Thursday, May 5, 2011

Using Zero Touch Installation (ZTI) in ConfigMgr

With ConfigMgr 2007 and 2012 there is OS Deployment possible with the use of Task Sequences. When advertise/deploy a Task Sequence used for OS Deployment, there is the choice for Lite Touch or Zero Touch Installation. In this blog I willl explain the difference between them, and what to do for having Lite Touch and/or Zero Touch functionality.

First I will explain the difference between them:
  • Lite Touch Installation (LTI) is used when F12 must be pressed on the local device during PXE boot the device;
  • Zero Touch Installation (ZTI) is used when nothing has to do be done on the local device for PXE boot functionality.

When using Windows Deployment Services (WDS) and/or Microsoft Deployment Toolkit (MDT), Lite Touch functionality is possible. With the use of System Center Configuration Manager (ConfigMgr), Zero Touch functionality will also become available. Both scenarios are handy, and will be used by customers. The choice between them, has something to do with Management, BIOS settings and (remote) locations.

Now let's have a look at the advertise/deploy settings:

When advertise/deploy an OS Deployment Task Sequence, choose "Make this task sequence available to boot media and PXE".

On the next screen create a Mandatory assignment when ZTI is needed. This will make the big difference between LTI and ZTI, a Mandatory assignment!

For having ZTI, also the PXE boot order must be set. When the Network adapter is not in first place, there is no ZTI possible. Also decide on which collection ZTI deployment will be advertised/deployed. This is not recommended on most collections, so create a new collection, specific for ZTI deployments!

On the ConfigMgr PXE service point, additional properties can be set. When "Require a password for computers to boot using PXE" is selected, no ZTI deployment is possible also. This will be become handy with LTI deployment, when pressing F12 for PXE boot, a password is needed to get a new OS image.

Also a big difference; with LTI a device can be installed many times again with a new image, without anything to do with the device in ConfigMgr collections. Only make sure that the device is placed in the right collection, where the advertisement is set.

With ZTI a device gets a PXE advertisement on the device in ConfigMgr collections, to prevent it for being installed over and over again. When a device must get a new OS image, just rightclick on the object, and choose "Clear Last PXE Advertisement. When this is done, the advertisement will become active automatically with next boot.

When will LTI or ZTI be the best solution? It depends..

When total control is needed, Password security, Choose between different OS images, Another boot order (harddisk or USB first), LTI will be the best solution there is. When remote OS deployment is needed, Auto-install on remote locations, Wake-On-LAN support, No interaction on the device, ZTI will be the best solution there is.

Do not hesitate when things are not clear enough, or additional questions are left. Just leave a comment then.


  1. Thanks for your blog mate. It really assists in my documentation ;) Keep up the good work.

  2. When you are using the ZTI with SCCM 2012 to reimage machines on remote location, where you cannot seat and press F12, what needs to be done to protect other machines on the same network segment from being formatted?

    All the machine have the network card as the first boot in the bios, they are all in different vlan/segement and they are all able to speak with the distribution point. The setup is for a school where machines are often rebooted and reimage.

    Many thanks

    1. I would recommend to use a specific collection for ZTI and place the remote systems in that collection. On other collections you can choose to use LTI/ZTI as well. This can be done per deployment.

      In this case the PXE tag keeps systems from re-installing after next boot. Just notice that there's no PXE tag on systems which are LTI deployed. Just be careful with ZTI and choose collection right!

  3. Hello
    I have the following issue :
    I 'm testing a zti installation
    all is ok but when I clear requirement pxe deployxement
    when i boot my windows machine each time he try ro tun
    the n12 file. but he keep asking me to press on f12 ...
    ( i have renamed the file in the boot /x64 folder
    my pc are x64 and i change the dhcp option to point to x64 folder

    tks for your help

    1. Not sure if this still works, otherwise connect to the n12 file in WDS configuration? Did you set PXE boot at first in BIOS boot order also?

    2. Comments will be posted when approved, because of spam mails :)

  4. Thanks Henk. This cleared up some things I've been working on for a couple of days. Most appreciated!

  5. So, if we want to configure ZTI, then we had to create advertisement on particular collection but if we want to implement LTI, then will advertisement be created or not. Is advertisement only for ZTI?

    1. Advertisement (or deployment) is for both LTI and ZTI. On LTI on Available and on ZTI on Required. Hope it helps!

  6. Quick question: with ZTI, how does one get around using the users password to perform the upgrade to Windows 10. In the past, we have always had to change the users password in order to perform upgrades on the users machine. With ZTI, does the users profile and settings get preserved and are they (or we the technician) required to change the password in order for the upgrade to take place?