The Holy Grail of Deployment

3/23/2010

Presented by Rhonda J. Layfield Copyright 2010

IT industry 25+ years Contribute articles to Windows IT Pro mag Setup and Deployment MVP Desktop Deployment Product Specialist (DDPS) Co-Author Windows Server 2003 R2 and Windows Server 2008 books NEW Microsoft Deployment Book Deployment class Vegas next week

1

3/23/2010

Microsoft Assessment and Planning Tool (MAP) Manually creating and deploying imagesWindows Automated Installation Kit 2.0 Volume Activation and Key Management Service (KMS)

Microsoft Deployment Toolkit 2010Deploy a bare metal Windows 7 client Migrate an XP client to Windows 7 Advanced features

Windows Deployment Service (WDS)Installation Setup Common issues

Application Compatibility Toolkit (ACT)

Deployment Process Image FormatsWIM VHD

Windows Automated Installation Kit (WAIK) 2.0Windows Pre-Installation Environment (WinPE) 3.0 Windows System Image Manager (WSIM) User State Migration Tool (USMT) 4.0 Deployment Image Servicing and Management (DISM)

Volume Activation 2.0

2

3/23/2010

3

3/23/2010

Agentless Finding your clientsThis is called discovery

Getting information from your clientsInventory

Windows 7 Windows Vista Windows XP Pro SP 2 or later Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 R2 Windows Server 2003 SP 1 or later Runs on either x86 or x64 Itanium processors are not supported

4

3/23/2010

Discovery MethodsActive Directory Domain Services (AD DS) Windows networking protocols Import names of your computers from a file IP address ranges Manually enter a computer name

LDAP query to a DCAsking for information that is:Domain based Container based OU based

Some clients may not show upComputers that have not been logged onto the AD domain in over 90 days will not be inventoried Supports up to 120,000 computer objects per domain User Account that performs the LDAP querymember of the Domain Users group

5

3/23/2010

Windows Networking ProtocolsMachines that are connected to Workgroups or NT 4.0 domains Queries are sent to the Browser service Must be run on each subnet

Text fileEach computer name should be on a new line No delimiters Supports up to 120,000 computer names to inventoryNetBIOS names Fully Qualified Domain Names (FQDN)

Only one file at a time can be imported

Hardware and Device Driver PlanningWindows 7 Windows Vista Windows Server 2008 Windows Server 2008 R2

Microsoft Office 2007 Microsoft Application Virtualization Microsoft SQL Server 2008 Forefront Client Security and Network Access Protection.

6

3/23/2010

Windows Management Instrumentation (WMI)Collects hardware, software and device information

Remote Registry ServiceFinds the roles that are installed on a server

VMWare WebserviceInventory hosts running VMWare ESX

7

3/23/2010

1W7

2

Imaging ToolMDT ImageX WDS Capture

3

Targets

4

Deployment Server

WimsContain a single volume (c: d: e:) Multiple images may be stored in a single .wim fileSingle instancing No redundant file storage

Service image offlineApply patches quick and easily

VhdsBrand new with Windows 7 Contain an entire hard drive (multiple volumes) Microsoft Deployment Toolkit (MDT) 2010 does not support .vhd Windows Deployment Service does support .vhd

8

3/23/2010

ToolDeployment Tools Command Prompt CopyPE Deployment Image Servicing and Management (DISM) Imagex OSCDIMG Windows System Image Manager (WSIM) User State Migration Tool 4.0 (USMT 4.0)

What it does for You!cmd that is aware of the path that contains the WAIK tools create a WinPE working environment mount, unmount and manage images, Add / Remove packages and drivers to an image Capture and apply images create an .ISO out of the contents of a folder create answer files (setup scripts) in .xml format migrates users profile, IE favorites and documents

Volume Activation Management Tool 1.2 centrally manage volume activation

Install an OSXP SP3 Vista SP1 or later Windows 7 Windows Server 2003 R2 (all SPs) Windows Server 2008 (all SPs) Windows Server 2008 R2

Configure Settings Sysprep (Generalize switch) Capture an image using ImageX But you cant get an image of an OS up and running

9

3/23/2010

So youll need to boot the reference machine into another OS Thats where Windows Pre Installation Environment (WinPE) comes in WinPE 3.0 that is

Scaled down version of the Windows 7 KernelYou can think of it as W-7 Jr.

Boots into and runs from RAMX: drive by default

Not appropriate for production, day-to-day useReboots every 72 hours

Command Line Interface Only Can be converted to a bootable .ISO and placed on:CD, DVD, USB Flash Drive, external hard drive

Where can you find a WinPE?Boot.wim (from the sources folder on a DVD)

10

3/23/2010

WPEUtil shutdown WPEUtil reboot WPEUtil enablefirewall

Regedit.exe Netsh DiskPart

You want to create an image You want to apply an image You want to troubleshoot an issue with the OS offlineRoot kit detectors

11

3/23/2010

Create the WinPE structureCopype x86 C:\WinPEC:\WinPE folder cannot exist If it does youll get an error:Destination directory exists: C:\WinPE

