The deployment of a task sequence to customers can be done via the Internet. This scenario, which has already been present for several versions of Configuration Manager, has been improved with the 2010 version.
It is now possible to start the update or installation of a Windows 10 workstation from a boot media.
Before to configure deployment of task sequence over internet, you need to configure Cloud Management Gateway.
The content can be obtained from the cloud management gateway, however the device needs a connection to the management point.
From the task sequence, you need to configure the task Apply network settings to join computer on the workgroup. You can’t configure connection to the Active Directory domain, Domain Controller is unavailable.
The WinPE environment does not support Wifi networks, the workstation must have a wired network card.
Create SCCM Task Sequence
From the Configuration Manager console, open Software Library tab and expand Operating Systems. Click on Task Sequences then on Create Task Sequence.
Leave the default value and click on Next.
Enter Task sequence name and click on Browse. Select the desired Boot Image and click on Next.
With Browse button, select Image package. You can choose Image Index and configure ot²her option.
Enter the name of the Workgroup and click on Next.
With Browse button, select the Configuration Manager client.
Repeat the same operation with USMT package.
Configure the next windows and click on Next on Summary.
Task sequence has been created. Click on Distribute Content in the ribbon.
All content needed for the Task sequence has distributed.
With Add button and choose Distribution point, select the distribution point present on the Cloud Management Gateway.
Click on Next and begin the distribution.
Deploy task sequence
Select the task sequence and click on Deploy in the ribbon.
With the Browse button, select the desired collection. I choose the collection who contain all of my Windows 10 workstation.
Select Only media and PXE and click on Next.
On User Experience, check Allow task sequence to run for client on the internet.
Click on Next on other windows. Task Sequence has been deployed.
Create Certificate templates
Before to create the media, you need configure certificate. From the Certification authority console, right click on Certificate Templates and click on Manage.
Right click on Workstation Authentification and click on Duplicate Template.
Enter the name of the template and configure Validity period.
Select Request Handling tab and check Allow private key to be exported.
Open Cryptography tab and check Microsoft Enhanced RSA and AES provider. Click on OK.
From the Certification authority console, right click on Certificate Templates and select New then Certificate Template to Issue.
Select the template previously created and click on OK.
From the Configuration Manager server, open MMC console and add Computer Certificates snap-in. Expand Personal then Certificates. Right click on Certificate then click on All Tasks / Request New Certificate.
Select template previously created and click on Enroll.
Click on Finish, certificate has present on the console.
Right click on the certificate and select All Tasks / Export. A new wizard appear, select Yes, export the private key and click on Next.
Check Password and enter the desired password. This password is used when you create media.
With Browse button, select path and File name.
Certificate has been exported.
From the Configuration Manager console, click on Task Sequence then on Create Task Sequence Media.
Select Bootable media and click on Next.
Select Site-based media and click on Next.
I want to create a ISO file. Click on Browse button and select path and file name for the iso file.
Enter the password that you want for protect media. This password is asked after the boot. Select the certificate previously exported.
Select Boot Image, Distribution point and Management point then click on Next.
Click on Next on other Windows. The media is created.
Install Windows 10 Workstation
From the workstation, boot on the media and enter the password previously configured.
Select the desired Task sequence and click on Next
All file is downloaded by the CMG.
You can deploy OS over CMG.