Post on 24-Oct-2014
transcript
3/23/2010
Presented by Rhonda J. Layfield Copyright 2010
IT industry 25+ years Contribute articles to Windows IT Pro mag Setup and Deployment MVP Desktop Deployment Product Specialist (DDPS) Co-Author Windows Server 2003 R2 and Windows Server 2008 books NEW Microsoft Deployment Book Deployment class Vegas next week
1
3/23/2010
Microsoft Assessment and Planning Tool (MAP) Manually creating and deploying imagesWindows Automated Installation Kit 2.0 Volume Activation and Key Management Service (KMS)
Microsoft Deployment Toolkit 2010Deploy a bare metal Windows 7 client Migrate an XP client to Windows 7 Advanced features
Windows Deployment Service (WDS)Installation Setup Common issues
Application Compatibility Toolkit (ACT)
Deployment Process Image FormatsWIM VHD
Windows Automated Installation Kit (WAIK) 2.0Windows Pre-Installation Environment (WinPE) 3.0 Windows System Image Manager (WSIM) User State Migration Tool (USMT) 4.0 Deployment Image Servicing and Management (DISM)
Volume Activation 2.0
2
3/23/2010
3
3/23/2010
Agentless Finding your clientsThis is called discovery
Getting information from your clientsInventory
Windows 7 Windows Vista Windows XP Pro SP 2 or later Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 R2 Windows Server 2003 SP 1 or later Runs on either x86 or x64 Itanium processors are not supported
4
3/23/2010
Discovery MethodsActive Directory Domain Services (AD DS) Windows networking protocols Import names of your computers from a file IP address ranges Manually enter a computer name
LDAP query to a DCAsking for information that is:Domain based Container based OU based
Some clients may not show upComputers that have not been logged onto the AD domain in over 90 days will not be inventoried Supports up to 120,000 computer objects per domain User Account that performs the LDAP querymember of the Domain Users group
5
3/23/2010
Windows Networking ProtocolsMachines that are connected to Workgroups or NT 4.0 domains Queries are sent to the Browser service Must be run on each subnet
Text fileEach computer name should be on a new line No delimiters Supports up to 120,000 computer names to inventoryNetBIOS names Fully Qualified Domain Names (FQDN)
Only one file at a time can be imported
Hardware and Device Driver PlanningWindows 7 Windows Vista Windows Server 2008 Windows Server 2008 R2
Microsoft Office 2007 Microsoft Application Virtualization Microsoft SQL Server 2008 Forefront Client Security and Network Access Protection.
6
3/23/2010
Windows Management Instrumentation (WMI)Collects hardware, software and device information
Remote Registry ServiceFinds the roles that are installed on a server
VMWare WebserviceInventory hosts running VMWare ESX
7
3/23/2010
1W7
2
Imaging ToolMDT ImageX WDS Capture
3
Targets
4
Deployment Server
WimsContain a single volume (c: d: e:) Multiple images may be stored in a single .wim fileSingle instancing No redundant file storage
Service image offlineApply patches quick and easily
VhdsBrand new with Windows 7 Contain an entire hard drive (multiple volumes) Microsoft Deployment Toolkit (MDT) 2010 does not support .vhd Windows Deployment Service does support .vhd
8
3/23/2010
ToolDeployment Tools Command Prompt CopyPE Deployment Image Servicing and Management (DISM) Imagex OSCDIMG Windows System Image Manager (WSIM) User State Migration Tool 4.0 (USMT 4.0)
What it does for You!cmd that is aware of the path that contains the WAIK tools create a WinPE working environment mount, unmount and manage images, Add / Remove packages and drivers to an image Capture and apply images create an .ISO out of the contents of a folder create answer files (setup scripts) in .xml format migrates users profile, IE favorites and documents
Volume Activation Management Tool 1.2 centrally manage volume activation
Install an OSXP SP3 Vista SP1 or later Windows 7 Windows Server 2003 R2 (all SPs) Windows Server 2008 (all SPs) Windows Server 2008 R2
Configure Settings Sysprep (Generalize switch) Capture an image using ImageX But you cant get an image of an OS up and running
9
3/23/2010
So youll need to boot the reference machine into another OS Thats where Windows Pre Installation Environment (WinPE) comes in WinPE 3.0 that is
Scaled down version of the Windows 7 KernelYou can think of it as W-7 Jr.
