Windows Deployment Services

Aidan Finn 19/11/2006

Windows Deployment Services Windows 2003 Service Pack 2 WDS

Abstract This document will describe how to use Windows Deployment Services, Services, a technology that replaces Remote Installation Services in Windows 2003 with Service Pack 2.

Table of Contents Table of Contents ........................................................................................................................................................................... 2 Introduction ..................................................................................................................................................................................... 4 The Prerequisites .......................................................................................................................................................................... 5 Legacy Mode .................................................................................................................................................................................... 6 Legacy Mode Administration .............................................................................................................................................. 6 Legacy Mode Clients .............................................................................................................................................................. 17 Mixed Mode .................................................................................................................................................................................... 22 Installing WDS.......................................................................................................................................................................... 22 Configuring WDS..................................................................................................................................................................... 30 Preparing WDS Images ........................................................................................................................................................ 35 Unattended Installations ..................................................................................................................................................... 47 Deploying Windows Vista with WDS ............................................................................................................................. 51 Native Mode ................................................................................................................................................................................... 55 Converting RIPREP Images ................................................................................................................................................ 55 Capturing an Image................................................................................................................................................................ 55 Going Native .............................................................................................................................................................................. 64 Troubleshooting........................................................................................................................................................................... 65 Boot Image Drivers ................................................................................................................................................................ 65 DHCP/BOOTP Issues ............................................................................................................................................................. 65 Drivers Missing After OS Deployment........................................................................................................................... 65 You Cannot See You Install Image from the Boot Image ....................................................................................... 65 The Client Downloads the Wrong Boot Image .......................................................................................................... 65 The Boot Menu......................................................................................................................................................................... 65

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

2 [email protected]

VMware ....................................................................................................................................................................................... 65 Summary ......................................................................................................................................................................................... 67

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

3 [email protected]

Introduction Since Windows 2000 Server, we have had a technology available to us from Microsoft to quickly, and with little effort, build machines via the network. This technology was called Remote Installation Services or RIS. Few have ever heard of RIS. For most, it’s one of those subjects that only comes up in a few MCP exam questions. However, a few of us found this technology to be very useful. Sdf What was RIS? RIS mixes the unattended setup, with network installations via a PXE boot up. Most of us will know PXE as that annoying prompt asking you to press to boot from the network. If you have RIS set up, you can press , log into a client, select an “image” (which is really an I386 folder associate with an unattended answer script) and walk away knowing that your PC would be built and added to your domain without any further effort on your part. Added to that, using an extension of RIS called RIPREP, you could actually deploy images of PC’s that included applications in them. This sounds a bit like Ghost? Slightly, but it is different. Ghost is a bit level cloning tool. It also requires licensing for every machine that you build … something many organisations choose to ignore, I’m fairly sure. It also requires that you be careful with SID duplication so you have to make use of tools such as SYSPREP. Plain RIS images are really nothing more than a copy of the I386 folder from the Operating System CD, maybe some drivers added, and one or maybe a set of answer files for performing an automated or completely unattended setup. It’s not a clone at all; it’s a traditional setup. How doe RIS and Ghost compare? Ghost is quicker for deploying operating systems but it does cost money to use legally. RIS is free to use but does take slightly longer to deploy the operating system. An added advantage of RIS is that its close integration into Windows and Active Directory allow you to join the computer to the domain, choose the OU where the computer account should be placed and use customisable computer naming standard using Active Directory as your database. Windows 2003 Service Pack 2 brings about a change for RIS users. Due to the release of Windows Vista, Microsoft is replacing RIS with Windows Deployment Services. WDS will provide legacy support for RIS (it upgrades cleanly) but it will also provide support for WinPE deployments of Vista’s Windows Imaging (WIM) file format via PXE deployments. WDS will also be a part of Windows “Longhorn” Server. With this document, I hope to describe some of the fundamentals of WDS as included with Windows 2003 Service Pack 2. Note: This document is based on the Beta Refresh of Windows 2003 Service Pack 2.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

4 [email protected]

The Prerequisites Both RIS and WDS are network service so some network engineering is necessary to get things going. Without getting bogged down in details, let’s have a look at what PXE is first. When you see that “Press to boot from the network” prompt, what happens if you do press it? When you press your PC will become a DHCP client. It will send out requests that will be responded to from two types of source: • •

A DHCP server: This will provide a valid IP configuration for the PXE client (your PC). A RIS/WDS server: This will provide information about how to boot up from its client program. This program will then allow you to authenticate and choose an image to install on your PC.

For all of this to happen some network engineering must be completed: • • • • • •

Active Directory must be running and available. With Active Directory, there must be a working DNS. A RIS or a WDS server must be installed and be a member of Active Directory. A non-system NTFS partition for storing the images must be available on the WDS server. The RIS/WDS server must be an authorised DHCP server … it’s responding to DHCP traffic but it’s not really a DHCP server. DHCP must be installed and configured for all networks with PXE clients.

