Windows Deployment Services Sysprep and You Imaging Windows 7 Systems Agenda Windows Deployment Services Background Requirements Installation Imaging VLAN Motivation Advantages Creating Images Setting up a reference machine Sysprep Uploading the image Deploying Images On the imaging VLAN Off the imaging VLAN Conclusions Things that work well Things that don't work so well References What is Windows Deployment Services? • • • • Updated version of Remote Installation Services Added as a role in Windows 2008 Uses the Windows Imaging Format to handle images Free! WDS Requirements • • • • • Must be a member of an AD DS domain or be a domain controller DHCP - WDS uses PXE booting which requires DHCP capability. DNS NTFS volume for the image store Windows Server 2003 or 2008 Installing and Configuring WDS • • • • • Add the role to the server Configure through MMC snap-in Create an image group Add an install image Add a boot image Imaging VLAN Motivation and Advantages • Some segments of our network don't have DHCP available • Allows us to segregate some of the services • Machines can be configured on the Imaging VLAN Setting up the reference machine • First install performed using the default install image • Add applications • Boot into Audit mode to configure default user profile and perform final customizations • Run sysprep on machine Using sysprep Sysprep Phases Creating Answer Files Sysprep Phases • • • • • • • windowsPE - disk configuration offlineServicing - applies settings and packages specialize - applies system specific information generalize - removes system specific information auditSystem - used in Audit mode auditUser - used in Audit mode oobeSystem - Out of Box Experience Creating answer files Windows Automated Installation Kit Windows System Image Manager Our unattend.xml <servicing> <package action="configure"> <assemblyIdentity name="Microsoft-Windows-Foundation-Package" version="6.1.7600.16385" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="" /> <selection name="InboxGames" state="true" /> <selection name="Chess" state="true" /> <selection name="FreeCell" state="true" /> <selection name="Hearts" state="true" /> <selection name="Minesweeper" state="true" /> <selection name="More Games" state="true" /> <selection name="PurblePlace" state="true" /> <selection name="Shanghai" state="true" /> <selection name="Solitaire" state="true" /> <selection name="SpiderSolitaire" state="true" /> </package> </servicing> Our unattend.xml <settings pass="generalize"> <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipRearm>1</SkipRearm> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <OEMInformation /> </component> </settings> Our unattend.xml <settings pass="specialize"> <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipAutoActivation>true</SkipAutoActivation> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ComputerName>*</ComputerName> <CopyProfile>true</CopyProfile> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <ShowWindowsLive>false</ShowWindowsLive> <TimeZone>Eastern Standard Time</TimeZone> </component> </settings> Our unattend.xml <settings pass="oobeSystem"> <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>en-us</InputLocale> <SystemLocale>en-us</SystemLocale> <UILanguage>en-us</UILanguage> <UserLocale>en-us</UserLocale> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Password> <Value>cwBBAHQARwByAHQANwAzAFAAYQBzAHMAdwBvAHIAZAA=</Value> <PlainText>false</PlainText> </Password> <Enabled>true</Enabled> <LogonCount>5</LogonCount> <Username>itconsult</Username> </AutoLogon> Our unattend.xml <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ipk [License Code]</CommandLine> <Order>1</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine> <Order>2</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>net user temp /delete</CommandLine> <Description>Delete Temp User Account</Description> <Order>3</Order> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> </FirstLogonCommands> Our unattend.xml <OOBE> <HideEULAPage>true</HideEULAPage> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>1</ProtectYourPC> </OOBE> <RegisteredOrganization>Dickinson College</RegisteredOrganization> <RegisteredOwner>LIS</RegisteredOwner> <ShowWindowsLive>false</ShowWindowsLive> <UserAccounts> <AdministratorPassword /> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>dABlAG0AcABQAGEAcwBzAHcAbwByAGQA</Value> <PlainText>false</PlainText> </Password> <Description>Temp Account</Description> <DisplayName>temp</DisplayName> <Group>Users</Group> <Name>temp</Name> </LocalAccount> </LocalAccounts> <DomainAccounts></DomainAccounts> </UserAccounts> </component> </settings> Uploading Images 1. Once the reference machine is prepared copy the unattend.xml file to the drive 2. Run sysprep /generalize /oobe /shutdown /unattend:unattend.xml 3. PXE boot machine to WDS server 4. Select volume to upload 5. Give image a name 6. Select option to upload to server 7. Login 8. Wait 9. Associate the unattend.xml file with the image 10.Create multicast session Uploading Images Uploading Images Setup Image for Unattended Mode Deploying Images • On the Imaging VLAN o PXE boot machine to WDS o Select the image to apply o Wait • Off the Imaging VLAN o Create a "Discover Image" o Boot machine with Discover Image o Select the image to apply o Wait Multicasting Images Multicasting can be setup in two modes • Auto-Cast o Session is initiated whenever a client requests o Additional clients are joined to session as they request • Scheduled-Cast o Set a specific time for session to complete o Clients wait until designated time to begin A recent multicast session imaged 10 computers in about 45 minutes. Our old setup would take 4 hours and machines still needed to be configured manually. Things that work well Deploying images is fairly painless Multicasting Some hardware independence Things that don't work so well Changing the taskband for the default user profile Activation can be a pain Forgetting to setup a multicast session for an image tends to upset network engineers Automating image deployment References Technet Windows Deployment Services http://technet.microsoft.com/en-us/library/cc772106(WS.10).aspx How Configuration Passes Work http://technet.microsoft.com/en-us/library/cc749307(WS.10).aspx Brian Lee Jackson - Sysprep a Windows 7 Machine – Start to Finish V2 http://blog.brianleejackson.com/sysprep-a-windows-7-machine-–-start-to-finish-v2 The Deployment Guys - Pin Items to the Taskbar and Start Menu http://blogs.technet.com/b/deploymentguys/archive/2009/04/08/pin-items-to-thestart-menu-or-windows-7-taskbar-via-script.aspx Standard Unattend File http://users.dickinson.edu/~steelc/resnet/wds%20presentation/Unattend.xml Questions? Thank you ResNet Symposium Infrastructure Systems at Dickinson College You Please remember to fill out the survey http://www.resnetsymposium.org/rspm/evaluation/