Upload File

the holy grail of deployment

115
3/23/2010 1 Presented by Rhonda J. Layfield Copyright 2010 IT industry 25+ years Contribute articles to Windows IT Pro mag Setup and Deployment MVP Desktop Deployment Product Specialist (DDPS) Co-Author Windows Server 2003 R2 and Windows Server 2008 books NEW Microsoft Deployment Book Deployment class –Vegas next week

Upload: stuart-king

Post on 13-Aug-2015

95 views

Category:

Documents


2 download

Report

Tags:

TRANSCRIPT

  1. 1. 3/23/2010 1 Presented by Rhonda J. Layfield Copyright 2010 IT industry 25+ years Contribute articles to Windows IT Pro mag Setup and Deployment MVP Desktop Deployment Product Specialist (DDPS) Co-Author Windows Server 2003 R2 and Windows Server 2008 books NEW Microsoft Deployment Book Deployment class Vegas next week
  2. 2. 3/23/2010 2 Microsoft Assessment and Planning Tool (MAP) Manually creating and deploying images Windows Automated Installation Kit 2.0 Volume Activation and Key Management Service (KMS) Microsoft Deployment Toolkit 2010 Deploy a bare metal Windows 7 client Migrate an XP client to Windows 7 Advanced features Windows Deployment Service (WDS) Installation Setup Common issues Application Compatibility Toolkit (ACT) Deployment Process Image Formats WIM VHD Windows Automated Installation Kit (WAIK) 2.0 Windows Pre-Installation Environment (WinPE) 3.0 Windows System Image Manager (WSIM) User State Migration Tool (USMT) 4.0 Deployment Image Servicing and Management (DISM) Volume Activation 2.0
  3. 3. 3/23/2010 3
  4. 4. 3/23/2010 4 Agentless Finding your clients This is called discovery Getting information from your clients Inventory Windows 7 Windows Vista Windows XP Pro SP 2 or later Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 R2 Windows Server 2003 SP 1 or later Runs on either x86 or x64 Itanium processors are not supported
  5. 5. 3/23/2010 5 Discovery Methods Active Directory Domain Services (AD DS) Windows networking protocols Import names of your computers from a file IP address ranges Manually enter a computer name LDAP query to a DC Asking for information that is: Domain based Container based OU based Some clients may not show up Computers that have not been logged onto the AD domain in over 90 days will not be inventoried Supports up to 120,000 computer objects per domain User Account that performs the LDAP query member of the Domain Users group
  6. 6. 3/23/2010 6 Windows Networking Protocols Machines that are connected to Workgroups or NT 4.0 domains Queries are sent to the Browser service Must be run on each subnet Text file Each computer name should be on a new line No delimiters Supports up to 120,000 computer names to inventory NetBIOS names Fully Qualified Domain Names (FQDN) Only one file at a time can be imported Hardware and Device Driver Planning Windows 7 Windows Vista Windows Server 2008 Windows Server 2008 R2 Microsoft Office 2007 Microsoft Application Virtualization Microsoft SQL Server 2008 Forefront Client Security and Network Access Protection.
  7. 7. 3/23/2010 7 Windows Management Instrumentation (WMI) Collects hardware, software and device information Remote Registry Service Finds the roles that are installed on a server VMWare Webservice Inventory hosts running VMWare ESX
  8. 8. 3/23/2010 8 11 Imaging ToolImaging Tool MDT ImageX WDS Capture 22 Deployment Server 33 44 Targets W7 Wims Contain a single volume (c: d: e:) Multiple images may be stored in a single .wim file Single instancing No redundant file storage Service image offline Apply patches quick and easily Vhds Brand new with Windows 7 Contain an entire hard drive (multiple volumes) Microsoft Deployment Toolkit (MDT) 2010 does not support .vhd Windows Deployment Service does support .vhd
  9. 9. 3/23/2010 9 ToolTool What it does for You!What it does for You! Deployment Tools Command Prompt cmd that is aware of the path that contains the WAIK tools CopyPE create a WinPE working environment Deployment Image Servicing and Management (DISM) mount, unmount and manage images, Add / Remove packages and drivers to an image Imagex Capture and apply images OSCDIMG create an .ISO out of the contents of a folder Windows System Image Manager (WSIM) create answer files (setup scripts) in .xml format User State Migration Tool 4.0 (USMT 4.0) migrates users profile, IE favorites and documents Volume Activation Management Tool 1.2 centrally manage volume activation Install an OS XP SP3 Vista SP1 or later Windows 7 Windows Server 2003 R2 (all SPs) Windows Server 2008 (all SPs) Windows Server 2008 R2 Configure Settings Sysprep (Generalize switch) Capture an image using ImageX But you cant get an image of an OS up and running
  10. 10. 3/23/2010 10 So youll need to boot the reference machine into another OS Thats where Windows Pre Installation Environment (WinPE) comes in WinPE 3.0 that is Scaled down version of the Windows 7 Kernel You can think of it as W-7 Jr. Boots into and runs from RAM X: drive by default Not appropriate for production, day-to-day use Reboots every 72 hours Command Line Interface Only Can be converted to a bootable .ISO and placed on: CD, DVD, USB Flash Drive, external hard drive Where can you find a WinPE? Boot.wim (from the sources folder on a DVD)
  11. 11. 3/23/2010 11 WPEUtil shutdown Regedit.exe WPEUtil reboot Netsh WPEUtil enablefirewall DiskPart You want to create an image You want to apply an image You want to troubleshoot an issue with the OS offline Root kit detectors
  12. 12. 3/23/2010 12 Create the WinPE structure Copype x86 C:WinPE C:WinPE folder cannot exist If it does youll get an error: Destination directory exists: C:WinPE Copype amd64 C:WinPE Copype ia64 C:WinPE Copy winpe.wim c:winpeisosourcesboot.wim Convert to an .ISO oscdimg -n h -betfsboot.com c:winpeiso c:winpewinpe.iso
  13. 13. 3/23/2010 13 XML scripting support is built-in Additional packages are not inside WinPE No more Prepping Now you will Profile You can put one on your system, add a .wim to it and tell bcdedit to boot that OS Mounting a .VHD in Win7 is called attaching" Un-Mounting a .VHD is called detaching Diskpart is the basic tool of choice to work with .vhds Of course, W-7 & 2008 use them for backups now
