Presentation on theme: "IT Series - Deploying Windows 7 with Free Tools"— Presentation transcript:
1IT Series - Deploying Windows 7 with Free Tools Donald HesterOctober 14, 2010For audio call Toll Freeand use PIN/code
2Housekeeping Maximize your CCC Confer window. Phone audio will be in presenter-only mode.Ask questions and make comments using the chat window.
3Do not listen on both computer and phone. Adjusting AudioIf you’re listening on your computer, adjust your volume using the speaker slider.If you’re listening over the phone, click on phone headset.Do not listen on both computer and phone.
4Saving Files & Open/close Captions Save chat window with floppy disc iconOpen/close captioning window with CC icon
5Emoticons and PollingRaise hand and EmoticonsPolling options
6IT Series - Deploying Windows 7 with Free Tools Micah Orloff
7Donald E. HesterCISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+Director, Maze & AssociatesUniversity of San Francisco / San Diego City College / Los Positas College7
8What we will be covering Microsoft Assessment and Planning Toolkit (MAP)Microsoft Application Compatibility Toolkit (ACT)Enterprise Learning Framework (ELF)Microsoft Deployment Toolkit (MDT)Microsoft Desktop Optimization Pack (MDOP) for Asset Inventory PlanningMDT Deployment WorkbenchWindows Automated Installation Kit (WAIK)User Settings Migration Tool (USMT) 4.0Windows Deployment Services (WDS)
11Tools Used to Support the Planning Phase Module 1: Preparing to Deploy Windows 7 Business DesktopsCourse 6294ATools Used to Support the Planning PhaseMicrosoft Assessment and Planning Toolkit (MAP)Microsoft Application Compatibility Toolkit (ACT)Key message: The key to a successful desktop deployment is to obtain as much information about the existing desktop environment as possible. Also, you can obtain guidance and best practices to assist in each of your desktop deployment project phases.Use this topic to introduce each tool included on the slide as it relates to the planning phase. Additional information is provided on the Course Companion CD. If you have an Internet connection, consider demonstrating from your host computer the Enterprise Learning Framework online tool. While on the Internet, you may also want to show students the main Web sites associated with each tool.The following acronyms are often used for these tools:MAP – Microsoft Assessment and Planning ToolkitACT – Application Compatibility ToolkitELF – Enterprise Learning FrameworkMDT – Microsoft Deployment ToolkitMDOP – Microsoft Optimization PackAsset inventory planning tools will be discussed in a future topic, so do not go into too much detail here.To build this slide:This slide starts with the process graphic and plan image on the right and automatically builds to include each tool. Discuss each.Question: What is the purpose of the System Configuration Manager 2007?Answer: Microsoft System Center Configuration Manager 2007 provides a comprehensive solution for change and configuration management for the Microsoft platform.Enterprise Learning Framework (ELF)PLANMicrosoft Deployment Toolkit (MDT)Microsoft Desktop Optimization Pack (MDOP) for Asset Inventory PlanningSystem Center Configuration Manager 2007
12Tools Used to Support the Building Phase Module 1: Preparing to Deploy Windows 7 Business DesktopsCourse 6294ATools Used to Support the Building PhaseMDT Deployment WorkbenchKey message: Deploying a Windows 7 desktop is more straightforward because of a number of enhanced engineering tools used to create and maintain computer images. Windows 7 support for Windows Imaging (WIM) file format provides the ability to create and distribute hardware-independent images to desktops throughout the organization.Use this topic to introduce each tool on the slide and its relationship to the lifecycle graphic. Additional information about each tool is contained on the Course Companion CD.The following acronyms are often used for these tools:MDT – Microsoft Deployment ToolkitWAIK – Windows Automated Installation KitUSMT – User State Migration ToolTo build this slide:This slide starts with the process graphic and build image on the right and automatically builds to include each tool. Discuss each.The following are the important tools that are included with the Windows AIK:Question: You have decided to use the Windows AIK to deploy Windows 7. What do you use to create the images for the magazine development group?Answer: ImageX is a tool used to create system images.BUILDWindows Automated Installation Kit (WAIK)User State Migration Tool (USMT)ToolDescriptionWindows System Image Manager (Windows SIM)The tool used to open Windows images, create answer files, and manage distribution shares and configuration sets.ImageXThe tool used to capture, create, modify, and apply Windows images.Deployment Image Servicing and Management (DISM)The tool used to apply updates, drivers, and language packs to a Windows image. DISM is available in all installations of Windows 7 and Windows Server 2008 R2.Windows Pre-installation Environment (Windows PE)A minimal operating system environment used to deploy Windows. The AIK includes several tools used to build and configure Windows PE environments.User State Migration Tool (USMT)A tool used to migrate user data from a previous Windows operating system to Windows 7. USMT is installed as part of the AIK in the %PROGRAMFILES%\Windows AIK\Tools\USMT directory. For more information about USMT, refer to the User State Migration Tool User’s Guide (%PROGRAMFILES%\Windows AIK\Docs\Usmt.chm)