Boots into and runs from RAMX: drive by default
Not appropriate for production, day-to-day useReboots every 72 hours
Command Line Interface Only Can be converted to a bootable .ISO and placed on:CD, DVD, USB Flash Drive, external hard drive
Where can you find a WinPE?Boot.wim (from the sources folder on a DVD)
10
3/23/2010
WPEUtil shutdown WPEUtil reboot WPEUtil enablefirewall
Regedit.exe Netsh DiskPart
You want to create an image You want to apply an image You want to troubleshoot an issue with the OS offlineRoot kit detectors
11
3/23/2010
Create the WinPE structureCopype x86 C:\WinPEC:\WinPE folder cannot exist If it does youll get an error:Destination directory exists: C:\WinPE
Copype amd64 C:\WinPE Copype ia64 C:\WinPE
Copy winpe.wim c:\winpe\iso\sources\boot.wim Convert to an .ISO oscdimg -n h -betfsboot.com c:\winpe\iso c:\winpe\winpe.iso
12
3/23/2010
XML scripting support is built-in Additional packages are not inside WinPENo more Prepping Now you will Profile
You can put one on your system, add a .wim to it and tell bcdedit to boot that OS Mounting a .VHD in Win7 is called attaching" Un-Mounting a .VHD is called detaching Diskpart is the basic tool of choice to work with .vhds Of course, W-7 & 2008 use them for backups now
13
3/23/2010
Open elevated command prompt Diskpartcreate vdisk file=c:\W7Ultimate.vhd maximum=25000 type=fixed Select vdisk file=c:\W7Ultimate.vhd attach vdisk List disk (find your new disk number) Sel disk # Create part primary Sel part 1
Still in DiskpartSel part 1 Active Format fs=ntfs quick Assign Detail partition (get the drive letter) Exit
Mkdir f:\windows Imagex /apply c:\wims\install.wim 4 f:\ Edit Boot Configuration Database to boot from the new .vhd
14
3/23/2010
15
3/23/2010
Allows you to service images offlineBoth .wim and .vhd
Supports Vista SP1 and later images Enable / disable / configure Windows features Add and configure updates (MSUs) Gives you more functionality with consistent syntaxReplaced 3 toolsPackage Manager (Pkgmgr.exe) International Settings Configuration Tool (Intlcfg.exe) Windows PE command-line tool (PEimg.exe)
No capture or apply feature
Elevated command prompt Without image contextDism /? No image specified - your looking at the image that is currently running - called the HOST
With Image ContextDism /online /?Dont try this on WinPE
16
3/23/2010
Image Context DISM /? Vs DISM /online /?
DISM has an awesome help file Pipe it to a text file Edit the text file and save it For example to mount an image:Dism /Mount-Wim >C:\MW.txt Notepad C:\MW.txt Edit the command Paste it into a new doc Run it from the command prompt
The WinPE we created earlier needs ImageX added
17
3/23/2010
Mount WinPE.wimDism /Mount-Wim /WimFile:winpe.wim /index:1 /MountDir:C:\WinPE\Mount
Add Imagex to WinPE.wimCopy C:\Program Files\WAIK\Tools\amd64 (or x86, ia64) \ Imagex.exe into C:\WinPE\Mount\Windows
Un-Mount WinPE.wimDism /Unmount-Wim /MountDir:C:\WinPE\Mount /commit Or Dism /Unmount-Wim /MountDir:C:\WinPE\Mount /discard
Un-Mount WinPE.wimDism /Unmount-Wim /MountDir:C:\boot\mount
/commit
/discard
Oscdimg n h betfsboot.com C:\WinPE\Iso C:\WinPE\Boot.iso
18
3/23/2010
Its time to create the image from the C: volume Within WinPE type:imagex /capture c: c:\ name.wim description
Across the networkI have a server named WDS and a shared folder Images Open a command prompt Net use W: \\WDS\Imagesimagex /capture c: w:\name.wim description Imagex /capture c: w:\Win7Ult.wim Windows 7 Ultimate
19
3/23/2010
Windows\CSC (offline files) RECYCLER System Volume Information pagefile.sys hiberfil.sys $ntfs.log
Compress your image fast (default), none or maximumimagex /capture /compress switch c: c:\mkt.wim Mkt Apps A Win7 image not compressed = 3.65 GB (35 mins) A Win7 image with fast compression = 2.32 GB (45 mins) A Win7 image with max compression = 2.24 GB (90+ mins)
20
3/23/2010
Boot the target machine into WinPE Applying the imageCopy the image to the new C: partitionimagex /apply c:\imagename.wim 1 c:
Apply the image from a mapped drive (W:)imagex /apply w:\imagename.wim 1 c:
Must apply the image to the same partition it was created from
21
3/23/2010
What happens if your not the one who created the image?How do you know what is in it?Drivers Packages Applications
Getting information on .wims
22
3/23/2010
In the past we had ImagexImagex /info For example: Imagex /info c:\wims\install.wim
NOW we can use DISMDISM /Get-WimInfo /wimfile: Another example: Dism /get-wiminfo /wimfile:c:\wims\install.wim
Document, document, document!
23
3/23/2010
What you can do to a mounted imageDism /Image:c:\mount\win7 /?
