Presentation

advertisement
Windows Deployment Services
Sysprep and You
Imaging Windows 7
Systems
Agenda
Windows Deployment Services
Background
Requirements
Installation
Imaging VLAN
Motivation
Advantages
Creating Images
Setting up a reference machine
Sysprep
Uploading the image
Deploying Images
On the imaging VLAN
Off the imaging VLAN
Conclusions
Things that work well
Things that don't work so well
References
What is Windows Deployment Services?
•
•
•
•
Updated version of Remote Installation Services
Added as a role in Windows 2008
Uses the Windows Imaging Format to handle images
Free!
WDS Requirements
•
•
•
•
•
Must be a member of an AD DS domain or be a domain controller
DHCP - WDS uses PXE booting which requires DHCP capability.
DNS
NTFS volume for the image store
Windows Server 2003 or 2008
Installing and Configuring WDS
•
•
•
•
•
Add the role to the server
Configure through MMC snap-in
Create an image group
Add an install image
Add a boot image
Imaging VLAN
Motivation and Advantages
• Some segments of our network don't have DHCP available
• Allows us to segregate some of the services
• Machines can be configured on the Imaging VLAN
Setting up the reference machine
• First install performed using the default install image
• Add applications
• Boot into Audit mode to configure default user profile and
perform final customizations
• Run sysprep on machine
Using sysprep
Sysprep Phases
Creating Answer Files
Sysprep Phases
•
•
•
•
•
•
•
windowsPE - disk configuration
offlineServicing - applies settings and packages
specialize - applies system specific information
generalize - removes system specific information
auditSystem - used in Audit mode
auditUser - used in Audit mode
oobeSystem - Out of Box Experience
Creating answer files
Windows Automated Installation Kit
Windows System Image Manager
Our unattend.xml
<servicing>
<package action="configure">
<assemblyIdentity name="Microsoft-Windows-Foundation-Package"
version="6.1.7600.16385" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="" />
<selection name="InboxGames" state="true" />
<selection name="Chess" state="true" />
<selection name="FreeCell" state="true" />
<selection name="Hearts" state="true" />
<selection name="Minesweeper" state="true" />
<selection name="More Games" state="true" />
<selection name="PurblePlace" state="true" />
<selection name="Shanghai" state="true" />
<selection name="Solitaire" state="true" />
<selection name="SpiderSolitaire" state="true" />
</package>
</servicing>
Our unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<OEMInformation />
</component>
</settings>
Our unattend.xml
<settings pass="specialize">
<component name="Microsoft-Windows-Security-SPP-UX"
processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>*</ComputerName>
<CopyProfile>true</CopyProfile>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<ShowWindowsLive>false</ShowWindowsLive>
<TimeZone>Eastern Standard Time</TimeZone>
</component>
</settings>
Our unattend.xml
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-us</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>cwBBAHQARwByAHQANwAzAFAAYQBzAHMAdwBvAHIAZAA=</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>5</LogonCount>
<Username>itconsult</Username>
</AutoLogon>
Our unattend.xml
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ipk [License
Code]</CommandLine>
<Order>1</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine>
<Order>2</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>net user temp /delete</CommandLine>
<Description>Delete Temp User Account</Description>
<Order>3</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
</FirstLogonCommands>
Our unattend.xml
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<RegisteredOrganization>Dickinson College</RegisteredOrganization>
<RegisteredOwner>LIS</RegisteredOwner>
<ShowWindowsLive>false</ShowWindowsLive>
<UserAccounts>
<AdministratorPassword />
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>dABlAG0AcABQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</Password>
<Description>Temp Account</Description>
<DisplayName>temp</DisplayName>
<Group>Users</Group>
<Name>temp</Name>
</LocalAccount>
</LocalAccounts>
<DomainAccounts></DomainAccounts>
</UserAccounts>
</component>
</settings>
Uploading Images
1. Once the reference machine is prepared copy the
unattend.xml file to the drive
2. Run sysprep /generalize /oobe /shutdown
/unattend:unattend.xml
3. PXE boot machine to WDS server
4. Select volume to upload
5. Give image a name
6. Select option to upload to server
7. Login
8. Wait
9. Associate the unattend.xml file with the image
10.Create multicast session
Uploading Images
Uploading Images
Setup Image for Unattended Mode
Deploying Images
• On the Imaging VLAN
o PXE boot machine to WDS
o Select the image to apply
o Wait
• Off the Imaging VLAN
o Create a "Discover Image"
o Boot machine with Discover Image
o Select the image to apply
o Wait
Multicasting Images
Multicasting can be setup in two modes
• Auto-Cast
o Session is initiated whenever a client requests
o Additional clients are joined to session as they request
• Scheduled-Cast
o Set a specific time for session to complete
o Clients wait until designated time to begin
A recent multicast session imaged 10 computers in about 45
minutes. Our old setup would take 4 hours and machines still
needed to be configured manually.
Things that work well
Deploying images is fairly painless
Multicasting
Some hardware independence
Things that don't work so well
Changing the taskband for the default user profile
Activation can be a pain
Forgetting to setup a multicast session for an image tends to
upset network engineers
Automating image deployment
References
Technet Windows Deployment Services
http://technet.microsoft.com/en-us/library/cc772106(WS.10).aspx
How Configuration Passes Work
http://technet.microsoft.com/en-us/library/cc749307(WS.10).aspx
Brian Lee Jackson - Sysprep a Windows 7 Machine – Start to Finish V2
http://blog.brianleejackson.com/sysprep-a-windows-7-machine-–-start-to-finish-v2
The Deployment Guys - Pin Items to the Taskbar and Start Menu
http://blogs.technet.com/b/deploymentguys/archive/2009/04/08/pin-items-to-thestart-menu-or-windows-7-taskbar-via-script.aspx
Standard Unattend File http://users.dickinson.edu/~steelc/resnet/wds%20presentation/Unattend.xml
Questions?
Thank you
ResNet Symposium
Infrastructure Systems at Dickinson College
You
Please remember to fill out the survey
http://www.resnetsymposium.org/rspm/evaluation/
Download