  14. 14. 3/23/2010 14 Open elevated command prompt Diskpart create vdisk file=c:W7Ultimate.vhd maximum=25000 type=fixed Select vdisk file=c:W7Ultimate.vhd attach vdisk List disk (find your new disk number) Sel disk # Create part primary Sel part 1 Still in Diskpart Sel part 1 Active Format fs=ntfs quick Assign Detail partition (get the drive letter) Exit Mkdir f:windows Imagex /apply c:wimsinstall.wim 4 f: Edit Boot Configuration Database to boot from the new .vhd
  15. 15. 3/23/2010 15
  16. 16. 3/23/2010 16 Allows you to service images offline Both .wim and .vhd Supports Vista SP1 and later images Enable / disable / configure Windows features Add and configure updates (MSUs) Gives you more functionality with consistent syntax Replaced 3 tools Package Manager (Pkgmgr.exe) International Settings Configuration Tool (Intlcfg.exe) Windows PE command-line tool (PEimg.exe) No capture or apply feature Elevated command prompt Without image context Dism /? No image specified - your looking at the image that is currently running - called the HOST With Image Context Dism /online /? Dont try this on WinPE
  17. 17. 3/23/2010 17 Image Context DISM /? Vs DISM /online /? DISM has an awesome help file Pipe it to a text file Edit the text file and save it For example to mount an image: Dism /Mount-Wim >C:MW.txt Notepad C:MW.txt Edit the command Paste it into a new doc Run it from the command prompt The WinPE we created earlier needs ImageX added
  18. 18. 3/23/2010 18 Mount WinPE.wim Dism /Mount-Wim /WimFile:winpe.wim /index:1 /MountDir:C:WinPEMount Add Imagex to WinPE.wim Copy C:Program FilesWAIKToolsamd64 (or x86, ia64)Imagex.exe into C:WinPEMountWindows Un-Mount WinPE.wim Dism /Unmount-Wim /MountDir:C:WinPEMount /commit Or Dism /Unmount-Wim /MountDir:C:WinPEMount /discard Un-Mount WinPE.wim Dism /Unmount-Wim /MountDir:C:bootmount /commit /discard Oscdimg n h betfsboot.com C:WinPEIso C:WinPEBoot.iso
  19. 19. 3/23/2010 19 Its time to create the image from the C: volume Within WinPE type: imagex /capture c: c: name.wim description Across the network I have a server named WDS and a shared folder Images Open a command prompt Net use W: WDSImages imagex /capture c: w:name.wim description Imagex /capture c: w:Win7Ult.wim Windows 7 Ultimate
  20. 20. 3/23/2010 20 WindowsCSC (offline files) RECYCLER System Volume Information pagefile.sys hiberfil.sys $ntfs.log Compress your image fast (default), none or maximum imagex /capture /compress switch c: c:mkt.wim Mkt Apps A Win7 image not compressed = 3.65 GB (35 mins) A Win7 image with fast compression = 2.32 GB (45 mins) A Win7 image with max compression = 2.24 GB (90+ mins)
  21. 21. 3/23/2010 21 Boot the target machine into WinPE Applying the image Copy the image to the new C: partition imagex /apply c:imagename.wim 1 c: Apply the image from a mapped drive (W:) imagex /apply w:imagename.wim 1 c: Must apply the image to the same partition it was created from
  22. 22. 3/23/2010 22 What happens if your not the one who created the image? How do you know what is in it? Drivers Packages Applications Getting information on .wims
  23. 23. 3/23/2010 23 In the past we had Imagex Imagex /info For example: Imagex /info c:wimsinstall.wim NOW we can use DISM DISM /Get-WimInfo /wimfile: Another example: Dism /get-wiminfo /wimfile:c:wimsinstall.wim Document, document, document!
  24. 24. 3/23/2010 24 What you can do to a mounted image Dism /Image:c:mountwin7 /? Add all drivers from a folder: Dism /image:C:winpemount /Add-Driver /driver:C:drivers Add all drivers from a top level folder and all folders below: Dism /image:C:winpemount /Add-Driver /driver:C:drivers /recurse Add a specific driver: Dism /image:C:winpemount /Add-Driver /driver:C:driversmydriver.INF Get a listing of drivers: Dism /image:C:winpemount /Get-Drivers Dism /image:C:winpemount /Get-Drivers /format:table Get driver information: Dism /image:C:winpemount /Get-DriverInfo /driver:C:testdriversusbusb.inf Remove drivers: Dism /image:C:winpemount /Remove-Driver /driver:oem1.inf Remove multiple drivers Dism /image: Cwinpemount/Remove-Driver /driver:oem1.inf /driver:oem2.inf
  25. 25. 3/23/2010 25 Mount Install.wim Dism /Mount-Wim /WimFile:C:wimsinstall.wim /index:5 /MountDir:C:Mount Add drivers from C:Drivers Dism /image:C:mount /Add-Driver /driver:C:drivers List your drivers Dism /image:C:winpemount /Get-Drivers List your drivers in table format Dism /image:C:winpemount /Get-Drivers /format:table Un-Mount Install.wim Dism /Unmount-Wim /MountDir:C:Mount /commit Check the status of your .wim Get mounted .wim information Dism /Get-MountedWimInfo OK good Needs remount Dism /Remount-Wim /MountDir: If that doesnt work Youll need to cleanup the wim DISM /Cleanup-Wim Then Remount
  26. 26. 3/23/2010 26 No more setup monkeynext, next, next Answer files help to create consistent installations Remember unattend.txt and winnt.sif from Windows XP? W-7s autounattend.xml = XPs unattend.txt/winnt.sif Remember Setup Manager from Windows XP W-7s Windows System Image Manager (aka Windows SIM or WSIM) = XPs Setup Manager Add third party drivers and applications via the answer file
  27. 27. 3/23/2010 27 Open an image file (install.wim) OR Open an existing catalog file Choose to create a New Answer File Choose the components to configure Configure the components Validate the Answer file Fix any issues until no error messages Save the answer file Windows Image Pane Answer File PaneDistribution Share Pane Properties Pane Message Pane
  28. 28. 3/23/2010 28 Open the Windows System Image Manager (Windows SIM) Click the Start button -> All Programs -> Microsoft Windows AIK -> Windows System Image Manager Opening the install.wim file you copied from the Windows 7 Product DVD In the bottom left corner right-click Select a Windows image or catalog file and choose Select Windows Image (or from the File menu) Browse to the folder where you copied the install.wim to OR Open a catalog file directly from the Windows 7 DVD /Sources folder