13Tools Used to Support the Deploying Phase Module 1: Preparing to Deploy Windows 7 Business DesktopsCourse 6294ATools Used to Support the Deploying PhaseD E P L O YKey message: Deploying Windows 7 using Lite Touch or Zero Touch requires specific tools to support the technologies and scripts used for the deployment scenario.Use this topic to introduce each tool included on the slide and its relationship to the deployment lifecycle graphic presented previously. Additional information about each tool is included on the Course Companion CD.The following acronyms are often used for these tools:MDT – Microsoft Deployment ToolkitWDS – Windows Deployment ServicesSCCM – System Center Configuration ManagerUSMT – User State Migration ToolTo build this slide:This slide starts with the process graphic and deploy image at the top and automatically builds to include each tool. Discuss each.Question: You are deploying 500 new computers in the enterprise. What tool do you use to migrate user settings and user state to the new computers?Answer: Use the USMT 4.0 when hardware and operating system upgrades are planned for a large number of computers.MDT Deployment WorkbenchWindows Deployment Services (WDS) 2008System Center Configuration Manager 2007User State Migration Tool (USMT)
14Microsoft Assessment and Planning Toolkit (MAP) The Microsoft Assessment and Planning (MAP) Toolkit is an agentless tool designed to simplify and streamline the IT infrastructure planning process across multiple scenarios through network-wide automated discovery and assessments. MAP performs an inventory of heterogeneous IT environments and provides you with usage information for SQL Server and servers in the Core CAL Suite, Windows 2000 Server migration assessment, SQL Server 2008 discovery and assessment for consolidation, and a readiness assessment for the most widely used Microsoft technologies including Windows 7, Office 2010, and Windows Server 2008 R2. MAP also provides server virtualization scenarios to help you identify underutilized resources and the hardware specifications needed to successfully consolidate your servers using Microsoft Hyper-V technology.In-Depth Readiness ReportingMAP generates reports containing both summary and detailed assessment results for each migration scenario. The results are provided in Microsoft Excel workbooks and Microsoft Word documents. Reports are generated for the following scenarios:Identification of currently installed Windows client operating systems, their hardware, and recommendations for migration to Windows 7.Reporting of antivirus and anti-malware programs installed on the desktop and if the Windows Firewall is turned on.Identification of currently installed Microsoft Office software and recommendations for migration to Microsoft Office 2010.Identification of currently installed Windows Server operating systems, underlying hardware and devices, as well as recommendations for migration to Windows Server 2008 R2.Identification of currently installed Linux operating systems and underlying hardware for virtualization on Hyper-V or management by System Center Operations Manager R2.Detailed assessment and reporting of server utilization, as well as recommendations for server consolidation and virtual machine placement using Hyper-V or Virtual Server 2005 R2.Discovery of Microsoft SQL Server databases, instances, and selected characteristics.Identification of SQL Server host machines and SQL Server components.Identification of virtual machines running on both Hyper-V and VMware, their hosts, and details about hosts and guests.Assessment of Windows 2000 Server environments and inventory.For more information on MAP see:
15MAP Deployment Readiness Software Usage Tracker Feature Secure and Agentless InventoryComprehensive Data AnalysisIn-Depth Readiness ReportingSoftware Usage Tracker FeatureProvides software usage reportsSoftware by user/deviceInventoryLicense Compliance
16MAP Secure Agentless Inventory Windows 7Windows VistaWindows XP ProfessionalOffice 2010 and previous versionsWindows Server 2008 or Windows Server 2008 R2Windows Server 2003 or Windows Server 2003 R2Windows 2000 Professional or Windows 2000 ServerVMware ESXVMware ESXiVMware ServerLinux variantsLAMP application stack discoverySQL Server 2008Secure and Agentless InventoryMAP provides secure, agentless, and network-wide inventory that scales from small business to large enterprises. It collects and organizes system resources and device information from a single networked computer. Assessment tools often require users to first deploy software agents on all computers to be inventoried, but this tool does not. MAP uses technologies already available in your IT environment to perform inventory and assessments. These technologies include Windows Management Instrumentation (WMI), the Remote Registry Service, Active Directory Domain Services, and the Computer Browser service.
17In-Depth Readiness Reporting Current software, hardware and migration recommendations to:Windows 7Windows Server 2008 R2Office 2010Virtualization reportsPossible server consolidationMigrate Linux to virtual environmentIn-Depth Readiness ReportingMAP generates reports containing both summary and detailed assessment results for each migration scenario. The results are provided in Microsoft Excel workbooks and Microsoft Word documents. Reports are generated for the following scenarios:Identification of currently installed Windows client operating systems, their hardware, and recommendations for migration to Windows 7.Reporting of antivirus and anti-malware programs installed on the desktop and if the Windows Firewall is turned on.Identification of currently installed Microsoft Office software and recommendations for migration to Microsoft Office 2010.Identification of currently installed Windows Server operating systems, underlying hardware and devices, as well as recommendations for migration to Windows Server 2008 R2.Identification of currently installed Linux operating systems and underlying hardware for virtualization on Hyper-V or management by System Center Operations Manager R2.Detailed assessment and reporting of server utilization, as well as recommendations for server consolidation and virtual machine placement using Hyper-V or Virtual Server 2005 R2.Discovery of Microsoft SQL Server databases, instances, and selected characteristics.Identification of SQL Server host machines and SQL Server components.Identification of virtual machines running on both Hyper-V and VMware, their hosts, and details about hosts and guests.Assessment of Windows 2000 Server environments and inventory.
