Skip to content

timthedevguy-truesec/psd-doc-sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
.github/workflows
.github/workflows
 
 
.pages
.pages
 
 
Documentation
Documentation
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

PowerShell Deployment (PSD) — Documentation

Repository: https://github.com/FriendsOfMDT/PSD
License: MIT
Current Version: 0.2.3.1 (December 2025)
Language: PowerShell (99.5%), Batch (0.5%)

Table of Contents

  1. Overview
  2. Target Audience
  3. Architecture & Workflow
  4. Repository Structure
  5. Prerequisites
  6. Installation
  7. Upgrade
  8. Post-Installation (IIS Setup)
  9. Scripts Reference
  10. PowerShell Modules Reference
  11. Configuration Files
  12. Deployment Scenarios
  13. Supported Platforms
  14. Advanced Topics
  15. Debugging & Logging
  16. FAQ
  17. Changelog
  18. Contributing
  19. Credits & Team

Overview

PowerShell Deployment (PSD) is a modern extension for Microsoft Deployment Toolkit (MDT) that replaces legacy VBScript-based deployment logic with PowerShell. It enables OS deployments over HTTP/HTTPS in addition to traditional UNC/SMB paths, making it suitable for cloud imaging, zero-touch, and peer-to-peer (BranchCache/P2P) deployment scenarios.

Key goals:

  • Provide the same automation level as MDT but built on a modern PowerShell framework.
  • Support both PSD-extended deployment shares and legacy MDT deployment shares.
  • Enable secure, scalable deployments over HTTPS without requiring VPN or direct SMB connectivity.

Supported deployment transports:

Target Audience

Role Use Case
Infrastructure Architects Design scalable, HTTPS-based deployment infrastructure
Solution Architects Integrate PSD with existing MDT environments
Modern Device Engineers Automate and manage Windows OS deployments

Architecture & Workflow

How PSD Differs from Standard MDT

Aspect Standard MDT PSD-Extended MDT
Client scripting engine VBScript (.wsf, .vbs) PowerShell (.ps1, .psm1)
Network transport UNC (SMB) only UNC, HTTP, or HTTPS
Deployment share connection Direct SMB share mapping PSDrive via PSDDeploymentShare.psm1
Driver handling Import into Workbench (individual files) Archived WIM or ZIP packages per model
Task sequence complexity Complex, legacy MDT structure Simplified and modernized

Deployment Flow

WinPE Boot (PXE / ISO)
        │
        ▼
PSDStart.ps1  ──── Connects to deployment share (SMB / HTTP / HTTPS)
        │
        ▼
PSDGather.ps1 ──── Collects hardware info, processes Bootstrap.ini / CustomSettings.ini
        │
        ▼
PSD Wizard    ──── (Optional) User interaction for deployment settings
        │
        ▼
Task Sequence Steps:
  ├── PSDPartition.ps1    – Disk partitioning
  ├── PSDApplyOS.ps1      – Apply OS image + inject drivers via DISM
  ├── PSDConfigure.ps1    – Customize Unattend.xml
  ├── PSDDrivers.ps1      – Copy driver packages to cache
  ├── PSDWindowsUpdate.ps1 – Run Windows Update
  ├── PSDApplications.ps1 – Install applications
  ├── PSDRoleInstall.ps1  – Install Windows roles/features
  ├── PSDTattoo.ps1       – Record deployment metadata
  └── PSDFinal.ps1        – Finalize and clean up

