clodhoppers18

The only change I make is disabling the firewall on the client. The MAK Proxy activation does not require the client have access to the internet in order to activate. The computer with the VAMT must have access to the microsoft sites without the proxy in the way. The proxy isn't the issue at this point because as soon as I disable the Windows Firewall on the client computer, the MAK Proxy Activation is successful. Also, the web filtering that we use isn't robust enough to detect the OU that the computer is in and apply policies that way. We can only use IP address or username based filtering.

I disable the windows firewall on the client. (The computer that needs to be activated but cannot because it's IP address requires credentials to access the internet)

Even when I am initiating the activation from the Windows Deployment Server using the Volume Activation Management Tool? I can get to the web with no problem and I can ping the computer with no problem but when I try to do the MAK Proxy activation, it acts like it can't see the client.

Yes, unfortunately we can only allow the primary domain name to not require authentication. so for http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl we would have to allow www.microsoft.com to go through without authentication. This will allow all users to get to www.microsoft.com Unfortunately, this is not an option for our security folks. Right now we are using MAKproxy activation which allows the server IP to go through the proxy without authentication. This allows it to conduct the activation and pass the confirmation ID back to the client. The windows firewall on the client is preventing the server from connecting and activating the client. Hopefully this clarifies the issue.

Issue: I am running into an issue with an image I have that is preventing me from efficiently activating the PCs that I have after deployment of a custom image. Whenever I attempt to do a MAK Proxy Activation, I have to disable the Windows Firewall on the client PC in order for the activation to take place. Prior to disabling it, I have been able to ping between the two computers without any problem. Scenario: Attempting to do MAK proxy activation on a Windows 7 Professional image with a Windows Server 2008 that has MDT 2010 and WDS using the Volume Activation Management Tool. The image is nearly perfect with the exception of two minor things, but aside from this and a password issue, it is golden. Research: I have done some research on line and it looks that WMI must be enabled and allowed through the Windows Firewall on the client in order for the MAK activation to occur. I am in the process of checking this right now, but I wanted to confirm that you do need WMI enabled and permitted before rattling my mind on what is preventing the access. Optimal Solution: One that doesn't require me to re-do the entire image. If at all possible, I would like to avoid re-doing the image just because I need to change one thing. Is it possible to insert the rule that may be needed using registry edits? I have found where I can add certain ports to the firewall profiles through netsh advfirewall command, but I'm not only unsure of what ports are needed, but also the scope and any other necessary parameters for this. I thank you all in advance. Just so it's clear, I have done some research all over the net on this but haven't found anyone with my issue. Also, I have looked through both the firewall addition and the WMI requirement prior to posting this. If I overlooked something, please let me know. Thanks! --Dustin

Our deployment is set to automatically connect using supplied credentials, so we don't get prompted for that. Is there a log I could pull up within WinPE to see what point it got to when it couldn't "read the media"?

Yes to the ping, no to the Wireless connection. On gigabit switches, even tried hooking up to the same switch that the deployment server is on and still nothing. For the ping thing, the CD has been used on the same model before without any issues so I don't suspect a driver problem.

We are using MS Deployment Toolkit (who knows what it's called now, the name changes every 6 months) with WinPE 2.0. We have a CD that we use for booting into the deployment Wizard (Lite Touch PE ISO from the server that has the deployment toolkit installed) We have several CDs and they all work on our desktops and have been used on many of our laptops and netbooks. However about a week ago, we started having a problem where the laptops would start to boot from the disk, would get loaded into WinPE with the 2 command boxes up then we would get a "Media Not Found. Please reinsert the media (CD, DVD, or USB) needed to complete the deployment." message. We can remove and reinsert the CD as many times as we want but it goes no further in WinPE. We are getting an IP address through WinPE and can ping the deployment server. We know 100% that these disks (3 different ones) have been used on the exact model of notebooks and netbooks. We have tried switching out the CD/DVD modular drives in the affected notebooks, as well as using several different external drives with no success in getting past this message. After receiving this message on the notebooks, we used them on a desktop and they are able to pull up the deployment wizard and deploy the images, etc. We have tried re-burning the ISO, after doing the "update" on the deployment point and it still doesn't get past the message on the note/netbooks. What boggles my mind is that it works on the desktops; it is obviously able to read the disk because it boots most of the way through; and the disk worked previously on this model laptop. Please advise in any way you can, I appreciate the assistance.

