Deploy Windows 11 24H2 on HP EliteBook 840 G7 using MDT — Step by Step

Difficulty: Intermediate · Time: ~3 hours first run · Cost: Free

This is the gold-standard walkthrough. Every other guide on this site follows the same pattern. If you've never built a task sequence before, start here.

What you'll have at the end: A PXE-bootable MDT deployment share that images a fresh HP EliteBook 840 G7 with Windows 11 24H2, all HP drivers, your core apps, and joins it to your Active Directory domain — in about 45 minutes per laptop, fully unattended.

Prerequisites

Step 1 — Install the Windows ADK for Windows 11 24H2

What this does: The Assessment and Deployment Kit provides DISM, ImageX, and Windows PE — the boot environment that runs your task sequence.

1. Open https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install in a browser.
2. Click Download the ADK for Windows 11, version 24H2 (the latest GA build).
3. Run the installer. When the Select the features you want to install screen appears, check only these:
   • Deployment Tools
   • User State Migration Tool (USMT)
4. Click Install. This takes about 5 minutes.

💡 Why only those two? You don't need the rest for OSD. The other components are for performance testing, signing, and OEM imaging.

Step 2 — Install the Windows PE add-on for the matching ADK

What this does: Windows PE was unbundled from the ADK starting in Windows 10 1809. The add-on is a separate download with the bootable mini-Windows that PXE-loads onto the target laptop.

1. On the same page, click Download the Windows PE add-on for the ADK.
2. Run adkwinpesetup.exe. Accept defaults. Install.

Step 3 — Install Microsoft Deployment Toolkit (MDT)

1. Go to https://www.microsoft.com/en-us/download/details.aspx?id=54259
2. Download MicrosoftDeploymentToolkit_x64.msi (8456 or newer).
3. Run the MSI. Accept defaults.

You now have a new Start menu shortcut: Deployment Workbench.

Step 4 — Create the deployment share

1. Open Deployment Workbench (Run as administrator).
2. Right-click Deployment Shares → New Deployment Share.
3. Path: D:\DeploymentShare · Share name: DeploymentShare$ · Description: MDT — Win11 24H2 HP Baseline
4. Click through the wizard with defaults. Finish.

💡 The trailing $ on the share name hides it from network browsing — a sensible security habit.

Step 5 — Import the Windows 11 24H2 ISO

1. Download the Windows 11 24H2 ISO from https://www.microsoft.com/software-download/windows11
2. Mount the ISO (double-click in File Explorer — it appears as drive E:).
3. In Deployment Workbench: Operating Systems → right-click → Import Operating System.
4. Choose Full set of source files. Source: E:\ · Destination directory name: Windows 11 24H2 x64.
5. Wait. Importing copies ~6 GB into the deployment share.

Step 6 — Download the HP 840 G7 driver pack

1. Go to https://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html
2. Find EliteBook 840 G7 in the table.
3. Click the Windows 11 column to grab the latest driver pack SoftPaq (e.g., sp146268.exe).
4. Run the SoftPaq once on any Windows machine — it extracts to C:\SWSetup\spXXXXXX\. That extracted folder is your driver pack.

🚨 Don't skip this. Vanilla Windows 11 has generic Intel/Wi-Fi/NVMe drivers that work, but the HP pack gives you the HP firmware utilities, fingerprint reader, HP Connection Optimizer, and the right NIC driver for PXE boot reliability.

Step 7 — Organize drivers by model

1. In Deployment Workbench: Out-of-Box Drivers → right-click → New Folder. Name: Windows 11.
2. Right-click that folder → New Folder. Name: HP EliteBook 840 G7.
3. Right-click the 840 G7 folder → Import Drivers. Source: the extracted SoftPaq folder from Step 6. Check Recurse. Finish.

End state:

Out-of-Box Drivers
└── Windows 11
    ├── HP EliteBook 840 G7
    ├── HP EliteBook 840 G8     ← repeat steps 6-7 for every model
    ├── HP EliteBook 840 G9
    ├── HP EliteBook 840 G10    ← REMEMBER: G10+ also needs Intel VMD drivers (see Quirks)
    └── ...

