Windows Deployment ServicesSysprep and You 

Imaging Windows 7 Systems

AgendaWindows Deployment ServicesBackgroundRequirementsInstallationImaging VLANMotivationAdvantagesCreating ImagesSetting up a reference machineSysprepUploading the imageDeploying ImagesOn the imaging VLANOff the imaging VLANConclusionsThings that work wellThings that don't work so wellReferences

What is Windows Deployment Services?

• Updated version of Remote Installation Services• Added as a role in Windows 2008• Uses the Windows Imaging Format to handle images• Free!

WDS Requirements

• Must be a member of an AD DS domain or be a domain controller• DHCP - WDS uses PXE booting which requires DHCP capability. • DNS• NTFS volume for the image store• Windows Server 2003 or 2008

Installing and Configuring WDS

• Add the role to the server• Configure through MMC snap-in• Create an image group• Add an install image• Add a boot image

Imaging VLAN Motivation and Advantages

• Some segments of our network don't have DHCP available• Allows us to segregate some of the services• Machines can be configured on the Imaging VLAN

Setting up the reference machine

• First install performed using the default install image• Add applications• Boot into Audit mode to configure default user profile and

perform final customizations• Run sysprep on machine

Using sysprep

Sysprep PhasesCreating Answer Files

Sysprep Phases

• windowsPE - disk configuration• offlineServicing - applies settings and packages• specialize - applies system specific information• generalize - removes system specific information• auditSystem - used in Audit mode• auditUser - used in Audit mode• oobeSystem - Out of Box Experience

Creating answer files

Windows Automated Installation KitWindows System Image Manager

Our unattend.xml<servicing>        <package action="configure">            <assemblyIdentity name="Microsoft-Windows-Foundation-Package" version="6.1.7600.16385" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="" />            <selection name="InboxGames" state="true" />            <selection name="Chess" state="true" />            <selection name="FreeCell" state="true" />            <selection name="Hearts" state="true" />            <selection name="Minesweeper" state="true" />            <selection name="More Games" state="true" />            <selection name="PurblePlace" state="true" />            <selection name="Shanghai" state="true" />            <selection name="Solitaire" state="true" />            <selection name="SpiderSolitaire" state="true" />        </package>    </servicing>

Our unattend.xml

<settings pass="generalize">        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <SkipRearm>1</SkipRearm>        </component>        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <DoNotCleanTaskBar>true</DoNotCleanTaskBar>            <OEMInformation />        </component>    </settings>

Our unattend.xml

<settings pass="specialize">        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <SkipAutoActivation>true</SkipAutoActivation>        </component>        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <ComputerName>*</ComputerName>            <CopyProfile>true</CopyProfile>            <DoNotCleanTaskBar>true</DoNotCleanTaskBar>            <ShowWindowsLive>false</ShowWindowsLive>            <TimeZone>Eastern Standard Time</TimeZone>        </component>    </settings>

Our unattend.xml

<settings pass="oobeSystem">        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <InputLocale>en-us</InputLocale>            <SystemLocale>en-us</SystemLocale>            <UILanguage>en-us</UILanguage>            <UserLocale>en-us</UserLocale>        </component>        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <AutoLogon>                <Password>                    <Value>cwBBAHQARwByAHQANwAzAFAAYQBzAHMAdwBvAHIAZAA=</Value>                    <PlainText>false</PlainText>                </Password>                <Enabled>true</Enabled>                <LogonCount>5</LogonCount>                <Username>itconsult</Username>            </AutoLogon>

Our unattend.xml

            <FirstLogonCommands>                <SynchronousCommand wcm:action="add">                    <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ipk [License Code]</CommandLine>                    <Order>1</Order>                    <RequiresUserInput>false</RequiresUserInput>                </SynchronousCommand>                <SynchronousCommand wcm:action="add">                    <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine>                    <Order>2</Order>                    <RequiresUserInput>false</RequiresUserInput>                </SynchronousCommand>                <SynchronousCommand wcm:action="add">                    <CommandLine>net user temp /delete</CommandLine>                    <Description>Delete Temp User Account</Description>                    <Order>3</Order>                    <RequiresUserInput>false</RequiresUserInput>                </SynchronousCommand>            </FirstLogonCommands>

Our unattend.xml            <OOBE>                <HideEULAPage>true</HideEULAPage>                <NetworkLocation>Work</NetworkLocation>                <ProtectYourPC>1</ProtectYourPC>            </OOBE>            <RegisteredOrganization>Dickinson College</RegisteredOrganization>            <RegisteredOwner>LIS</RegisteredOwner>            <ShowWindowsLive>false</ShowWindowsLive>            <UserAccounts>                <AdministratorPassword />                <LocalAccounts>                    <LocalAccount wcm:action="add">                        <Password>                            <Value>dABlAG0AcABQAGEAcwBzAHcAbwByAGQA</Value>                            <PlainText>false</PlainText>                        </Password>                        <Description>Temp Account</Description>                        <DisplayName>temp</DisplayName>                        <Group>Users</Group>                        <Name>temp</Name>                    </LocalAccount>                </LocalAccounts>                <DomainAccounts></DomainAccounts>            </UserAccounts>        </component>    </settings>

Uploading Images

1. Once the reference machine is prepared copy the unattend.xml file to the drive

2. Run sysprep /generalize /oobe /shutdown /unattend:unattend.xml

3. PXE boot machine to WDS server4. Select volume to upload5. Give image a name6. Select option to upload to server7. Login8. Wait9. Associate the unattend.xml file with the image10.Create multicast session

Uploading Images

Uploading Images

Setup Image for Unattended Mode

Deploying Images

• On the Imaging VLANo PXE boot machine to WDSo Select the image to applyo Wait

• Off the Imaging VLANo Create a "Discover Image"o Boot machine with Discover Imageo Select the image to applyo Wait

Multicasting Images

Multicasting can be setup in two modes• Auto-Cast

o Session is initiated whenever a client requestso Additional clients are joined to session as they request

• Scheduled-Casto Set a specific time for session to completeo Clients wait until designated time to begin

A recent multicast session imaged 10 computers in about 45 minutes. Our old setup would take 4 hours and machines still needed to be configured manually.

Things that work well

Deploying images is fairly painlessMulticastingSome hardware independence

Things that don't work so well

Changing the taskband for the default user profileActivation can be a painForgetting to setup a multicast session for an image tends to upset network engineersAutomating image deployment

ReferencesTechnet -Windows Deployment Serviceshttp://technet.microsoft.com/en-us/library/cc772106(WS.10).aspxHow Configuration Passes Workhttp://technet.microsoft.com/en-us/library/cc749307(WS.10).aspx

Brian Lee Jackson - Sysprep a Windows 7 Machine – Start to Finish V2http://blog.brianleejackson.com/sysprep-a-windows-7-machine-–-start-to-finish-v2

The Deployment Guys - Pin Items to the Taskbar and Start Menuhttp://blogs.technet.com/b/deploymentguys/archive/2009/04/08/pin-items-to-the-start-menu-or-windows-7-taskbar-via-script.aspx

Standard Unattend File -http://users.dickinson.edu/~steelc/resnet/wds%20presentation/Unattend.xml

Questions?

Thank you

ResNet SymposiumInfrastructure Systems at Dickinson CollegeYou

Please remember to fill out the surveyhttp://www.resnetsymposium.org/rspm/evaluation/