Add all drivers from a folder:Dism /image:C:\winpe\mount /Add-Driver /driver:C:\drivers\
Add all drivers from a top level folder and all folders below:Dism /image:C:\winpe\mount /Add-Driver /driver:C:\drivers /recurse
Add a specific driver:Dism /image:C:\winpe\mount /Add-Driver /driver:C:\drivers\mydriver.INF
Get a listing of drivers:Dism /image:C:\winpe\mount /Get-Drivers Dism /image:C:\winpe\mount /Get-Drivers /format:table
Get driver information:Dism /image:C:\winpe\mount /Get-DriverInfo /driver:C:\test\drivers\usb\usb.inf
Remove drivers:Dism /image:C:\winpe\mount /Remove-Driver /driver:oem1.inf
Remove multiple driversDism /image: C\winpe\mount/Remove-Driver /driver:oem1.inf /driver:oem2.inf
24
3/23/2010
Mount Install.wimDism /Mount-Wim /WimFile:C:\wims\install.wim /index:5 /MountDir:C:\Mount Add drivers from C:\Drivers Dism /image:C:\mount /Add-Driver /driver:C:\drivers
List your driversDism /image:C:\winpe\mount /Get-Drivers
List your drivers in table formatDism /image:C:\winpe\mount /Get-Drivers /format:table
Un-Mount Install.wimDism /Unmount-Wim /MountDir:C:\Mount /commit
Check the status of your .wim Get mounted .wim informationDism /Get-MountedWimInfo OK good Needs remountDism /Remount-Wim /MountDir:
If that doesnt work Youll need to cleanup the wimDISM /Cleanup-Wim
Then Remount
25
3/23/2010
No more setup monkeynext, next, next Answer files help to create consistent installations Remember unattend.txt and winnt.sif from Windows XP?W-7s autounattend.xml = XPs unattend.txt/winnt.sif
Remember Setup Manager from Windows XPW-7s Windows System Image Manager (aka Windows SIM or WSIM) = XPs Setup Manager
Add third party drivers and applications via the answer file
26
3/23/2010
Open an image file (install.wim) OR Open an existing catalog file Choose to create a New Answer File Choose the components to configure Configure the components Validate the Answer fileFix any issues until no error messages
Save the answer file
Distribution Share Pane
Answer File Pane
Properties Pane
Windows Image Pane
Message Pane
27
3/23/2010
Open the Windows System Image Manager (Windows SIM)Click the Start button -> All Programs -> Microsoft Windows AIK -> Windows System Image Manager
Opening the install.wim file you copied from the Windows 7 Product DVDIn the bottom left corner right-click Select a Windows image or catalog file and choose Select Windows Image (or from the File menu) Browse to the folder where you copied the install.wim to OR Open a catalog file directly from the Windows 7 DVD /Sources folder
28
3/23/2010
This is expected, click Yes to create a catalog
A Catalog is a binary file that contains all the component settings in a Windows image file (.wim), which can be customized in an answer file Create the catalog for the OS you are creating the answer file forYou wouldnt want to attempt to configure Bitlocker for Win7 Business
The catalog will have a .clg extension and is created in the same directory as the .wim you opened Catalog files are typically 5 MB in size
29
3/23/2010
Catalog
Windows 7 Installations are performed in stages These stages are called Configuration Passes There are 7 but not all passes must be run
30
3/23/2010
Windows PE Configuration Pass (1)
31
3/23/2010
Windows PE Configuration Pass (1)
Windows PE Configuration Pass (1)
32
3/23/2010
Windows PE Configuration Pass (1)
Windows PE Configuration Pass (1)
33
3/23/2010
2 Reboots
Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
34
3/23/2010
Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
35
3/23/2010
Oobe System Configuration Pass (7)
Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
36
3/23/2010
Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
There are three passwords that may be put in an answer file:Microsoft-Windows-Shell-Setup | AutoLogon | Password Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount
Passwords are hidden by defaultTools menu -> Hide Sensitive Data
37
3/23/2010
Validating the answer file compares the setting values you have input to a list of valid entries for the image If a setting you have input does not match one of the valid entries for the image an error message will be displayed in the bottom right corner under Messages
Bottom Left corner in WSIM - Messages
Double-click the Component Location to go directly to the setting with the error, correct until you see:
38
3/23/2010
Windows could not parse or process the unattend answer file for pass [specialize]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows-Shell-Setup].
39
3/23/2010
Upgrade Applications
1 2Deployment Server
XP SP2
Run ScanState Store locally or across the network
40
3/23/2010
Upgrade Applications Run ScanState Store locally or across the network Install Windows 7
1 2
Deployment Server
XP SP2/SP3 Windows 7
3 Install Applications 4 Run LoadState 5
OS SupportedWindows XP Professional Windows XP Professional x64 Edition 32-bit versions of Windows Vista 64-bit versions of Windows Vista 32-bit versions of Windows 7 64-bit versions of Windows 7
ScanState X X X X X X
LoadState
X X X X
41
3/23/2010
Can - Migrate a 32-bit OS to a 64-bit OS Cannot - migrate a 64-bit OS to a 32-bit OS Can - Migration from XP SP2 / SP3 Not supported on:any of the Windows Server Oss Starter editions for Windows XP, Windows Vista, or Windows 7
USMT must be run in Administrator modeRight-click a command prompt and choose Run as Administrator
