to select a Windows Image
Complete
If everything worked out properly, within a few minutes you will have a completed OS ready to reboot
Sponsor
Testing
Once you have your Azure Setup complete, you may want to test OSDCloud Azure to see how it will perform in your environment. You can complete this test in Windows in an Admin Elevated PowerShell Session. Make sure you have the OSD PowerShell Module 22.6.1 or newer
Run Start-OSDCloudAzure. You will be prompted to connect to Azure and may have to select your Subscription if you have more than one
Make a note that you are able to see your OSDCloud tagged Storage Accounts with optional BootImage and DriverPack Storage Containers
Verify you are able to see all your OSDCloud tagged Storage Accounts with the appropriate Containers
Verify that you have all your available OS Images in OSDCloud Azure. You can press Start if you want to continue with the test
The test will download the Blob Image from Azure Storage and the proper Driver Pack for your system
When complete, the script will stop so you can verify that everything worked. If it did, you're ready to repeat the process in WinPE
OSDCloudRE Azure
This tool is designed to run in Windows and create a new Recovery Partition. The Recovery Partition will be prepared with the Boot Image ISO that is downloaded from Azure Storage
The goal of this tool is to allow booting to OSDCloud in a Recovery Partition so you can immediately image the device without a USB. It is not intended to create a permanent OSDCloud Recovery Partition
There are no plans to create functions to remove or resize the OSDCloudRE Partition
BootImage Container
Create a BootImage Storage Container and upload an OSDCloud ISO. Read the following link for more information
BootImageStart-OSDCloudREAzure
Open PowerShell as Admin and run this function. You will be prompted to authenticate to Azure
Once authenticated, OSDCloud Storage Accounts with BootImage Containers will be enumerated. If an OSDCloud ISO or Boot Image ISO is found, the OSDCloudRE Azure GUI will be displayed. You are able to select from multiple files if you have any
It's important to note that when the process is completed, the computer will reboot automatically. Deselect the Restart-Computer option in the Build Options file menu
Press the Start button when you are ready to continue
Process
The ISO will be downloaded from Azure Storage. This step should take less than a minute to complete
Once the ISO has been downloaded, it will be mounted and the contents will be copied to the new OSDCloudRE Partition. On next boot, Windows Boot Manager (bootmgr) will be set to boot to the OSDCloudRE Partition
If you view Disk Manager, you will see the secondary Recovery Partition which is created immediately after the Windows Partition
Sponsor
Deep Dive
This section will contain specific Technical information needed for using OSDCloud with Azure. If you have your Storage configured properly, then there is nothing to worry about
Cloud Functions and Scripts
OSDCloud Functions are used to simplify the OSD Process in WinPE and OOBE. Storing these functions online allows for easy updates without requiring downloading PowerShell Modules or constantly updating WinPE
To import OSDCloud Functions, use the following command
If the OSDCloud functions loaded successfully, you should see version information and the PowerShell Prompt will change to show [OSDCloud]: These functions exist in the current PowerShell session and are unloaded by closing the current PowerShell session
Available Functions
Most OSDCloud Functions start with an osdcloud prefix. You can view these in the current PowerShell session by running the following command
Why use OSDCloud Functions?
The best example that I can give is that it makes OSDCloud universal. This allows you to use OSDCloud on any WinPE Boot Image that has PowerShell. If you have an OSDCloud Boot Image that was created last December, well before OSDCloud Azure, there isn't a need to update the Boot Image since it will self update as part of the OSDCloud Azure deployment
Additionally, OSDCloud Functions allows for faster development, and it ensures you are always running the latest version. To access Azure, you need to be online, so updating OSDCloud components works perfectly in this situation
Sponsor
Connect Azure in WinPE
David Segura
Connect-AzOSDCloud
This is an OSDCloud function that is used in WinPE to authenticate to Azure using Device Code flow. I'll explain in detail how this works
I sorted all this out while at the MMSMOA 2022 Conference on Day 2, essentially making the OSDCloud Azure session on Day 1 obsolete as SAS Tokens and Key Vault are no longer needed
Required PowerShell Modules
The following Modules are installed or updated when executing this function. This may cause an execution delay depending on the internet connection to the PSGallery Repository
Connect-AzAccount (Az.Accounts)
This is the function used to authenticate to Azure from WinPE
-UseDeviceAuthentication
This parameter forces the authentication to occur on a separate device. This can be another computer, a smartphone, or even by a third party by providing them with the code (think Help Desk). The reason this is done is that the standard authentication does not work in WinPE
-Authscope Storage
If this parameter is left out, another Authentication may be required later, so since we know that we must access Azure Storage, we might as well do this now
Subscription
Once you have been authenticated to Azure AD, this Azure Subscription routine is run. By default, Azure will pretty much randomly select the Azure Subscription that is used, which may not be the one you need to use for OSDCloud. This routine will determine if you have more than one Subscription and then prompt you to select the proper Subscription
Additionally the following Global Variables are created for this PowerShell session
Connected to Azure (Subscription)
Once you have successfully connected to Azure (by way of having an Azure Context), the following informational routine will take place. This will primarily set some more Global Variables so you can easily access them
If there is a failure in this routine, it is because the value for your Azure Subscription will be empty. This typically means that you do not have access to any Azure Resources. Go back to OSDCloud Azure Setup and give your user access to Azure Storage and this will sort itself out. If you ping me and ask about this error, I will simply ignore it. It's documented here, and in the Warning message. there is no need for a third opinion.
Access Tokens and Headers
This is probably the most fun you will see while reading this. Since we are authenticated to Azure, this routine will automatically get the Azure Access Tokens and create Headers automatically as Global Variables. These can be used for HTTP RestMethod requests (which will be released later)
AzureAD
Finally, AzureAD will be connected using the AAD Access Token
Summary
Hopefully this gives you some insight on how the connection to Azure is done in WinPE. There are lots of moving parts, but it should support connecting to more than just Azure Storage
Sponsor
Azure Tags
David Segura
This page is incomplete
You're probably wondering why Tags are used by OSDCloud, and why it won't work without them. The way OSDCloud works in Azure is that it needs to locate the WIM files that are in a Container that are within a Storage Account
Get-AzStorageAccount (Az.Storage)
This PowerShell cmdlet is used to get all the Storage Accounts that you can see in your Azure Subscription with the (Storage Account) Reader role. In my case, I have 13 Storage Accounts
Ideally, you should assign Rights to limit what I can read from, but as an Azure Global Admin, I get to see everything. Additionally, not all of these Storage Accounts are used for OSD. Some are used by Functions, or Reporting, etc.
Get-AzTag (Az.Resources)
You can see all the Tags (Key) in your Azure Subscription using this cmdlet. In the example below, I have two Azure Resources that have an OSDCloud Tag
Tags Property
PowerShell makes it easy to see which Storage Accounts are used by OSDCloud
Log Files
If you run into issues in WinPE, there are several files that you can use for reference. The details of the Windows Image or ISO that you selected are contained in root of X:\. These files are only available in WinPE and are destroyed as soon as the computer reboots
More detailed logs are located in X:\OSDCloud\Logs. These files are also no longer available after you reboot
Finally, C:\OSDCloud\Logs will contain OSDCloud.json which is an export of all the OSDCloud Variables. This file will persist after rebooting from WinPE
Sponsor
Offline Deployment
ISO: Adding a WIM
OSD 23.5.23.1+ Updated May 23, 2023
In this example, I am going to show you how to add a WIM to an ISO for deployment with OSDCloud.
OSDCloud Workspace
You probably have your own OSDCloud Workspace already configured, but I'm sharing what I'm doing for this demo, so hopefully you'll learn something new
Windows Image
For my Windows Image, I'm just going to grab one from OSDBuilder. In this case I am going to just Copy as Path
I can now copy the Windows Image to my OSDCloud Workspace and rebuild the ISO
WinPE
Now when using OSDCloudGUI, WIM files that exist on any drive letter in the <drive>:\OSDCloud\OS path are added to the Operating System combobox. In the screenshots below I have two WIM files present
Once a WIM file has been selected in the Operating System combobox, the ImageName for each Index is populated in the secondary combobox
Integration
ADK: Use the OSDCloud Boot.wim
OSD 23.5.16.2+ Updated May 18, 2023
If you feel brave, you can update the Windows ADK with an OSDCloud Template. This will ensure that any MDT and CM Boot Images are automatically updated with an OSDCloud certified WinPE
Backup ADK amd64
First thing is first, make a backup of of your ADK WinPE amd64. I prefer to make a copy in place.
Delete Media Contents
Delete the contents of your Media directory
Copy OSDCloud Template Media
Copy the contents of your OSDCloud Template Media to your ADK amd64 Media except the sources directory. You can also opt to leave out languages that you don't support
Media Cleanup
Optionally you can cleanup Language files in your Boot and EFI directories that you don't need
You can also delete about 25MB of fonts if you're not into supporting Asian languages too
Replace winpe.wim
Replace the ADK winpe.wim with your OSDCloud Template boot.wim
MDT: Use the OSDCloud Boot.wim
OSD 23.5.16.2+ Updated May 18, 2023
If you've replaced your ADK with OSDCloud ADK, using Microsoft Deployment Toolkit is about to get much easier
Create an ADK x86 directory
To prevent errors in MDT, you will need to make sure the following directories exist
Create a new MDT Deployment Share
Remove x86 Support
Because ADK doesn't support that anymore
Configure x64
Configure how you want your MDT x64 boot image
If you don't need Microsoft Data Access Components (MDAC/ADO) support, uncheck that. Everything else you need should already be configured with your OSDCloud ADK
Update Deployment Share
Now you can update your Deployment Share and build your WinPE. If you're not adding Drivers, it should take less than a minute since all the WinPE Packages you need are already installed
Test Boot
Looks perfect with Windows Recovery Wizard since I used WinRE and DaRT already installed
