Windows Deployment, Part 12:  Further Reading


My initial install of WDS was damaged (PXE clients were not receiving a response).  I cured this problem by removing and reinstalling the WDS role / feature and unchecking the “Configure DHCP options to indicate that this is also a PXE server”.  This is in WDS, right click on dc.demo.local and select properties, then select the DHCP tab.


Also, you need to see if anything else (ie a router) is giving out DHCP addresses.  If so, either turn off DHCP on that device, or edit the DNS address it gives out to match your server.


Multicasting – this much slower when deploying only a few clients at once.  This should be used when deploying to several tens or hundreds of clients at once.


Potential performance improvements:

If you have a busy WinPE environment (lots of apps / drivers that you are injecting), you may wish to up the scratch space from the default 32mb.

Bear in mind that choosing a higher number may cause problems with low memory clients (However, any machine you are trying to install Windows 8 on should be fine).

You would typically consider upping the scratch space when trying to inject large drivers such as those from Nvidia.


Screenshot:  Altered the scratch space from 32mb to 128mb. This changes the RAM disk size.




You can monitor the progress of your deployment – open mdt and select monitoring.



Delegating ‘Joining Computers to the domain’ -permissions

Add delegation

By default, the ‘authenticated users’ group can join up to 10 workstations to the domain. This can be a security risk and you should think about deactivating this!

  • Open the ADUC console as domain administrator.
  • Create a new group ‘supporters’ and add user accounts to it, who should later be able to join machines to the domain.
  • Right-click to CN=Computers and click ‘Delegate control’ to open the delegation wizzard.
  • Click ‘Next’.
  • Click ‘Add’ and add the group ‘supporters’. Click ‘Next’.
  • Choose ‘Create a custom task to delegate’ on the ‘Tasks to delegate’ window.
  • In the ‘Active Directory Object Type’ window, select ‘Only the following objects in the folder’ and check ‘Computer objects’ out of the list. Also check the two options ‘Create selected objects in this folder’ and ‘Delete selected objects in this folder’. Click ‘Next’.
  • In the ‘Permissions’ window, check ‘General’ and ‘Property-specific’. Also select the following permissions from the list:
    • Reset password
    • Read and write account restrictions
    • Read and write DNS host name attributes
    • Validated write to DNS host name
    • Validated write to service principal name
    • Write servicePrincipalName
  • Click ‘Next’.
  • Click ‘Finish’.

After you finished these steps, members of the ‘supporter’ group will be able to join computers to the domain.

Delegating permissions: source:


Further Reading:

Here’s a list of useful websites I’ve found along the way.



  1. Pingback: Using Microsoft WDS & MDT 2013 to deploy Windows 8.1 Part 1 | The-Server.Ninja

  2. Errors when trying to capture your gold master?

    fully update the gold master image, reboot. (use a vm and take a snapshot).

    start powershell as admin.

    run this command: get-appxpackage | remove-appxpackage

    dont reboot. run the litetouch.vbs script again (or sysprep).

    your machine should now be captured without errors.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s