18Microsoft Application Compatibility Toolkit (ACT) DescriptionThe Microsoft Application Compatibility Toolkit (ACT) 5.5 is a lifecycle management tool that assists in identifying and managing your overall application portfolio, reducing the cost and time involved in resolving application compatibility issues, and helping you quickly deploy Windows Vista and Windows updates.With the ACT, you can:•Analyze your portfolio of applications, Web sites, and computers•Evaluate operating system deployments, the impact of operating system updates, and your compatibility with Web sites•Centrally manage compatibility evaluators and configuration settings•Rationalize and organize applications, Web sites, and computers•Prioritize application compatibility efforts with filtered reporting•Add and manage issues and solutions for your enterprise-computing environment•Deploy automated mitigations to known compatibility issues•Send and receive compatibility information from the Microsoft Compatibility ExchangeLinks to Other Resources•Application Compatibility Toolkit Download:•Introduction to the Application Compatibility Toolkit:•Application Compatibility Toolkit Technical Reference:•ACT Walkthrough Exercises:Version 5.6 has support for migration to Windows 7 64-bit
21Enterprise Learning Framework (ELF) Developing a training and communication plan helps with:Raising AwarenessMinimizing DisruptionShortening TrainingGaining ProductivityThe Enterprise Learning Framework (ELF) is a tool that helps corporations develop a training and communication plan for employees during Windows 7, Windows Vista and the 2007 Microsoft Office system deployment. The ELF identifies the most relevant learning topics on Windows Online Help and Office Online for different stages of deployment and different types of users. With the Enterprise Learning Framework you can:Minimize concern by preparing employees for deployment and raising awareness of the new versions’ benefitsMinimize disruption on deployment day by getting employees up to speed with a short list of "must know" topicsSelect tips-and-tricks and other productivity topics to help employees get the most from Windows 7, Windows Vista and the 2007 Office release after deploymentThe Enterprise Learning Framework was developed in response to requests from our corporate customers for help with deployment. The Enterprise Learning Framework can help corporations with:Raising Awareness: Helping employees understand how the new versions of Windows and Office will benefit them and helping to prepare employees before deploymentMinimizing Disruption: Identifying a small, manageable number of learning topics to get employees up and running quickly with Windows 7, Windows Vista and the 2007 Office releaseShortening Training: Concise learning topics requiring only a few minutes each from employeesGaining Productivity: Identifying the most important learning topics for improving productivity as employees continue to use Windows 7, Windows Vista and the 2007 Office release
22The Enterprise Learning Framework (ELF) is a tool that helps corporations develop a training and communication plan for employees during Windows 7, Windows Vista and the 2007 Microsoft Office system deployment. The ELF identifies the most relevant learning topics on Windows Online Help and Office Online for different stages of deployment and different types of users. With the Enterprise Learning Framework you can:Minimize concern by preparing employees for deployment and raising awareness of the new versions’ benefitsMinimize disruption on deployment day by getting employees up to speed with a short list of "must know" topicsSelect tips-and-tricks and other productivity topics to help employees get the most from Windows 7, Windows Vista and the 2007 Office release after deployment
23Microsoft Deployment Toolkit Lite TouchZero Touch with Configuration Manager 2007Aligns with ConfigMgrEvolutionary refinementsAdds server supportUpgrade from BDD 2007 and MDT 2008Fully integrated experienceSingle consoleAdds server supportExtends and enhances ConfigMgr 2007Introduce the concepts of MDT 2010 explaining the difference between Lite Touch and Zero Touch deployment. Explain that we sit on top of the Windows AIK and offer process and tool guidance through our documentation set.Here are some key talking points for Lite TouchUses the task sequencing engine from System Center Configuration ManagerCan deploy Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2MDT 2010 is an upgrade over previous versions of MDTTalking points for Zero TouchMDT integrates in the System Center Configuration Manager consoleExtends the SCCM wizards and provides many additional task sequence actionsThis module will primarily cover the Lite Touch scenarios. Zero Touch will be covered on Day 2 (optional)Leverages core deployment toolsProvides process and tool guidance
24MDT 2010 Windows 7 and Windows Server 2008 R2 Support Add support for the latest operating systemsUse the latest toolsEnable new scenariosWindows 7 and Windows Server 2008 R2 SupportImprove administrative processesSupport more than one userEnhance automation and extensibilityTask Sequence & Script EnhancementsDeployment Workbench Architecture EnhancementsImprove diagnostics and loggingBetter error reporting and recoveryMake scripts as easy to follow as possiblePowerShell CapabilitiesScript Architecture EnhancementsContinue to simplify documentationCross-linked contentCover both the “why’s” and the “how’s”Documentation ImprovementsThere are four main areas that the new features in MDT 2010 focus on:Deployment Workbench Architecture EnhancementsThe goal of changing the Deployment Workbench was to Improve the administrator’s experience in the workbench and enable new scenarios for administration. One of the most requested features in previous versions of MDT was the ability have multiple users configuring the deployment workbench at the same time. MDT 2010 provides this feature primarily because it is built on top of the Powershell provider.Here are a few new scenarios now supported by the workbench:Scenario #1: Simple but reliableYou want to have a single deployment