Task 01: Create USB Installation Media
DOCUMENT CATEGORY: Runbook SCOPE: USB media creation for simplified provisioning PURPOSE: Create a bootable USB drive with the maintenance environment MASTER REFERENCE: Microsoft Learn — Simplified Machine Provisioning
Status: Active
For a fully automated approach that bypasses USB media entirely, see the azurelocal-ztp project. It uses BMC/Redfish (iDRAC, XCC, iLO) to mount the maintenance-environment ISO as virtual media, set the boot source, and reboot — all without physical USB media or anyone in the rack.
Overview
Use the USB preparation tool to create a bootable USB drive containing the maintenance environment. This USB is used in Task 02 to boot each server into the maintenance environment, which generates ownership vouchers for Azure provisioning.
The USB preparation tool erases all data on the selected USB drive. Back up any important data before proceeding.
Prerequisites
| Requirement | Details |
|---|---|
| Windows 11 PC | With reliable internet connection and USB port |
| USB flash drive | At least 8 GB of space |
| Downloaded software | Maintenance environment ISO + USB preparation tool from Azure portal |
Step-by-Step
Step 1: Download the Software
- In the Azure portal, navigate to Azure Arc → Azure Local → Get started
- On the banner at the top, select Try provisioning (preview)
- On the Machine provisioning (preview) page, select View Downloads in the Download and install tile
- Download:
- Maintenance environment ISO image
- USB preparation tool (
usb_prep.exe) - Configurator app (used in later tasks)
Step 2: Add Defender Exclusion
The USB preparation tool requires a Windows Defender exclusion to run properly. Scope the exclusion narrowly to only the specific extracted path you downloaded from the Azure portal:
# Add exclusion for the USB preparation tool — use the exact path to your extracted folder
Add-MpPreference -ExclusionPath "{PATH_TO_EXTRACTED_FOLDER}\usb_prep.exe"
Alternatively: Windows Security → Virus & threat protection → Manage settings → Exclusions → Add an Exclusion → File → select usb_prep.exe.
Defender exclusions reduce your security posture. After you have finished creating the USB media in Step 3, remove the exclusion immediately:
# Remove the exclusion after USB creation is complete
Remove-MpPreference -ExclusionPath "{PATH_TO_EXTRACTED_FOLDER}\usb_prep.exe"
Or remove it via Windows Security → Virus & threat protection → Manage settings → Exclusions → remove the usb_prep.exe entry.
Step 3: Create the Bootable USB
- Attach the USB flash drive to your Windows 11 PC
- Open an elevated terminal (Run as Administrator)
- Run the USB preparation tool from the downloaded software package
- When prompted, enter the full path to the folder containing the maintenance environment ISO
- Select the USB drive from the list of available drives
- Press Y to confirm — this erases all content on the USB drive
- Wait for the tool to complete the media creation process
Step 4: Safely Eject
When the tool completes successfully, safely eject and disconnect the USB flash drive. It is now ready to boot servers in Task 02.
Validation
- USB preparation tool completed without errors
- USB drive safely ejected
- USB drive is bootable (will be verified when booting servers in Task 02)
Troubleshooting
| Issue | Resolution |
|---|---|
usb_prep.exe blocked by Defender | Add the exclusion path per Step 2. Ensure the exclusion points to the exact file path. |
| USB tool fails to detect drive | Ensure the USB is at least 8 GB, formatted as FAT32 or NTFS, and not mounted by other software. Try a different USB port. |
| Tool reports insufficient space | Use a USB drive with at least 8 GB. The maintenance ISO requires significant space. |
| Permission denied | Run the terminal as Administrator. The tool requires elevated privileges. |
Navigation
| ← Simplified Provisioning Overview | ↑ Phase 02: OS Installation | Task 02: Prepare Machines → |
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-05-01 | Azure Local Cloud | Initial release |