If your clients are on different VLAN’s to the RIS/WDS and DHCP servers the “DHCP relays” or “DHCP helpers” must be configure to unicast the DHCP broadcast traffic to the IP addresses of the appropriate DHCP and RIS/WDS servers. That last bit is the one that will catch most people out, especially for the RIS/WDS server. Because the original PXE client request is a DHCP broadcast, it cannot be sent directly to the RIS/WDS server. Therefore, a DHCP relay must forward this request to the appropriate server who can then respond. Cisco folks will know this as a DHCP helper and it is normally configure on a per-VLAN level on the switches. My lab that I’m using in this document is running on VMware Server. I’ve deployed a Windows 2003 R2 domain controller that also hosts DNS, DHCP and RIS. A single RIS image with a basic unattended answer file has been configured and is tested. After this I installed Windows 2003 Service Pack 2. Be sure to have a read of my document on Windows 2003 SP2 for more information on this service pack and the installation process.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

5 [email protected]

Legacy Mode When you first upgrade your RIS server to Windows 2003 SP2 and you have existing RIS images, your RIS installation will be upgraded to WDS. WDS will be running in legacy mode. Alternatively, if you have Windows 2003 SP2 with no previous RIS installation, you can install WDS and it will run in native mode.

Legacy Mode Administration Here we can see the expanded Administrative Tools set after the installation of Windows 2003 SP2. We’ve got two new tools. There’s the new MMC snap-in for Windows Deployment Services. But there is also a new tool called Windows Deployment Services Legacy. You’ll notice there’s no Remote Installation Services tool now. That’s because the Legacy tool has replaced it. In the words of OCC’s Paul Tuetul, Let’s fire it up!

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

6 [email protected]

The welcome screen gives you a reminder of your pre-requisites.

This WDS Legacy tool is actually going to do everything that the old RIS tool did. The first things I’m going to do after my upgrade is to check that everything is fine. This will verify the necessary services are running and that the server is an authorised DHCP server. Remember: even if your WDS server does not run DHCP, it still must be an authorised DHCP server. This is the first thing I check when RIS breaks.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

7 [email protected]

We get a nice little notice to tell us that the services are OK. We’re also told that it’s pointless for this wizard to check things like your images or the screen files that are used by WDS. Microsoft has no way to know what you’ve been up to after installing WDS ☺

The WDS services are restarted. These are: •

The Single Instance Storage Groveler: This has to be the best named service ever! It’s function is to save on pointless storage redundancy. If you are dealing with something like WDS or RIS, you’ll likely have lots of duplicate file lying about the file system. The function of this service is to consolidate these files behind the scenes and save on wastage. A word of advice here: If you’re using FRS to replicate your WDS images then disable this service using a GPO. My experience is that it corrupts files that are replicated by FRS. I can’t say the same is true for DFS-R but if you find one day that drivers you’ve added to an image are no longer being installed, start suspecting the Groveler. Just disabling the service locally won’t cut it either. The check we just run will set it back to automatic and will also start up

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

8 [email protected]

the service. Using a GPO to control things was the best way to keep things working in my experience. •

The Windows Deployment Services Server: This is the replacement for the Remote Installation Services service. It is the service that will respond to client requests.

We’ve successfully run a test on our WDS Legacy installation and found it to be working OK. We’ve seen that nothing has really changed from the RIS days. Let’s see what adding a legacy image is like now.

Well … not much has changed here either! We can select to add a new image.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

9 [email protected]

You now need to supply the location where the operating system source can be found. In this case, my Windows XP Professional I386 folder can be found on the CD drive, E:.

I now need to give this image a name. This name will also be the name of the folder. Neither RIS nor WDS like you to use spaces here so keep it simple and descriptive.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

10 [email protected]

You’re now asked to enter some information. This information will be presented in the WDS Legacy client interface when you boot up your target PC with PXE (via ) to download a new operating system. What is actually happening here is that a default unattended answer file is being prepared that will be associated with your OS source (that we are supplying in E:\). You are entering a description for this answer file so it can be distinguished from other answer files that you can add later to customise the OS installation.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

11 [email protected]

This dialog is asking if you wan to maintain the existing WDS legacy screens from the previous legacy image installation. It’s possible to customise these screens to your own needs so you have the choice of keeping them, saving them safely or overwriting them.

We now get a summary screen of almost everything we have entered.

When we click on the WDS Legacy tool will start to copy the I386 folder into a subfolder of our WDS legacy folder. In this case the subfolder will be called “MyWXPImage”.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

12 [email protected]

The copy of files from the CD to the hard disk on the WDS server can take a while so it might be a good time to take a wander to the local coffee shop. When it’s finished you’ll see the above dialog. Note that the WDS server gets reauthorised as a DHCP server and that your services are started.

