winconnections spring, 2011 - deploying windows 7 without the ridiculous microsoft alphabet soup
DESCRIPTION
Greg Shields may be most known for his books, magazine articles, and conference sessions. But he started his career deploying thousands of computers from a basement of a building with no windows. His passion for deploying Windows is fed by his desire to automate everything. You can do that with Microsoft’s free tools. But while the tools are fantastic, their alphabet soup of acronyms is confusing and their documentation isn’t much better. Learn Greg’s Seven Simple Steps in 75 minutes or less, and leave with a framework for automating everything in Windows 7 deployment.TRANSCRIPT
Automatically Deploying Windows 7 without the
Microsoft Alphabet Soup
Greg ShieldsSenior Partner & Principal Technologist
www.ConcentratedTech.com
Loves the ToolsHates the Names
• “Microsoft wants you to PXE your machine to WDS, using an Unattend.XML file built from WSIM in the WAIK after pre-staging your GUID inside the ADUC. Oh, and don’t forget MDT (formerly BDD!), who’s Deployment Workbench wraps around all this ridiculousness.”
Automating Windows 7 Installation for Desktopand VDI Environments
http://nexus.realtimepublishers.com
It’s Alphabet Soup!
• “Microsoft wants you to PXE your machine to WDS, using an Unattend.XML file built from WSIM in the WAIK after pre-staging your GUID inside the ADUC. Oh, and don’t forget MDT (formerly BDD!), who’s Deployment Workbench wraps around all this ridiculousness.”
Automating Windows 7 Installation for Desktopand VDI Environments
http://nexus.realtimepublishers.com
Windows Deployment’sBiggest Problem
Windows Deployment’sBiggest Problem
• The Internet.
Windows Deployment’sBiggest Problem
• The Internet.● Each tool evolved through many different versions.● Older versions had numerous shortcomings.● Resolving those required some oddball hackery.● Bloggers report hacks that are no longer timely.● You’ll find solutions to problems that no longer exist.● Confusion abounds!
Windows Deployment’sBiggest Problem
• The Internet.● Each tool evolved through many different versions.● Older versions had numerous shortcomings.● Resolving those required some oddball hackery.● Bloggers report hacks that are no longer timely.● You’ll find solutions to problems that no longer exist.● Confusion abounds!
• The Solution.● Don’t trust what you read.● You don’t need the command line
as much as you used to.
Greg’s Easy 11 Stepsto Deployment Automation!
1. Installing Windows Deployment Server
2. Configuring Image Deployment
3. Deploying your First Image
4. Dealing with Drivers
5. Automating WinPE Boot Image
6. Automating the “Set Up Windows” Phase
7. Creating a Thick Image w. Applications
8. Installing Microsoft Deployment Toolkit
9. Silent Installations & Repackaging
10.Layering Applications atop Windows
11. Preserving User Data
Step 1: Installing Windows Deployment Server
• WDS is a Windows 2008 R2 role.● Remote Installation Folder location● PXE Server Initial Settings● Add Image Wizard
Stepping Back: WIM Files?
• .WIM files are Microsoft’s image file format.● Two files are most important, right off DVD media.
\sources\boot.wim
\sources\install.wim
• You may create more .WIM files as you create custom images down the road.● However, your goal is to not create more.● Highest goal: One WIM per processor architecture.
Step 2: Configuring Image Deployment
• WDS can deploy images via USB stick• I’m showing you network deployment only.
● Caution: Network deployment uses multicast.● Multicast consumes bandwidth.● Multicast is often not passed between subnets.● Thus, YMMV.
DEMO: CONFIGURING WDS
How to Name the Computer?
• Requiring Administratorapproval enables thename-at-installfunctionality of WDS.
● Boot via PXE● Approve & Name in WDS● Enjoy!
How to Name the Computer?
• One small permissions change is required.● In Active Directory Users and Computers, right-click the domain
and then select Delegate Control. ● Change the object type to include computers and add the
computer object of the Windows Deployment Services server into the dialog box. Click Next.
● When prompted, select Create a custom task to delegate. Select Only the following objects in the folder. Then select the Computer Objects check box, and then Create selected objects in this folder. Click Next.
● In the Permissions box select Write all Properties and click Finish.
Step 3: Deploying a Computer
• This lookssuspiciouslysimilar to Ghost.
• However,Auto-Cast isvery useful. Willset up an always-on deployment.
DEMO: DEPLOYMENT!
Stepping Back: Layering the OS
A Case for the Layered Approach to Deploying Windows Desktopshttp://technet.microsoft.com/en-us/magazine/ee835710.aspx
Microsoft Assessment& Planning Toolkit
Windows Automated Installation Toolkit & Windows Deployment Services
Windows Update Services
Group Policy Software Installation
Group Policy& Group Policy Preferences
Windows Profiles& User State Migration Toolkit
Core Operating System
Drivers
OS Updates
Applications
Configuration Changes
Planning & Analysis
Personality
Step 4: Dealing with Drivers
• Plug and Play eliminates the need to create multiple images because of driver differences.● WDS presents a driver database to the deployment. ● Plug and Play detects and installs those it needs.
Step 4: Dealing with Drivers
• Plug and Play eliminates the need to create multiple images because of driver differences.● WDS presents a driver database to the deployment. ● Plug and Play detects and installs those it needs.
• Hardest part: Finding and unpacking the right drivers to add to WDS.● EXEs/MSIs must be unpacked to INFs.● WDS will import all INFs in a file path.
DEMO: INJECTING DRIVERS
Boot Image Drivers
• Sometimes WinPE needs extra drivers to boot.● This is not common.● …but you’ll know when you need it!
• When it does, those drivers must be specially injected into your boot image.● This is done within WDS before a deployment.● Be careful! You can corrupt the little guy!● If you do, get a new one from the DVD.
DEMO: INJECTING DRIVERS INTO BOOT IMAGES
Step 5: Automating WinPE
• Next Step: Automating installation prompts.● We want this installation to complete from start to
finish without asking any questions.● Two areas need automating:
• The WinPE half.• The Set Up Windows half.
Step 5: Automating WinPE
• Next Step: Automating installation prompts.● We want this installation to complete from start to
finish without asking any questions.● Two areas need automating:
• The WinPE half.• The Set Up Windows half.
• Automate by pre-answering their questions using Windows System Image Manager.● This tool is hard (unless you have me!).
Step 5: Automating WinPE
The Right Questions?The Right Answers?
Windows Image Pane (Question) Upper-Right Pane (Answer) Explanation
amd64_Microsoft-Windows-International-Core-WinPE_{version}_neutral
InputLocale = en-usSystemLocale = en-usUILanguage = en-usUILanguageFallback = en-usUserLocale = en-us
This item configures the WinPE language to US English.
amd64_Microsoft-Windows-International-Core-WinPE_{version}_neutral\ SetupUILanguage
UILanguage = en-us
amd64_Microsoft-Windows-Setup_{version}_neutral\ WindowsDeploymentServices\ Login\Credentials
DomainUsernamePassword
Enter here the domain, username, and password of the user that connects to your WDS share. This is the same user as in Chapter 1, Figure 1-10.
amd64_Microsoft-Windows-Setup_{version}_neutral\Disk Configuration\Disk
DiskID = 0 This item begins working with the first disk in the computer.
amd64_Microsoft-Windows-Setup_{version}_neutral\Disk Configuration\Disk\Create Partitions\CreatePartition
Extend = trueOrder = 1Type = Primary
This item creates a single primary disk to install Windows.
amd64_Microsoft-Windows-Setup_{version}_neutral\Disk Configuration\Disk\Modify Partitions\ModifyPartition
Active = trueFormat = NTFSLabel = WindowsLetter = COrder = 1PartitionID = 1
This item modifies that partition to create the C: drive as the first NTFS drive and partition.
amd64_Microsoft-Windows-Setup_{version}_neutral\ WindowsDeploymentServices\ ImageSelection\InstallTo
DiskID = 0PartitionID = 1
This item installs Windows to the disk and volume created in the rows above.
amd64_Microsoft-Windows-Setup_{version}_neutral\ WindowsDeploymentServices\ ImageSelection\InstallImage
FilenameImageGroupImageName
See the note below for information about the settings for this question.
DEMO: AUTOMATING WINPE
Unattending WDS
• Validate and createyour XML file.
• Save it toC:\RemoteInstall.
• Point to it in WDS.
• Note: One file perprocessor architecture.
Step 6: Automating Set Up Windows
• Next Step: Automating installation prompts.● We want this installation to complete from start to
finish without asking any questions.● Two areas need automating:
• The WinPE half.• The Set Up Windows half. Now, for the second half!
More Questions!More Answers!
Windows Image Pane (Question) Upper-Right Pane (Answer) Explanation
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral (Pass 4)
ComputerName = %MACHINENAME%TimeZone
Setting ComputerName to %MACHINENAME% will pass through the name you set in WDSs Name and Approve. Set TimeZone to your correct time zone, such as Mountain Standard Time.
amd64_Microsoft-Windows-International-Core_{version}_neutral(Pass 7)
InputLocale = en-usSystemLocale = en-usUILanguage = en-usUserLocale = en-us
This item configures the Windows language to US English.
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ oobe(Pass 4)
HideEULAPage = trueHideWirelessSetupIn OOBE = trueNetworkLocation = workProtectYourPC = 1
Hides the EULA and wireless setup screens, sets the network location to work, and enables Automatic Updates.
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ UserAccounts\LocalAccounts\ LocalAccount(Pass 7)
DisplayName = LocalAdminGroup = AdministratorsName = LocalAdmin
This item adds a local administrator account named LocalAdmin.
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ UserAccounts\LocalAccounts\ LocalAccount\Password(Pass 7)
Value = {Password} This item configures the password for the administrator account created above.
More Questions!More Answers!
Windows Image Pane (Question) Upper-Right Pane (Answer) Explanation
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral (Pass 4)
ComputerName = %MACHINENAME%TimeZone
Setting ComputerName to %MACHINENAME% will pass through the name you set in WDSs Name and Approve. Set TimeZone to your correct time zone, such as Mountain Standard Time.
amd64_Microsoft-Windows-International-Core_{version}_neutral(Pass 7)
InputLocale = en-usSystemLocale = en-usUILanguage = en-usUserLocale = en-us
This item configures the Windows language to US English.
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ oobe(Pass 4)
HideEULAPage = trueHideWirelessSetupIn OOBE = trueNetworkLocation = workProtectYourPC = 1
Hides the EULA and wireless setup screens, sets the network location to work, and enables Automatic Updates.
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ UserAccounts\LocalAccounts\ LocalAccount(Pass 7)
DisplayName = LocalAdminGroup = AdministratorsName = LocalAdmin
This item adds a local administrator account named LocalAdmin.
amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ UserAccounts\LocalAccounts\ LocalAccount\Password(Pass 7)
Value = {Password} This item configures the password for the administrator account created above.
Visit technet.microsoft.com/en-us/library/cc
749073(WS.10).aspx for a list of applicable time zone strings.
Further Unattending WDS
• Validate and createyour XML file.
• Save it toC:\RemoteInstall.
• Point to it in WDS.
• Note: This XMLfile is per-image notper-server.
Step 7: Creating a Thick Image
• You don’t want to do this!● At least…not much…● Thick is bad. Does this image make me look fat?
• Creating thin images that layer applications over the OS is much more flexible.● Only go thick for core applications everyone needs.● Examples: Office, Adobe, WinZip, Elf Bowling
Step 7: Creating a Thick Image
• Your steps to capturing an image…● Create that image, configure as needed.● Run c:\windows\system32\sysprep\sysprep.exe● Shutdown after Sysprep.● Create a WDS capture image.● PXE boot and connect to capture image.● Choose capture volume, name, description.● Upload image to WDS server.
DEMO: CREATING A CAPTURE IMAGE
Step 7: Capturing an Image
• Phase 1: Configure and Sysprep
Step 7: Capturing an Image
• Phase 2: PXE Boot
Step 7: Capturing an Image
• Phase 3: Select Stuff to Capture
Step 7: Capturing an Image
• Phase 4: Choose Where to Send Stuff
Step 7: Capturing an Image
• Phase 5: Get Coffee! Marvel in GUIness.
• Previous versions required the nasty command line ImageX tool.● Complex. Unfriendly. Bad breath.● WDS today can do most everything with GUIs.● Some advanced file/driver/stuff injection can still be
done with ImageX, but…meh…
Step 8: Microsoft Deployment Toolkit
• What you don’t get with WDS alone is the workflow that surrounds an OS installation.
Step 8: Microsoft Deployment Toolkit
• What you don’t get with WDS alone is the workflow that surrounds an OS installation.
• During installation you might…● “…want to inject an application!”● “…want to preload some files or drivers!”● “…want to configure some settings!”● “…want to preserve user personality data!”
• MDT does this via Task Sequences.
Step 8: Microsoft Deployment Toolkit
Step 8: Microsoft Deployment Toolkit
• First job: Import WDS stuff into MDT.● Create Deployment Share● Import Operating System | Custom Image File● Copy setup files from DVD media (important!)● Upload Drivers● Create a Standard Client Task Sequence● Enable Multicast for Deployment Share● Update Deployment Share● Disable WDS boot images● Add MDT boot images
Step 8: Microsoft Deployment Toolkit
• First job: Import WDS stuff into MDT.● Create Deployment Share● Import Operating System | Custom Image File● Copy setup files from DVD media (important!)● Upload Drivers● Create a Standard Client Task Sequence● Enable Multicast for Deployment Share● Update Deployment Share● Disable WDS boot images● Add MDT boot images
Step 8: Microsoft Deployment Toolkit
• Second job: Deploy an Image!
Step 8: Microsoft Deployment Toolkit
• Second job: Deploy an Image!
IN CASE YOU’RE ASKING:MDT uses Windows Deployment Services
to actually deploy its images.
That’s why we started there first!
Step 9: Silent Installs & Repackaging
• Repackaging is an ART!● You just missed my session on repackaging.● Yes, I know the order was reversed…
Step 10: Layering Apps atop Windows
• THIN is IN!
Step 10: Layering Apps atop Windows
• THIN is IN!● Once packaged and added to MDT, applications can
be selected during the installation.
Step 10: Layering Apps atop Windows
• THIN is IN!● Alternatively,
app installscan be addedto a TaskSequence.
● Adding thereeliminates thequestionsduring install.
DEMO: ADDING AN APP TO A TASK SEQUENCE
Step 11: Preserving Personality
• Remember, we’re layering here!
Microsoft Assessment& Planning Toolkit
Windows Automated Installation Toolkit & Windows Deployment Services
Windows Update Services
Group Policy Software Installation
Group Policy& Group Policy Preferences
Windows Profiles& User State Migration Toolkit
Core Operating System
Drivers
OS Updates
Applications
Configuration Changes
Planning & Analysis
Personality
Step 11: Preserving Personality
• MDT’s User State Migration Toolkit handles capturing and replacing user data.● Built directly into MDT. Updatable.● Is only available when a deployment is started within
the old operating system.● Launch this to begin:
\\{server}\deploymentshare$\scripts\LiteTouch.vbs
• Enables seamless XP-to-W7 upgrades,OS refreshes, and hardware swaps!
DEMO: PRESERVING USER DATA DURING W7 UPGRADE
Step 11: Preserving Personality
• One can customize what USMT gathers.● Doing so is outside the scope of this session.
Step 11: Preserving Personality
• One can customize what USMT gathers.● Doing so is outside the scope of this session.
• Four Files:● MigApp.xml● MigUser.xml● MigDocs.xml● Custom.xml
• More info at:http://technet.microsoft.com/en-us/library/dd560778(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd560762(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd560801(WS.10).aspx
Application Settings
User Folders, Files, File Types
System-wide Files
Your Custom Settings
Step 12: Inventorying Apps & DriversStep 13: Resolving App Incompatibilities
• Microsoft’s final two deployment tools help you locate applications and drivers and resolve incompatibilities.● The Microsoft Assessment and Planning Toolkit is an
automated solution for finding those drivers and apps.● The Application Compatibility Toolkit creates a
workbench for injecting “fixes” to incompatible apps.
• Great tools with overlapping functionality.● ACT > MAP
Need More?Bring Greg to Your Office!
• The content here is but a snippet of Greg’s hands-on W7 Automated Deployment Training.
http://www.concentratedtech.com/training
Three to five days. All hands-on!
Your Feedback is Important
Please fill out a session evaluation form drop it off at the conference registration
desk.
Thank you!