  29. 29. 3/23/2010 29 This is expected, click Yes to create a catalog A Catalog is a binary file that contains all the component settings in a Windows image file (.wim), which can be customized in an answer file Create the catalog for the OS you are creating the answer file for You wouldnt want to attempt to configure Bitlocker for Win7 Business The catalog will have a .clg extension and is created in the same directory as the .wim you opened Catalog files are typically 5 MB in size
  30. 30. 3/23/2010 30 Catalog Windows 7 Installations are performed in stages These stages are called Configuration Passes There are 7 but not all passes must be run
  31. 31. 3/23/2010 31 Windows PE Configuration Pass (1)
  32. 32. 3/23/2010 32 Windows PE Configuration Pass (1) Windows PE Configuration Pass (1)
  33. 33. 3/23/2010 33 Windows PE Configuration Pass (1) Windows PE Configuration Pass (1)
  34. 34. 3/23/2010 34 2 Reboots Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
  35. 35. 3/23/2010 35 Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7) Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
  36. 36. 3/23/2010 36 Oobe System Configuration Pass (7) Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7)
  37. 37. 3/23/2010 37 Specialize Configuration Pass (4) OR Oobe System Configuration Pass (7) There are three passwords that may be put in an answer file: Microsoft-Windows-Shell-Setup | AutoLogon | Password Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount Passwords are hidden by default Tools menu -> Hide Sensitive Data
  38. 38. 3/23/2010 38 Validating the answer file compares the setting values you have input to a list of valid entries for the image If a setting you have input does not match one of the valid entries for the image an error message will be displayed in the bottom right corner under Messages Bottom Left corner in WSIM - Messages Double-click the Component Location to go directly to the setting with the error, correct until you see:
  39. 39. 3/23/2010 39 Windows could not parse or process the unattend answer file for pass [specialize]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows-Shell-Setup].
  40. 40. 3/23/2010 40 XP SP2 11Applications Upgrade Applications network Run ScanState Store locally or across the network 22 Deployment Server
  41. 41. 3/23/2010 41 Deployment Server Windows 7 Install Windows 7 33 LoadState Run LoadState 55 Windows 7XP SP2/SP3 11Applications Upgrade Applications network Run ScanState Store locally or across the network 22 Applications Install Applications 44 OS Supported ScanState LoadState Windows XP Professional X Windows XP Professional x64 Edition X 32-bit versions of Windows Vista X X 64-bit versions of Windows Vista X X 32-bit versions of Windows 7 X X 64-bit versions of Windows 7 X X
  42. 42. 3/23/2010 42 Can - Migrate a 32-bit OS to a 64-bit OS Cannot - migrate a 64-bit OS to a 32-bit OS Can - Migration from XP SP2 / SP3 Not supported on: any of the Windows Server Oss Starter editions for Windows XP, Windows Vista, or Windows 7 USMT must be run in Administrator mode Right-click a command prompt and choose Run as Administrator OR If you dont log on with an administrator account then the only user profile that will be migrated is the one you logged on as
  43. 43. 3/23/2010 43 MigUser.xml MigApp.xml MigDocs.xml My Documents My Video My Music My Pictures Desktop files Start menu Quick Launch settings Favorites MigUser.XML Rules to migrate user profiles and data Describes a core migration Folders that will be migrated
  44. 44. 3/23/2010 44 All Users profile Windows XP Public profile in Vista or Windows 7 Shared Documents Shared Video Shared Music Shared desktop files Shared Pictures Shared Start menu Shared Favorites .accdb .ch3 .csv .dif .doc* .dot* .dqy .iqy .mcw .mdb* .mpp .one* .oqy .or6 .pot* .ppa .pps* .ppt* .pre .pst .pub .qdf .qel .qph .qsd .rqy .rtf .scd .sh3 .slk .txt .vl* .vsd .wk* .wpd .wps .wq1 .wri .xl* .xla .xlb .xls*
  45. 45. 3/23/2010 45 Accessibility settings Address book Command-prompt settings *Desktop wallpaper EFS files Favorites Folder options Fonts Users, Groups and Group memberships *Windows Internet Explorer settings * Settings not available for offline migration Microsoft Open Database Connectivity (ODBC) settings Mouse and keyboard settings Network drive mapping *Network printer mapping *Offline files *Phone and modem options RAS connection and phone book (.pbk) files *Regional settings Remote Access
  46. 46. 3/23/2010 46 *Taskbar settings Windows Mail Microsoft Outlook Express Mail (.dbx) files are migrated from Windows XP *Windows Media Player Windows Rights Management MigUser.XML The following does not migrate with MigUser.xm Files outside the user profile that dont match any file extensions listed in MigUser.xml
  47. 47. 3/23/2010 47 Adobe Acrobat Reader 9 AOL Instant Messenger 6.8 Apple iTunes 7, 8 Apple QuickTime Player 7 Apple Safari 3.1.2 Google Chrome beta Google Picasa 3 Google Talk beta IBM Lotus 1-2-3 9.8 IBM Lotus Notes 8 IBM Lotus Organizer 9.8 IBM Lotus WordPro 9.8 Intuit Quicken 2009 Money Plus Business 2008 Money Plus Home 2008 Mozilla Firefox 3 Microsoft Office Access 2003, 2007 Microsoft Office Excel 2003, 2007 Microsoft Office FrontPage 2003, 2007 Microsoft Office OneNote 2003, 2007 Microsoft Office Outlook 2003, 2007 Microsoft Office PowerPoint 2003, 2007 Microsoft Office Publisher 2003, 2007 Microsoft Office Word 2003, 2007 Opera Software Opera 9.5 Microsoft Outlook Express (mailbox file) Microsoft Project 2003, 2007 Microsoft Office Visio 2003, 2007 RealPlayer Basic 11 Sage Peachtree 2009 Skype 3.8 Windows Live Mail 12, 14 Windows Live Messenger 8.5, 14 Windows Live MovieMaker 14 Windows Live Photo Gallery 12, 14 Windows Live Writer 12, 14 Windows Mail Vista only Microsoft Works 9 Yahoo Messenger 9 Zune 3
  48. 48. 3/23/2010 48 Cannot migrate from/to a different version of an application Except for Microsoft Office USMT can migrate from an earlier version to a later Microsoft Project settings are not migrated from Office 2003 to Office 2007 Mapped network drives Local printers Hardware-related settings Drivers Passwords Application binary files Synchronization files DLL files Executable files Permissions for shared folders Languages must match Customized icons for shortcuts Taskbar settings (Migrating from XP)