Step 8 — Per-model driver injection via CustomSettings.ini

What this does: Tells MDT, "For this exact HP model, only inject drivers from this exact folder." Without this rule, MDT injects every driver in every folder, which can wedge boot.

1. In Deployment Workbench: right-click the deployment share → Properties → Rules tab.
2. Replace the contents with:

[Settings]
Priority=Model, Default
Properties=ModelAlias

[Default]
OSInstall=Y
SkipBDDWelcome=YES
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
TimeZoneName=Eastern Standard Time
KeyboardLocale=en-US
JoinDomain=corp.example.com
DomainAdmin=svc_mdt_join
DomainAdminDomain=CORP
DomainAdminPassword=*** PLACEHOLDER — set in Bootstrap.ini or vault ***
MachineObjectOU=OU=Workstations,DC=corp,DC=example,DC=com

[HP EliteBook 840 G7]
DriverGroup001=Windows 11\HP EliteBook 840 G7
SkipApplications=NO

[HP EliteBook 840 G8]
DriverGroup001=Windows 11\HP EliteBook 840 G8

[HP EliteBook 840 G9]
DriverGroup001=Windows 11\HP EliteBook 840 G9

💡 How MDT picks the right model: It queries WMI at boot time for Win32_ComputerSystem.Model. For HP EliteBooks that value is exactly the model name as printed on the case ("HP EliteBook 840 G7"), so the section header must match exactly.

Step 9 — Bootstrap.ini (the credentials WinPE needs to reach the share)

Click the Bootstrap tab next to Rules:

[Settings]
Priority=Default

[Default]
DeployRoot=\\mdt01.corp.example.com\DeploymentShare$
UserID=svc_mdt_pull
UserDomain=CORP
UserPassword=*** PLACEHOLDER ***
KeyboardLocale=en-US
SkipBDDWelcome=YES

🔒 svc_mdt_pull should be a read-only account on the share. The join account from Rules is separate so a compromised laptop can't write back to the share.

Step 10 — Add applications

For each app you want pre-installed:

1. Applications → right-click → New Application → with source files.
2. Browse to the installer folder. Command line examples:
   • Microsoft 365 Apps: setup.exe /configure configuration.xml (use the ODT — see Methods → ODT)
   • Google Chrome Enterprise: msiexec /i GoogleChromeStandaloneEnterprise64.msi /qn
   • Adobe Reader DC: setup.exe /sAll /msi EULA_ACCEPT=YES
   • Your AV agent (CrowdStrike, S1, Defender for Endpoint, etc.)
3. In your task sequence (next step), add Install Application steps for each.

Step 11 — Create the task sequence

1. Task Sequences → right-click → New Task Sequence.
2. ID: WIN11-24H2-HP · Name: Win 11 24H2 — HP EliteBook Baseline · Template: Standard Client Task Sequence.
3. OS to install: choose the Windows 11 24H2 x64 entry imported in Step 5.
4. Skip product key. Set admin password to Do not specify (handled by GPO/LAPS).
5. Finish.

Step 12 — (Optional but recommended) Disable BitLocker for the deployment

Windows 11 24H2 enables device encryption automatically on supported hardware during OOBE. This breaks the task sequence at the Apply Operating System step the second time you run it.

In your task sequence, edit it → State Restore group → Pre-Action: add a Run Command Line step:

manage-bde -off C:

Then at the very end, before the final reboot, add another Run Command Line:

manage-bde -on C: -used -RecoveryPassword

(Or skip both and let your MBAM/Intune policy handle it post-deploy. Just pick one.)

Step 13 — Update the deployment share

1. Right-click the deployment share → Update Deployment Share.
2. Pick Completely regenerate the boot images.
3. Wait 10-20 minutes. The output: D:\DeploymentShare\Boot\LiteTouchPE_x64.iso and LiteTouchPE_x64.wim.

Step 14 — Make WinPE bootable

Two paths:

Path A — USB (single laptop, no PXE):

1. Get a 4 GB+ USB. Open Rufus (https://rufus.ie).
2. Select the USB. Image: LiteTouchPE_x64.iso. Partition: GPT. Target: UEFI (non-CSM). Start.

Path B — PXE (network boot, multiple laptops at once):

1. On the MDT host, install the Windows Deployment Services server role.
2. WDS console → Boot Images → right-click → Add Boot Image → LiteTouchPE_x64.wim from the deployment share.
3. Configure DHCP option 66/67 or use Windows DHCP server PXE options.

Step 15 — Prep the HP EliteBook 840 G7 BIOS

1. Power off the laptop completely.
2. Press the power button, then immediately and repeatedly press Esc until the Startup Menu appears.
3. Press F10 to enter BIOS Setup.
4. Verify:
   • Security → TPM Embedded Security: Enabled · Available
   • Advanced → Secure Boot Configuration: Secure Boot = Enable, Legacy = Disable
   • Advanced → Boot Options: UEFI Boot Order — Network Adapter ABOVE the SSD
   • Advanced → Built-in Device Options: Wake on LAN = Enabled, PXE Internal IPv4 NIC = Enabled
5. F10 to save, Yes to confirm. Laptop reboots.

💡 G7 quirk: The 840 G7's BIOS menu is text-only (older HP firmware). G10+ models have the prettier graphical interface. Same options, different look.

Step 16 — PXE boot

1. With the laptop powered off, plug in Ethernet (NOT the dock — direct cable to the LAN switch for first boot, to avoid dock NIC weirdness).
2. Power on. Press Esc, then F12 to open the Network Boot Menu.
3. Choose IPv4 PXE Boot.
4. The MDT Litetouch loading screen appears within 30 seconds.

Step 17 — Walk through the MDT wizard

1. Task Sequence: Win 11 24H2 — HP EliteBook Baseline
2. Computer name: auto-generated from serial, or type one in (HP-EB840-001 etc.)
3. Domain join: confirm corp.example.com + the OU you set in Step 8.
4. Applications: check the ones you want.
5. Click Begin.

Now go get coffee. The full sequence takes ~45 minutes:

Step 18 — Post-deploy validation

When the laptop hits the desktop, verify:

# Confirm Windows version
winver
# Expected: Windows 11 24H2 (build 26100.xxxx)

# Confirm domain join
(Get-WmiObject Win32_ComputerSystem).PartOfDomain
# Expected: True

# Confirm no missing drivers
Get-PnpDevice -Status Error,Unknown
# Expected: zero rows

# Confirm BitLocker
manage-bde -status C:
# Expected: Conversion Status = Fully Encrypted (or Encryption in Progress)

If all four pass — congratulations. You just imaged your first HP laptop with MDT.

Step 19 — Replicate to other 840 G7s (and other models)

For more 840 G7s: nothing to do. The task sequence picks them up via WMI Model match.

For a new model (say, 840 G10): repeat Steps 6–8 — download the G10 driver pack, drop it under Out-of-Box Drivers\Windows 11\HP EliteBook 840 G10, add a section to CustomSettings.ini. Update the deployment share. Done.

Step 20 — What to read next

• HP Quirks & Fixes — especially Intel VMD for G10+ models
• Driver Pack directory — bookmark this; you'll come back to it
• Method: SCCM / MECM — when you outgrow MDT (typically 500+ devices)
• FAQ — answers to the questions you're about to ask

Troubleshooting (most common failures)

"PXE-E61: Media test failure, check cable" — Cable is plugged into the dock, not the laptop. Plug directly into the laptop for the first deploy, then re-enable dock PXE later.

Wizard launches but says "A connection to the deployment share could not be made" — Bootstrap.ini has wrong credentials, or your share permissions don't include svc_mdt_pull. Test from a workstation: net use Z: \\mdt01\DeploymentShare$ /user:CORP\svc_mdt_pull.

OS lays down, first reboot, BSOD INACCESSIBLE_BOOT_DEVICE — You forgot to import the storage driver for this model. For G10+ Intel models specifically, see Intel VMD in Quirks.

Domain join fails — Your service account doesn't have Create Computer Objects permission on the target OU. Fix in AD Users & Computers → right-click OU → Delegate Control.

Apps don't install — The app's command line is wrong, or installer needs admin context. Check C:\MININT\SMSOSD\OSDLOGS\BDD.log on the target.