share on a highly-available file server cluster with SAN-attached storage, but you don’t want to install MDT on that server. That wasn’t possible with MDT 2008, but it’s simple with MDT 2010. You can install MDT on your workstation (or any other machine) and use it to manage the contents of a deployment share on the file server cluster via the UNC path that you created.Scenario #2: Private and publicYou have a lab environment where you create your reference images. You import those images into Deployment Workbench and create new task sequences to deploy those. But you don’t want your end users to ever deploy the reference image task sequences, just the ones that deploy the reference images. With MDT 2008, you could have done that using a lab deployment point and a network deployment point.With MDT 2010, you would create two deployment shares, for example \\SERVER1\Lab and \\SERVER1\Production. You can then replicate only the items you want from lab to production. This is done using “linked deployment shares”, a new feature that allows you to specify the target deployment share (e.g. \\SERVER1\Production) and the content that should be replicated to it. Or, you could do this manually as Deployment Workbench could have both deployment shares open at the same time, enabling you to manually copy the needed items from one share to the other.Scenario #3: Server and desktopYou might have two different teams, one which works on server OSes, images and task sequences, and the other that works on desktop OSes, images, and task sequences. You can create two deployment shares to support that, and even selectively copy content (e.g. a subset of drivers or applications) between them.Scenario #4: Cooperative deployment sharesSome companies do not have a completely centralized IT group. They may have a central team that creates reference images and packages applications, but regional IT groups are responsible for the actual deployment, including figuring out what drivers are needed for the hardware used at that location. With MDT 2010, you can have a central deployment share, then selectively replicate content to regional deployment shares, e.g. all images and applications, without disturbing the rest of the deployment share content. The IT administrators at the regional sites can maintain their own task sequences, drivers, etc.Powershell CapabilitiesThe Deployment Workbench is built on top of Powershell. That means that every action that can be performed inside of the Deployment Workbench can be automated through Powershell. This allows you to create your own automation scripts to fully populate the MDT configuration.Task Sequence and Script EnhancementsThe Task Sequences and scripts have been enhanced to improve error reporting, provide more accurate errors, and account for many of the most common deployment failures such as failure to join a domain. With Windows 7, we now have to support deploying the Operating System to another partition so MDT provides the ability to choose which disk and partition to deploy the Operating System toConfiguration Manager ImprovementsThe changes with the Configuration Manager integration are minimal but important. The task sequence now has better error recovery to make sure that Log files and User Data is retained in the event of a failure. Additional Windows 7 enhancements such as hard-link migration with USMT 4 has been added to the task sequence. The wizard for creating a task sequence has been improved in order to limit the amount of information you will need to enter if you are not capturing an image.
25What’s New in MDT 2010 MDT 2010 is a significant upgrade from MDT 2008 Still supports Windows XP and aboveDrops support for SMS 2003MDT 2010 adds full support for Windows 7 and Windows Server 2008 R2 and latest deployment tools:Windows Automated Installation Kit 2.0Windows PE 3.0New way to construct an imageUSMT 4.0New hardlink and offline migration capabilitiesDeployment Image Servicing and Management (DISM) toolReplaces several previous tools, adds new enumeration capabilitiesMDT 2010 makes these changes transparentMDT 2010 is a major upgrade from MDT We will be talking about the new features in MDT 2010 throughout this module.MDT 2010 leverages all of the new capabilities in the Windows AIK including Windows PE 3.0, DISM, and the new functionality in the User State Migration Tool 4.0 and makes these changes as transparent as possible. The MDT Administrator will not have to know all of the intricate details of the individual Windows AIK tools that apply to certain operating systems because MDT will automatically run the correct tool no matter if they are deploying Windows XP or Windows 7
26Microsoft Deployment Using MDT and SCCM Microsoft Deployment Toolkit (MDT)Excellent GUI interface to ask questions (variables) prior to deploymentAlternatively, can be fully automated during deployment if variables predefinedNo built in mechanism to schedule and initiate itself for deploymentSystem Center Configuration Manager (SCCM) Operating System Deployment (OSD)Non-existent GUI interfaceAll variables configured on SCCM prior to deploymentExcellent built in scheduling and initiating of deployments$$$
27Key Features of Windows AIK Module 5: Deploying Windows 7 by Using Windows AIKCourse 6294AKey Features of Windows AIKKey FeaturesKey message: Explain that Windows AIK is a collection of tools and documentation designed to help IT professionals deploy Windows. Explain the purpose and key benefits of Windows AIK, including scenarios when it is typically used. Clarify that Windows AIK can be used to deploy Windows 7, and that it is ideal for highly customized environments.Provide a summary of the primary documentation resources available on Windows AIL DVD and installed with the Windows AIK tools.Windows AIK 2.0 is a collection of tools and documentation designed to help IT professionals deploy Windows.Highly customized environments are ideal for using Windows AIK.Windows AIK tools can be used to configure many deployment options.Organizations can use the tools that satisfy their business requirements, providing a high degree of flexibility.