If we explore the file system then we can see what has been done. A new folder has been added to contain my I386 folder. This new folder has been named “MyWXPImage” as I expected.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

13 [email protected]

I can also see that under the I386 folder there is a folder called Templates. Here we can see some more traces of RIS. Our default answer file is still called RISTNDRD.SIF. This SIF file contains the default entries for performing an installation of Windows XP Professional. It won’t be unattended because there’s some stuff that is not in this file, e.g. license key. You can use Setup Manager (it’s in the Deploy Toolkit as found on the Windows 2003 server CD) to create new RIS/WDS SIF files to customise or completely automate the installation of Windows and add them in here. Furthermore, you can permission them. Doing this will hid answer files from users based on the credentials they use when they log into the legacy WDS/RIS PXE client. Here’s what the default SIF file contains. [data] floppyless = "1" msdosinitiated = "1" OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%" OriTyp = "4" LocalSourceOnCD = 1 DisableAdminAccountOnDomainJoin = 1

[SetupData] OsLoadOptions = "/noguiboot /fastdetect"

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

14 [email protected]

SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%" [Unattended] OemPreinstall = no FileSystem = LeaveAlone ExtendOEMPartition = 0 TargetPath = \WINDOWS OemSkipEula = yes InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%" LegacyNIC = 1

[UserData] FullName = "%USERFIRSTNAME% %USERLASTNAME%" OrgName = "%ORGNAME%" ComputerName = %MACHINENAME%

[GuiUnattended] OemSkipWelcome = 1 OemSkipRegional = 1 TimeZone = %TIMEZONE% AdminPassword = "*"

[Display] BitsPerPel = 16 XResolution = 800 YResolution = 600 VRefresh = 60 [Networking]

[NetServices] MS_Server=params.MS_PSched

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

15 [email protected]

[Identification] JoinDomain = %MACHINEDOMAIN% DoOldStyleDomainJoin = Yes

[RemoteInstall] Repartition = Yes UseWholeDisk = Yes

[OSChooser] Description ="AWXPImage" Help ="This description will be found at the end of an answer file created in I386\Templates" LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com" ImageType =Flat Version="5.1 (2600)"

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

16 [email protected]

Legacy Mode Clients It’s now time to see what happens when we boot a new machine up into the WDS legacy client via PXE.

This virtual PC is running on VMware and we can see the virtual BIOS as the machine boots up. I’ll press for a network boot.

The PC now starts the DHCP process. This is where it looks for a TCP/IP configuration and a response from a PXE server, i.e. our WDS server. This will timeout and fail if both do not respond to our client.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

17 [email protected]

We will be asked to press again once valid responses are received. You’ve got to be on the ball here, this prompt can time out and the PC may boot from the local disk.

This is the first of the screens I referred to earlier when we loaded our new operating system image. It’s welcoming us to the traditional RIS client. You can press <ENTER> to continue.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

18 [email protected]

You should now enter the Active Directory credentials you wish to use to access the image and create your computer account with. Note, your user account must have the necessary privileges to create a computer account in the OU that WDS Legacy/RIS is instructed to use. Also, this account must have rights to read the SIF files in the I386\Templates folder in the image.

We now see a list of every SIF file that this user has read rights to on the WDS legacy server. Each SIF file is an answer file for its associated operating system image. The first one we see is the AWXPImage file (RISTNDRD.SIF) that we added earlier when we loaded a new image.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

19 [email protected]

I’ve selected the new answer file/image as the one I want to install on this PC. I am now warned the PC will be wiped.

I’m give a summary of what is about to happen. Note that WDS legacy has created a computer account based on its policy, the computer account GUID is displayed as is the name of the WDS legacy server that is handling the build. Pressing <ENTER> now will initiate an installation of the Windows XP operating system that was loaded from the CD. The answer file that was identified by the description of “AWXPImage” will be used to automate the installation. Note that the default SIF file does not do all that much automation. When the process is completed, a computer account is created. As we can see, nothing has really changed from the RIS installation.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

20 [email protected]

I haven’t gone into any details on RIS configuration or RIS troubleshooting. These are outside of the scope of this document. I have only shown the above screenshots to indicate that WDS legacy is identical in operation to RIS. The same troubleshooting and driver manipulation guidelines apply for WDS legacy as with RIS.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

21 [email protected]

Mixed Mode In my example, I’m not actually installing WDS because I’ve upgraded a RIS server. There’s not too much to the installation as you’ll see.

Installing WDS WDS Mixed Mode is when we run both RIS images and WDS images on our WDS server. It serves as a transition mode while we migrate all of our builds to WDS native. This is our first foray into native WDS functionality. As such, it might not be a bad time to go over how to install WDS

You can install WDS onto a new server by going into Control Panel – Add/Remove Windows Components. You’ll notice the old “Remote Installation Services” entry is replaced by “Windows Deployment Services”. Select that, click on next and supply your Windows 2003 with SP2 media to continue.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

22 [email protected]

The command line commandos (you know who you are … with your “Real Men Don’t Click” T-Shirts!) will be happy to see they’ve got a whole new command to learn and play with: C:\>wdsutil /?

Windows Deployment Services Management Utility [Version 6.0.5493.0] Copyright (C) Microsoft Corporation. All rights reserved.

Usage: WDSUTIL is a command line utility used for managing Windows Deployment Services (WDS).

Syntax: WDSUtil [Options] [Command Parameters]

The following options are supported for all commands: /?

Displays help for the specified command.

/Help /Verbose

Displays help for the specified command. Displays verbose output for the specified command.