Repository Structure

PSD/
├── Branding/                   # Background images and BGInfo configuration
│   ├── PSDBackground.bmp
│   └── PSD.bgi
├── Documentation/              # All official guides and reference docs
│   ├── PowerShell Deployment - Introduction.md
│   ├── PowerShell Deployment - Installation Guide.md
│   ├── PowerShell Deployment - IIS Configuration Guide.md
│   ├── PowerShell Deployment - Operations Guide.md
│   ├── PowerShell Deployment - Security Guide.md
│   ├── PowerShell Deployment - BranchCache Installation Guide.md
│   ├── PowerShell Deployment - Hydration Kit Installation Guide.md
│   ├── PowerShell Deployment - Latest Release Setup Guide.md
│   ├── PowerShell Deployment - PSD Wizard Guide.md
│   ├── PowerShell Deployment - RestPS Guide with PSD.md
│   ├── PowerShell Deployment - Toolkit Reference.md
│   ├── PowerShell Deployment - PSD vs MDT.md
│   ├── PowerShell Deployment - FAQ.md
│   ├── Powershell Deployment - Beginners Guide.md
│   └── Powershell Deployment - ZeroTouch Guide.md
├── INIFiles/                   # Starter INI configuration files
│   ├── Bootstrap.ini
│   └── CustomSettings.ini
├── Plugins/                    # Optional plugin integrations
│   └── OSDToolkit/             # 2Pint OSD Toolkit plugin
├── PSDResources/               # Runtime resources used during deployment
│   ├── BGInfo/
│   ├── BootImageFiles/
│   │   ├── X86/
│   │   └── X64/
│   ├── Branding/
│   ├── Certificates/
│   ├── CustomScripts/
│   ├── DriverPackages/
│   ├── DriverSources/
│   ├── Plugins/
│   ├── Prestart/
│   ├── Readiness/
│   └── UserExitScripts/        # User exit script samples
├── Scripts/                    # All PSD PowerShell scripts and modules
│   ├── PSDWizardNew/           # New PSD Wizard UI files
│   ├── PSDStart.ps1
│   ├── PSDGather.ps1
│   ├── PSDApplyOS.ps1
│   ├── PSDPartition.ps1
│   ├── PSDConfigure.ps1
│   ├── PSDDrivers.ps1
│   ├── PSDApplications.ps1
│   ├── PSDWindowsUpdate.ps1
│   ├── PSDUtility.psm1
│   ├── PSDGather.psm1
│   ├── PSDDeploymentShare.psm1
│   ├── PSDWizardNew.psm1
│   ├── PSDStartLoader.psm1
│   └── ... (see Scripts Reference)
├── Templates/                  # MDT task sequence and deployment share templates
├── Tools/                      # Supporting tools (modules, utilities)
├── Install-PSD.ps1             # Main installer script
├── CONTRIBUTING.md
├── LICENSE
└── ReadMe.md

Prerequisites

Before installing PSD, ensure the following are available on the target MDT server:

Required Software

Component Version Download
Windows Server 2016 / 2019 / 2022
Windows ADK 10 2004 or newer ADK Downloads
WinPE Add-on for ADK Matching ADK version ADK Downloads
Microsoft Deployment Toolkit (MDT) 8456 MDT Download
MDT 8456 HotFix (KB4564442) Required for Windows 10 deployments KB4564442

Minimum ADK Version Build: 17763 (Windows 10 1809 / Windows ADK 1809)

Required Accounts

Account Purpose
Build Account Access PSD/MDT deployment share(s) during deployments
Domain Join Account Join computers to Active Directory (requires DC line-of-sight)
Admin Account Run the installer with local administrative rights

Optional

  • Windows Deployment Services (WDS): Required for PXE-based network boot deployments.
  • IIS: Required for HTTP/HTTPS-based deployments (strongly recommended over SMB).

Client Hardware Requirements

Resource Minimum
RAM 1.5 GB (WinPE requires extended memory)
Network Adapters 1
Hard Drive 50 GB (for bare-metal deployments)

Installation

WARNING: It is strongly recommended to create a new deployment share for PSD. Once a share is extended with PSD, standard MDT task sequences will no longer work in that share. Copy existing applications, drivers, and images to the new share manually.

Step-by-Step

  1. Close the MDT Deployment Workbench if it is open.

  2. Download or clone the PSD repository:

    git clone https://github.com/FriendsOfMDT/PSD.git

    If downloading a ZIP archive, unblock the file before extracting (right-click → Properties → Unblock).

  3. Open an elevated PowerShell prompt and navigate to the extracted folder.

  4. Run the installer for a new installation:

    .\Install-PSD.ps1 -psDeploymentFolder "D:\PSD" -psDeploymentShare "dep-psd$"
    Parameter Required Description
    -psDeploymentFolder Yes Absolute path for the new deployment share folder. Keep under 30 characters without spaces.
    -psDeploymentShare Yes SMB share name (hidden shares end with $). Defaults to <MachineName>\<FolderName>$ if omitted for new installs.
    -Upgrade No Switch to upgrade an existing PSD/MDT share rather than create a new one.

  5. Review the installation log for errors (written to the same folder as the script).

  6. Review the Latest Release Setup Guide to verify post-install steps for your version.

What the Installer Does

  • Validates ADK, WinPE Add-on, and MDT are installed (minimum build 17763).
  • Creates the deployment share folder and SMB share.
  • Creates an MDT persistent PSDrive (named PSDxxx).
  • Removes legacy MDT VBScript/wizard files from the Scripts folder.
  • Copies all PSD scripts, modules, templates, and resources.
  • Creates the PSDResources folder structure.
  • Sets boot image properties (ISO names, WIM descriptions, background).
  • Disables x86 boot support.
  • Sets NTFS and share permissions.
  • Copies starter Bootstrap.ini and CustomSettings.ini.