OR If you dont log on with an administrator account then the only user profile that will be migrated is the one you logged on as
42
3/23/2010
MigUser.xml MigApp.xml MigDocs.xml
MigUser.XML Rules to migrate user profiles and data Describes a core migration Folders that will be migrated Desktop files Start menu Quick Launch settings Favorites
My Documents My Video My Music My Pictures
43
3/23/2010
All Users profileWindows XP
Public profile in Vista or Windows 7Shared Documents Shared Video Shared Music Shared desktop files Shared Pictures Shared Start menu Shared Favorites
.accdb .ch3 .csv .dif .doc* .dot* .dqy .iqy .mcw .mdb* .mpp
.one* .oqy .or6 .pot* .ppa .pps* .ppt* .pre .pst .pub .qdf
.qel .qph .qsd .rqy .rtf .scd .sh3 .slk .txt .vl*
.vsd .wk* .wpd .wps .wq1 .wri .xl* .xla .xlb .xls*
44
3/23/2010
Accessibility settings Address book Command-prompt settings *Desktop wallpaper EFS files Favorites Folder options Fonts Users, Groups and Group memberships *Windows Internet Explorer settings * Settings not available for offline migration
Microsoft Open Database Connectivity (ODBC) settings Mouse and keyboard settings Network drive mapping *Network printer mapping *Offline files *Phone and modem options RAS connection and phone book (.pbk) files *Regional settings Remote Access
45
3/23/2010
*Taskbar settings Windows Mail Microsoft Outlook Express Mail (.dbx) files are migrated from Windows XP *Windows Media Player Windows Rights Management
MigUser.XMLThe following does not migrate with MigUser.xmFiles outside the user profile that dont match any extensions listed in MigUser.xml file
46
3/23/2010
Adobe Acrobat Reader AOL Instant Messenger Apple iTunes
9 6.8 7, 8
Money Plus Business Money Plus Home Mozilla Firefox Microsoft Office Access Microsoft Office Excel Microsoft Office OneNote Microsoft Office Outlook Microsoft Office PowerPoint Microsoft Office Publisher Microsoft Office Word Opera Software Opera
2008 2008 3 2003, 2007 2003, 2007 2003, 2007 2003, 2007 2003, 2007 2003, 2007 2003, 2007 9.5
Apple QuickTime Player 7 Apple Safari Google Chrome Google Picasa Google Talk IBM Lotus 1-2-3 IBM Lotus Notes IBM Lotus Organizer IBM Lotus WordPro Intuit Quicken 3.1.2 beta 3 beta 9.8 8 9.8 9.8 2009
Microsoft Office FrontPage 2003, 2007
Microsoft Outlook Express (mailbox file)
Microsoft Project Microsoft Office Visio RealPlayer Basic Sage Peachtree Skype Windows Live Mail Windows Live Messenger Windows Live MovieMaker Windows Live Photo Gallery Windows Live Writer Windows Mail Microsoft Works Yahoo Messenger Zune
2003, 2007 2003, 2007 11 2009 3.8 12, 14 8.5, 14 14 12, 14 12, 14 Vista only 9 9 3
47
3/23/2010
Cannot migrate from/to a different version of an application Except for Microsoft OfficeUSMT can migrate from an earlier version to a later Microsoft Project settings are not migrated from Office 2003 to Office 2007
Mapped network drives Local printers Hardware-related settings Drivers Passwords Application binary files Synchronization files DLL files
Executable files Permissions for shared folders Languages must match Customized icons for shortcuts Taskbar settings (Migrating from XP)
48
3/23/2010
Internet Connection Firewall check box and settings are migrated Internet Connection Sharing setting is not migratedCould make the network less secure if migrated to the destination computer
The firewall advanced-configuration settings are not migrated because of increased security risks The Network Connections user interface does not refresh properly until you log off or press F5
Data residing on USB hard disks will be migrated Data residing on USB flash drives (UFD) will not be included when you specify the /localonly option
49
3/23/2010
Running ScanStateCommand promptScanstate C:\Path To Store Data Scanstate C:\USMT Scanstate C:\USMT /Auto Scanstate C:\USMT /Auto /hardlink /nocompress
Running LoadStateLoadstate C:\Path To Store Data Loadstate C:\USMT Loadstate C:\USMT /Auto Loadstate C:\USMT /Auto /hardlink /nocompress
Uncompressed (UNC)Mirror image of the folder hierarchy being migrated Settings are stored in a catalog file that also describes how to restore files on the destination computer
Compresseda single image file that contains all files being migrated and a catalog file You can encrypt and protect this file with a password
Hard-Linka map that defines how a collection of bits on the hard disk are to be migrated. These files remain fully in tact
50
3/23/2010
Guarantees you are running a Genuine Windows OS Activation ensures the Windows Genuine Advantage (WGA) ActiveX control is validOSs that require ActivationVista Server 2008 Windows 7 Server 2008 R2
Online validation experience unchanged
51
3/23/2010
Multiple Activation Key (MAK)One key multiple activations Each client connects to Microsoft to activate 30 day initial activation periodCan be reset 3 times Slmgr -rearm
Key Management Service (KMS)Requires a KMS Server KMS server activates with Microsoft directly Volume license clients activate with internal KMS server
52
3/23/2010
Microsoft Activation Server
2 1 3Deployment.Com
Service License Manager (SLMGR)\System32 folder (Vista and later Oss)
Volume license software does NOT prompt for a license keyThe license key is built into the software
Turn KMS onSlmgr ipk INPUTKEY Slmgr ipk 11111-22222-33333-44444-55555
Same KMS key can be used 6 timesBuild 6 different KMS servers using the same key
KMS Servers can be re-activated 9 timesRe-build a KMS server
53
3/23/2010
KMS Server MUST activate with Microsoft Activate Online:Slmgr ato
Activate via the phone:Slui 4
Single domain1 SRV record created in DNS
1 KMS servicing multiple domainsDefault behaviorSRV record is published in the domain the KMS server is a member of
Manually create SRV records in DNS OR HKLM/Software/Microsoft/Windows NT/CurrentVersion/SLNew Multi-string value Named: DnsDomainPublishList Add each DNS domain suffix on its own line (Deployment.Com)
54
3/23/2010
Deployment.Com
Bigfirm.Com
55
3/23/2010
Volume Media 30 day initial grace periodIf activation does not occur AND activation has not been reset Activation is attempted every 2 hours
Once ActivatedActivation is good for 6 months Re-news activation every 7 days
Directly connect clients to a specific KMS serverSlmgr skms kms_FQDN Example:Slmgr skms kms_WDS.Deploy.Com OR Slmgr skms kms_10.10.10.5
The default port is TCP 1688, to change it type:Slmgr skms kms_10.10.10.5:2050
56
3/23/2010
Performed by DNS queries KMS server registers SRV records in DNSVlmcs
Client queries DNS asking for all vlmcs SRV records Random list is sent Client chooses one of the KMS serversConnection is successfulClient caches this KMS server for future activation attempts
Connection failsClient chooses another KMS server until it finds one
Weight and Priority now COUNT! W7- 2008/R2 Clients only
No But it can be (recommended) Support for SRV records (RFC 2782) Support for dynamic updates (RFC 2136) BIND 8.x & 9.x
57
3/23/2010
Performance Modified hardware tolerance values to reduce # of reactivations Count virtual systems towards KMS activation threshold Improved KMS discovery through DNS Suffix List
Reliability Improved notifications, clarified error messages and troubleshooting instructions Multiple improvements in WMI for SLSVC
Compatibility Updated tools to support Windows 7 Single KMS for multiple operating systems
System Center Configuration Manager 2007 System Center Operations Manager 2007 Alerts for major conditionsInitialization issues DNS SRV record registration failures Reports client activations monitor license conditions and asset intelligence use wmi to capture data health of KMS service
Event logs on KMS and clients
58
3/23/2010
Can be installed on:XP SP2 Server 2003 SP1 Vista Windows 7 Server 2008 Server 2008R2
59
3/23/2010
1W7 DVD Reference
2Store Image
MDT Deployment ServerMDT WinPE
Download Image
4XP SP2 Targets XP SP3
3Custom MDT WinPE
Bare MetalNew machines
RefreshKeeping the old hardwareRefreshing the OS on the existing machine
ReplaceReplacing existing hardware with newMaintaining users settings and data
UpgradeUnless your upgrading from Vista there is no upgrade path
60
3/23/2010
1W7
2
Imaging ToolMDT ImageX WDS Capture
3
Targets
4
Deployment Server
Upgrade Applications
1 2Deployment Server
Store Users Data and Settings XP SP2/SP3
61
3/23/2010
Upgrade Applications Store Users Data and Settings XP SP2/SP3 Windows 7
1 2
Deployment Server
3 Install Applications 4 Restore Users 5 Settings andInstall Windows 7 Data
Upgrade Applications Store Users Data and Settings XP SP2/SP3
1 2
Deployment Server
62
3/23/2010
Upgrade Applications Store Users Data and Settings XP SP2/SP3 Windows 7
1 2
Deployment Server
3 Install Applications 4 Restore Users 5 Settings andInstall Windows 7 Data
63
3/23/2010
MDT Deployment Image
Bare Metal Pro Con No Network Connectivity No Version Control
64
3/23/2010
Operating system must be:Vista SP1 Windows 7 Server 2003 SP2 Server 2008 Server 2008 R2
Windows Automated Installation Kit (WAIK) 2.0Required software is included in the WAIKNET Framework 2.0 MSXML 6.0 MMC 3.0 if Server 2003
New default installation of W72 partitions (hidden): - Bootmgr and friends C:\Windows
All commands are Powershell New .vhd image formatNOT supported in MDT 2010 .Wims only
65
3/23/2010
Create a Deployment Share Import OSs Add applications Add drivers Add patches Create a task sequence Update Deployment Share Deploy
The Deployment Share is the shared folder on the Deployment Server where target machines connect to perform the deployment You must create itOld MDT created it for youBut it put it on the C: drive
Now you decide where to create itMDT Deployment Server Deployment Share
66
3/23/2010
XP SP3 Vista SP1 or later Windows 7 Windows Server 2003 R2 Windows Server 2008 & R2
Supported OSs
67
3/23/2010
3rd party drivers
68
3/23/2010
OS patches Language Packs
A list of tasks to be run in order to complete the deployment The order in which the tasks will be run Run task sequences in two different waysStandard Client TSLiteTouchPE_x86.iso Within XP
69
3/23/2010
TASK SEQUENCE TEMPLATE NAME Sysprep and Capture TS Standard Client TS Standard Client Replace TS Custom Task Sequence TS Lite Touch OEM TS Standard Server TS
DESCRIPTIONSyspreps and reboots into WinPE then runs ImageX to capture an image of the machine. Deploys a desktop operating system, applications, drivers and patches. Backs up the target machine before deploying an image including gathering users state information Task sequence you create that deploys applications, drivers and packages to machine that already contains an operating system. Used by OEMs to deploy OS images to target machines en mass Basic server task sequence that will deploy a Server operating system, applications, drivers and patches to a target server (including roles like DNS, AD and DHCP). Performs installation tasks after the operating system is deployed to a target machine.
Post OS Installation TS
70
3/23/2010
Boot the MDT WinPECD DVD External hard drive UFD (USB flash device)
Run the Deployment Wizard
71
3/23/2010
Choose which pages are displayed during the deployment Suppress the pages you do not want anyone to change or see like:Product Key Administrators password
Properties of your deployment shareRules tabF:\DeploymentShare\Control\CustomSettings.ini
[Settings] Priority=Default [Default] DeployRoot=\\DeploySrv\DeploymentShare$ SkipBDDWelcome=YES
72
3/23/2010
[Settings] Priority=Default [Default] _SMSTSORGNAME=DeploymentDr OSInstall=Y SkipTaskSequence=YES TaskSequenceID= W7X64 SkipComputerName=YES ComputerName=%SerialNumber%
SkipUserData=YES SkipLocaleSelection=YES KeyboardLocale=En-US UserLocale= En-US UILanguage= En-US SkipTimeZone=YES TimeZoneName=Eastern Standard Time SkipApplications=YES
73
3/23/2010
SkipCapture=YES SkipAppsOnUpgrade=YES SkipAdminPassword=YES AdminPassword=Swordfish1 SkipProductKey=YES ProductKey=11111-22222-33333-44444-55555 SkipBitLocker=YES
74
3/23/2010
Selection profiles allow you to group MDT components The grouped MDT components can be used for different reasons The MDT components you group will determine what you can do with the selection profile:Group drivers and packages to inject into the MDT generated WinPEs Group drivers to inject into an OS task sequence Control which MDT components are included in media Group MDT components to replicate (and keep in sync) to other deployment shares Pick and choose which TS and applications appear in the deployment workbench
R-click Selection Profile Choose New Selection Profile Choose your components
75
3/23/2010
Media allows you create a fully deployable image complete with OS, applications, drivers, packages and task sequences that can be deployed with NO NETWORK CONNECTIVITY Create MediaFirst youll need a selection profile containing the MDT components needed for deployment to a client (include everything) Within DW r-click Media Choose New Media Give it a name, choose your selection profile Update Media (r-click the MEDIA001 and choose Update Media Content) Copy files to external hard drive, UFD or burn the .ISO to DVD
LDS allow you copy a subset (or all if you choose) of components to another machine Even windows 7 can be a LDS MDT 2010 does not need to be installed on the machine To create a LDS First create a selection profile containing all the MDT components you would like replicatedFrom within the Deployment Workbench R-click Linked Deployment Shares node and choose New Linked Deployment Share Type in the UNC path to where you want the new LDS\\ComputerName\Shared\FolderName
76
3/23/2010
Choose your selection profile Select one of the options:Merge the selected contents into the targert deployment share OR Replace the contents of the target deployment share folders with those selected
R-click LINKED001 and choose Replicate Content
The contents you selected in your selection profile will be copied to the new LDS via ROBOCopy I would change the replication technology to be DFS-r
77
3/23/2010
Discover IP Bare-Metal
DHCP/WDS
Acknowledge
DHCP
1 2 3Bare-Metal WDS AD/DNS
78
3/23/2010
Installing WDS on a 2003 SP1 ServerInstall RIS Install patch from the WAIK: windows_deployment_services_update.exe
Installing WDS on a 2003 SP2 ServerControl Panel / Add/Remove Programs / Windows Components / WDS
Installing WDS on a 2008 (& R2) serverServer Manager Add Roles Select Windows Deployment Services from the list of roles
WDS snap-in Right-click Servers Add Server defaults to local server Right-click your server and choose Configure Server.
79
3/23/2010
Store your images on a drive other than where the OS resides
80
3/23/2010
81
3/23/2010
564D49219C768546A956C310ED7D2BF6
82
3/23/2010
The most current will always be best Windows 7 Boow.wim can deployVista SP1 Windows Server 2003 R2 Windows 7 Server 2008 & R2
Accidently use a Vista or Vista SP1 boot.wim?Vista boot.wim cannot deploy W7 or 2K8 R2 Failure on the Offline servicing pass even if its not configured to install patches
Both .wim and .vhd are supported Adding a .wimRightclick Install ImagesAdd Install Image Image GroupsSingle Instancing occurs
Adding a .vhdElevated command prompt WDSUTIL /Add-Image /ImageFile:\\Server\Share \Win7.vhd /Server:WDSServer /ImageType:Install /ImageGroup:Windows7 /Filename:"Windows7.vhd"
83
3/23/2010
Dynamic Driver Provisioning (DDP) Add drivers to a driver group Driver groups can be filtered to make the packages in the group available to a specific group of clientsNo filters?All packages are available to all clients with matching hardware You defineClients have access to all packages in a group or Only packages that match the hardware (Plug and Play hardware)
FiltersBased on the hardware of the client (manufacturer or BIOS) Based on an attribute of the install image selected for the client (version or edition of the image167
R-click boot image Choose Add Driver Packages to Image
168
84
3/23/2010
PXE Protocol is an extension of DHCP Created by Intel as a standard with a set of pre-boot services stored in the boot firmware The goal:Perform a network boot Find and download a network boot program (NBP) from a Network Boot Server
85
3/23/2010
86
3/23/2010
87
3/23/2010
88
3/23/2010
1) Choose your OS Image
89
3/23/2010
All PXE / DHCP traffic is local traffic onlyDHCP port UDP 67 PXE traffic port UDP 4011
90
3/23/2010
Mis-configured Switch or Router
Where will the client go?Known clients can be configured to connect to a specific WDS Server
Or You could create a list of WDS Servers to be presented to the client so they can manually choose which WDS Server they connect to:Registry entry Restart the WDS Service
91
3/23/2010
What happens when there is more than one WDS Server But you dont want to set in stone which WDS Server the client attaches to You want to be able to pick and choose your WDS Server Registry setting changed on the WDS Server HKLM\SYSTEM\CurrentControlSet\services\WDSS erver\Providers\WDSPXE\Providers\BINLSVCAllowServerSelection = 1
Restart the WDS servicenet stop WDSServer & net start WDSServer
3 Scenarios1.
WDS and DHCP on the same subnet/ different serversClient will find WDS by broadcasting
2.
WDS and DHCP on different subnetsClient must find WDS through options 66 and 67 set in DHCP
3.
WDS & DHCP on same serverClient finds WDS through Option 60 in DHCP
92
3/23/2010
DHCP BareBare-Metal Discover IP/PXE Server
WDS
DHCP BareBare-Metal
Discover IP/PXE Server
Acknowledge
Request
WDS
93
3/23/2010
Discover IP BareBare-Metal
DHCP / WDS
Acknowledge
IP helpers configured properly on your switches and
routers are more reliable Older PXE ROMs have issues with DHCP options 60,66,67Options 66 & 67 are referred to as a Network Boot Referral (NBR)
94
3/23/2010
Server1 sends packet 1 to client1 Server1 sends packet 1 to client2 Server1 sends packet 1 to client3
Server1 sends packet 1 to all clients
Server1 sends packet 1 to client1, client5 client9, client22
Multiple Stream TransferMultiple streams of traffic Optimized rates based on client connectionFast
Client Auto RemovalSlower clients can be dropped to unicast or entirely (only in standard multicast)
Medium
Boot Image MulticastSlow
Windows PE boot images can use multicast (clients with EFI)
95
3/23/2010
WDS Server Multicast Transmission First client joins transmission
Clients
WDS Server Multicast Transmission Waiting for other clients to join
Clients
96
3/23/2010
WDS Server Multicast Transmission Additional clients join stream
Fastest Mediu m
Slowest Mediu m Clients with multiple transfer speeds
WDS Server Multicast Transmission More clients to join
Mediu m
Slowest Mediu m
Fastest Mediu m
Fastest Mediu m
Clients with multiple transfer speeds
97
3/23/2010
WDS Server Multicast
Last clients complete
Slowest
Mediu m
Mediu m
Clients with multiple transfer speeds
WDS Server Multicast All clients complete. Transmission ends.
Clients
98
3/23/2010
2 ways to start creating a multicast transmission from within the WDS snap-inRight-click Multicast Transmissions and choose Create Multicast Transmission
ORDrill down to your Install Image and right-click the image then choose Create Multicast Transmission
99
3/23/2010
You will need 2 scriptsWinPE PhaseLanguage of installation Keyboard layout Credentials for Image Which Image to install Disk Configuration (partitioning) Where to install the image
The rest of the installation (specialize and OOBE)Computer name User account Time zone
WinPE scriptStore script in RemoteInstall\WDSClientUnattend folder WDS snap-in -> R-click server -> Properties Client tabEnable unattended installation Browse to WinPE script Sets the script for all computers of that architecture
100
3/23/2010
Switch that doesnt support IGMP uses broadcast instead of multicastThe slowest computer on the switch dictates the speed of all broadcast traffic
Client computers that are in a sleep power stateWindows operating system reduce the speed of the network connection to 10 Mbps to save power
So a client attempting to multicast an image on the same switch as a sleeping client causes severe performance problem for multicast The fixswitching hardware supports IGMP
101
3/23/2010
Default Permissions Local administrator on the WDS serverFull Control of the RemoteInstall folder Full Control permissions on HKEY_LOCAL_MACHINE\System
Domain administrator (domain where the WDS server resides)Full Control permissions on the Service Control Point (SCP) in AD DS for the WDS server.
WDS depends on AD DS for the PXE provider to create computer accounts and service control points (SCPs) in AD. The SCP is a child object under a WDS servers account object used to store configuration dataIdentifies the server as a WDS server
Finding the SCP - DEMOADSIEdit -> Find your servers computer object -> Expand your server -> CN=NameOfMyServer-RemoteInstallation-Services Properties
102
3/23/2010
Enterprise administratorDynamic Host Configuration Protocol (DHCP) authorization permissions
Admin ApprovalThe computer account is created using the servers authentication token (not the admins token performing the approval) WDSSERVER$ must have create computer account objects on the containers / OUs where the approved pending computers will be created
Admin Approval of Pending ComputersR/W to the F:\RemoteInstall\MGMT contains Binlsvcdb.mdb
Active Directory Users and ComputersCreate a custom task to delegate on OU where the computer account will be created -> Write all properties on Computer Objects
103
3/23/2010
ADUCR-click the container or OU and go to Properties Click the Advanced button and add a user or group then click the Edit button Under Apply to: This object and all descendant objects Allow Create Computer objects Ok (3x)
BUT now that user can create computer objects and join machines to the domain What if you only want someone to be able to join a machine to the domain?