My hardware is the same on the PCs I have deployed to before. I have tried 5 different CDs, and they all have slight changes in the drivers, the oldest is known to work on this model, and the latest is also known to work, but only once. The others in between have also worked. I have reburnt the CD several times with different sets of drivers (some older some newer, etc.) I have also removed the changes I have made to WinPE (The startnet.cmd I changed so that it would ping itself before it started WPEINIT so that it would have the time it needed. I am not aware of what version of WinPE I am using, but WAIK says that it is the latest version when I check for updates within the Deployment Workbench. Currently we are deploying from a small Windows XP machine, so PXE boot isnt an option at the moment. Before we deploy, we plan on migrating to a Server '08 box that we have. Any further ideas? At this point, I am ready to rebuild the deployment server.

Something VERY interesting I noticed is this: I have an old CD (From May 15) that has been working for sometime. If I leave the network cable unplugged, Windows PE presents an error and says "Check Physical Connection" After this issue began lately, It now does the same wpeinit, however it seems like it is not checking the network connection as it was for the past several months. what is even MORE confusing is this is booting from a CD, so there could not have been any changes made to Windows PE on that disc. Any further ideas?

I am having a heck of a time with Windows PE and Microsoft Deployment Toolkit. I do the following: I have had a working WDS/MDT configuration for about 4 months now. As I am testing, I decide to deploy to 5 PCs via booting to CD I boot to CD on one, kick off the install, and all is well I go to ANY of the other 4 PCs and it boots WinPE, but when it starts wpeinit it goes to the next line in command prompt, and refuses to start even if I attempt to start it manually. Additionally, when it completes wpeinit for the first time the custom background is shown, however after manually kicking it off, it shows a black background. Whats super confusing is that I conduct a repair of the WAIK and then the deployment works fine for another PC, however when I go to deploy it to the remaining 3 PCs, it does the same as after the first. I have made the following modifications to the Windows PE LiteTouchBootable wim file: I have changed the startnet.cmd so that it pings itself after initializing the network, so that I do not get a time out error and it say that it cannot connect to the deployment server. I have approximately 200 computers to deploy to, and refuse to reinstall the WAIK everytime I deploy. Does anyone have any ideas as to what is going on?

That looks familiar. It also makes sense with all the WGA junk in there. I have another question. Should I just take an image of the factory image with imagex, and attach that to the WIM file OR should I use something like Acronis to make a sector based image of the PC?

I got the idea of the gold image, that makes sense. The factory image is now clear in my mind. Sorry for any confusion. That makes sense enough. One little thing is that the sysprep.inf that will be used is generated by MDT, but I got the idea, as far as same sysprep configuration. The deployment tool kit is a bit confusing and VERY extensive, so it is rather hard and frustrating to search through it all. ------- Not what my experience shows. I have had sysprep die on me after the third time of sysyprepping it. we have had one image that was sysprepped once and it was fine, we resysprepped it 2 more times, and it kept at different points on the very same computer. See thats what confused me, is that it does the same thing to change the identity of the computer each time, why would it differ if it was the first time or the 5 time. I heard someone's definition of insanity is doing the same thing over again with the same variables and expecting different results. I guess that means sysprep is insane, since it seems like you can get different results from doing it over and over again.

So with that process how would I modify an existing image? or is it a once you are done, you are done, theres no going back to make modifications except with something like Autoit? We have varying screen resolutions, it sounds like something that records keyboard input would be better. I will give the AutoIt macro recorder a try.

So it sounds like the best process is to: 1Create the image with the settings I want, applications I want, etc. 2Sysprep it with Factory Setting 3Take an image 4Sysprep it with Reseal 5Take an image 6Use the Reseal for deployment through MDT If I want to modify it: 1lay the sysprep factory 2modify the image (change settings, install applications, etc.) 3sysprep with factory 4take an image 5sysprep it with reseal 6take an image 7deploy the resealed image through MDT Yes? or No? If it adds a count to the sysprep each time, is it just the reseal or is it in any mode of sysprep? I feel like I am very confused as to the process (please forgive me as we have not deployed an OS in over 6 years (I was not involved in the process), and even then the tools were Norton Ghost and a drive.) My big issue with scripting applications is that our in house application is setup by hand, there is not automated installer, as well that we do not have any scripting software, or the time to take our applications from hands on to silent/automated.