Upgrade

To upgrade an existing MDT/PSD deployment share:

.\Install-PSD.ps1 -psDeploymentFolder "D:\PSD" -psDeploymentShare "dep-psd$" -Upgrade

Both -psDeploymentFolder and -psDeploymentShare are mandatory for upgrades.

The upgrade process:

  1. Creates a timestamped backup folder under <DeploymentFolder>\Backup\PSD_XXXXX\.
  2. Backs up Scripts, Templates, Tools\Modules, and PSDResources subfolders.
  3. Removes and replaces legacy MDT files.
  4. Copies updated PSD scripts, modules, and resources.

Post-Installation (IIS Setup)

HTTP/HTTPS is required for most PSD deployment scenarios. After installation:

  1. Follow the IIS Configuration Guide to configure IIS on the deployment server.

  2. (Optional) For BranchCache/P2P support, follow these guides in order:

Scripts Reference

Main PSD Task Sequence Scripts

Script MDT Equivalent Description
PSDStart.ps1 LiteTouch.wsf Entry point — starts or continues a PSD-enabled task sequence. Synchronizes system clock. Resizes PowerShell window by design.
PSDGather.ps1 ZTIGather.wsf Invokes PSDGather.psm1 to collect hardware/environment information and process Bootstrap.ini / CustomSettings.ini. Results stored in TS variables.
PSDPartition.ps1 ZTIDiskpart.wsf Partitions and formats disks. Disk layout is hardcoded — do not modify.
PSDApplyOS.ps1 LTIApply.wsf Sets full power profile, applies OS image, injects drivers via DISM, modifies BCD boot configuration.
PSDConfigure.ps1 ZTIConfigure.wsf Customizes and generates the Unattend.xml file for Windows Setup.
PSDDrivers.ps1 ZTIDrivers.wsf Downloads driver packages (WIM or ZIP) to the PSD local cache on the target system.
PSDApplications.ps1 ZTIApplications.wsf Installs applications defined by Applications and MandatoryApplications TS variables. Validates platform and checks for existing installations. Supports msiexec.exe, .CMD, and cscript.
PSDWindowsUpdate.ps1 ZTIWindowsUpdate.wsf Runs Windows Update on the target system.
PSDRoleInstall.ps1 Installs Windows roles and features.
PSDRoleUnInstall.ps1 Uninstalls Windows roles and features.
PSDSetVariable.ps1 ZTISetVariable.wsf Sets task sequence variables.
PSDTattoo.ps1 Records deployment metadata to the target system registry.
PSDFinal.ps1 Performs final cleanup and finalization steps at end of task sequence.
PSDValidate.ps1 ZTIValidate.wsf Validates system requirements before deployment begins.
PSDCopyLogs.ps1 Copies deployment logs to a central location.
PSDCustomization.ps1 Applies post-deployment customizations.
PSDExportDriversInWinPE.ps1 Exports drivers from WinPE for capture scenarios.
PSDHelper.ps1 Development/test helper — imports main PSD modules for interactive testing.
PSDPrestart.ps1 Runs prestart tasks before the main task sequence begins.
PSDUpdateDisk.ps1 Updates disk configuration.
PSDUpdateExit.ps1 Handles update exit logic.
PSDPowerShell.ps1 Runs inline PowerShell commands within task sequences.
PSDTBA.ps1 Varies Placeholder for scripts not yet converted from MDT.

Helper / Test Scripts

Script Description
PSDHelper.ps1 Imports main PSD modules for interactive test and development.
PSDTest.ps1 Test script for validating PSD components.
DumpVars.ps1 Enumerates all current task sequence variables (useful for debugging).

PowerShell Modules Reference

All modules are located in Scripts/ and deployed to Tools\Modules\ within the deployment share.

Module Description
PSDUtility.psm1 Core utility functions shared by all PSD scripts. Handles logging (Write-PSDLog), local data path management, and common helpers.
PSDGather.psm1 Gathers OS and environment information (primarily from WMI/CIM). Processes Bootstrap.ini and CustomSettings.ini rules. Saves results to task sequence variables.
PSDDeploymentShare.psm1 Manages connection to the deployment share. Abstracts SMB vs HTTP/HTTPS transport for content retrieval.
PSDWizard.psm1 Module for the legacy PSD Wizard UI.
PSDWizardNew.psm1 Module for the new PSD Wizard with updated panes (including Intune and device role support).
PSDStartLoader.psm1 Handles the startup/loading sequence for PSD. Supports UserExitScripts.
ZTIUtility.psm1 MDT ZTI utility module (retained for application installation compatibility).