  49. 49. 3/23/2010 49 Internet Connection Firewall check box and settings are migrated Internet Connection Sharing setting is not migrated Could make the network less secure if migrated to the destination computer The firewall advanced-configuration settings are not migrated because of increased security risks The Network Connections user interface does not refresh properly until you log off or press F5 Data residing on USB hard disks will be migrated Data residing on USB flash drives (UFD) will not be included when you specify the /localonly option
  50. 50. 3/23/2010 50 Running ScanState Command prompt Scanstate C:Path To Store Data Scanstate C:USMT Scanstate C:USMT /Auto Scanstate C:USMT /Auto /hardlink /nocompress Running LoadState Loadstate C:Path To Store Data Loadstate C:USMT Loadstate C:USMT /Auto Loadstate C:USMT /Auto /hardlink /nocompress Uncompressed (UNC) Mirror image of the folder hierarchy being migrated Settings are stored in a catalog file that also describes how to restore files on the destination computer Compressed a single image file that contains all files being migrated and a catalog file You can encrypt and protect this file with a password Hard-Link a map that defines how a collection of bits on the hard disk are to be migrated. These files remain fully in tact
  51. 51. 3/23/2010 51 Guarantees you are running a Genuine Windows OS Activation ensures the Windows Genuine Advantage (WGA) ActiveX control is valid OSs that require Activation Vista Server 2008 Windows 7 Server 2008 R2 Online validation experience unchanged
  52. 52. 3/23/2010 52 Multiple Activation Key (MAK) One key multiple activations Each client connects to Microsoft to activate 30 day initial activation period Can be reset 3 times Slmgr -rearm Key Management Service (KMS) Requires a KMS Server KMS server activates with Microsoft directly Volume license clients activate with internal KMS server
  53. 53. 3/23/2010 53 Microsoft Activation Server 112233 Deployment.Com Service License Manager (SLMGR) System32 folder (Vista and later Oss) Volume license software does NOT prompt for a license key The license key is built into the software Turn KMS on Slmgr ipk INPUTKEY Slmgr ipk 11111-22222-33333-44444-55555 Same KMS key can be used 6 times Build 6 different KMS servers using the same key KMS Servers can be re-activated 9 times Re-build a KMS server
  54. 54. 3/23/2010 54 KMS Server MUST activate with Microsoft Activate Online: Slmgr ato Activate via the phone: Slui 4 Single domain 1 SRV record created in DNS 1 KMS servicing multiple domains Default behavior SRV record is published in the domain the KMS server is a member of Manually create SRV records in DNS OR HKLM/Software/Microsoft/Windows NT/CurrentVersion/SL New Multi-string value Named: DnsDomainPublishList Add each DNS domain suffix on its own line (Deployment.Com)
  55. 55. 3/23/2010 55 Deployment.Com Bigfirm.Com
  56. 56. 3/23/2010 56 Volume Media 30 day initial grace period If activation does not occur AND activation has not been reset Activation is attempted every 2 hours Once Activated Activation is good for 6 months Re-news activation every 7 days Directly connect clients to a specific KMS server Slmgr skms kms_FQDN Example: Slmgr skms kms_WDS.Deploy.Com OR Slmgr skms kms_10.10.10.5 The default port is TCP 1688, to change it type: Slmgr skms kms_10.10.10.5:2050
  57. 57. 3/23/2010 57 Performed by DNS queries KMS server registers SRV records in DNS Vlmcs Client queries DNS asking for all vlmcs SRV records Random list is sent Client chooses one of the KMS servers Connection is successful Client caches this KMS server for future activation attempts Connection fails Client chooses another KMS server until it finds one Weight and Priority now COUNT! W7- 2008/R2 Clients only No But it can be (recommended) Support for SRV records (RFC 2782) Support for dynamic updates (RFC 2136) BIND 8.x & 9.x
  58. 58. 3/23/2010 58 Performance Modified hardware tolerance values to reduce # of reactivations Count virtual systems towards KMS activation threshold Improved KMS discovery through DNS Suffix List Reliability Improved notifications, clarified error messages and troubleshooting instructions Multiple improvements in WMI for SLSVC Compatibility Updated tools to support Windows 7 Single KMS for multiple operating systems System Center Configuration Manager 2007 System Center Operations Manager 2007 Alerts for major conditions Initialization issues DNS SRV record registration failures Reports client activations monitor license conditions and asset intelligence use wmi to capture data health of KMS service Event logs on KMS and clients
  59. 59. 3/23/2010 59 Can be installed on: XP SP2 Server 2003 SP1 Vista Windows 7 Server 2008 Server 2008R2
  60. 60. 3/23/2010 60 22 MDT Deployment Server Store ImageReference 11 W7 DVD WinPE Custom MDT WinPE Targets 33 44 Download Image MDT WinPE XP SP2 XP SP3 Bare Metal New machines Refresh Keeping the old hardware Refreshing the OS on the existing machine Replace Replacing existing hardware with new Maintaining users settings and data Upgrade Unless your upgrading from Vista there is no upgrade path
  61. 61. 3/23/2010 61 11 Imaging ToolImaging Tool MDT ImageX WDS Capture 22 Deployment Server 33 44 Targets W7 11Upgrade Applications Store Users Data and Settings 22 Deployment Server XP SP2/SP3
  62. 62. 3/23/2010 62 Install Windows 7 33 Restore Users Settings and Data 55 Windows 7XP SP2/SP3 11Upgrade Applications Store Users Data and Settings 22 Install Applications 44 Deployment Server 11 Deployment Server XP SP2/SP3 Upgrade Applications Store Users Data and Settings 22
  63. 63. 3/23/2010 63 Install Windows 7 33 Restore Users Settings and Data 55 Windows 7 11 Install Applications 44 Deployment Server Upgrade Applications Store Users Data and Settings 22 XP SP2/SP3
  64. 64. 3/23/2010 64 Bare MetalBare Metal MDT Deployment Image Pro No Network Connectivity Con No Version Control
