Issues with Windows 11 24H2 OS Deployment, OEM Customizations, PBR and Updates!

I am a proud Windows 11 Pro user, I am running the latest current version of Windows 11, 24H2, 26100.2605 (OS Build). I deploy Windows 11 24H2 including updates to supported OEM laptop PCs that has been refurbished. All the PCs that I deploy Windows 11 to does meet the requirements, if they don't I deploy Windows 10. I have use customized Windows images and I always update my custom images after patch Tuesday to save myself time. I use the Microsoft Deployment Toolkit to deploy my custom images. Currently I am faced with the following issues with Windows 11:

1. Whenever I apply updates to my online image in audit mode, I have to retain the same updates for MDT to reapply during OS deployment. If I don't reapply the same updates during MDT OS deployment, Windows Update will redownload and reinstall the same updates even though the image was already updated. Windows 11 has had this issue for as long as I remember. Windows 10 doesn't have this issue!
2. After a Push-Button-Reset, Windows 11 will redownload the last cumulative update (currently 26100.2605) and attempt to install it, even though it was installed prior to push-button-reset (which means that it is already part of the image), which will result in a failure to download and install the update. I have to manually try to install the update, which causes my many headaches as its not as straightforward as simply downloading the update from the Microsoft Update Catalog and installing it! I usually have to figure out the I need to install i.e. KB5043080 before installing KB5048667 and this may fail also causing me to perform another push-button-reset before I get WIndows Update working correctly again!
3. I was once upon a time able to copy my LayoutModification.json to C:\Users\Default\AppData\Local\Microsoft\Windows\Shell before OOBE and my OEM pins would be pinned to the Start Menu after completing OOBE, this no longer works! However, if I capture a provisioning package after I'm done with the image, and I create AutoApply folders and I then perform a push-button-reset, the apps will be pinned after completing OOBE. The same LayoutModification.json still works correct in prior versions of Windows 11 that doesn't have the September/October 2024 cumulative updates installed!

These issues are really giving me a pain in the nut when it comes to deploying Windows 11 and when it comes to maintaining my work! I don't experience these issues in Windows 10!!!

I hope that Microsoft Devs reads this post!

To anyone that can provide me with guidance and advice: I will greatly value and appreciate it!

@hsehestedt or @garlin this sounds like something you might have an answer for

MDT and PBR is way out of my league.

I'm confused as to why you're using audit mode or MDT to apply updates, if you're rebuilding a new install image after Patch Tuesdays. My understanding is the only real reason updates need to be re-installed is if you applied Language Packs in the wrong order (after updates, instead of first integrating them into the base image).

24H2 introduced checkpoint updates for the CU. Are you following the rule to first install the last full CU, then apply the last differential update?
December 10, 2024 - KB5048667 (OS Build 26100.2605)
Introducing Windows 11 checkpoint cumulative updates

LayoutModification.json is a moving target. Most IT pro's tend to abandon it, and resort to setting up an example user profile and exporting the Start2.bin file. They copy the Start2.bin to the target as part of the provisioning process. While you can't edit Start2.bin (it's a binary blob), you avoid the stupid "why doesn't LayoutModification work as advertised" question. It's brute force, but appears to be a reliable solution.

Honestly, you're better off reposting this question on one of the OSD communities, since those folks live on MDT all day long.

I'm impressed you can get MDT to deploy Windows 11. It was last updated to support Windows 10 1809. I'm surprised it still works. That said...

If you are having to apply the latest update via MDT, then I would skip trying to apply the update in audit mode altogether, unless you're going into audit mode for some other reason. It would actually be much easier for you to download updated media from the Visual Studio site or the Microsoft volume licensing downloads, if you have access to either. Another option is to learn how to create custom ISOs. That's a lot of heavy lifting to get started, but you've managed to get a grasp of MDT, which is no small feat.

Push-button reset uses the Windows Recovery Environment (RE). If you apply any of the following things to your Windows installation image (install.wim), you need to also apply them to your recovery environment (winre.wim):

• driver packages necessary for booting Windows (e.g., storage drivers)
• quality or feature updates
• language packs (if the language pack has a version suited to RE; not all of them do)

I don't mess with Start menu customizations, or almost anything that is tied to the user actually, so I can't comment on LayoutModifcation.json.