Configuration Files

Bootstrap.ini

Located at Control\Bootstrap.ini in the deployment share. Processed first during WinPE boot before network connectivity is fully established.

[Settings]
Priority=Default

[Default]
DeployRoot=https://your-server/PSD$
UserID=build_account
UserPassword=<password>
UserDomain=DOMAIN
SkipBDDWelcome=YES

Key variables:

  • DeployRoot — URL or UNC path to the deployment share.
  • UserID / UserPassword / UserDomain — Credentials for accessing the deployment share.
  • PSDDebug=YES — Enables debug mode (verbose logging + breakpoints).

CustomSettings.ini

Located at Control\CustomSettings.ini. Processed after Bootstrap.ini. Controls task sequence behavior.

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES

Note: Application GUIDs in Bootstrap.ini or CustomSettings.ini must be enclosed in { } brackets.
Note: All new custom TS variables must be declared explicitly in these files.

Deployment Scenarios

Scenario Transport Status
Bare-Metal (New Computer) UNC (SMB) Supported
Bare-Metal (New Computer) HTTP Supported
Bare-Metal (New Computer) HTTPS Supported
Zero-Touch Deployment HTTP/HTTPS Supported (see ZeroTouch Guide)
BranchCache / P2P HTTPS + BITS Supported (requires 2Pint OSD Toolkit)
RestPS Integration HTTPS Supported (see RestPS Guide)
Intune Integration Supported (wizard pane in 0.2.3.0+)
Refresh (In-Place Upgrade) Any Not yet implemented
Replace Any Not yet implemented
BIOS-to-UEFI Any Not yet implemented

Supported Platforms

Server (MDT Host)

OS Support
Windows Server 2016 Supported
Windows Server 2019 Supported
Windows Server 2022 Supported

Client (Deployment Targets)

OS Architecture Support
Windows 10 1909 – 22H2 (Pro / Education / Enterprise) x64 Supported
Windows 11 21H2 – 22H2 (Pro / Education / Enterprise) x64 Supported
Windows Server 2016 / 2019 / 2022 (Standard & Datacenter) x64 Supported

Advanced Topics

BranchCache / P2P Deployments

PSD integrates with 2Pint Software's OSD Toolkit to enable BITS-based peer-to-peer content distribution. Follow the BranchCache Installation Guide after IIS is configured.

Zero-Touch Deployments

Fully automated deployments (no user interaction) are supported. See the ZeroTouch Guide.

Hydration Kit

A full lab environment can be stood up from scratch using the Hydration Kit. See the Hydration Kit Installation Guide.

RestPS Integration

PSD supports integration with RestPS for dynamic rule processing. See the RestPS Guide.

Driver Packaging

Unlike standard MDT, PSD uses archived driver packages (WIM or ZIP format) per hardware model. This enables efficient HTTPS downloads. Driver packages can be:

  • Auto-created from drivers already imported in the MDT Deployment Workbench.
  • Copied from an external source if pre-packaged packages already exist.

UserExitScripts

Custom user exit scripts can be placed in PSDResources\UserExitScripts\. A sample script is included. These are supported in PSDStart.ps1 as of version 0.2.3.1.

PSD Wizard

The new PSD Wizard (PSDWizardNew) features updated panes including:

  • Intune enrollment options (0.2.3.0+)
  • Device role selection (0.2.3.0+)

Enable the new wizard by setting in CustomSettings.ini:

PSDWizard=YES
PSDWizardTheme=<ThemeName>

Security

For hardening and secure deployment share configuration, see the Security Guide.

Server-Side Logging

Server-side log upload via BITS is supported. Enable it by setting the SLShare variable in CustomSettings.ini:

SLShare=\\server\logs$

Debugging & Logging

Enable Debug Mode

Add to Bootstrap.ini:

PSDDebug=YES

Or pass -Debug to PSDStart.ps1 directly at the command line (useful for interactive WinPE troubleshooting).