  65. 65. 3/23/2010 65 Operating system must be: Vista SP1 Windows 7 Server 2003 SP2 Server 2008 Server 2008 R2 Windows Automated Installation Kit (WAIK) 2.0 Required software is included in the WAIK NET Framework 2.0 MSXML 6.0 MMC 3.0 if Server 2003 New default installation of W7 2 partitions (hidden): - Bootmgr and friends C:Windows All commands are Powershell New .vhd image format NOT supported in MDT 2010 .Wims only
  66. 66. 3/23/2010 66 Create a Deployment Share Import OSs Add applications Add drivers Add patches Create a task sequence Update Deployment Share Deploy The Deployment Share is the shared folder on the Deployment Server where target machines connect to perform the deployment You must create it Old MDT created it for you But it put it on the C: drive Now you decide where to create it MDT Deployment Server Deployment Share
  67. 67. 3/23/2010 67 XP SP3 Vista SP1 or later Windows 7 Windows Server 2003 R2 Windows Server 2008 & R2 Supported OSs
  68. 68. 3/23/2010 68 3rd party drivers
  69. 69. 3/23/2010 69 OS patches Language Packs A list of tasks to be run in order to complete the deployment The order in which the tasks will be run Run task sequences in two different ways Standard Client TS LiteTouchPE_x86.iso Within XP
  70. 70. 3/23/2010 70 TASK SEQUENCE TEMPLATE NAME DESCRIPTION Sysprep and Capture TS Syspreps and reboots into WinPE then runs ImageX to capture an image of the machine. Standard Client TS Deploys a desktop operating system, applications, drivers and patches. Standard Client Replace TS Backs up the target machine before deploying an image including gathering users state information Custom Task Sequence TS Task sequence you create that deploys applications, drivers and packages to machine that already contains an operating system. Lite Touch OEM TS Used by OEMs to deploy OS images to target machines en mass Standard Server TS Basic server task sequence that will deploy a Server operating system, applications, drivers and patches to a target server (including roles like DNS, AD and DHCP). Post OS Installation TS Performs installation tasks after the operating system is deployed to a target machine.
  71. 71. 3/23/2010 71 Boot the MDT WinPE CD DVD External hard drive UFD (USB flash device) Run the Deployment Wizard
  72. 72. 3/23/2010 72 Choose which pages are displayed during the deployment Suppress the pages you do not want anyone to change or see like: Product Key Administrators password Properties of your deployment share Rules tab F:DeploymentShareControlCustomSettings.ini [Settings] Priority=Default [Default] DeployRoot=DeploySrvDeploymentShare$ SkipBDDWelcome=YES
  73. 73. 3/23/2010 73 [Settings] Priority=Default [Default] _SMSTSORGNAME=DeploymentDr OSInstall=Y SkipTaskSequence=YES TaskSequenceID= W7X64 SkipComputerName=YES ComputerName=%SerialNumber% SkipUserData=YES SkipLocaleSelection=YES KeyboardLocale=En-US UserLocale= En-US UILanguage= En-US SkipTimeZone=YES TimeZoneName=Eastern Standard Time SkipApplications=YES
  74. 74. 3/23/2010 74 SkipCapture=YES SkipAppsOnUpgrade=YES SkipAdminPassword=YES AdminPassword=Swordfish1 SkipProductKey=YES ProductKey=11111-22222-33333-44444-55555 SkipBitLocker=YES
  75. 75. 3/23/2010 75 Selection profiles allow you to group MDT components The grouped MDT components can be used for different reasons The MDT components you group will determine what you can do with the selection profile: Group drivers and packages to inject into the MDT generated WinPEs Group drivers to inject into an OS task sequence Control which MDT components are included in media Group MDT components to replicate (and keep in sync) to other deployment shares Pick and choose which TS and applications appear in the deployment workbench R-click Selection Profile Choose New Selection Profile Choose your components
  76. 76. 3/23/2010 76 Media allows you create a fully deployable image complete with OS, applications, drivers, packages and task sequences that can be deployed with NO NETWORK CONNECTIVITY Create Media First youll need a selection profile containing the MDT components needed for deployment to a client (include everything) Within DW r-click Media Choose New Media Give it a name, choose your selection profile Update Media (r-click the MEDIA001 and choose Update Media Content) Copy files to external hard drive, UFD or burn the .ISO to DVD LDS allow you copy a subset (or all if you choose) of components to another machine Even windows 7 can be a LDS MDT 2010 does not need to be installed on the machine To create a LDS First create a selection profile containing all the MDT components you would like replicated From within the Deployment Workbench R-click Linked Deployment Shares node and choose New Linked Deployment Share Type in the UNC path to where you want the new LDS ComputerNameSharedFolderName
  77. 77. 3/23/2010 77 Choose your selection profile Select one of the options: Merge the selected contents into the targert deployment share OR Replace the contents of the target deployment share folders with those selected R-click LINKED001 and choose Replicate Content The contents you selected in your selection profile will be copied to the new LDS via ROBOCopy I would change the replication technology to be DFS-r
  78. 78. 3/23/2010 78 Bare-MetalBare-Metal DHCP/WDS Discover IP Acknowledge DHCP WDS AD/DNS Bare-MetalBare-Metal 1 2 3
  79. 79. 3/23/2010 79 Installing WDS on a 2003 SP1 Server Install RIS Install patch from the WAIK: windows_deployment_services_update.exe Installing WDS on a 2003 SP2 Server Control Panel / Add/Remove Programs / Windows Components / WDS Installing WDS on a 2008 (& R2) server Server Manager Add Roles Select Windows Deployment Services from the list of roles WDS snap-in Right-click Servers Add Server defaults to local server Right-click your server and choose Configure Server.
  80. 80. 3/23/2010 80 Store your images on a drive other than where the OS resides
  81. 81. 3/23/2010 81
  82. 82. 3/23/2010 82 564D49219C768546A956C310ED7D2BF6
  83. 83. 3/23/2010 83 The most current will always be best Windows 7 Boow.wim can deploy Vista SP1 Windows Server 2003 R2 Windows 7 Server 2008 & R2 Accidently use a Vista or Vista SP1 boot.wim? Vista boot.wim cannot deploy W7 or 2K8 R2 Failure on the Offline servicing pass even if its not configured to install patches Both .wim and .vhd are supported Adding a .wim Rightclick Install Images Add Install Image Image Groups Single Instancing occurs Adding a .vhd Elevated command prompt WDSUTIL /Add-Image /ImageFile:ServerShare Win7.vhd /Server:WDSServer /ImageType:Install /ImageGroup:Windows7 /Filename:"Windows7.vhd"
  84. 84. 3/23/2010 84 Dynamic Driver Provisioning (DDP) Add drivers to a driver group Driver groups can be filtered to make the packages in the group available to a specific group of clients No filters? All packages are available to all clients with matching hardware You define Clients have access to all packages in a group or Only packages that match the hardware (Plug and Play hardware) Filters Based on the hardware of the client (manufacturer or BIOS) Based on an attribute of the install image selected for the client (version or edition of the image 167 R-click boot image Choose Add Driver Packages to Image 168
  85. 85. 3/23/2010 85 PXE Protocol is an extension of DHCP Created by Intel as a standard with a set of pre-boot services stored in the boot firmware The goal: Perform a network boot Find and download a network boot program (NBP) from a Network Boot Server
  86. 86. 3/23/2010 86
  87. 87. 3/23/2010 87
  88. 88. 3/23/2010 88
  89. 89. 3/23/2010 89 1) Choose your OS Image
  90. 90. 3/23/2010 90 All PXE / DHCP traffic is local traffic only DHCP port UDP 67 PXE traffic port UDP 4011
  91. 91. 3/23/2010 91 Mis-configured Switch or Router Where will the client go? Known clients can be configured to connect to a specific WDS Server Or You could create a list of WDS Servers to be presented to the client so they can manually choose which WDS Server they connect to: Registry entry Restart the WDS Service
  92. 92. 3/23/2010 92 What happens when there is more than one WDS Server But you dont want to set in stone which WDS Server the client attaches to You want to be able to pick and choose your WDS Server Registry setting changed on the WDS Server HKLMSYSTEMCurrentControlSetservicesWDSS erverProvidersWDSPXEProvidersBINLSVC AllowServerSelection = 1 Restart the WDS service net stop WDSServer & net start WDSServer 3 Scenarios 1. WDS and DHCP on the same subnet/ different servers Client will find WDS by broadcasting 2. WDS and DHCP on different subnets Client must find WDS through options 66 and 67 set in DHCP 3. WDS & DHCP on same server Client finds WDS through Option 60 in DHCP
  93. 93. 3/23/2010 93 BareBare--MetalMetalBareBare--MetalMetal DHCP WDS Discover IP/PXE Server Discover IP/PXE Server BareBare--MetalMetalBareBare--MetalMetal DHCP WDS Discover IP/PXE Server Acknowledge Request
  94. 94. 3/23/2010 94 BareBare--MetalMetalBareBare--MetalMetal DHCP / WDS Discover IP Acknowledge IP helpers configured properly on your switches and routers are more reliable Older PXE ROMs have issues with DHCP options 60,66,67 Options 66 & 67 are referred to as a Network Boot Referral (NBR)
  95. 95. 3/23/2010 95 Server1 sends packet 1 to client1 Server1 sends packet 1 to client2 Server1 sends packet 1 to client3 Server1 sends packet 1 to all clients Server1 sends packet 1 to client1, client5 client9, client22 Multiple Stream Transfer Multiple streams of traffic Optimized rates based on client connection Client Auto Removal Slower clients can be dropped to unicast or entirely (only in standard multicast) Boot Image Multicast Windows PE boot images can use multicast (clients with EFI) FastFast MediumMedium SlowSlow
  96. 96. 3/23/2010 96 Clients WDS Server Multicast Transmission First client joins transmission Clients WDS Server Multicast Transmission Waiting for other clients to join
  97. 97. 3/23/2010 97 Clients with multiple transfer speeds WDS Server Multicast Transmission Additional clients join stream Fastest Mediu m Slowest Mediu m Clients with multiple transfer speeds WDS Server Multicast Transmission More clients to join FastestMediu m Slowest Mediu m FastestMediu m Mediu m
  98. 98. 3/23/2010 98 Clients with multiple transfer speeds WDS Server Multicast Last clients complete Mediu m Mediu m Slowest Clients WDS Server Multicast All clients complete. Transmission ends.
  99. 99. 3/23/2010 99 2 ways to start creating a multicast transmission from within the WDS snap-in Right-click Multicast Transmissions and choose Create Multicast Transmission OR Drill down to your Install Image and right-click the image then choose Create Multicast Transmission
  100. 100. 3/23/2010 100 You will need 2 scripts WinPE Phase Language of installation Keyboard layout Credentials for Image Which Image to install Disk Configuration (partitioning) Where to install the image The rest of the installation (specialize and OOBE) Computer name User account Time zone WinPE script Store script in RemoteInstallWDSClientUnattend folder WDS snap-in -> R-click server -> Properties Client tab Enable unattended installation Browse to WinPE script Sets the script for all computers of that architecture
  101. 101. 3/23/2010 101 Switch that doesnt support IGMP uses broadcast instead of multicast The slowest computer on the switch dictates the speed of all broadcast traffic Client computers that are in a sleep power state Windows operating system reduce the speed of the network connection to 10 Mbps to save power So a client attempting to multicast an image on the same switch as a sleeping client causes severe performance problem for multicast The fix switching hardware supports IGMP
  102. 102. 3/23/2010 102 Default Permissions Local administrator on the WDS server Full Control of the RemoteInstall folder Full Control permissions on HKEY_LOCAL_MACHINESystem Domain administrator (domain where the WDS server resides) Full Control permissions on the Service Control Point (SCP) in AD DS for the WDS server. WDS depends on AD DS for the PXE provider to create computer accounts and service control points (SCPs) in AD. The SCP is a child object under a WDS servers account object used to store configuration data Identifies the server as a WDS server Finding the SCP - DEMO ADSIEdit -> Find your servers computer object -> Expand your server -> CN=NameOfMyServer-Remote- Installation-Services Properties
  103. 103. 3/23/2010 103 Enterprise administrator Dynamic Host Configuration Protocol (DHCP) authorization permissions Admin Approval The computer account is created using the servers authentication token (not the admins token performing the approval) WDSSERVER$ must have create computer account objects on the containers / OUs where the approved pending computers will be created Admin Approval of Pending Computers R/W to the F:RemoteInstallMGMT contains Binlsvcdb.mdb Active Directory Users and Computers Create a custom task to delegate on OU where the computer account will be created -> Write all properties on Computer Objects
  104. 104. 3/23/2010 104 ADUC R-click the container or OU and go to Properties Click the Advanced button and add a user or group then click the Edit button Under Apply to: This object and all descendant objects Allow Create Computer objects Ok (3x) BUT now that user can create computer objects and join machines to the domain What if you only want someone to be able to join a machine to the domain? JoinRights registry setting determines the set of security privileges located at: HKEY_LOCAL_MACHINESYSTEMCurrentContro lSetServicesWDSServerProvidersWDSPXEPro vidersBINLSVCAutoApprove Name: JoinRights Type: DWORD Value: 0 = JoinOnly.; 1 = Full
  105. 105. 3/23/2010 105 The User registry setting determines which users have the right to join the domain User setting located at: HKEY_LOCAL_MACHINESYSTEMCurrentContro lSetServicesWDSServerProvidersWDSPXEPro vidersBINLSVCAutoApprove Name: User Type: REG_SZ Value: group or user. Creating computer accounts against a non-English domain controller using the default user property. Set the Auto-Add settings to use an account that does not contain extended characters. Acceptable characters ([A-Z, a-z, 0-9, , -, and so on]) For example if the German "Domnen-Admins is used the Auto-Add will fail. WDSUTIL /set-Server /AutoAddSettings /Architecture:x86 /User:DeployAdministrator
  106. 106. 3/23/2010 106 TASK Permission Prestage a computer ADUC -> Create a custom task to delegate on OU where you are putting the computer account -> Write all properties on Computer Objects Add/Remove Image or Image Group FC F:RemoteInstallImagesImageGroup Disable an image R/W for the image (on image properties in WDS) ADD boot image R/W F:RemoteInstallBoot R/W F:RemoteInstallAdmin (if upgrading from 2K3 server) Remove boot image R/W F:RemoteInstallBoot TASK Permission Manage properties on an OS image R/W on image Res.rwm file found: F:RemoteInstallImages Convert a RIPREP image R original RIPREP image R/W %TEMP% and destination folder Create Discover / Capture image R original boot image R/W %TEMP% and destination folder Create a multicast transmission FC on: HKEY_LOCAL_MACHINESYSTEMC urrentControlSetServicesWDSServ erProvidersMulticast R F:RemoteInstallImages
  107. 107. 3/23/2010 107 Server 2008 increased the TFTP block size from 512 bytes to 1,456 bytes to speed things up. If your network has a TFTP block size of less than 1,456 bytes this breaks WDS. Resolution: Install hotfix 975710 HKEY_LOCAL_MACHINESYSTEMCurrentControlSet servicesWDSServerProvidersWDSTFTP Create a new REG_DWORD Name: MaximumBlockSize Value range: 5121456 Renaming a machine Moving a machine from one domain to another Youll need to uninitialize & reinitialize WDS server From a cmd on the WDS server Wdsutil /uninitialize-server Wdsutil /initialize-server /reminst:E:RemoteInstall
  108. 108. 3/23/2010 108 WDSCapture WinPE Add boot.wim from a 2K8 Server .iso Right-click the boot.wim and choose Create capture image Add the new .wim file that you just created Sysprep -reseal generalize No Volume to capture?
  109. 109. 3/23/2010 109 Ensure there are not duplicate machine accounts pre- staged for the same machine Pre-stage using the MAC address Swap the NIC to another machine Dual Admins 1st admin creates a computer object in ADUC 2nd admin pre-stages a computer object with the NIC or GUID The first one found is used
  110. 110. 3/23/2010 110 Using an older boot.wim Architectures and WinPE Copype WinPE Creating your own The most current will always be best Windows 7 Boow.wim can deploy Vista SP1 Windows Server 2003 R2 Windows 7 Server 2008 & R2 Accidently use a Vista or Vista SP1 boot.wim? Vista boot.wim cannot deploy W7 or 2K8 R2 Failure on the Offline servicing pass even if its not configured to install patches
  111. 111. 3/23/2010 111 Multicast traffic running really slow Which version of IGMP is being used? V3 or v2? Multiple WDS servers multicast traffic Overlapping IP addresses WDS snap-in -> Properties of Server -> Multicast tab -> change the IP addresses
  112. 112. 3/23/2010 112 Unattend .xml scripts (2) XP & 2K3 vs Vista and later Unattend.xml does not process settings Not named properly Not stored in the correct folder
  113. 113. 3/23/2010 113 From the client Client receives an IP address Discovers a Network Boot Server (NBS) Downloads the Network Boot Program (NBP) from the NBS (TFTP) and executes it From the server Servers IP address Name of a NBP the client may request IP helpers configured properly on your switches and routers are more reliable Older PXE ROMs have issues with DHCP options 60,66,67 Options 66 & 67 are referred to as a Network Boot Referral (NBR)
  114. 114. 3/23/2010 114 MDT Deployment Server Store ImageModel W7 DVD WDS Server MDT & WDS Together MDT WinPE Targets F12 MDT WinPE Download Image MDT can use WDS Multicast feature WDS Installation Configuration Known clients vs Unknown clients PXE Booting Multiple WDS Server Selection Common issues Multicasting Automating Integrating WDS and MDT PXE boot Multicast
  115. 115. 3/23/2010 115 Questions or Comments [email protected] Please fill out your evaluations! WWW.DeploymentDr.Com [email protected]

