Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Deployment Services Sysprep and You

Similar presentations


Presentation on theme: "Windows Deployment Services Sysprep and You"— Presentation transcript:

1 Windows Deployment Services Sysprep and You
Imaging Windows 7 Systems

2 Agenda Windows Deployment Services Background Requirements
Installation Imaging VLAN Motivation Advantages Creating Images Setting up a reference machine Sysprep Uploading the image Deploying Images On the imaging VLAN Off the imaging VLAN Conclusions Things that work well Things that don't work so well References

3 What is Windows Deployment Services?
Updated version of Remote Installation Services Added as a role in Windows 2008 Uses the Windows Imaging Format to handle images Free! If you're not familiar with the WIM format, then it's pretty cool. It's a file based image and there are tools available for editing them. You can actually mount a wim in a folder and make changes to it, so simple modifications to images can be easy. Well, you've already paid for it, so it might as well be free.

4 WDS Requirements Must be a member of an AD DS domain or be a domain controller DHCP - WDS uses PXE booting which requires DHCP capability.  DNS NTFS volume for the image store Windows Server 2003 or 2008 You can technically use WDS without PXE and I'll speak to this later. I haven't been able to get it working without DHCP, however. Theoretically you could build a PE CD with a static IP address, but then you'd need one for each machine. MS recommends having DHCP server installed on a separate server. WDS stores all of the files for a particular OS family in one RWM file. The WIM files serve as a catalog of which files in the WIM are included in the actual image. This drastically cuts down on the amount of hard drive space required. Our current RWM file is 29GB, but that's 5 images worth.

5 Installing and Configuring WDS
Add the role to the server Configure through MMC snap-in Create an image group Add an install image Add a boot image Honestly the server guys did this part. Image groups allow you to segregate different types of installations. We only have one, but you can setup many. You can use the install.wim from Vista and Windows 7 DVD for the first install image. The Server 2008 CD includes a boot.wim for the boot image.

6 Imaging VLAN Motivation and Advantages
Some segments of our network don't have DHCP available Allows us to segregate some of the services Machines can be configured on the Imaging VLAN We already have a PXE server on our lab networks, so we needed another VLAN with PXE for WDS. With our static IP VLANs we can't easily have the new machine online while the old one is still present.

7 Setting up the reference machine
First install performed using the default install image Add applications Boot into Audit mode to configure default user profile and perform final customizations Run sysprep on machine Don't use the built in administrator account. We always did that but Windows 7 and sysprep seem to work better if you leave it disabled. WDS won't create an image of a machine unless it has been sysprepped.

8 Using sysprep Sysprep Phases Creating Answer Files
Going to talk a little bit about sysprep before we really get into it.

9 Sysprep Phases windowsPE - disk configuration
offlineServicing - applies settings and packages specialize - applies system specific information generalize - removes system specific information auditSystem - used in Audit mode auditUser - used in Audit mode oobeSystem - Out of Box Experience The xml file for your boot image can have options for configuring the disk in the windowsPE section The generalize phase only runs if you specify /generalize on the sysprep command.  Audit mode is when you can add more drivers and install software. You must use audit mode in order to setup the default user profile. oobeSystem is what you see the first time you boot a computer after imaging.

10 Creating answer files Windows Automated Installation Kit
Windows System Image Manager WAIK is a free download from MS. It includes the Windows System Image Manager which makes creating the unattend.xml file. The old answer files were a complete mess and difficult the understand. The system image manager makes things much easier. Any settings which can be added to the unattend.xml file are available in the lower left corner, and it knows which passes they can apply to.

11 Our unattend.xml <servicing> <package action="configure">
            <assemblyIdentity name="Microsoft-Windows-Foundation-Package" version=" " processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="" />             <selection name="InboxGames" state="true" />             <selection name="Chess" state="true" />             <selection name="FreeCell" state="true" />             <selection name="Hearts" state="true" />             <selection name="Minesweeper" state="true" />             <selection name="More Games" state="true" />             <selection name="PurblePlace" state="true" />             <selection name="Shanghai" state="true" />             <selection name="Solitaire" state="true" />             <selection name="SpiderSolitaire" state="true" />         </package>     </servicing> I added these into the unattend to make sure this works. Plus, who doesn't like games?

12 Our unattend.xml <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <SkipRearm>1</SkipRearm>         </component>         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <DoNotCleanTaskBar>true</DoNotCleanTaskBar>             <OEMInformation />     </settings> The SkipReArm command is vital. A machine can only be "rearmed" three times with windows activation, and since we use the same machine for our master, we need to skip that rearm process. Once this number runs out, the machine will fail to boot into audit mode, which makes uploading a new image difficult. The DoNotCleanTaskBar command sets it to not remove any extra toolbars that you may add to the taskbar.

13 Our unattend.xml <settings pass="specialize">
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <SkipAutoActivation>true</SkipAutoActivation>         </component>         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <ComputerName>*</ComputerName>             <CopyProfile>true</CopyProfile>             <DoNotCleanTaskBar>true</DoNotCleanTaskBar>             <ShowWindowsLive>false</ShowWindowsLive>             <TimeZone>Eastern Standard Time</TimeZone>     </settings> Again, the specialize phase is where things specific to the imaged computer get applied. Initially our imaging VLAN didn't have internet access, so I disabled auto activation. I now perform the activation via a script, so I left this line in place. Setting the computername to * assigns the computer a random name. We like this, as it allows us to configure the computers on the network without changing anything. Once the machine is on the user's desk, we change it according to our standard naming conventions. The CopyProfile line tells setup to copy the contents of the Administrator profile to the default user profile. This is the only supported method of changing the default user profile in Windows 7.

14 Our unattend.xml <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <InputLocale>en-us</InputLocale>             <SystemLocale>en-us</SystemLocale>             <UILanguage>en-us</UILanguage>             <UserLocale>en-us</UserLocale>         </component>         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">             <AutoLogon>                 <Password>                     <Value>cwBBAHQARwByAHQANwAzAFAAYQBzAHMAdwBvAHIAZAA=</Value>                     <PlainText>false</PlainText>                 </Password>                 <Enabled>true</Enabled>                 <LogonCount>5</LogonCount>                 <Username>itconsult</Username>             </AutoLogon> We into the Out of Box Experience phase. Setup the locale information. Set the system to auto login to our local administrator account.

15 Our unattend.xml <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">                     <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ipk [License Code]</CommandLine>                     <Order>1</Order>                     <RequiresUserInput>false</RequiresUserInput>                 </SynchronousCommand>                     <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine>                     <Order>2</Order>                     <CommandLine>net user temp /delete</CommandLine>                     <Description>Delete Temp User Account</Description>                     <Order>3</Order>             </FirstLogonCommands> You can specify scripts to run on the first login: Set's Windows to use our MAK license code (we don't have KMS setup). Runs activation. Deletes a temp account. If you don't create an account in the unattend script, then setup will prompt you to create one. So, I create an account (shown on the next slide), and then delete it.

16 Our unattend.xml <OOBE>
                <HideEULAPage>true</HideEULAPage>                 <NetworkLocation>Work</NetworkLocation>                 <ProtectYourPC>1</ProtectYourPC>             </OOBE>             <RegisteredOrganization>Dickinson College</RegisteredOrganization>             <RegisteredOwner>LIS</RegisteredOwner>             <ShowWindowsLive>false</ShowWindowsLive>             <UserAccounts>                 <AdministratorPassword />                 <LocalAccounts>                     <LocalAccount wcm:action="add">                         <Password>                             <Value>dABlAG0AcABQAGEAcwBzAHcAbwByAGQA</Value>                             <PlainText>false</PlainText>                         </Password>                         <Description>Temp Account</Description>                         <DisplayName>temp</DisplayName>                         <Group>Users</Group>                         <Name>temp</Name>                     </LocalAccount>                 </LocalAccounts>                 <DomainAccounts></DomainAccounts>             </UserAccounts>         </component>     </settings> Hide the EULA page. Set the network location to work. Setup the Protect Your PC settings so we don't get prompted every time. Create the temp account so we don't get prompted to create an account every time.

17 Uploading Images Once the reference machine is prepared copy the unattend.xml file to the drive Run sysprep /generalize /oobe /shutdown /unattend:unattend.xml PXE boot machine to WDS server Select volume to upload Give image a name Select option to upload to server Login Wait Associate the unattend.xml file with the image Create multicast session Again, WDS won't upload an image of a volume which hasn't been sysprepped. Make sure you don't turn on the machine before uploading, because it will run through the specialize and oobe passes, and then you can't upload it until you run sysprep again. The image will also be left on the hard drive, so you can make a copy of this WIM file for other uses. If you don't have access to the WDS management console, you can just create the unattend folder and place the file inside.

18 Uploading Images

19 Uploading Images

20 Setup Image for Unattended Mode
After setting up the unattend file, you then create the Multicast Transmission (no screen shot)

21 Deploying Images On the Imaging VLAN PXE boot machine to WDS
Select the image to apply Wait Off the Imaging VLAN Create a "Discover Image" Boot machine with Discover Image

22 Multicasting Images Multicasting can be setup in two modes Auto-Cast
Session is initiated whenever a client requests Additional clients are joined to session as they request Scheduled-Cast Set a specific time for session to complete Clients wait until designated time to begin A recent multicast session imaged 10 computers in about 45 minutes. Our old setup would take 4 hours and machines still needed to be configured manually.

23 Things that work well Deploying images is fairly painless Multicasting
Some hardware independence Since WDS performs an install of Windows 7, if the drivers are included on the Windows 7 DVD, it will work on the system. I have been able to apply the same image to several Dell systems, a Lenovo laptop and an Acer Netbook. Usually there are only a few drivers that I need to update once the image is installed.

24 Things that don't work so well
Changing the taskband for the default user profile Activation can be a pain Forgetting to setup a multicast session for an image tends to upset network engineers Automating image deployment You can add up to three items in the unattend.xml to be added to the default user profile, but you can't remove anything (like Windows Media Player). I found a script which allows you to do this, however. Activation would be smoother if we implemented a KMS on our network. WDS won't multicast an image by default, so you need to remember to setup the multicast session per image It would be nice if you could setup a boot image which would automatically select an image for deployment and apply it. 

25 References Technet - Windows Deployment Services
How Configuration Passes Work Brian Lee Jackson - Sysprep a Windows 7 Machine – Start to Finish V2 The Deployment Guys - Pin Items to the Taskbar and Start Menu Standard Unattend File -

26 Questions?

27 Thank you ResNet Symposium Infrastructure Systems at Dickinson College
Please remember to fill out the survey


Download ppt "Windows Deployment Services Sysprep and You"

Similar presentations


Ads by Google