Write-PSDLog

All PSD scripts use Write-PSDLog from PSDUtility.psm1 for consistent logging. Use this in any custom scripts:

Write-PSDLog -Message "$($MyInvocation.MyCommand.Name): Your message here"

Log output format (CMTrace compatible):

<![LOG[FunctionName: Your message here]LOG]!><time="20:31:39.462+000" date="03-26-2019" component="PSDUtility.psm1:27" context="" type="1" thread="" file="">

Log Types

Log Description
PSD.log Main PSD deployment log (CMTrace format)
BDD.log MDT base deployment log
Transcript logs Full PowerShell transcript — best for troubleshooting; captures everything on screen

WinPE Boot Components

The following WinPE optional components are automatically included in PSD boot media:

Components
winpe-dismcmdlets
winpe-enhancedstorage
winpe-fmapi
winpe-hta
winpe-netfx
winpe-powershell
winpe-scripting
winpe-securebootcmdlets
winpe-securestartup
winpe-storagewmi
winpe-wmi

Note: You do NOT need to manually add PowerShell to boot media. PSD and MDT handle this automatically via LiteTouchPE.XML.

FAQ

Q: Does the installer copy over my existing MDT content (applications, drivers, task sequences)?
A: No. Content must be manually copied or re-imported into the new PSD share.

Q: Can Install-PSD.ps1 be run remotely?
A: No. It must be run locally with administrative rights on the target MDT server.

Q: Does PSD copy existing Bootstrap.ini or CustomSettings.ini files?
A: No. These must be manually recreated or copied from existing shares.

Q: Does PSD work with 2Pint's OSD Toolkit?
A: Yes. See the BranchCache guide.

Q: Why does the PowerShell window change size during deployment?
A: This is intentional. PSDStart.ps1 resizes the window from full-screen to approximately one-third at the start of the deployment.

Q: Do I need to add PowerShell to my WinPE boot images?
A: No. PSD and MDT handle this automatically — the LiteTouchPE.XML file injects PowerShell regardless of Workbench settings.

Q: What files should NOT be deleted from the deployment share?
A: Do not delete any PSD*.ps1, PSD*.psm1, ZTIGather.xml, or ZTIConfigure.xml files. ZTIUtility.vbs may also be required for application installations.

Q: Are system clocks synchronized?
A: Yes — PSDStart.ps1 attempts to synchronize the clock on target computers early in the deployment.

Changelog

v0.2.3.1 — December 2025

  • Added missing ZTIGather.xml
  • Updated INI files
  • Removed Legacy Wizard from PSDStart.ps1; added UserExitScripts support
  • Updated PSDUtility.psm1 for new functions in PSDStart
  • Added UserExitScripts folder with samples in PSDResources

v0.2.3.0 — September 2024

  • Updated Deployment Wizard with new panes for Intune and device role
  • Improved task sequence templates
  • Updated installer
  • Customized ZTIGather.xml
  • Updated Prestart menu

v0.2.2.9 — February 2024

  • Changed ModelAlias for VMware — all VMware models now defined as "VMware"

v0.2.2.8 — September 2022

  • New Wizard (enabled via PSDWizard and PSDWizardTheme variables)
  • Improved disk handling
  • Extended logging
  • Performance improvements
  • Code cleanup
  • Driver package support in WIM format
  • Server-side logging via BITS upload (SLShare variable)

Contributing

Contributions are welcome. Please review the CONTRIBUTING.md in the repository.

Note: This repository is primarily a distribution/download repository. Active development occurs in a private repository. To participate in development, contact:

Credits & Team

Core Development Team

Name GitHub / Twitter
Mikael Nystrom @mikael_nystrom
Johan Arwidmark @jarwidmark
Michael Niehaus @mniehaus
Steve Campbell @SoupAtWork
Jordan Benzing @JordanTheItGuy
Andreas Hammarskjold @AndHammarskjold
Richard "Dick" Tracy @PowerShellCrack
George Simos @GSimos
Elias Markelis @emarkelis

Additional Contributors

@DeploymentBunny, @ChuckWhitson, @NoCheroot, @acellar

Additional Resources

Guide Link
Introduction PowerShell Deployment - Introduction
Beginners Guide Powershell Deployment - Beginners Guide
Installation Guide PowerShell Deployment - Installation Guide
IIS Configuration PowerShell Deployment - IIS Configuration Guide
Operations Guide PowerShell Deployment - Operations Guide
Latest Release Setup PowerShell Deployment - Latest Release Setup Guide
Security Guide PowerShell Deployment - Security Guide
BranchCache Guide PowerShell Deployment - BranchCache Installation Guide
Hydration Kit PowerShell Deployment - Hydration Kit Installation Guide
PSD Wizard Guide PowerShell Deployment - PSD Wizard Guide
RestPS Guide PowerShell Deployment - RestPS Guide with PSD
Zero-Touch Guide Powershell Deployment - ZeroTouch Guide
Toolkit Reference PowerShell Deployment - Toolkit Reference
PSD vs MDT PowerShell Deployment - PSD vs MDT
FAQ PowerShell Deployment - FAQ

About

Demo docusaur site

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages