Complete Guide to USB-Based Windows Deployment with MDT

🚀 Streamlined Windows Deployment with MDT

The Microsoft Deployment Toolkit (MDT) is Microsoft’s free, official solution for deploying Windows 10 and 11 to computers. It can be used on its own or integrated with Windows Deployment Services (WDS) for network-based installations.

When converting an MDT deployment for standalone USB installation, the goal should be to replicate MDT’s automated, standardized setup process as closely as possible. This includes using an unattended answer file that mirrors the default values provided by MDT, minimizing deviations unless absolutely necessary.

🧰 Creating an Automated Windows 10 Installation with AutoUnattend.xml

To perform an unattended installation of Windows 10 using official tools, follow these steps:

1. 📥 Obtain the Installation Media
   • Use official Windows 10 22H2 installation media as the source files.
2. 💻 Set Up the Deployment Environment
   • Install the Windows Assessment and Deployment Kit (ADK).
   • Install Microsoft Deployment Toolkit (MDT) on a supported version of Windows 11.
3. 🗂️ Generate the Catalog File (.clg)
   • Open Windows System Image Manager (WSIM).
   • Load the Windows image (install.wim) from the installation media.
   • Allow WSIM to generate the corresponding .clg (catalog) file.
4. 📝 Create the Answer File
   • Use WSIM to create a new answer file.
   • Add and configure desired settings using the generated catalog.
   • Save the file and rename it to AutoUnattend.xml.
5. 💾 Prepare the USB Drive
   • Place the AutoUnattend.xml file in the root directory of a removable USB drive.
6. ⚙️ Install Windows Automatically
   • Insert the USB drive into the target computer.
   • Boot from the Windows 10 installation media.
   • During setup, Setup.exe will detect the AutoUnattend.xml file and proceed with an unattended installation, requiring no user interaction.

📦 Downloads

Download and install the following tools to prepare your Windows deployment environment:

1. 💻 Windows 11 Enterprise Evaluation (64-bit)
   Download here – Install the evaluation version of Windows 11 for testing and deployment.
2. 🛠️ Windows ADK for Windows 11 (Version 22H2)
   Download here – Includes essential deployment tools such as Windows System Image Manager (WSIM).
3. 📀 Windows PE Add-on for the ADK (Version 22H2)
   Download here – Required to create bootable Windows PE environments used in MDT.
4. 🚚 Microsoft Deployment Toolkit (MDT)
   Download here – Microsoft’s official tool for automating Windows deployment.

🧾 Generate a Catalog File & ✏️ Customize Answer Files for USB Deployment

When deploying Windows using Microsoft Deployment Toolkit (MDT), it’s crucial to generate a catalog file for your source image and configure an answer file (AutoUnattend.xml) for USB-based automated installations.

Follow these steps to complete the process:

🔧 Step 1: Open MDT Deployment Workbench

1. Launch the Microsoft Deployment Toolkit (MDT).
2. Navigate to your configured Deployment Share containing your operating systems and task sequences.

📂 Step 2: Access Task Sequences

1. In the left panel, expand Deployment Shares.
2. Select your specific Deployment Share.
3. Expand the Task Sequences folder.

📋 Step 3: Select the Task Sequence

1. Right-click the Task Sequence associated with your Windows 10 image.
2. Choose Properties from the context menu.

📝 Step 4: Generate the Catalog File (.clg)

1. In the Properties window, click Edit Unattend.xml.
2. MDT will automatically generate a catalog file (.clg) for the associated image.
3. The catalog file will be saved here:

%DeploymentShare%\Operating Systems\Windows 10 22H2 RTM x64\sources\install_Windows 10 Pro.clg

✅ Step 5: Verify Catalog File Creation

1. Open the folder:
   • Confirm the file: install_Windows 10 Pro.clg exists.

%DeploymentShare%\Operating Systems\Windows 10 22H2 RTM x64\sources\

⚙️ Step 6: Locate the Default Answer File

1. MDT creates an initial answer file here:

%DeploymentShare%\Control\<TaskSequenceID>\Unattend.xml

🧰 Step 7: Open Unattend.xml in WSIM

1. Launch Windows System Image Manager (WSIM).
2. Open the Unattend.xml file from the path above.
3. (If WSIM isn’t installed, install it via the Windows ADK.)

✏️ Step 8: Customize the Answer File for USB Deployment

1. In WSIM, modify the Unattend.xml as needed:
   • Disk partitioning
   • Product key
   • Region/language/time zone
   • User account setup
2. Save the file.
3. Rename it to:

AutoUnattend.xml

💾 Step 9: Copy Answer File to USB Root

1. Insert your USB drive.
2. Copy the AutoUnattend.xml file to the root directory of the USB.
3. Ensure your USB also contains any required installation media or boot files.

🚀 Step 10: Deploy Windows via USB

1. Boot the target PC from the USB drive.
2. Windows Setup will detect AutoUnattend.xml and begin an automated installation with no user input required.

📝 Additional Notes

• 📘 The .clg catalog file is essential for WSIM to read image settings and generate valid answer files.
• 🤖 The AutoUnattend.xml ensures a fully unattended deployment, making it ideal for bulk or hands-free installations.

🛠️ Patches & Fixes

If you encounter issues while using Microsoft Deployment Toolkit (MDT), it’s recommended to check the official MDT Known Issues page. Below are some common errors and their resolutions that I personally had to apply:

❌ Error: FAILURE ( 5616 ): 15250: Verify BCDBootEx

✅ Solution:
Download and install the MDT update KB4564442 to resolve this issue.
📥 Download MDT_KB4564442

❌ Error:

Could not find a part of the path
'C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs'

✅ Solution:
This error occurs when the expected WinPE_OCs folder is missing. Manually create the folder using the following command in Command Prompt (as Administrator):

md "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs"

❌ Error:

Script Error – An error has occurred in the script on this page.

✅ Solution:
This is typically caused by HTA (HTML Application) compatibility issues with Windows 11 (22H2 and later). These apps rely on MSHTML, but Windows 11 changed the default scripting engine, which can break MDT’s HTA-based interfaces.

🔧 Fix:

1. Backup the following file: C:\Program Files\Microsoft Deployment Toolkit\Templates\Unattend_PE_x64.xml
2. Open the XML file in a text editor (like Notepad++) and locate the <component> that launches your HTA script (usually under x86_Microsoft-Windows-Setup_...).
3. Add or adjust settings to use the correct scripting engine or apply Microsoft’s workaround from their official documentation.

<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
            <Display>
                <ColorDepth>32</ColorDepth>
                <HorizontalResolution>1024</HorizontalResolution>
                <RefreshRate>60</RefreshRate>
                <VerticalResolution>768</VerticalResolution>
            </Display>
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Fix HTA scripts error Windows 11 ADK 22H2</Description>
                    <Order>1</Order>
                    <Path>reg.exe add "HKLM\Software\Microsoft\Internet Explorer\Main" /t REG_DWORD /v JscriptReplacement /d 0 /f</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Lite Touch PE</Description>
                    <Order>2</Order>
                    <Path>wscript.exe X:\Deploy\Scripts\LiteTouch.wsf</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
</unattend>

📝 Answer File Modifications

When deploying Windows via AutoUnattend.xml from a USB “removable” flash drive, it’s important to understand the key differences compared to deploying with MDT LiteTouchPE. Since USB-based deployments don’t have access to MDT scripts or wizards, some modifications are necessary to ensure a smooth, automated install.

🚫 Empty / Blank Values Removed

🧹 Why?
Certain fields in the default answer file are left blank and normally populated during the LiteTouchPE wizard. When used in USB deployments, these blank fields can cause validation issues or errors in Windows System Image Manager (WSIM).

✅ Fix:
All empty or blank values have been safely removed. These fields are non-essential during an automated USB install.

🔐 Administrator AutoLogin Password

👤 Local Administrator Credentials
The AutoUnattend.xml is configured to log in automatically using the built-in Local Administrator account.

🔑 Password: Password01!

⚠️ Reminder: Make sure to change this password in production environments or use a secure method to handle credentials.

🛠️ Validation Errors & Deprecated Settings Fixed

🧰 The original Unattend.xml file from MDT contained several issues that triggered validation errors in WSIM. These have now been corrected for a smooth, error-free deployment.

🛑 Validation Errors Fixed:

📁 Path:

Components/oobeSystem/amd64_Microsoft-Windows-Shell-Setup_neutral/Display

⚠️ Deprecated Setting Removed:

ℹ️ This setting is deprecated in newer Windows images and should not be used.

🚀 Deploying Windows with MDT and USB: Key Considerations & Partition Logic

When deploying an image with Microsoft Deployment Toolkit (MDT), everything is performed under LiteTouchPE, which accesses the MDT deployment share containing many useful scripts. However, when installing Windows via AutoUnattend.xml from a USB ‘removable’ flash drive, these scripts are not available, creating some limitations when trying to replicate the default MDT configuration.

🛠️ Windows Recovery Partition Logic

By default, the Windows partition is configured to use 99% of the available disk space after creating system partitions, leaving 1% for the Recovery partition. Unfortunately, Windows System Image Manager (WSIM) does not provide a built-in way to specify exact partition sizes or resize partitions dynamically.

• Using fixed partition sizes is impractical because disk sizes vary between machines.
• To solve this, I added five additional RunSynchronousCommands during the Specialize phase of deployment to handle partition resizing dynamically.

🔐 BitLocker & System Reserved Partition Update

Following the BitLocker vulnerabilities described in KB5034441, I increased the System Reserved partition size from the default 300 MB to 768 MB for better security.

✅ Fix for Missing Recovery Partition Files

An issue was found where the Recovery partition was created, but winre.wim was missing. Using reagentc commands, I successfully resolved this issue. After thorough testing, the Recovery partition now works perfectly.

💾 UEFI/GPT and BIOS/MBR Partition Handling

Here’s a PowerShell batch sequence used in the RunSynchronousCommands to manage partitions and the Recovery Environment:

powershell.exe -noninteractive -command "reagentc /disable"
powershell.exe -noninteractive -command "echo 'sel volume c' 'shrink minimum=768' 'create partition primary' 'format quick fs=ntfs label=Recovery' 'assign letter=R' | diskpart.exe"
powershell.exe -noninteractive -command "echo 'sel volume r' 'set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac' 'gpt attributes=0x8000000000000001' 'remove letter=R' | diskpart.exe"
powershell.exe -noninteractive -command "reagentc /enable"
reg delete "HKLM\SYSTEM\MountedDevices" /v "\DosDevices\R:" /f

• UEFI/GPT-based hard drive partitions
• BIOS/MBR-based hard drive partitions
• Windows Recovery Environment (Windows RE)

Summary:

• Disable Windows Recovery Environment (reagentc /disable).
• Shrink the main partition by 768 MB.
• Create a new Recovery partition labeled Recovery.
• Set correct partition GUID and attributes.
• Re-enable Windows Recovery Environment (reagentc /enable).
• Clean up mounted device registry entries.

✅ Conclusion

Download from my GitHub repository here. Deploying Windows via MDT and USB requires careful handling of answer files, partition configurations, and recovery settings to ensure a smooth, fully automated installation process.

🌿 Final Thoughts

By generating accurate catalog files, customizing the AutoUnattend.xml for USB deployment, and addressing partition sizing and recovery environment issues, you can overcome MDT’s inherent limitations and achieve reliable, secure deployments across varied hardware. Following these best practices not only streamlines deployment but also enhances system stability and security—key factors for any enterprise environment.

WinReflection

My name is Dex, author at WinReflection.

I am a Christian, conservative, truth-seeker, and problem-solver who is not afraid to be vocal about important or controversial issues—silence leads to death. There’s more to life than the worldly status quo, and that’s why many are sad and depressed—they’re suffocating. Truth and purpose can bring fresh air into one’s life, and that’s my mission. My sidebar content should not trigger you, the proof is all there.

📖 John 3:16: For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.