Holy Grail of Roulette

The Holy Grail Russian 15.10.2009

Holy Grail

monty Python & The holy Grail

Pendapat Holy Grail

The Holy Grail English 06.10.2009

Holy Smoke Or Holy Grail 03

The Holy Grail or the Alchemists’ stone? - OECD · The Holy Grail was a well-described object, and there was only one true grail Our problem: The Holy Grail? Or the Alchemists’

Holy Grail Body Transformation 2

The Holy Grail-1

Iceman Inheritance, Holy Grail and Appropriate TechnologyIceman Inheritance, Holy Grail and Appropriate Technology

The Holy Grail Trading System - DropPDF1.droppdf.com/files/mzdo9/the-holy-grail-trading-system.pdf · The Holy Grail Trading System ... The Birth of 'Grail' The Diary The Spread Betting

Holy Jerusalem, Holy Grail

The holy grail

The Holy Grail Russian 06.10.2009

Searching for the Holy Grail

Holy grail of investing

Civil Procedure Holy Grail

Customer satisfaction survey_The Holy Grail!

Holy grail presentation website

HOLY GRAIL CAVE

The Holy Grail - KnowBe4

Affordable Readiness The Holy Grail

Qi MAGEN STAR-HOLY GRAIL VORTEX - danmirahorian.rodanmirahorian.ro/HOLY-GRAIL-TECHNOLOGY.pdf · Azi tehnologia Holy Grail Vortex este utilizată de Quantum Star[Norvegia], Psitronic

110605=holy grail cmmi_scrum

Customer Service Holy Grail

In Search of the Holy Grail - Longwoods€¦ · In Search of the Holy Grail One Year Later “In Search of the Holy Grail ... Back to the Quest for the Holy Grail " " " " "

The Holy Grail of Deployment

Library Outcomes: The Holy Grail

The Holy Grail English 04.10.2009

The Holy Grail English 16.10.2009

2885 Holy Grail

The Holy Grail Russian 04.10.2009

The English holy grail

The Holy Grail of Tax