JoinRights registry setting determines the set of security privileges located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro lSet\Services\WDSServer\Providers\WDSPXE\Pro viders\BINLSVC\AutoApprove\ Name: JoinRights Type: DWORD Value: 0 = JoinOnly.; 1 = Full
104
3/23/2010
The User registry setting determines which users have the right to join the domain User setting located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro lSet\Services\WDSServer\Providers\WDSPXE\Pro viders\BINLSVC\AutoApprove\ Name: User Type: REG_SZ Value: group or user.
Creating computer accounts against a non-English domain controller using the default user property. Set the Auto-Add settings to use an account that does not contain extended characters.Acceptable characters ([A-Z, a-z, 0-9, \, -, and so on]) For example if the German "Domnen-Admins is used the Auto-Add will fail. WDSUTIL /set-Server /AutoAddSettings /Architecture:x86 /User:Deploy\Administrator
105
3/23/2010
TASK Prestage a computer
Permission ADUC -> Create a custom task to delegate on OU where you are putting the computer account -> Write all properties on Computer Objects FC F:\RemoteInstall\Images\ImageGroup R/W for the image (on image properties in WDS) R/W F:\RemoteInstall\Boot R/W F:\RemoteInstall\Admin (if upgrading from 2K3 server) R/W F:\RemoteInstall\Boot
Add/Remove Image or Image Group Disable an image ADD boot image
Remove boot image
TASK Manage properties on an OS image Convert a RIPREP image Create Discover / Capture image Create a multicast transmission
Permission R/W on image Res.rwm file found: F:RemoteInstall\Images\ R original RIPREP image R/W %TEMP% and destination folder R original boot image R/W %TEMP% and destination folder FC on: HKEY_LOCAL_MACHINE\SYSTEM\C urrentControlSet\Services\WDSServ er\Providers\Multicast R F:\RemoteInstall\Images\
106
3/23/2010
Server 2008 increased the TFTP block size from 512 bytes to 1,456 bytes to speed things up. If your network has a TFTP block size of less than 1,456 bytes this breaks WDS. Resolution:Install hotfix 975710 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WDSServer\Providers\WDSTFTP Create a new REG_DWORDName: MaximumBlockSize Value range: 5121456
Renaming a machine Moving a machine from one domain to another Youll need to uninitialize & reinitialize WDS serverFrom a cmd on the WDS server Wdsutil /uninitialize-server Wdsutil /initialize-server /reminst:E:\RemoteInstall
107
3/23/2010
WDSCapture WinPEAdd boot.wim from a 2K8 Server .iso Right-click the boot.wim and choose Create capture image Add the new .wim file that you just created
Sysprep-reseal generalize
No Volume to capture?
108
3/23/2010
Ensure there are not duplicate machine accounts prestaged for the same machinePre-stage using the MAC address Swap the NIC to another machine Dual Admins1st admin creates a computer object in ADUC 2nd admin pre-stages a computer object with the NIC or GUID
The first one found is used
109
3/23/2010
Using an older boot.wim Architectures and WinPE Copype WinPECreating your own
The most current will always be best Windows 7 Boow.wim can deployVista SP1 Windows Server 2003 R2 Windows 7 Server 2008 & R2
Accidently use a Vista or Vista SP1 boot.wim?Vista boot.wim cannot deploy W7 or 2K8 R2 Failure on the Offline servicing pass even if its not configured to install patches
110
3/23/2010
Multicast traffic running really slow Which version of IGMP is being used?V3 or v2?
Multiple WDS servers multicast trafficOverlapping IP addresses WDS snap-in -> Properties of Server -> Multicast tab -> change the IP addresses
111
3/23/2010
Unattend .xml scripts (2) XP & 2K3 vs Vista and later Unattend.xml does not process settingsNot named properly Not stored in the correct folder
112
3/23/2010
From the clientClient receives an IP address Discovers a Network Boot Server (NBS) Downloads the Network Boot Program (NBP) from the NBS (TFTP) and executes it
From the serverServers IP address Name of a NBP the client may request
IP helpers configured properly on your switches and
routers are more reliable Older PXE ROMs have issues with DHCP options 60,66,67Options 66 & 67 are referred to as a Network Boot Referral (NBR)
113
3/23/2010
MDT & WDS TogetherMDT Deployment Server W7 DVDMDT WinPE
Model
Store Image
Download Image
WDS Server
MDT WinPE
MDT can use WDS Multicast feature Targets
F12
WDSInstallation Configuration Known clients vs Unknown clients PXE Booting Multiple WDS Server Selection Common issues Multicasting Automating
Integrating WDS and MDTPXE boot Multicast
114
3/23/2010
Questions or CommentsRhonda@DeploymentDr.com Please fill out your evaluations! WWW.DeploymentDr.Com RhondaLayfield@Twitter.com
115