28Tools Included in Windows AIK Course 6291ATools Included in Windows AIKModule 5: Deploying Windows 7 by Using Windows AIKToolDescriptionWindows System Image Manager (Windows SIM)Used to create unattended installation answer files and distribution shares, or to modify the files contained in a configuration set.ImageXUsed to capture, modify, and apply file-based disk images for rapid deployment.Deployment Image Servicing and Management (DISM)Used to Apply updates, drivers, and language packs to a Windows image.Windows Pre-installation Environment (Windows PE)Designed to prepare a computer for Windows installation.User State Migration Tool (USMT)Used to migrate user data from a previous Windows operating system to Windows 7.Volume Activation Management Tool (VAMT)Used to automate and centrally manage the Windows volume activation process.The table shown in this slide demonstrates the tools that are used in most Windows deployment scenarios. Describe the collection of tools that are available for IT professionals to deploy Windows 7.Key message: Inform students that by default, the AIK is installed to the C:\Program Files\Windows AIK directory. This directory contains all the tools and documentation included in the Windows AIK 2.0 release.Question: Which Windows AIK 2.0 tool enables OEMs and corporations to capture, modify, and apply file-based disk images for rapid deployment?Answer: ImageXDiscussion prompt: Ask students to describe their experience working with these tools and technologies. Note that answers can vary. If students have Windows XP background, they will be familiar with Answer Files, Windows Setup, Sysprep. If students have Windows Vista background, they will be familiar with most of these tools, except DISM.
29What Is Windows Imaging File Format? Module 4: Designing Standard Windows 7 ImagesCourse 6294AWhat Is Windows Imaging File Format?A file-based disk image format that contains compressed files used to install operating systemsKey message: Describe the Windows Imaging File format.Explain that Windows Imaging (WIM) file is a file-based disk image format introduced in Windows Vista. WIM files are compressed packages that contain a number of related files.The WIM file structure contains up to six types of resources defined as follows: WIM Header: defines the .wim file content, such as memory location of key resources (metadata resource, lookup table, and XML data) and .wim file attributes (version, size, and compression type).File Resource: is a series of packages that contain captured data, such as source files.Metadata Resource: stores information on how captured data is organized in the .wim file. This includes directory structure and file attributes. There is one metadata resource for each image in a .wim file.Lookup Table: contains the memory location of resource files in the .wim file.XML Data: contains additional miscellaneous data about the WIM image, such as directory and file counts, total bytes, creation and modification times, and description information. The ImageX /info command displays information based on this resource.Integrity Table: contains security hash information used to verify the image’s integrity during an apply operation. This is created when you set the /check switch during an ImageX capture operation. All Windows 7 installations use this image file.Windows Image (.wim) FileWIMHeaderMetadataResource(Image 1)MetadataResource(Image 2)File ResourceFile ResourceFile ResourceLookup TableXML DataIntegrity TableFile ResourceFile ResourceFile ResourceLookup TableXML DataIntegrity TableImage 1Image 2
30Module 4: Designing Standard Windows 7 Images Course 6294ATypes of ImagesThree different type of images:Key message: Explain the three different types of images: thin, thick and hybrid. Define them and describe their advantages and disadvantages.Thick Image: Thick images are monolithic images that contain core applications, language packs, and other files. Part of the image development process is installing core applications and language packs before capturing the image. To date, most organizations that use imaging to deploy operating systems are building thick images.Thin Image: Thin images contain few, if any, core applications or language packs. Organizations deploy applications and language packs separately from the image, separate from deploying the operating system. This typically takes more time at the computer, and possibly more total bytes transferred over the network. However, the transfer is spread out over a longer period of time. The network transfer time can be reduced by using trickle-down technology that many software distribution infrastructures provide, such as Background Intelligent Transfer Service (BITS).Hybrid Image: The more items in an image, the larger the image becomes. Large images involve increased updating, testing, distribution, network, and storage costs. This is because they are more difficult to update and test regularly and slower to deploy over a network, since more storage space is required. A key to reducing image count, size, and cost is to compromise.By compromising on what is included in an image, you can reduce the number of images you maintain and their size. Ideally, an organization builds and maintains a single, worldwide image that can be customized after deployment.Hybrid images mix thin and thick image strategies. In a hybrid image, the image is configured to installation of applications and language packs on the first start. This provides a similar experience to that of a thick image, even though the applications and language packs are installed from a network source.Alternative Strategy: One alternative is to build one-off thick images from a thin image. Start by building a reference thin image. Then, after the thin image is tested, add core applications and language packs, capture them, test them, and distribute the thick image based on the thin image. Testing of the thick image is minimized, because the imaging process is basically the same as a regular deployment. However, be aware of applications that are incompatible with the imaging process.Thick imagesCore applicationLanguage packsOther filesThin imagesFew applicationsFew language packsHybrid imagesMix thin and thick image strategies
31Create your image daily through automation! How do you reduce management of image creation process?How do you improve security of images being deployed?Always have the latest Windows and application updates appliedAlways have the latest Virus Definitions appliedCreate your image daily through automation!Patch approval done as separate taskVirus definitions updated oftenViruses attack vulnerable systems
32Deployment Image Servicing And Management (DISM) Enable and disable, enumerate, add, remove packages and updatesAdd, remove, enumerate driversWIM and VHD supportOEMs can select OS editions offline
33Deployment Image Servicing and Management (DISM) A command-line tool used to service Windows images offline before deploymentUse it to install, uninstall, configure, and update:Windows featurespackagesdriversinternational settingsDeployment Image Servicing and Management Technical Reference Published: October 22, 2009Updated: October 22, 2009Applies To: Windows 7Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows® images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system.DISM is installed with Windows® 7, and it is also distributed in the Windows OEM Preinstallation Kit (Windows OPK) and the Windows Automated Installation Kit (Windows AIK). It can be used to service Windows Vista® with Service Pack 1 (SP1), Windows Server® 2008, Windows® 7, Windows Server® 2008 R2, or Windows PE images. DISM replaces several Windows OPK tools, including PEimg, Intlcfg, and Package Manager.
34Windows Deployment Services (WDS) Windows Deployment Services (WDS) provides the ability to deploy Windows 7 by using a network-based installation.Module 6: Deploying Windows 7 by using Windows Deployment ServicesCourse 6294AWindows Deployment Services (WDS)Slide is here for manual image onlyWDS benefits:Reduces the complexity of deployments and the costs associated with inefficient manual installation processes.üEnables you to perform network-based installation of Windows operating systems.Deploys Windows images to computers without operating systems.Provides an end-to-end solution for the deployment of Windows OSs to client computers and servers. Uses standard Windows Server 2008 setup technologies, including Windows PE, WIM files, and image-based setup .
35Windows Deployment Services Multicast Enhancements Multiple Stream TransferMultiple bands to broadcast images to clientsOptimized rates per client connectionClient Auto RemovalSlower clients can be dropped to unicast or entirely (only in standard multicast)Boot Image MulticastWindows PE boot images can use multicast (clients with EFI)FastMediumSlow
36Windows Deployment Services Dynamic Driver Provisioning WDS ServerImages DriversClientDriver targeting to match drivers to hardwareReduces image size and centralizes deployment driver management
37Module 9: Migrating User State by Using WET and USMT 4.0 Course 6294AUser State MigrationDeployment scenariosUser dataData stored on local hard drivesUser folders such as My Documents, My Pictures etc.Application settingsApplication-specific configuration settingsPreferencesData filesUser preferencesDesktop appearanceWindow appearanceInternet browser settingsMail settingsA user state migration captures all custom settings on a existing computer and restores the settings to newly deployed computerUser state migration components:User State Migration scenariosReplaceRefreshDeployment scenariosReplace ComputerDeploy a new operating system to new computerReinstall applications on the destination computerRestore user stateRefresh ComputerDeploy a new operating system to computers that already has operating systemKey message: Explain user state migration components and the scenarios in which it is performed.Make sure you identify which components you need to migrate to the new operating system platform.User preferences: these include user profile features, Internet browser settings, and mail settings. Consider which user accounts, operating system settings, and user preferences you want to migrate or standardize.User accounts: computers may have settings related to domain and local user accounts. You must determine whether local user accounts must be migrated. Your consideration must also include whether the account must be enabled on the destination computer and how you will deal with password requirements.Operating system settings: identify which operating system settings to migrate and to what extent you want to create a new standard environment on the computers. Operating system settings may include appearance, mouse actions (for example, single-click or double-click) and keyboard settings, Internet settings, account settings, dial-up connections, accessibility settings, and fonts.User data: this includes data that is stored on local hard drives. Typically, critical data is stored on corporate file servers. However, there may be situations in which users store data on local hard drives.Application settings: these include application-specific configuration settings, preferences, and data files. (User state migration does not include migrating the actual application.)Determine and locate the application settings that you want to migrate. This information can be acquired when you are testing the new applications for compatibility with the new operating system. Considerations include whether the destination version of the application is newer than the source version and where the specific application settings are stored. Settings may be stored in the registry, .ini files, or a text or binary file. To determine the location of an application setting, review the vendor’s documentation or Web site. Migration does not include migrating the actual application itself.Use the graphic on the slide to explain how user state migrations happen in Refresh and Replace scenarios.Replace computer scenario:A new operating system is deployed to new computers.User state can be captured from the source computers before (temporary storage) or after (side-by-side) deployment of the operating system to destination computers.Refresh computer scenario:A new operating system to computers that already have an operating system (source and destination computers are the same computers).User state can be captured in temporary storage. You can then deploy the operating system, and then restore the user state on those computers. This is from the Windows.old folder.User preferencesüUser dataüApplication settingsü
38Tools for Migrating User State Module 9: Migrating User State by Using WET and USMT 4.0Course 6294ATools for Migrating User StateUser State Migration ToolWindows Easy TransferUse one of the following migration tools:üWindows Easy Transfer (WET)Key message: Explain the features of WET and USMT tools. Also mention in which scenarios these tools are used and what settings and data can be migrated using these tools.This slide lists the two tools that can be used to perform migration and the elements that the students want to migrate.Explain the difference between Windows Easy Transfer (WET) and User State Migration Tool (USMT). Explain that you use WET to perform a side-by-side migration for a single computer, or a small number of computers. And you use USMT when performing a side-by-side migration for many computers and to automate the process as much as possible, or to perform a wipe-and-load migration on the same computer.Question: How do you migrate applications to Windows® 7?Answer: You can migrate application settings, but you cannot migrate the application itself. You have to re-install your applications on the destination computer before you restore the application settings on that computer.üUser State Migration Tool (USMT)Identify which elements are to be migrated to the new operating system
39Module 9: Migrating User State by Using WET and USMT 4.0 Course 6294AUSMTTo migrate by using USMT 4.0:Collect Files and Settings from the Source ComputerClose all applicationsRun ScanState commandKey message: Explain the process of migrating the user state by using USMT 4.0USMT is a scriptable command-line tool that provides a highly-customizable user-profile migration experience for IT professionals. The following shows the components of USMT:ScanState.exe: this scans the source computer, collects the files and settings, and then creates a store.LoadState.exe: this migrates the files and settings, one at a time, from the store to a temporary location on the destination computer.Migration .xml files: the .xml files used by USMT for migrations are the MigApp.xml, MigUser.xml, or MigDocs.xml, and any custom .xml files that you create.The MigApp.xml file: specify this file with the ScanState and LoadState commands to migrate application settings to computers running Windows 7.The MigUser.xml file: specify this file with the ScanState and LoadState commands to migrate user folders, files, and file types to computers running Windows 7.The MigDocs.xml file: specify this file with the ScanState and LoadState tools to migrate all user folders and files that are found by the MigXmlHelper.GenerateDocPatterns helper function.Custom .xml files: you can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior.Config.xml: to exclude components from the migration, you can create and modify the Config.xml file using the /genconfig option with the ScanState tool.Component Manifests for Windows Vista® and Windows 7: when the source or destination computer is running Windows Vista or Windows 7, the component-manifest files control which operating system settings are migrated and how they are migrated.Down-level Manifest files: when the source computer is running a supported version of Windows® XP, these manifest files control which operating system and Internet Explorer settings are migrated and how they are migrated.USMT internal files: all other .dll, .xml, .dat, .mui, and .inf files included with USMT are for internal use.Explain the hard-link migration store. The new hard-link migration store is for use only in wipe and load migration. Hard-link migration stores are stored locally on the computer that is being refreshed and can migrate user accounts, files, and settings in less time using megabytes of disk space instead of gigabytes.Explain the syntax and command line available for USMT.Additional Reading: User State Migration Tool 4.01Source ComputerPrepare the Destination Computer:Install the operating systemInstall all applications2Restore Files and Settings on the Destination ComputerRun the LoadState commandLog off3Destination Computer
40Module 9: Migrating User State by Using WET and USMT 4.0 Course 6294AFeatures of USMT 4.0User State Migration Tool (USMT) 4.0 is a scriptable command-line tool that provides a highly-customizable user-profile migration experienceBenefits of USMT 4.0Key message: Explain the benefits and key features of USMT 4.0.USMT 4.0 provides the following benefits to businesses deploying Windows operating systems:Migrating user accounts, operating system, and application settings safely. It is customizable and highly-scriptable, which increases automation for large deployment scenarios.Reducing the cost of deploying the Windows operating system by preserving the user state. This reduces the time needed for users to become familiar with the new operating system and the time that is required to customize desktops and locate missing files and settings.Reducing end-user downtime. This reduces help desk calls and increases employee satisfaction with the migration experience.USMT 4.0 introduces the following new features:Hard-link migration store: USMT 4.0 introduces hard-link migration store for use in refresh computer scenario. Hard-link migration stores are stored locally on the computer that is being refreshed. It can be used to migrate user settings and data in less time and requires less storage space.Offline migration: USMT 4.0 enables you to collect data from an offline Windows operating system using the ScanState command in Windows® PE. In addition, USMT 4.0 supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the ScanState command in Windows PE or to Windows.old when you run the ScanState command in Windows.Note: For complete information on new features of USMT 4.0, refer to What’s New in USMT 4.0 atExplain the following scenarios where using USMT is not recommended:Migrations that require end-user interactionMigrations that require customization on a machine-by-machine basisSafely migration of user accounts, operating system, and application settingsReduces the cost of deploying Windows operating system by preserving user stateReduces end-user downtimeNew Features of USMT 4.0Hard-link migration storeOffline migration
41Module 9: Migrating User State by Using WET and USMT 4.0 Course 6294AUser State DataOperating-System ComponentsMigrates operating system components to a destination computer that is running Windows 7 from computers that are running Windows XP, Windows Vista, or Windows 7User DataFolders from each user profileFolders from the All Users and Public profilesFile typesAccess Control ListSupported ApplicationsOnly the settings that have been used or modified by the userüWhat USMT Does Not Migrate:Application Settings:Settings from earlier versions of an applicationLocal application settingsMicrosoft Project settings when migrate from Microsoft Office 2003 to 2007Operating-System Settings:Mapped network drives, local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable filesShared folders permissionsFiles and settings migrating between operating systems with different languagesCustomized icons for shortcutsTaskbar settings, when the source computer is running Windows XPKey message: Identify the user state data that can be migrated using USMT 4.0The first frame lists the User State Data that USMT migrates.User Data: ScanState uses rules in MigUser.xml to collect everything in a user’s profile. It then performs a file extension-based search on most of the system for other user data. If the data does not match either of these criteria, the data will not be migrated. By default, USMT migrates the following user data and ACLs using the MigUser.xml:Folders from each user profile: USMT migrates everything in a user’s profile including My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites.Folders from the All Users and Public profiles: USMT also migrates the following from the All Users profile in Windows XP, or the Public profile in Windows Vista or Windows 7: Shared Documents, Shared Video, Shared Music, Shared desktop files, Shared Pictures, Shared Start menu, and Shared Favorites.File types: the ScanState tool searches the fixed drives, collects and migrates files that have any of the following file name extensions: .accdb, .ch3, .csv, .dif, .doc*, .dot*, .dqy, .iqy, .mcw, .mdb*, .mpp, .one*, .oqy, .or6, .pot*, .ppa, .pps*, .ppt*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl*, .vsd, .wk*, .wpd, .wps, .wq1, .wri, .xl*, .xla, .xlb, .xls*.Access Control List: USMT migrates the access control list for specified files and folders from computers that are running Windows XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will be preserved on the destination computer after the migration.Operating-System Elements: USMT migrates operating system components to a destination computer that is running Windows 7 from computers running Windows XP, Windows Vista, or Windows 7.To see the list of components that USMT migrates by default, see the Course Companion CD.Supported Applications: it is recommended that all applications on the destination computer be installed before restoring the user state to make sure that migrated settings are preserved. The versions of installed applications must match on the source and destination computers.The second frame shows the list of things that USMT does not migrate.USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. In addition, USMT migrates only the settings that were used or changed by the user. If there is an application setting on the source computer that was not touched by the user, it may not migrate.To see the list of application settings that USMT migrates by default see the Course Companion CD.Note that the data that does not migrate using MigUser.xml includes: application settings, existing applications, and operation system settings.Additional Information: For more information about specific features and application settings migrated, refer students to: What Does USMT Migrate?
42Migrating User State by Using WET Module 9: Migrating User State by Using WET and USMT 4.0Course 6294AMigrating User State by Using WETTo migrate by using WET:WET is the recommended tool for scenarios in which you have a small number of computers to migrateStore the Windows 7 WET files to be Used on the Source ComputerMigrate Files and Settings from the Source Computer to the Destination Computer by using:Windows Easy Transfer cableNetworkRemovable media or a network share12On destination computer:Prepare for the migration on the destination computerClick NextSelect transfer methodClose all active programsStart Windows Easy TransferClick I need to install now (if source computer does not have WET)Click This is my new computer341265Select destination media and save WET files7Destination ComputerTransfer files and settings by using a networkClick A NetworkClick This is my old computerStart WET on the source computerClick NextOn the destination computer, enter WET key and then click NextWET creates WET key341265Click Transfer and proceed with the wizard7Source ComputerDestination ComputerKey message: Describe how to migrate the user settings and data by using WET.This is a build slide. Step through each frame of the slide as you explain how to migrate user settings and data by using WET.Frame 1: This frame shows the high level procedure that you perform to migrate using WET. It consists of two high-level steps: preparing the migration and the migration process itself. Explain that you can use the following data transfer methods to transfer files and settings from a qualified operating system to Windows 7:Use an Easy Transfer Cable.Establish a network connection between the source computer and the target computer.Use removable media such as a USB flash drive or an external hard disk.Explain that depending on what transfer method you choose, the WET will show slightly different user interface. The subsequent frames explain how to prepare the migration and migrating using a network connection (second method).Frame 2: Explain the steps to prepare the destination computer. Emphasize that if your destination computer already has WET, you do not need to install WET on it. Mention that you will only cover migrating using network connection in this topic.Explain that Windows Vista has an older version of WET, while you can still use Windows Vista WET to migrate user state to Windows 7, you may want to use the latest functionality of Windows 7 WET. Obtain WET from a Windows 7 product DVD, or from any computer that is running Windows 7. Windows 7 WET includes a new file explorer that enables you to select which files to copy to your new PC. If Windows finds a file or setting it cannot work with, Windows 7 WET will complete the transfer and give you a full report of anything that fails to migrate.Frame 3: Explain the steps to perform migration using a network connection. Mention the WET key here. Explain that this method requires that the source and destination computer be running at the same time, therefore, it is suitable only for side-by-side migration.
43Donald E. HesterCISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+Director, Maze & AssociatesUniversity of San Francisco / San Diego City College / Los Positas College43
44Evaluation Survey Link Help us improve our seminars by filing out a short online evaluation survey at:
45IT Series - Deploying Windows 7 with Free Tools Thanks for attendingFor upcoming events and links to recently archived seminars, check Web site at: