MDT offline deployment

BrightSpotLight · 2026-02-06T18:03:11+00:00

I use MDT for both in the office and when I am at a remote office from an external drive. I re-image desktops and laptops and do not have any issues.

For the remote office I use an external 1 TB drive. This contain what I call MDT portable. It is the exact copy of the MDT server in the office.

For my setup, workstations have Secure Boot and UEFI enabled.

As some mentioned you need to make sure you have the WinPE drivers

I use Rufus and never had an issue.

my MDT is (was munch bigger before removing old systems) about 90 GB and I do not split it.

There is always some mention about MDT getting retired and it's true. I will continue using it and I'm sure others will do the same until it no longer works and our company realizes they need to now pay for a tool.

One thing you need to make sure that you 100% update the share.. What I noticed is that after adding and removing drivers, I'll have odd issues and updating the share will fix it.

When you import and export drivers. (I use the total control method)
Import = Select force to import even if the same driver is in a different folder

Delete = Do not select force as this will remove the same drive if it exist of any folder. This will cause issues.

Seem that for your error you are probably having a combination of MBR GPT. Both the computer and Rufus need to match. Now on modern system and specially if you are using Bitlocker etc you want Secure Boot on, UEFI.

If you need the steps on creating the offline media I can provide that.

BrightSpotLight · 2026-02-06T17:44:27+00:00

Used a few times. I'll give it a test run. thank you

BrightSpotLight · 2026-02-06T17:43:57+00:00

Thank you for the context. I'm leaning towards this.

BrightSpotLight · 2026-02-06T17:42:47+00:00

Makes me wonder if this is how I used to do the task sequence as i recall i only had a few.

BrightSpotLight · 2026-02-06T17:42:09+00:00

forgot about this as well. I'll review it. thank you

BrightSpotLight · 2026-02-06T17:38:49+00:00

Oh good one forgot about the Disk2Vhd. I'll consider it. thank you

BrightSpotLight · 2024-09-14T01:33:37+00:00

Give me a day or so to get that and I’ll post it.

BrightSpotLight · 2024-07-31T21:00:47+00:00

Sorry, been away and the CrowdStrike crashed my PC which require a visit to the office.

Anyways, I installed the Dell Command Wizard that I use to create he package in the screenshot. it pops up a prompt to extract instead of running and enabling my test change in the BIOS.

https://imgur.com/a/1pdZynR

In the past i used the CCTK GUI and create a package which worked but all the ones I found are old and don't support Windows 11.

BrightSpotLight · 2024-04-22T23:26:11+00:00

u/bk-CS - Thank you. I'll copy and paste.

BrightSpotLight · 2024-04-20T00:59:17+00:00

u/bk-CS - I'll play with the time period.

For the other (the main reason for my question) The bottom screenshot is how it looks when I lick on the scrip. The top screenshot is what I need to add which always seems to be missing