What do you mean by one "gold" "Factory" and "sysprepped" image? How would that work? Setup everything, take an image Sysprep factory seal it, take an image Sysprep regular and take an image What would I use the different images for?

Does anyone have any information in regards to this? Would it be better to recreate the image from scratch, and take an image of it BEFORE sysprep (using Acronis, or similar), and just make the modifications as needed in the future by applying that image to the same type of machine?

Here is our current configuration and process for deploying Windows XP Throughout our organization: We are using Microsoft Deployment Toolkit 2008 with the latest updates on Windows XP (as our testing environment). We did the following to capture our image: 1)Load base Windows XP Pro Volume License Edition on to our lowest power PC (Dell GX280) 2)Configure PC with default local admin accounts 3)Configure PC with settings (power options, display themes, etc.) 4)Add to the domain 5)Set additional usergroups as admins 6)Install additional programs (Sybase, Adobe stuff, in house apps, etc.) 7)Defragment 8)Remove from domain 9)Run Sysprep on machine 10)Take image with ImageX After taking the image, we load it onto the MDT server, and configure deployment task sequence (which includes 2 additional applications that the install process will install IF the machine is a laptop). We are now needing to load additional settings as well as applications that we are not able to install via the imagex \mountrw. My question is: I have heard that running sysprep multiple times on one machine, can mess up the PC. If I run sysprep on the same image multiple times, will it mess it up in the same way (I would think so)? Can I apply the image with MDT, make the modifications, remove it from the domain, then run sysprep, and take an image with imagex using the \append option? If that is not a viable solution, do I need to restart from scratch with step 1 and then take an image BEFORE I run sysprep? or is there an alternative to restarting from the beginning?

Is that link supposed to point to a guide? it just points to this forum post. Now just to clarify everything, this will allow me to make a multiboot CD so that we can place it in the CD tray and select the image, then it loads sysprep minisetup for that particular image, and tada it installs just like if I had copied an image file from one HDD to another?

is there a way to create a multi boot disk that has several different sysprepped images on it? or must the disk have images that were nlite setup with the application installers running at minisetup?

About the Driver Genius, would we have it import each driver set into the main build machine, or would we have it run the exe that you can have it create for each driver set after the minisetup was complete? Also to answer your question, we are basicly dropping the standard image on certain PCs then placing a customer service image on other PCs. The difference being some programs, and the setup of the user account (admin privliges etc.) There will be a certain amount of customization that needs to occur with every machine (i.e. copying 2000 user profiles over to the post setup XP machine) If there is a way to automate the transfer of user profiles from 2000 to XP, that would be good. We are needing to transfer email setup, desktop background, links/favorites, shorcuts. There are also some places on the hard drive that some users store their info that is not typical (example: C:\{username}\docs) these are not setup by us (the admins) they are usually created inadvertantly when the user cannot access the network, but needs to save a file. I understand that the extraneous files/folders will need to be copied by hand, but we would like to automate everything as much as possible, so having the user profile copy over automatically would be good. We have looked into the User State Migration Tool, and think that this may very well be a viable option, however I would like some input from other people that may have gone through this situation. Thanks all, Dustin

We have tried using Snap Deploy, and havent had much luck. We always syprep all of our machines, and then load the image for that model of hardware, let it load the minisetup, then use the machine as normal. However, I am wanting to change the way its done so it is much more efficient. Have one image for all the PCs or maybe 2 images as oppossed to 8. We have tried taking Dell's inf folder that is created from their CD and putting it in a subfolder in the inf folder of that the Window's Volume License version makes when it goes thru setup, so that we didnt have to use the driver disk for each and every install. However, that didnt work for us for some reason. We also tried adding a folder C:\Windows\dellinf to the registry as a place to look for drivers for PnP devices., that also did not work. Is what we are going to try this week (tommorow) is to take a machine, load the Volume Licensed version of Windows XP onto one machine, get all the drivers working, sysprep it, and copy that image to another pc type then install the drivers it needs, then sysprep it and continue going on down the line. Once we get all the drivers into one standard image, we are going to then go back and test that image on each PC and ensure that everything works as planned. I hope that someone can help both of us in our needs. If anyone has tried that and if it is possible to do.

I would still like to find out a little bit more about siginet's utilities. We have thought about RIS/WDS but the admins at work aren't so hot for it. If someone that has used Siginet's utils or Siginet himself could tell me how to use it, etc. I would really appreciate it.

Ahh well we are certainly open to that.