/Progress Displays progress while the command is being executed. List of commands:

/Initialize

Used for the initial configuration of a WDS server.

/Uninitialize Used to revert changes made during server initialization. /Add /Convert

Used to add images, image groups, or devices. Used to convert an existing RIS RIPrep image to a WIM image.

/Remove

Used to remove images or image groups.

/Replace

Used to replace images with new versions.

/Set

Used to set properties and attributes on WDS servers, devices, images, or image groups.

/Get

Used to retrieve properties and attributes from WDS servers, devices, images, or image groups. Also used to retrieve a list of Auto Add devices.

/New

Used to create new capture or discover images.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

23 [email protected]

/Copy

Used to copy images within the image store.

/Export

Used to export images from the image store to a WIM file.

/Stop

Used to stop all WDS services.

/Start

Used to start all WDS services.

/Disable

Used to disable all WDS services.

/Enable

Used to enable all WDS services.

/Approve

Used to approve auto-add devices.

/Reject

Used to reject auto-add devices.

/Delete

Used to delete records from the auto-add device database.

/Update /AllHelp

Used to update a server resource from a known good source. Used to display all available commands.

For help with a specific command, type 'WDSUTIL /?' where is one of the supported commands shown above. For example: WDSUTIL /Add /?

We’ve also got a new MMC snap-in that is added to Administrative Tools as “Windows Deployment Services”. This is where us mere mortals will do our WDS administration.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

24 [email protected]

It’s time to configure WDS. If your server does not already appear in this console then you should right-click on Servers and add it. It will initially appear in an un-configured state as above. We want to configure it so right-click on the server and choose “Configure Server”.

A wizard starts up. Click on once you have checked that you have got all of the pre-requisites.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

25 [email protected]

My WDS server was previously a RIS server that had Windows 2003 SP2 installed on it. So this screen knows that I already have a path and folder defined for storing my images. If you don’t already have a folder defined, choose one on an NTFS volume that has enough space.

You’ll need to read this screen very carefully. If your WDS server is also a DHCP server then you must disable listening on port 67. TCP 67 is BOOTP, the foundation on which WDS, RIS and PXE work. You also need to configure a server scope option. DHCP option “60” will be configured with the string “PXEClient”. My WDS server is also a DHCP server so I have to enable both of these options.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

26 [email protected]

This dialog is asking you how your WDS server will respond to PXE client requests, if it responds at all. In a production environment, it would be wise to temporarily configure your WDS server not to respond to client requests until it is completely prepared with the appropriate configurations and images. Another option is to only respond to known client computers, i.e. computers that are configured in Active Directory and have their GUID specified. This pre-staging process involves capturing the GUID from the BIOS or PXE start screen on the client, creating a computer object in Active Directory and specifying the GUID as an attribute of the object. In a lab and in most production environments, you’ll likely go with “Respond to all known and unknown computers”. RIS administrators will notice a new sub option with this setting. You can configure WDS to wait for administrator approval before responding to unknown computers. This will give administrators a bit more control in secure environments. This would be a much better solution than pre-staging. You can change these settings later on.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

27 [email protected]

We will see this configuration dialog when we click on on the previous screen.

Once the installation is complete we are presented with the opportunity to load images onto our WDS server. I’m going to hold off on doing this right now.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

28 [email protected]

Our WDS server is now up and running. You’ll notice that we can see the legacy images in the console. We actually can’t do anything with them here. We still must use the traditional RIS methods for managing these images.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

29 [email protected]

Configuring WDS Let’s have a look at the WDS server properties. Right-click on the server and choose “Properties”.

This multi-tabbed dialog appears. The General screen is just a summary screen.

Here we can see the PXE response settings that we configured during the configuration of WDS. Not there is another option here. We can define how long our server will wait before responding to a PXE

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

30 [email protected]

request from a client. Why would we do this? We might decide to allow other PXE services to respond before this server responds. There are a few scenarios here: •

•

We have multiple PXE servers on the VLAN and we want one to take priority over another. The second is purely a fallback server. We would increase the response time on the fallback server. We have all of our servers on VLAN 1. This includes Automated Deployment Services (ADS a Microsoft PXE service for cloning servers) and WDS. WDS is configured to wait 3 seconds before responding. This means all VLAN 1 PXE clients (usually servers) will use the ADS server are their PXE server because the WDS server will be slower to respond to them. DHCP and BOOTP are first come-first served based technologies. Other VLAN’s, e.g. PC VLAN’s, can send PXE requests directly to the WDS server and still be served, although with a minor 3 second delay before an initial response. The alternative to separate WDS and ADS on the server VLAN would be to move the WDS server into a different VLAN. This is something quite clever and I could have used it when I deployed ADS back in 2004.

The Directory Service tab will look familiar to RIS administrators. The first section defines how our PC’s will be named, i.e. what will their computer or computer account be named. Let’s dig into this. The client is able to use the username of the person who is logged in for naming the computer. This is actually pretty handy if you name you computers after the person who uses it. You can allow users to build their own computers; by default they can build up to 10 computer accounts. You could then track a computer by its user if it’s named after its user. There are some formatting tools available to us: • •

%First: This will use the given name of the user who is building the computer. %Last: This will use the surname of the user who is building the computer.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

31 [email protected]

• •

•

%Username: This will use the Active Directory user account name of the user who is building the computer. %MAC: This will use the MAC address of the computer being built. Not very useful for dayto-day administration. But it is unique and not a bad option if computer names are not important to you. I’d hate to use it. %[0][n]#: These allow you to set up an incremental counter, e.g. %05# will give you a five digit zero padded number from 00001 to 99999.

Let’s look at some examples with the user Joe Elway: • • •

%1First%Last%02#: This will give us computer account names from JElway01 to JElway99. %MAC: This gives us a predictable name based on the MAC address of the NIC on the computer. IEIPC%03#: This is one I’ve used. This will give computers named IEIPC001 to IEIPC999. You might use this sort of this if you place a WDS server in each site on your network and computers are descriptively named after the country (IE), site (I), role (PC) and given an incremental number (001 to 999). Each server would have a different set of letters preceding the formatting e.g. JPTPC%03# would be configured on the Tokyo server.

The bottom half of the tab deals with where to locate the computer account object in your Active Directory. You can place it: • • • •

In the default computers container in the same domain as the WDS server. In the default computers container in the same domain as the user who is building the computer. In the same OU (in the same domain) as the user who is building the computer. In a specific OU of your choosing.

This is a per WDS server setting so you can specify different locations on each WDS server. I’ve used the specified OU setting in the past where I had a WDS server in each site. Computer accounts were created in an OU that was delegated for computer object administration to the local helpdesk staff located in that site. In my opinion, locating the computer accounts in the default computer container is a waste because it deprives you of the power of targeted group policy and granular delegation in Active Directory. The user who is building the computer must have permission to create computer account objects in the location that is specified. Furthermore, if the computer account already exists (it has been prestaged or has been built before - a GUID matching your target computer) then the user must have rights to modify that computer account object.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

32 [email protected]

Here’s where we can modify what happens when a PXE client boots up. You’ll notice we can modify this based on architecture; x86, x64 and IA64 are all handled. We can specify the default boot program (the PXE client). Most of us likely won’t change those settings but you may wish to use your WDS PXE service to do something other than deploy WDS images and therefore have a different client to load. We can also specify a default image to deploy. This is the WDS client that will load. We may have a number of these available to you but only ever want to use one for each architecture.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

33 [email protected]

Here we can specify an unattended answer file to be used by each of the platforms. We can also instruct WDS not to create a computer account object. This is available because you may have specified some alternative arrangement in your answer file.

We can see the DHCP options that we configured (or forgot to) when we set up WDS.

We’ve got some advanced options too. In a larger environment or when troubleshooting, you may need to define specific domain controllers and global catalogue servers that should be used by your WDS server. You can also control the WDS server authorisation status.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

34 [email protected]

Before we move on, we can see how the file system has been modified by configuring WDS.

Preparing WDS Images We’re getting close to the fun bit now, I promise! It’s time to start loading images into our WDS server. There are two types of image we need to work with: •

• •

The Boot Image: This is the WDS client that you will choose to start when you boot a PC up on the network using PXE. Using this, we can work with an operating system image. The Boot Image is normally going to be based on Windows PE, a trimmed down version of Windows that is intended to run from a small media source, e.g. CD, DVD, network load. Normally Windows PE is only available to certain Microsoft customers, e.g. those with Software Assurance. In the case of WDS, we can use the boot image that is included with Windows Vista. The Install Image: The install image is the operating system that we are going to work with.

First, we are going to load a boot image. In the WDS MMC console, right-click on Boot Images and choose to add a new boot image.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

35 [email protected]

A wizard will start up. We need to supply a boot image in the form of a WIM file.

Windows PE is included on the Windows Vista DVD in \Sources as BOOT.WIM.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

36 [email protected]

In the wizard, browse to BOOT.WIM and choose it.

Click on when you have specified BOOT.WIM or whatever other boot image you are loading. Note: you may have obtained desired boot images from alternate sources or you may have created your own customise boot image that you wish to load.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

37 [email protected]

Give your boot image a name and a description.

You’ll now be presented with a summary before the image is loaded. I recommend you load it from a local source because loading this image over the network can take some time.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

38 [email protected]

Your image is scanned to verify it is OK and then it is loaded.

Once it is loaded you can click on .

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

39 [email protected]

If we check the console we can see the image is loaded. You’ll need to repeat this again for the IA86 and X86 platforms using appropriate media if you wish to support those platforms.

If we check the file system we can see what the image looks like.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

40 [email protected]

It’s now time to add an Install Image. I’m going to load one of the available install images from my TechNet Windows Vista for x86 DVD. Right-click on Install Images and choose to add a new image.

I am given the opportunity to create a group for my install image. I will later be able to add other images to this group or into other new groups. This helps tidy up the console.

I now need to supply a WIM file with my install image.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

41 [email protected]

Windows Vista comes with a WIM file called INSTALL.WIM that is located in \Sources.

I’ve browsed to INSTALL.WIM and selected it.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

42 [email protected]

Once I’ve specified the WIM file I click on .

My DVD contains a number of install images that I can choose to load. Few businesses will be interested in the Home editions. I doubt anyone outside of Brussels will install the N editions. Most will not use the Starter edition. Ultimate includes all of the bells and whistles so will cost more. Most business will choose to install the Business edition. That’s what I’ll be loading here. Make sure you are licensed for whatever images you choose to load. You’ll notice a little tick box in the bottom. If that’s left ticked the default name and description will be used for the install image.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

43 [email protected]

I’ve chosen to use the default name and description.

However, the above screenshot shows what you must do if you want to enter your own install name and description. You’ll need to repeat this for every install image you choose to load from the DVD.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

44 [email protected]

For integrity and is then loaded. Remember I said you should probably use a local source for the Boot Image? Well don’t even consider doing the install image over the network. We’re talking about GB’s of data here that must be scanned and copied. I stopped watching my example after 30 minutes passed – and that was with a local DVD! This is one of these “time for lunch” or “time to go home” moments.

When you get back in the morning or after lunch you’ll find that your image has loaded and is available to manage in the console.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

45 [email protected]

I’ve right-clicked on the install image and viewed it’s properties. I can see the name and description so I have the opportunity to rename them now if I didn’t do this during the load. At the bottom we have a tick box where we can allow this install image to install unattended and we can also associate an answer file with the install image.

There are also permissions on the install image. I can change these permissions if I want. I’m probably most likely to do this with delegated administrators, e.g. if there are too many images to view in the WDS client, if an image should be restricted, etc.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

46 [email protected]

We’ve got some other actions we can perform on install images: Disable/Enable: We can disable and image if it is found to be buggy, obsolete, not ready for deployment yet, etc. Export: We can export an image so it can be loaded onto another WDS server. Replace: We can replace an existing image with another WIM file. The existing entry we be reused. Delete: Not only will the install image be removed from the console, the files will be deleted too.

Speaking of which, this is what the file system looks like after loading the install image.

Unattended Installations At this point we have installed WDS and loaded both a boot image and an install image. This is actually enough to install Windows Vista over the network using WDS and a PXE network boot. But it still remains a manual install, i.e. an administrator must answer all of the usually mundane questions such as regional settings, etc. We want to get to the point where an administrator can start the install and walk away to leave the machine to do everything itself. This requires an unattended answer file to be created and to be associated either with the install image or even with an architecture on the WDS server. The old unattended format that we’ve been using since the NT days is no longer supported. Microsoft programmers seem to believe that we all speak XML now. You’ve probably already guessed, the answer file is now an XML file. Right now you’re wondering … why I would use WDS instead of Ghost? We’re now talking about unattended answer files and this is getting to be a lot of work! I’ve been using Ghost for a long, long

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

47 [email protected]

time. I like it, even if it is a Symantec product. Ghost is a great tool for rapid deployment. But, if I want a custom installation with Ghost, I’ve got to create a whole new image. With WIM and unattended answer files, I can completely customise my one image with an answer file. That’s pretty sweet. A suite of tools called Business Desktop Deployment for Windows Vista (BDD 2007 http://www.microsoft.com/technet/windowsvista/deploy/bddguid.mspx) provides a set of documentation and a tool called the Windows System Image Manager (SIM). It’s this tool that we’ll use to create our unattended answer file. The BDD2007 and Windows SIM tool deserve a book of their own due to the potential amount of content. There’s no way I could document this large set of tools in this WDS guide.

I’ve installed BDD 2007 Beta and launched the Windows SIM tool. I loaded the Windows Vista Business Catalogue (bottom left) and created a new answer file (top middle). I’ve added some components and configured them (top right). I then saved the file.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

48 [email protected]

In the “Save As” dialog I navigated to my WDS folder which in my case was D:\RemoteInstall and saved the answer file as MyVistaStandard.xml.

You can see the file in the folder structure above.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

49 [email protected]

In the WDS console I opened the properties of my install image. I ticked the “allow image to install in unattended mode” box. I clicked on <Select File>

I browsed to my unattended answer file and clicked on .

You can now see the answer file I have associated with this image. I now clicked on to save my new setting.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

50 [email protected]

Notes: If you are going to deploy legacy operating systems with WDS, e.g. Windows XP Professional, then you will not be able to use the XML unattended file format or image/answer file association. You will need to use a SYSPREP.INF as your answer file, just as if you were cloning the system.

Deploying Windows Vista with WDS Once you’ve gotten your boot image, install image and answer file ready it’s time to test. You should have just read the word “test”. I’ll repeat that … TEST! You will need to test the image before you deploy it in production. I hope I’ve stressed that enough. I’ve booted up my PC and launched a network boot by doing the whole thing I covered earlier in the legacy mode section.

You’ll notice that something has changed in the above screen. Because WDS is now configured, we got a Windows Boot Manager screen. We can choose to launch RIS if we want. But you’ll notice the description for my x86 boot image is there now. This is the where the boot image does its work. I select the boot image and press <ENTER>.

Windows PE now starts to load over the network. This is pretty quick.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

51 [email protected]

You’ll likely encounter scenarios where you need to add mass storage or network card drivers to your Windows PE image. Please refer to the documentation in the BDD2007 kit for instructions on how to do this.

Windows PE needs to get some information from us before we can get going. Enter your locale details for your keyboard.

This is why the locale is important. We’ve got to login to WDS to get things cooking. If you’ve used a German keyboard then your “Y” is swapped with your “Z”. You don’t want to needlessly go and lock your account out. Enter your credentials for use with WDS, i.e. they have access to images and the necessary OU and computer object permissions.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

52 [email protected]

Select the install image that you wish to deploy to this PC.

Choose what you want to do to this file system.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

53 [email protected]

Windows Vista now starts to install. How automated this phase will be will depend on the completion of your unattended answer file.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

54 [email protected]

Native Mode Native Mode WDS is when you no longer run any RIS images on your WDS server. If you’ve got RIS images then you’re going to want to keep them running in WDS.

Converting RIPREP Images If you have RIPREP images then you can convert them to WIM install images using the WDSUTIL command. Locate your RIPREP image and its SIF file. Create a folder to store the WIM file temporarily while it is being created by the conversion process. Run this command to convert the RIPREP image: WDSUTIL /Verbose /Progress /Convert-RiPrepImage /FilePath:"<Path To RIPREP SIF

File>" /DestinationImage /FilePath:".wim" /Name:"" /Description:"" /Overwrite:Append

For example: WDSUTIL /Verbose /Progress /Convert-RiPrepImage /FilePath:"\\DUBDC1\RemInst\Setup\English\Images\RISWINDOWS\i386\Templates\AF.sif" /DestinationImage /FilePath:"\\DUBDC1\Working\RIPREP.wim" /Name:"My WindowsXP image" /Description:"Converted RIS image of WindowsXP" /Overwrite:Append

You can then add the newly created WIM install image to your catalogue in the WDS MMC snap-in. Notes: This command for me. My server is running Windows 2003 R2 with SP2 Beta. The error stats that if I run this command on a non-Vista machine then I must have the Windows Automated Installation Kit (WAIK) installed to gain access to two required DLL’s. I’ve got the WAIK installed as part of BDD 2007 Beta. This looks like a bug. This conversion command fails if you try to convert a normal RIS image and not a RIPREP image.

Capturing an Image You may be thinking … “OK, so this WDS is great at doing a bare OS install but Ghost can install applications as part of an image”. So can WDS! You can pre build a template machine, install your applications, configure them and capture a WDS image. You can also use this functionality to capture a legacy operating system image. Capturing an image is something like performing a RIPREP capture. Note: We’re getting into territory where you need to be aware of how SYSPREP works and why we must use it in cloning scenarios. You MUST run SYSPREP before capturing an image with WDS to avoid SID cloning issues. Legacy operating systems will also require a SYSPREP.INF for an unattended installation because they cannot use the new XML format. Make sure you are using the right version of SYSPREP for your OS (DEPLOY.CAB on the operating system CD). You can use Windows Setup Manager (also in DEPLOY.CAB).

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

55 [email protected]

To capture an image we are going to use WDS and Windows PE technology again. We will create a customised boot image whose job it is to capture an install image. We will prepare a template machine and run SYSPREP on it. We will then boot this machine up into our capture boot image and capture the OS installation as an install image. Open up the WDS console, right-click on a suitable boot image (i.e. one with drivers and architecture support) and click on “Create Capture Boot Image”.

This wizard will start up. Enter details for naming the boot image. You must also enter the path for a temporary folder where the boot image WIM file will be created.

The existing boot image is exported and a new capture boot image is created. This can take a while.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

56 [email protected]

The image creation process is finished. Return to the WDS console, right-click on “Boot Images” and select “Add Boot Image”.

This wizard launches. Browse to the temporary location where our new capture boot image WIM file was created.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

57 [email protected]

You can change the names that were entered earlier if they are no longer suitable.

The summary is presented before you import the image by clicking on .

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

58 [email protected]

The image is loaded.

Return to the WDS console when the image is loaded and verify it is there and ready to be used. You can also check the file system. In my case it’s in D:\RemoteInstall\Boot\x86\.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

59 [email protected]

Everything is ready in WDS to capture an image. You should now build and SYSPREP your template PC. I’m going to assume you already know how to use SYSPREP. It’s now time to boot up the template PC and to load the capture boot image that we’ve just created.

Boot up the PC and do the shuffle. You’ll notice the new capture boot image is available in the Windows Boot Manager. Select it, press <ENTER> and wait for the boot image to load.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

60 [email protected]

Note: There is a memory requirement for Windows PE to load successfully. It will crash if there is not enough memory. I tried it with 128MB and it crashed. It seems OK with 256MB.

We get a nice big friendly welcome from the capture boot image. Click on Next to continue.

Choose a volume to capture, enter the name of the new install image you are creating and give the image a meaningful description.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

61 [email protected]

We now need to decide where we are going to create the image. If you’ve got another local volume available then you can choose to store the image there, e.g. a USB hard drive, by clicking on browse, navigating to a folder on that volume and naming the new install image file. This could actually be the quickest way of carrying out this operation. The disk could be connected to the WDS server afterwards and the install image could be imported. Don’t use the volume you are going to capture as the place to create your WIM file. I’ve tried this and it didn’t work. The WIM file had 0 bytes. Alternatively you can select to connect to your WDS server so that the image is loaded there. I believe this still requires local disk space.

Enter credentials for a user account that has permissions to add an install image if you are connecting to the WDS server.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

62 [email protected]

I’m actually going to use an “external disk” to store my WIM file. I’ll then attach this to my WDS server. It’s the quickest way to get the WIM file to the server.

The capture begins. This will take as long as it takes ☺ My example is a Windows XP Professional computer so it will be a lot quicker than a Windows Vista computer … there’s a lot less to capture.

The capture finally finishes. The machine will reboot if you click on . At this point I connected the “external disk” to my WDS server and loaded the new install image WIM file, exactly the same way as I added the Windows Vista WIM file earlier. This install image is now ready for deployment to other clients using the original x86 boot image, after you’ve done your

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

63 [email protected]

TESTING of course. You can safely disable your capture boot image until you need to capture another image.

Going Native Once you’ve gotten everything you need from RIS converted to WIM you can convert your WDS server into a fully native WDS server. Again, we’ll use the WDSUTIL command: WDSUTIL /set-server /forcenative

After running this command, all of your RIS options in the Windows Boot Manager are gone. Noting is actually deleted from the file system. If you want to switch back to a mixed mode WDS server then you’ll have to reset WDS: WDSUTIL /uninitialize-server

This will reset your WDS server. You then reconfigure your WDS server like you did before, e.g. any settings you configured will likely be lost.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

64 [email protected]

Troubleshooting There are a few problems that you will encounter that RIS administrators will be familiar with.

Boot Image Drivers Your Windows PE image will need to be able to connect to the WDS server over the network. You may also need additional drivers for mass storage access. Newer machines may not have the required driver support in the Windows PE disk that you have. You can use PEIMG.EXE from the WAIK kit to add drivers.

DHCP/BOOTP Issues If your PC times out looking for a DHCP address during the PXE boot then it can be one of two basic problems. Either the DHCP server is not responding or the WDS server is not responding. If you are on a different VLAN to them then ensure that DHCP relays are configured for both of them on your VLAN. Also ensure that both are authorised for DHCP activity in Active Directory. I find that manually removing and authorising them in the DHCP snap-in works best. You might need to restart the services after this.

Drivers Missing After OS Deployment This is a plug and play issue. Legacy operating systems can use the old $OEM$ solution with SYSPREP.INF. Microsoft says you can still do this with Windows Vista but it is not recommended. They want us to start using a new package solution which I’ve not looked into yet.

You Cannot See You Install Image from the Boot Image Make sure the user you logged into the boot image with has permissions for the install image WIM file. I’ve used something like this to restrict the number of WIM’s in the list to those that were necessary. Make sure the architecture of the WIM (x86, IA64, x64) matches the architecture of the client.

The Client Downloads the Wrong Boot Image Sometimes x64 machines do not identify themselves as x64 machines. It’s a BIOS problem. You can get around this by running this command on the WDS server: WDSUTIL /set-server /architecturediscovery:yes

The Boot Menu Only 13 boot images can be listed in the menu. Don’t go crazy with them. You can’t permission them (to filter them) because you haven’t logged in yet when they are presented to you in a list. Double-Byte characters probably won’t present properly in the menu. Spaces are not usable either. Keep the names of the boot images simple.

VMware

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

65 [email protected]

The boot image that is provided with Windows Vista is not very friendly with VMware. There are a few tricks you’ll have to use. Edit your virtual machine’s VMX file to add the following lines (replace existing entries as necessary): ethernet0.virtualDev = "e1000"

This gives you network driver support for Windows PE. svga.maxWidth = "640" svga.maxHeight = "480"

This gives you VGA support for Windows PE.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

66 [email protected]

Summary We’ve seen how Windows Deployment Services provides a smooth migration from Remote Installation Services. Anyone with a RIS server doesn’t need to fret over installing Service Pack 2 for Windows 2003. Things will work as they always did and they will also be able to deploy Windows Vista with the new mixed mode functionality. WIM imaging is a worthy contender to Ghost and its ilk. It’s much more flexible and although in the short term it requires more administration, it will pay off in larger environments. All the stuff you can do with WDS and WIM is worthy of a book. You’ve got to consider Vista deployment, BDD 2007 and WAIK. Whoever wants to, could write a tome on WDS, SMS 2003 OS Deployment, Configuration Manager 2007 OS Deployment and Cloning. It would be a huge read. I’ve hopefully given you a primer on WDS so you can get started with this new technology. The best thing you can do now is fire it up in a lab, find out what extra functionality you need from BDD or WAIK and do some leg work.

Windows Deployment Services Copyright Aidan Finn 2006 http://joeelway.spaces.live.com/

67 [email protected]