[Password protect and limit install base lite touch.]

If the MDT installation source is on the network (either booted via PXE or boot media), it already asks for a password. As to running it on Dell's only, that wouldn't necessarily be as easy and would require either some custom script or WMI filtering on a custom step during the task sequence, or using the database, or both.

[Build PC rebooting]

By adding a network driver to the PE that allows the Dell to work. It's rebooting because it didn't get an IP address, thus can't connect to the deployment server/share, and reboots (silently). You would only see this in the logs, but that is what is happening.

In fact, simply blindly injecting all drivers into one folder is actually a bad idea, and could actually be part of the problem. You should be JIT injecting drivers based on Make\Model, and using a selection profile for WinPE-specific drivers (and injecting that selection profile *only* into your PE images when they are built, updating as necessary). Thankfully Dell has broken out it's driver packages to be used in this manner quite easily:

http://www.delltechcenter.com/page/Dell+Business+Client+Operating+System+Deployment+-+The+.CAB+Files#fbid=nVpvfeVg5xD

[Windows 7 bugcheck 0x7E, action center suggests memtest, but RAM is o]

Is that a complete dump? If so, can it be zipped and uploaded somewhere? That particular function (NdisMCreateLog) takes a handle as it's OUT, so if the handle being NULL is the reason for the crash (and it may very well be, given it's a GPF) then there could indeed be a problem with the miniport that called the API (which in this case would be nm3). It's also possible the buffer size allocated isn't large enough, but I haven't seen crashes due to that in quite literally many, many years.

[where do I ask WinDbg questions?]

Hey Karl,

We don't have a specific forum for debugging questions, per se, so just ask where it seems most appropriate. If the questions are mostly network-stack related, ask in networking; if they're Win7 core-OS-related, ask here, etc.

[win7 with MDT on local setup]

Yes, it works from a DVD or a bootable USB key. No server necessary. If you follow my guide, you can do it. If you find trouble, then perhaps you need to begin again and see where you made a mistake.

[Slow Shutdown Troubleshooting]

is it allowed to redistribute the files outside the SDK/WPT setup?

Actually, the WPT and it's contents are apparently redist friendly after reading the EULA. Odd, but it seems, true.

[Microsoft Security essentials minisetup AFTER imaging.]

It happens because MSE requires a validation check, which you must run. This is expected behavior, and one you aren't going to be able to avoid.

[Slow Shutdown Troubleshooting]

You can also get the files you need from the xperf123 package.

[AMD or Intel processor for running VMware workstation]

Note that the CPU is not as important as DISK speed when talking about virtualization on a workstation scale. This changes, of course, in high-density server environments, but for workstation-class virtualization environments you should be focusing more on disk capacity and speed rather than which CPU is faster. At this point, any CPU from Intel or AMD that supports all the bells and whistles will work just fine (and given AMD chips tend to be cheaper, they are a good choice for test environments).

[time is always wrong AFTER sysprep]

Also, what timezone is set in your unattennd, and in what pass?

[win7 with MDT on local setup]

The media point ISO is your entire build point, which is meant to be used offline. If your USB key is bootable (FAT32 is fine, although NTFS is preferred due to FAT32's file size limitations), you can simply place the contents of the ISO onto your USB key and install from there.

Trial and error, my friend. That's how you learn.

[SCCM PXE Service Point Reinstall]

Ah- that's bad. I would suggest removing the PXE service point and WDS again from the machine, enable MSI logging, and reboot. Next, install WDS and the PXE service point, and if that fails we should hopefully have some MSI logs in %tmp% that will be verbose to go along with the installation of the PXE service point to reference to see why it's not instaling it's provider into WDS properly.

[SCCM PXE Service Point Reinstall]

Those errors all map to FILE_NOT_FOUND and ERROR_INVALID_HANDLE, meaning it's likely the previous removal did not go as planned and left some things behind. I would strongly suggest removal of the WDS role, reboot, re-add the WDS role, and then try again.

[Run DOS after WinPE Shuts down]

Given other vendors are capable of this, I can't imagine Dell doesn't have these sorts of tools. And, if not.... IT'S 2011. Shame on Dell if so.

[Different choices during install]

How many questions do you expect you'll need to have your deployment answer, and what types of things are these? MDT might be useful here.

[Need Help turning off this setting in IE?]

This site should get you where you want to be:

http://www.winhelponline.com/blog/disable-ie8-tour-welcome-screen-runonce-all-users/

[win7 with MDT on local setup]

#1 - already answered on my blog you'll find at the link above

#2 - No

#3 - Let MDT handle it for you - technically it's boot.wim, but you don't need to do that. The tools will handle that for you.

[win7 with MDT on local setup]

What you need to do is start reading the help - all of the possible options are there. Here's my own customsettings.ini that I use, that automates most everything and has most options specified (even if they're not automated). You can get FAR more creative than this, but this is a start:

[Settings]
Priority=ByLaptopType,ByDesktopType,ByServerType,TaskSequenceID,Default
Properties=MyCustomProperty


[Default]
OSInstall=Y

UserID=Administrator
UserDomain=DEMO
UserPassword=Password1

OrgName=Organization
FullName=User
AdminPassword=Password1

;JoinWorkgroup=WORKGROUP
JoinDomain=DEMO
DomainAdmin=Administrator
DomainAdminDomain=DEMO
DomainAdminPassword=Password1

_SMSTSORGNAME=Demo Build

WSUSServer=http://MDT
SLShare=\\MDT\Build$\Logs

;BDEInstallSupporess=YES
BDEInstallSuppress=NO
BDEInstall=TPMPin
BDEKeyLocation=C:
BDEPin=12345678
BDERecoveryKey=AD
BDEWaitForEncryption=TRUE

UILanguage=en-us
UserLocale=en-us
KeyboardLocale=en-us;0409:00000409
TimeZone=035
TimeZoneName=Eastern Standard Time

SkipAdminPassword=YES
SkipApplications=NO
SkipAppsOnUpgrade=NO
SkipBDDWelcome=YES
SkipBitLocker=NO
SkipBitLockerDetails=NO
SkipCapture=NO
SkipComputerName=NO
SkipDomainMembership=YES
SkipFinalSummary=YES
SkipLocaleSelection=YES
SkipPackageDisplay=YES
SkipProductKey=YES
SkipSummary=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipUserData=YES

UserDataLocation=NONE
FinishAction=RESTART


[ByLaptopType]
Subsection=Laptop-%IsLaptop%

[Laptop-True]
OSDComputerName=LAPTOPCHANGEME

[ByDesktopType]
Subsection=Desktop-%IsDesktop%

[Desktop-True]
OSDComputerName=DESKTOPCHANGEME

[ByServerType]
Subsection=Server-%IsServer%

[Server-True]
OSDComputerName=SERVERCHANGEME

[Customizing default user profile]

Then your best choice is the netlogon share method of the above KB link - it's easy to set up, it works properly, it's supported by Microsoft, and it's easy to modify in the future if you want to make changes to the profile without having to do anything different.

[win7 with MDT on local setup]

To answer your second question first, configure bitlocker via the MDT wizard - it will encrypt the drive while the install progresses. This is the quickest way, and if you don't need the entire drive totally encrypted before doing anything else that is the "proper" way.

As to your first question, I decided to simply provide you a link that should help you find everything you need to make an MDT distribution and put it on a USB key:

http://tinyurl.com/3zl938r

The first link should be the most useful.

[Amy Winehouse!]

Never speak ill of the dead is a good motto to live by. It's not shocking given her lifestyle while alive, but it is sad to see someone die before their time, so to speak.

[Password policy problem!]

You need to create a password that meets the default complexity requirements. By default, these require a password of at least 8 characters, and that the password have at lease one lower case letter, one upper case letter, one number, and one special character (the characters above the number keys on your keyboard, like !,%,&, etc).

[MSIEXEC taking a long time to complete]

Actually, that could do it. Just like any install that adds files to the system and triggers CBS, it'll also trigger a scan. In audit mode, this will epic fail if the CRL can't be grabbed or checked (that's likely what's being logged in the catroot logs), and defender is going to try and update/scan new files. It's a bit of a kludge, but just like not running A/V in audit mode, running defender isn't really a good idea either. I'd suggest stopping/disabling the service as your first task when entering audit mode, and setting things back when exiting.

[Customizing default user profile]

Question - is this a domain environment or not?

[Run DOS after WinPE Shuts down]

Last I looked, it was the same as the tools on the DVD, which was basically DSET. It should be sufficient, so I'd contact Dell - they already have these tools in WinPE and you should be able to get them.