Copype amd64 C:\WinPE Copype ia64 C:\WinPE

Copy winpe.wim c:\winpe\iso\sources\boot.wim Convert to an .ISO oscdimg -n h -betfsboot.com c:\winpe\iso c:\winpe\winpe.iso

12

3/23/2010

XML scripting support is built-in Additional packages are not inside WinPENo more Prepping Now you will Profile

You can put one on your system, add a .wim to it and tell bcdedit to boot that OS Mounting a .VHD in Win7 is called attaching" Un-Mounting a .VHD is called detaching Diskpart is the basic tool of choice to work with .vhds Of course, W-7 & 2008 use them for backups now

13

3/23/2010

Open elevated command prompt Diskpartcreate vdisk file=c:\W7Ultimate.vhd maximum=25000 type=fixed Select vdisk file=c:\W7Ultimate.vhd attach vdisk List disk (find your new disk number) Sel disk # Create part primary Sel part 1

Still in DiskpartSel part 1 Active Format fs=ntfs quick Assign Detail partition (get the drive letter) Exit

Mkdir f:\windows Imagex /apply c:\wims\install.wim 4 f:\ Edit Boot Configuration Database to boot from the new .vhd

14

3/23/2010

15

3/23/2010

Allows you to service images offlineBoth .wim and .vhd

Supports Vista SP1 and later images Enable / disable / configure Windows features Add and configure updates (MSUs) Gives you more functionality with consistent syntaxReplaced 3 toolsPackage Manager (Pkgmgr.exe) International Settings Configuration Tool (Intlcfg.exe) Windows PE command-line tool (PEimg.exe)

No capture or apply feature

Elevated command prompt Without image contextDism /? No image specified - your looking at the image that is currently running - called the HOST

With Image ContextDism /online /?Dont try this on WinPE

16

3/23/2010

Image Context DISM /? Vs DISM /online /?

DISM has an awesome help file Pipe it to a text file Edit the text file and save it For example to mount an image:Dism /Mount-Wim >C:\MW.txt Notepad C:\MW.txt Edit the command Paste it into a new doc Run it from the command prompt

The WinPE we created earlier needs ImageX added

17

3/23/2010

Mount WinPE.wimDism /Mount-Wim /WimFile:winpe.wim /index:1 /MountDir:C:\WinPE\Mount

Add Imagex to WinPE.wimCopy C:\Program Files\WAIK\Tools\amd64 (or x86, ia64) \ Imagex.exe into C:\WinPE\Mount\Windows

Un-Mount WinPE.wimDism /Unmount-Wim /MountDir:C:\WinPE\Mount /commit Or Dism /Unmount-Wim /MountDir:C:\WinPE\Mount /discard

Un-Mount WinPE.wimDism /Unmount-Wim /MountDir:C:\boot\mount

/commit

/discard

Oscdimg n h betfsboot.com C:\WinPE\Iso C:\WinPE\Boot.iso

18

3/23/2010

Its time to create the image from the C: volume Within WinPE type:imagex /capture c: c:\ name.wim description

Across the networkI have a server named WDS and a shared folder Images Open a command prompt Net use W: \\WDS\Imagesimagex /capture c: w:\name.wim description Imagex /capture c: w:\Win7Ult.wim Windows 7 Ultimate

19

3/23/2010

Windows\CSC (offline files) RECYCLER System Volume Information pagefile.sys hiberfil.sys $ntfs.log

Compress your image fast (default), none or maximumimagex /capture /compress switch c: c:\mkt.wim Mkt Apps A Win7 image not compressed = 3.65 GB (35 mins) A Win7 image with fast compression = 2.32 GB (45 mins) A Win7 image with max compression = 2.24 GB (90+ mins)

20

3/23/2010

Boot the target machine into WinPE Applying the imageCopy the image to the new C: partitionimagex /apply c:\imagename.wim 1 c:

Apply the image from a mapped drive (W:)imagex /apply w:\imagename.wim 1 c:

Must apply the image to the same partition it was created from

21

3/23/2010

What happens if your not the one who created the image?How do you know what is in it?Drivers Packages Applications

Getting information on .wims

22

3/23/2010

In the past we had ImagexImagex /info For example: Imagex /info c:\wims\install.wim

NOW we can use DISMDISM /Get-WimInfo /wimfile: Another example: Dism /get-wiminfo /wimfile:c:\wims\install.wim

Document, document, document!

23

3/23/2010

What you can do to a mounted imageDism /Image:c:\mount\win7 /?

Add all drivers from a folder:Dism /image:C:\winpe\mount /Add-Driver /driver:C:\drivers\

Add all drivers from a top level folder and all folders below:Dism /image:C:\winpe\mount /Add-Driver /driver:C:\drivers /recurse

Add a specific driver:Dism /image:C:\winpe\mount /Add-Driver /driver:C:\drivers\mydriver.INF

Get a listing of drivers:Dism /image:C:\winpe\mount /Get-Drivers Dism /image:C:\winpe\mount /Get-Drivers /format:table

Get driver information:Dism /image:C:\winpe\mount /Get-DriverInfo /driver:C:\test\drivers\usb\usb.inf

Remove drivers:Dism /image:C:\winpe\mount /Remove-Driver /driver:oem1.inf

Remove multiple driversDism /image: C\winpe\mount/Remove-Driver /driver:oem1.inf /driver:oem2.inf

24

3/23/2010

Mount Install.wimDism /Mount-Wim /WimFile:C:\wims\install.wim /index:5 /MountDir:C:\Mount Add drivers from C:\Drivers Dism /image:C:\mount /Add-Driver /driver:C:\drivers

List your driversDism /image:C:\winpe\mount /Get-Drivers

List your drivers in table formatDism /image:C:\winpe\mount /Get-Drivers /format:table

Un-Mount Install.wimDism /Unmount-Wim /MountDir:C:\Mount /commit

Check the status of your .wim Get mounted .wim informationDism /Get-MountedWimInfo OK good Needs remountDism /Remount-Wim /MountDir:

If that doesnt work Youll need to cleanup the wimDISM /Cleanup-Wim

Then Remount

25

3/23/2010

No more setup monkeynext, next, next Answer files help to create consistent installations Remember unattend.txt and winnt.sif from Windows XP?W-7s autounattend.xml = XPs unattend.txt/winnt.sif

Remember Setup Manager from Windows XPW-7s Windows System Image Manager (aka Windows SIM or WSIM) = XPs Setup Manager

Add third party drivers and applications via the answer file

26

3/23/2010

Open an image file (install.wim) OR Open an existing catalog file Choose to create a New Answer File Choose the components to configure Configure the components Validate the Answer fileFix any issues until no error messages

Save the answer file

Distribution Share Pane

Answer File Pane

Properties Pane

Windows Image Pane

Message Pane

27

3/23/2010

Open the Windows System Image Manager (Windows SIM)Click the Start button -> All Programs -> Microsoft Windows AIK -> Windows System Image Manager

Opening the install.wim file you copied from the Windows 7 Product DVDIn the bottom left corner right-click Select a Windows image or catalog file and choose Select Windows Image (or from the File menu) Browse to the folder where you copied the install.wim to OR Open a catalog file directly from the Windows 7 DVD /Sources folder

28

3/23/2010

This is expected, click Yes to create a catalog

A Catalog is a binary file that contains all the component settings in a Windows image file (.wim), which can be customized in an answer file Create the catalog for the OS you are creating the answer file forYou wouldnt want to attempt to configure Bitlocker for Win7 Business

The catalog will have a .clg extension and is created in the same directory as the .wim you opened Catalog files are typically 5 MB in size

29

3/23/2010

Catalog

Windows 7 Installations are performed in stages These stages are called Configuration Passes There are 7 but not all passes must be run

30

3/23/2010

Windows PE Configuration Pass (1)

31

3/23/2010



32

3/23/2010



33

3/23/2010

2 Reboots

Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)

34

3/23/2010



35

3/23/2010

Oobe System Configuration Pass (7)


36

3/23/2010


There are three passwords that may be put in an answer file:Microsoft-Windows-Shell-Setup | AutoLogon | Password Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount

Passwords are hidden by defaultTools menu -> Hide Sensitive Data

37

3/23/2010

Validating the answer file compares the setting values you have input to a list of valid entries for the image If a setting you have input does not match one of the valid entries for the image an error message will be displayed in the bottom right corner under Messages

Bottom Left corner in WSIM - Messages

Double-click the Component Location to go directly to the setting with the error, correct until you see:

38

3/23/2010

Windows could not parse or process the unattend answer file for pass [specialize]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows-Shell-Setup].

39

3/23/2010

Upgrade Applications

1 2Deployment Server

XP SP2

Run ScanState Store locally or across the network

40

3/23/2010

Upgrade Applications Run ScanState Store locally or across the network Install Windows 7

1 2

Deployment Server

XP SP2/SP3 Windows 7

3 Install Applications 4 Run LoadState 5

OS SupportedWindows XP Professional Windows XP Professional x64 Edition 32-bit versions of Windows Vista 64-bit versions of Windows Vista 32-bit versions of Windows 7 64-bit versions of Windows 7

ScanState X X X X X X

LoadState

X X X X

41

3/23/2010

Can - Migrate a 32-bit OS to a 64-bit OS Cannot - migrate a 64-bit OS to a 32-bit OS Can - Migration from XP SP2 / SP3 Not supported on:any of the Windows Server Oss Starter editions for Windows XP, Windows Vista, or Windows 7

USMT must be run in Administrator modeRight-click a command prompt and choose Run as Administrator

OR If you dont log on with an administrator account then the only user profile that will be migrated is the one you logged on as

42

3/23/2010

MigUser.xml MigApp.xml MigDocs.xml

MigUser.XML Rules to migrate user profiles and data Describes a core migration Folders that will be migrated Desktop files Start menu Quick Launch settings Favorites

My Documents My Video My Music My Pictures

43

3/23/2010

All Users profileWindows XP

Public profile in Vista or Windows 7Shared Documents Shared Video Shared Music Shared desktop files Shared Pictures Shared Start menu Shared Favorites

.accdb .ch3 .csv .dif .doc* .dot* .dqy .iqy .mcw .mdb* .mpp

.one* .oqy .or6 .pot* .ppa .pps* .ppt* .pre .pst .pub .qdf

.qel .qph .qsd .rqy .rtf .scd .sh3 .slk .txt .vl*

.vsd .wk* .wpd .wps .wq1 .wri .xl* .xla .xlb .xls*

44

3/23/2010

Accessibility settings Address book Command-prompt settings *Desktop wallpaper EFS files Favorites Folder options Fonts Users, Groups and Group memberships *Windows Internet Explorer settings * Settings not available for offline migration

Microsoft Open Database Connectivity (ODBC) settings Mouse and keyboard settings Network drive mapping *Network printer mapping *Offline files *Phone and modem options RAS connection and phone book (.pbk) files *Regional settings Remote Access

45

3/23/2010

*Taskbar settings Windows Mail Microsoft Outlook Express Mail (.dbx) files are migrated from Windows XP *Windows Media Player Windows Rights Management

MigUser.XMLThe following does not migrate with MigUser.xmFiles outside the user profile that dont match any extensions listed in MigUser.xml file

46

3/23/2010

Adobe Acrobat Reader AOL Instant Messenger Apple iTunes

9 6.8 7, 8

Money Plus Business Money Plus Home Mozilla Firefox Microsoft Office Access Microsoft Office Excel Microsoft Office OneNote Microsoft Office Outlook Microsoft Office PowerPoint Microsoft Office Publisher Microsoft Office Word Opera Software Opera

2008 2008 3 2003, 2007 2003, 2007 2003, 2007 2003, 2007 2003, 2007 2003, 2007 2003, 2007 9.5

Apple QuickTime Player 7 Apple Safari Google Chrome Google Picasa Google Talk IBM Lotus 1-2-3 IBM Lotus Notes IBM Lotus Organizer IBM Lotus WordPro Intuit Quicken 3.1.2 beta 3 beta 9.8 8 9.8 9.8 2009

Microsoft Office FrontPage 2003, 2007

Microsoft Outlook Express (mailbox file)

Microsoft Project Microsoft Office Visio RealPlayer Basic Sage Peachtree Skype Windows Live Mail Windows Live Messenger Windows Live MovieMaker Windows Live Photo Gallery Windows Live Writer Windows Mail Microsoft Works Yahoo Messenger Zune

2003, 2007 2003, 2007 11 2009 3.8 12, 14 8.5, 14 14 12, 14 12, 14 Vista only 9 9 3

47

3/23/2010

Cannot migrate from/to a different version of an application Except for Microsoft OfficeUSMT can migrate from an earlier version to a later Microsoft Project settings are not migrated from Office 2003 to Office 2007

Mapped network drives Local printers Hardware-related settings Drivers Passwords Application binary files Synchronization files DLL files

Executable files Permissions for shared folders Languages must match Customized icons for shortcuts Taskbar settings (Migrating from XP)

48

3/23/2010

Internet Connection Firewall check box and settings are migrated Internet Connection Sharing setting is not migratedCould make the network less secure if migrated to the destination computer

The firewall advanced-configuration settings are not migrated because of increased security risks The Network Connections user interface does not refresh properly until you log off or press F5

Data residing on USB hard disks will be migrated Data residing on USB flash drives (UFD) will not be included when you specify the /localonly option

49

3/23/2010

Running ScanStateCommand promptScanstate C:\Path To Store Data Scanstate C:\USMT Scanstate C:\USMT /Auto Scanstate C:\USMT /Auto /hardlink /nocompress

Running LoadStateLoadstate C:\Path To Store Data Loadstate C:\USMT Loadstate C:\USMT /Auto Loadstate C:\USMT /Auto /hardlink /nocompress

Uncompressed (UNC)Mirror image of the folder hierarchy being migrated Settings are stored in a catalog file that also describes how to restore files on the destination computer

Compresseda single image file that contains all files being migrated and a catalog file You can encrypt and protect this file with a password

Hard-Linka map that defines how a collection of bits on the hard disk are to be migrated. These files remain fully in tact

50

3/23/2010

Guarantees you are running a Genuine Windows OS Activation ensures the Windows Genuine Advantage (WGA) ActiveX control is validOSs that require ActivationVista Server 2008 Windows 7 Server 2008 R2

Online validation experience unchanged

51

3/23/2010

Multiple Activation Key (MAK)One key multiple activations Each client connects to Microsoft to activate 30 day initial activation periodCan be reset 3 times Slmgr -rearm

Key Management Service (KMS)Requires a KMS Server KMS server activates with Microsoft directly Volume license clients activate with internal KMS server

52

3/23/2010

Microsoft Activation Server

2 1 3Deployment.Com

Service License Manager (SLMGR)\System32 folder (Vista and later Oss)

Volume license software does NOT prompt for a license keyThe license key is built into the software

Turn KMS onSlmgr ipk INPUTKEY Slmgr ipk 11111-22222-33333-44444-55555

Same KMS key can be used 6 timesBuild 6 different KMS servers using the same key

KMS Servers can be re-activated 9 timesRe-build a KMS server

53

3/23/2010

KMS Server MUST activate with Microsoft Activate Online:Slmgr ato

Activate via the phone:Slui 4

Single domain1 SRV record created in DNS

1 KMS servicing multiple domainsDefault behaviorSRV record is published in the domain the KMS server is a member of

Manually create SRV records in DNS OR HKLM/Software/Microsoft/Windows NT/CurrentVersion/SLNew Multi-string value Named: DnsDomainPublishList Add each DNS domain suffix on its own line (Deployment.Com)

54

3/23/2010

Deployment.Com

Bigfirm.Com

55

3/23/2010

Volume Media 30 day initial grace periodIf activation does not occur AND activation has not been reset Activation is attempted every 2 hours

Once ActivatedActivation is good for 6 months Re-news activation every 7 days

Directly connect clients to a specific KMS serverSlmgr skms kms_FQDN Example:Slmgr skms kms_WDS.Deploy.Com OR Slmgr skms kms_10.10.10.5

The default port is TCP 1688, to change it type:Slmgr skms kms_10.10.10.5:2050

56

3/23/2010

Performed by DNS queries KMS server registers SRV records in DNSVlmcs

Client queries DNS asking for all vlmcs SRV records Random list is sent Client chooses one of the KMS serversConnection is successfulClient caches this KMS server for future activation attempts

Connection failsClient chooses another KMS server until it finds one

Weight and Priority now COUNT! W7- 2008/R2 Clients only

No But it can be (recommended) Support for SRV records (RFC 2782) Support for dynamic updates (RFC 2136) BIND 8.x & 9.x

57

3/23/2010

Performance Modified hardware tolerance values to reduce # of reactivations Count virtual systems towards KMS activation threshold Improved KMS discovery through DNS Suffix List

Reliability Improved notifications, clarified error messages and troubleshooting instructions Multiple improvements in WMI for SLSVC

Compatibility Updated tools to support Windows 7 Single KMS for multiple operating systems

System Center Configuration Manager 2007 System Center Operations Manager 2007 Alerts for major conditionsInitialization issues DNS SRV record registration failures Reports client activations monitor license conditions and asset intelligence use wmi to capture data health of KMS service

Event logs on KMS and clients

58

3/23/2010

Can be installed on:XP SP2 Server 2003 SP1 Vista Windows 7 Server 2008 Server 2008R2

59

3/23/2010

1W7 DVD Reference

2Store Image

MDT Deployment ServerMDT WinPE

Download Image

4XP SP2 Targets XP SP3

3Custom MDT WinPE

Bare MetalNew machines

RefreshKeeping the old hardwareRefreshing the OS on the existing machine

ReplaceReplacing existing hardware with newMaintaining users settings and data

UpgradeUnless your upgrading from Vista there is no upgrade path

60

3/23/2010

1W7

2

Imaging ToolMDT ImageX WDS Capture

3

Targets

4

Deployment Server

Upgrade Applications

1 2Deployment Server

Store Users Data and Settings XP SP2/SP3

61

3/23/2010

Upgrade Applications Store Users Data and Settings XP SP2/SP3 Windows 7

1 2

Deployment Server

3 Install Applications 4 Restore Users 5 Settings andInstall Windows 7 Data

Upgrade Applications Store Users Data and Settings XP SP2/SP3

1 2

Deployment Server

62

3/23/2010

Upgrade Applications Store Users Data and Settings XP SP2/SP3 Windows 7

1 2

Deployment Server

3 Install Applications 4 Restore Users 5 Settings andInstall Windows 7 Data

63

3/23/2010

MDT Deployment Image

Bare Metal Pro Con No Network Connectivity No Version Control

64

3/23/2010

Operating system must be:Vista SP1 Windows 7 Server 2003 SP2 Server 2008 Server 2008 R2

Windows Automated Installation Kit (WAIK) 2.0Required software is included in the WAIKNET Framework 2.0 MSXML 6.0 MMC 3.0 if Server 2003

New default installation of W72 partitions (hidden): - Bootmgr and friends C:\Windows

All commands are Powershell New .vhd image formatNOT supported in MDT 2010 .Wims only

65

3/23/2010

Create a Deployment Share Import OSs Add applications Add drivers Add patches Create a task sequence Update Deployment Share Deploy

The Deployment Share is the shared folder on the Deployment Server where target machines connect to perform the deployment You must create itOld MDT created it for youBut it put it on the C: drive

Now you decide where to create itMDT Deployment Server Deployment Share

66

3/23/2010

XP SP3 Vista SP1 or later Windows 7 Windows Server 2003 R2 Windows Server 2008 & R2

Supported OSs

67

3/23/2010

3rd party drivers

68

3/23/2010

OS patches Language Packs

A list of tasks to be run in order to complete the deployment The order in which the tasks will be run Run task sequences in two different waysStandard Client TSLiteTouchPE_x86.iso Within XP

69

3/23/2010

TASK SEQUENCE TEMPLATE NAME Sysprep and Capture TS Standard Client TS Standard Client Replace TS Custom Task Sequence TS Lite Touch OEM TS Standard Server TS

DESCRIPTIONSyspreps and reboots into WinPE then runs ImageX to capture an image of the machine. Deploys a desktop operating system, applications, drivers and patches. Backs up the target machine before deploying an image including gathering users state information Task sequence you create that deploys applications, drivers and packages to machine that already contains an operating system. Used by OEMs to deploy OS images to target machines en mass Basic server task sequence that will deploy a Server operating system, applications, drivers and patches to a target server (including roles like DNS, AD and DHCP). Performs installation tasks after the operating system is deployed to a target machine.

Post OS Installation TS

70

3/23/2010

Boot the MDT WinPECD DVD External hard drive UFD (USB flash device)

Run the Deployment Wizard

71

3/23/2010

Choose which pages are displayed during the deployment Suppress the pages you do not want anyone to change or see like:Product Key Administrators password

Properties of your deployment shareRules tabF:\DeploymentShare\Control\CustomSettings.ini

[Settings] Priority=Default [Default] DeployRoot=\\DeploySrv\DeploymentShare$ SkipBDDWelcome=YES

72

3/23/2010

[Settings] Priority=Default [Default] _SMSTSORGNAME=DeploymentDr OSInstall=Y SkipTaskSequence=YES TaskSequenceID= W7X64 SkipComputerName=YES ComputerName=%SerialNumber%

SkipUserData=YES SkipLocaleSelection=YES KeyboardLocale=En-US UserLocale= En-US UILanguage= En-US SkipTimeZone=YES TimeZoneName=Eastern Standard Time SkipApplications=YES

73

3/23/2010

SkipCapture=YES SkipAppsOnUpgrade=YES SkipAdminPassword=YES AdminPassword=Swordfish1 SkipProductKey=YES ProductKey=11111-22222-33333-44444-55555 SkipBitLocker=YES

74

3/23/2010

Selection profiles allow you to group MDT components The grouped MDT components can be used for different reasons The MDT components you group will determine what you can do with the selection profile:Group drivers and packages to inject into the MDT generated WinPEs Group drivers to inject into an OS task sequence Control which MDT components are included in media Group MDT components to replicate (and keep in sync) to other deployment shares Pick and choose which TS and applications appear in the deployment workbench

R-click Selection Profile Choose New Selection Profile Choose your components

75

3/23/2010

Media allows you create a fully deployable image complete with OS, applications, drivers, packages and task sequences that can be deployed with NO NETWORK CONNECTIVITY Create MediaFirst youll need a selection profile containing the MDT components needed for deployment to a client (include everything) Within DW r-click Media Choose New Media Give it a name, choose your selection profile Update Media (r-click the MEDIA001 and choose Update Media Content) Copy files to external hard drive, UFD or burn the .ISO to DVD

LDS allow you copy a subset (or all if you choose) of components to another machine Even windows 7 can be a LDS MDT 2010 does not need to be installed on the machine To create a LDS First create a selection profile containing all the MDT components you would like replicatedFrom within the Deployment Workbench R-click Linked Deployment Shares node and choose New Linked Deployment Share Type in the UNC path to where you want the new LDS\\ComputerName\Shared\FolderName

76

3/23/2010

Choose your selection profile Select one of the options:Merge the selected contents into the targert deployment share OR Replace the contents of the target deployment share folders with those selected

R-click LINKED001 and choose Replicate Content

The contents you selected in your selection profile will be copied to the new LDS via ROBOCopy I would change the replication technology to be DFS-r

77

3/23/2010

Discover IP Bare-Metal

DHCP/WDS

Acknowledge

DHCP

1 2 3Bare-Metal WDS AD/DNS

78

3/23/2010

Installing WDS on a 2003 SP1 ServerInstall RIS Install patch from the WAIK: windows_deployment_services_update.exe

Installing WDS on a 2003 SP2 ServerControl Panel / Add/Remove Programs / Windows Components / WDS

Installing WDS on a 2008 (& R2) serverServer Manager Add Roles Select Windows Deployment Services from the list of roles

WDS snap-in Right-click Servers Add Server defaults to local server Right-click your server and choose Configure Server.

79

3/23/2010

Store your images on a drive other than where the OS resides

80

3/23/2010

81

3/23/2010

564D49219C768546A956C310ED7D2BF6

82

3/23/2010

The most current will always be best Windows 7 Boow.wim can deployVista SP1 Windows Server 2003 R2 Windows 7 Server 2008 & R2

Accidently use a Vista or Vista SP1 boot.wim?Vista boot.wim cannot deploy W7 or 2K8 R2 Failure on the Offline servicing pass even if its not configured to install patches

Both .wim and .vhd are supported Adding a .wimRightclick Install ImagesAdd Install Image Image GroupsSingle Instancing occurs

Adding a .vhdElevated command prompt WDSUTIL /Add-Image /ImageFile:\\Server\Share \Win7.vhd /Server:WDSServer /ImageType:Install /ImageGroup:Windows7 /Filename:"Windows7.vhd"

83

3/23/2010

Dynamic Driver Provisioning (DDP) Add drivers to a driver group Driver groups can be filtered to make the packages in the group available to a specific group of clientsNo filters?All packages are available to all clients with matching hardware You defineClients have access to all packages in a group or Only packages that match the hardware (Plug and Play hardware)

FiltersBased on the hardware of the client (manufacturer or BIOS) Based on an attribute of the install image selected for the client (version or edition of the image167

R-click boot image Choose Add Driver Packages to Image

168

84

3/23/2010

PXE Protocol is an extension of DHCP Created by Intel as a standard with a set of pre-boot services stored in the boot firmware The goal:Perform a network boot Find and download a network boot program (NBP) from a Network Boot Server

85

3/23/2010

86

3/23/2010

87

3/23/2010

88

3/23/2010

1) Choose your OS Image

89

3/23/2010

All PXE / DHCP traffic is local traffic onlyDHCP port UDP 67 PXE traffic port UDP 4011

90

3/23/2010

Mis-configured Switch or Router

Where will the client go?Known clients can be configured to connect to a specific WDS Server

Or You could create a list of WDS Servers to be presented to the client so they can manually choose which WDS Server they connect to:Registry entry Restart the WDS Service

91

3/23/2010

What happens when there is more than one WDS Server But you dont want to set in stone which WDS Server the client attaches to You want to be able to pick and choose your WDS Server Registry setting changed on the WDS Server HKLM\SYSTEM\CurrentControlSet\services\WDSS erver\Providers\WDSPXE\Providers\BINLSVCAllowServerSelection = 1

Restart the WDS servicenet stop WDSServer & net start WDSServer

3 Scenarios1.

WDS and DHCP on the same subnet/ different serversClient will find WDS by broadcasting

2.

WDS and DHCP on different subnetsClient must find WDS through options 66 and 67 set in DHCP

3.

WDS & DHCP on same serverClient finds WDS through Option 60 in DHCP

92

3/23/2010

DHCP BareBare-Metal Discover IP/PXE Server

WDS

DHCP BareBare-Metal

Discover IP/PXE Server

Acknowledge

Request

WDS

93

3/23/2010

Discover IP BareBare-Metal

DHCP / WDS

Acknowledge

IP helpers configured properly on your switches and

routers are more reliable Older PXE ROMs have issues with DHCP options 60,66,67Options 66 & 67 are referred to as a Network Boot Referral (NBR)

94

3/23/2010

Server1 sends packet 1 to client1 Server1 sends packet 1 to client2 Server1 sends packet 1 to client3

Server1 sends packet 1 to all clients

Server1 sends packet 1 to client1, client5 client9, client22

Multiple Stream TransferMultiple streams of traffic Optimized rates based on client connectionFast

Client Auto RemovalSlower clients can be dropped to unicast or entirely (only in standard multicast)

Medium

Boot Image MulticastSlow

Windows PE boot images can use multicast (clients with EFI)

95

3/23/2010

WDS Server Multicast Transmission First client joins transmission

Clients

WDS Server Multicast Transmission Waiting for other clients to join

Clients

96

3/23/2010

WDS Server Multicast Transmission Additional clients join stream

Fastest Mediu m

Slowest Mediu m Clients with multiple transfer speeds

WDS Server Multicast Transmission More clients to join

Mediu m

Slowest Mediu m

Fastest Mediu m

Fastest Mediu m

Clients with multiple transfer speeds

97

3/23/2010

WDS Server Multicast

Last clients complete

Slowest

Mediu m

Mediu m

Clients with multiple transfer speeds

WDS Server Multicast All clients complete. Transmission ends.

Clients

98

3/23/2010

2 ways to start creating a multicast transmission from within the WDS snap-inRight-click Multicast Transmissions and choose Create Multicast Transmission

ORDrill down to your Install Image and right-click the image then choose Create Multicast Transmission

99

3/23/2010

You will need 2 scriptsWinPE PhaseLanguage of installation Keyboard layout Credentials for Image Which Image to install Disk Configuration (partitioning) Where to install the image

The rest of the installation (specialize and OOBE)Computer name User account Time zone

WinPE scriptStore script in RemoteInstall\WDSClientUnattend folder WDS snap-in -> R-click server -> Properties Client tabEnable unattended installation Browse to WinPE script Sets the script for all computers of that architecture

100

3/23/2010

Switch that doesnt support IGMP uses broadcast instead of multicastThe slowest computer on the switch dictates the speed of all broadcast traffic

Client computers that are in a sleep power stateWindows operating system reduce the speed of the network connection to 10 Mbps to save power

So a client attempting to multicast an image on the same switch as a sleeping client causes severe performance problem for multicast The fixswitching hardware supports IGMP

101

3/23/2010

Default Permissions Local administrator on the WDS serverFull Control of the RemoteInstall folder Full Control permissions on HKEY_LOCAL_MACHINE\System

Domain administrator (domain where the WDS server resides)Full Control permissions on the Service Control Point (SCP) in AD DS for the WDS server.

WDS depends on AD DS for the PXE provider to create computer accounts and service control points (SCPs) in AD. The SCP is a child object under a WDS servers account object used to store configuration dataIdentifies the server as a WDS server

Finding the SCP - DEMOADSIEdit -> Find your servers computer object -> Expand your server -> CN=NameOfMyServer-RemoteInstallation-Services Properties

102

3/23/2010

Enterprise administratorDynamic Host Configuration Protocol (DHCP) authorization permissions

Admin ApprovalThe computer account is created using the servers authentication token (not the admins token performing the approval) WDSSERVER$ must have create computer account objects on the containers / OUs where the approved pending computers will be created

Admin Approval of Pending ComputersR/W to the F:\RemoteInstall\MGMT contains Binlsvcdb.mdb

Active Directory Users and ComputersCreate a custom task to delegate on OU where the computer account will be created -> Write all properties on Computer Objects

103

3/23/2010

ADUCR-click the container or OU and go to Properties Click the Advanced button and add a user or group then click the Edit button Under Apply to: This object and all descendant objects Allow Create Computer objects Ok (3x)

BUT now that user can create computer objects and join machines to the domain What if you only want someone to be able to join a machine to the domain?

JoinRights registry setting determines the set of security privileges located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro lSet\Services\WDSServer\Providers\WDSPXE\Pro viders\BINLSVC\AutoApprove\ Name: JoinRights Type: DWORD Value: 0 = JoinOnly.; 1 = Full

104

3/23/2010

The User registry setting determines which users have the right to join the domain User setting located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro lSet\Services\WDSServer\Providers\WDSPXE\Pro viders\BINLSVC\AutoApprove\ Name: User Type: REG_SZ Value: group or user.

Creating computer accounts against a non-English domain controller using the default user property. Set the Auto-Add settings to use an account that does not contain extended characters.Acceptable characters ([A-Z, a-z, 0-9, \, -, and so on]) For example if the German "Domnen-Admins is used the Auto-Add will fail. WDSUTIL /set-Server /AutoAddSettings /Architecture:x86 /User:Deploy\Administrator

105

3/23/2010

TASK Prestage a computer

Permission ADUC -> Create a custom task to delegate on OU where you are putting the computer account -> Write all properties on Computer Objects FC F:\RemoteInstall\Images\ImageGroup R/W for the image (on image properties in WDS) R/W F:\RemoteInstall\Boot R/W F:\RemoteInstall\Admin (if upgrading from 2K3 server) R/W F:\RemoteInstall\Boot

Add/Remove Image or Image Group Disable an image ADD boot image

Remove boot image

TASK Manage properties on an OS image Convert a RIPREP image Create Discover / Capture image Create a multicast transmission

Permission R/W on image Res.rwm file found: F:RemoteInstall\Images\ R original RIPREP image R/W %TEMP% and destination folder R original boot image R/W %TEMP% and destination folder FC on: HKEY_LOCAL_MACHINE\SYSTEM\C urrentControlSet\Services\WDSServ er\Providers\Multicast R F:\RemoteInstall\Images\

106

3/23/2010

Server 2008 increased the TFTP block size from 512 bytes to 1,456 bytes to speed things up. If your network has a TFTP block size of less than 1,456 bytes this breaks WDS. Resolution:Install hotfix 975710 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WDSServer\Providers\WDSTFTP Create a new REG_DWORDName: MaximumBlockSize Value range: 5121456

Renaming a machine Moving a machine from one domain to another Youll need to uninitialize & reinitialize WDS serverFrom a cmd on the WDS server Wdsutil /uninitialize-server Wdsutil /initialize-server /reminst:E:\RemoteInstall

107

3/23/2010

WDSCapture WinPEAdd boot.wim from a 2K8 Server .iso Right-click the boot.wim and choose Create capture image Add the new .wim file that you just created

Sysprep-reseal generalize

No Volume to capture?

108

3/23/2010

Ensure there are not duplicate machine accounts prestaged for the same machinePre-stage using the MAC address Swap the NIC to another machine Dual Admins1st admin creates a computer object in ADUC 2nd admin pre-stages a computer object with the NIC or GUID

The first one found is used

109

3/23/2010

Using an older boot.wim Architectures and WinPE Copype WinPECreating your own

The most current will always be best Windows 7 Boow.wim can deployVista SP1 Windows Server 2003 R2 Windows 7 Server 2008 & R2

Accidently use a Vista or Vista SP1 boot.wim?Vista boot.wim cannot deploy W7 or 2K8 R2 Failure on the Offline servicing pass even if its not configured to install patches

110

3/23/2010

Multicast traffic running really slow Which version of IGMP is being used?V3 or v2?

Multiple WDS servers multicast trafficOverlapping IP addresses WDS snap-in -> Properties of Server -> Multicast tab -> change the IP addresses

111

3/23/2010

Unattend .xml scripts (2) XP & 2K3 vs Vista and later Unattend.xml does not process settingsNot named properly Not stored in the correct folder

112

3/23/2010

From the clientClient receives an IP address Discovers a Network Boot Server (NBS) Downloads the Network Boot Program (NBP) from the NBS (TFTP) and executes it

From the serverServers IP address Name of a NBP the client may request

IP helpers configured properly on your switches and

routers are more reliable Older PXE ROMs have issues with DHCP options 60,66,67Options 66 & 67 are referred to as a Network Boot Referral (NBR)

113

3/23/2010

MDT & WDS TogetherMDT Deployment Server W7 DVDMDT WinPE

Model

Store Image

Download Image

WDS Server

MDT WinPE

MDT can use WDS Multicast feature Targets

F12

WDSInstallation Configuration Known clients vs Unknown clients PXE Booting Multiple WDS Server Selection Common issues Multicasting Automating

Integrating WDS and MDTPXE boot Multicast

114

3/23/2010

Questions or [email protected] Please fill out your evaluations! WWW.DeploymentDr.Com [email protected]

115