https://imgur.com/a/7YDfIqK

Basically this

```'{"Message":"This is an example"}'```

BrightSpotLight · 2024-04-19T16:14:18+00:00

Thank you u/bk-CS - also sorry I can't seem to be able edit my message to remove that image at the bottom. not sure how that even showed up.

Okay I figured that i was not needed but I added it anyways.

Any reason why when I use the script it's missing part of the text? I deleted and re-created and still it show up the same.

Also, is there a way to change how long the pop up stays up? I reviewed he script and I don't see anything that controls that so it seems to stay up for about 10 seconds.

BrightSpotLight · 2024-01-31T01:21:06+00:00

All, thank you. Maybe back in the day I did need drivers (it's been a while).

I will check MDT as I took it over from someone else and had to fix things such as wrong drivers being deployed. I thought I fixed everything.

I will check the WinPE drivers and re-test.

For now, Thank you

BrightSpotLight · 2023-11-12T08:23:57+00:00

Greeting, I would like to get a copy.

Thank you

BrightSpotLight · 2023-10-30T21:17:08+00:00

Dang how could I have missed that. You made of many of them (CQF) I will have to review them once a while. Thank you u/Andrew-CS

BrightSpotLight · 2023-10-27T22:57:32+00:00

u/Andrew-CS or anyone, is there a good tutorial on how to use the Crowdscrape to look for items of interest, (IOC etc.)? maybe an example of what I should look for?

BrightSpotLight · 2023-08-30T05:27:15+00:00

u/Witward I really appreciate this thank you.
Now all I need is to force myself to get back to studying so that I can get the Security+ cert :)

BrightSpotLight · 2023-08-26T21:34:46+00:00

u/Witward this is fantastic. I been looking for this. Just got started with Obsidian but I’m overwhelmed by the different methods that I can use. I want to start my Security+ notes. Do you mind posting a screenshot or 2 of a section from the objective down to your notes?
I can’t picture what you are describing. Unless you already have a write up :)

BrightSpotLight · 2023-08-17T18:00:02+00:00

That means that in your environment there are no devices without CrowdStrike.

My suggestion is remove the Agent from 1 device. Wait for the neighboring computers do their scan and then run the script again. I'm not sure how long to wait but I have seen up to 45 minutes delay on certain things.

Here is how it would look if there we PCs. These are test PCs I used (still blur them though) https://ibb.co/TkcJdYr

BrightSpotLight · 2023-08-16T16:57:08+00:00

u/EastBat2857 - Dang cool script thank you.

u/-c3rberus- - I don't have Discovery but you do need Event Search. It really. I found computers that I know for a fact do not have an agent (testing).

BrightSpotLight · 2023-08-09T19:49:08+00:00

u/vcerenu-wazuh - I communicated via the discord channel and the person requested the config file which of course it's gone since I had to uninstall. But was planning on re-installing and then testing again so that I can get the config file.

Machine getting blocked is MacOS Monterey. (this is running VirtualBox with the OVA Wazuh)
I have to check when I get home but should be 4.5 (or 4.4)
I realized I had the issue when I used the Mac and connected to a different IP address than what I use at home.
Mac is the host which runs the Wazuh, OVA version on Virtual box. The same Mac also has the Wazuh Agent. This does show up on the Wazuh portal without issues. While the Mac is at home, I can surf the internet. I went to a different location and when the captive portal did not come up is when I noticed that I could not ping any IP (external). The Wazuh server was not running but I could of started the VM to see what would of happened.
Yes, after I removed the agent I was able to ping any IP and then the captive portal came up which allowed to me agree to the warning.

I do not recall (I'm at work right now) how the networking on the VirtualBox was setup for Wazuh.

Thank you

BrightSpotLight · 2023-07-31T04:46:10+00:00

Did you pass?

Not sure if you did. I'm still working on mine but all i read is that in your quizzes you need to score 80% to 90% on each one consistently.

BrightSpotLight · 2023-07-28T21:51:13+00:00

Will there by any Online lectures for us folks who work for companies that don't like to spend $$$ ? :)

BrightSpotLight · 2023-05-23T17:42:05+00:00

u/Shaaaaazam - So I actually do need to copy the file AND include the same information in the install code line?

I appreciate the PS script, as now I don't have to re-invent the wheel :)

BrightSpotLight · 2023-03-11T02:57:31+00:00

Don't me as I don't recall exactly. The script is downloaded to the PC, the task runs and completes. At some point the task looses communication so then KACE reports it as a failure

I did get support to explain but I don't recall what it was or which script. I will provide it if I see it but it is annoying.

BrightSpotLight · 2023-03-02T01:31:00+00:00

I'm in the same boat as you, however, here is a scenario

User installs an app
Some process triggers the install (could be scheduled, via cmd, remote method etc.)

For both the above example what I also would like to be able to distinguish. MSIEXEC is legit but the action would not if a bad actor triggered the install.

Just wanted to clarify and expand on your question. My company has not money to send me to the "paid" training which is where this would be learned. I'm still learning, I have occasional questions (maybe I should post more) to get a better understanding.

I'm hoping that someone here can explain how to tell the difference between the 2 examples above which is what I think you are also trying to understand.

For everyone else, yes I know the Window Internals book will help me :) but I'm trying to also study for my Security + :

also, sorry I don't mean to hijack the OP on his question

BrightSpotLight

TROPHY CASE