While MDT does not technically support Windows 11 any longer, it can be made to work. I just tried it about a month ago and got it working flawlessly with Windows 11.

I do have a few questions to help me better understand the scenario.

1) I know that you are having difficulties deploying your custom images. Could you tell me what has been customized? Are you trying to only add Windows updates into your images or are you doing further customization?

2) If you try to install one of your customized images manually (without MDT), by just booting from that media and performing a clean install, does that work?

If your goal is to simply add the latest updates to your Windows image(s), there is a much better way than going into audit mode and I can guide you through that. I update my images every month with all the latest updates and I have no9 problem with my updated images deploying using MDT.

glasskuter said:

@hsehestedt or @garlin this sounds like something you might have an answer for

Click to expand...

Thanks for the heads up on this one.

Why is most of you hung up on the fact that I use MDT? The issues I experience is with the OS being deployed and not the deployment solution being employed! Even if you substitute MDT with a solution that does support deploying Windows 11, I will still experience the issues I now seek advice and guidance for! Even if MDT doesn't officially support Windows 11, it requires the Windows ADK, SDK and WinPE add-on, and these are still being updated!

ArthurDurand said:

Why is most of you hung up on the fact that I use MDT? The issues I experience is with the OS being deployed and not the deployment solution being employed! Even if you substitute MDT with a solution that does support deploying Windows 11, I will still experience the issues I now seek advice and guidance for! Even if MDT doesn't officially support Windows 11, it requires the Windows ADK, SDK and WinPE add-on, and these are still being updated!

Click to expand...

Way to go being rude to people trying to help. People here are unpaid guys giving their time freely.

If you know better than others, why bother to ask for help!?

cereberus said:

Way to go being rude to people trying to help. People here are unpaid guys giving their time freely.

If you know better than others, why bother to ask for help!?

Click to expand...

I apologize if you think I came across as rude, but I wasn't trying to be rude.

I am a proud Windows 11 Pro user, running the latest version 24H2 (OS Build 26100.2605). I deploy Windows 11 24H2 updates to refurbished OEM laptops that meet the requirements. If they don't meet the requirements, I deploy Windows 10 instead. I use customized Windows images and update them after every Patch Tuesday to save me the time in applying the updates after OS deployment.

Currently, I am facing the following issues with Windows 11:

1. Updates needs to be reapplied after OS Deployment: When I apply updates to my online image in audit mode, I must reapply the same updates during OS deployment. If not, Windows Update will redownload and reinstall the same updates, even though the image was already updated. This issue has persisted in Windows 11, but not in Windows 10.

2. Push-Button-Reset Update Issue: After a push-button reset, Windows 11 redownloads the last cumulative update (26100.2605) and attempts to install it, even if it was part of the image before the reset. This results in a failure, and I have to manually install the update, which is cumbersome and often fails, causing me to reset again.

3. LayoutModification.json Issue: Previously, copying LayoutModification.json to `C:\Users\Default\AppData\Local\Microsoft\Windows\Shell` before OOBE would pin OEM apps to the Start Menu for new users. This no longer works in the current version. However, capturing a provisioning package and creating AutoApply folders can pin the apps after a push-button reset. This issue does not occur in prior versions of Windows 11 without the September/October 2024 cumulative updates.

These issues cause significant challenges in deploying and maintaining Windows 11. I do not experience these issues with Windows 10.

Any advice and guidance will be highly valued and greatly appreciated!

I use the following script in my online image in audit mode to cleanup after I've applied all updates and restarted:

I suspect that cleaning the update cache (deleting the SoftwareDistribution directory) or the DISM cleanup command may be responsible for me having to reapply the same updates during OS deployment. I mounted my custom image that I want to deploy, then I applied the updates I usually reapply during OS deployment, and then I captured my custom image again. When I deploy this image, I don't have to reapply updates. I haven't tested Windows Update after a push-button reset in this case.

Okay, so it's been a while. This old codger says, have you tried Rufus lately?