Jump to content

Trying to understand WDS and the deployment process.


Recommended Posts

Hi everyone,

I’m totally new to massive Deployment and all the tools included in the Deployment Toolkit and WAIK. During the last week I’ve been trying to understand the logic of how these things work and how the different roles communicate with each other (for instance the Deployment workbench and Windows Deployment Server). So I have a load of questions to you guys and I hope I can get some useful feedback, because I can’t read another whitepaper, without punching myself in the head and drop dead. :sneaky:

So, first of all, a little backgrounds information regarding my computer environment.

- We have 2 kinds of PC setups (except servers) in our network. Dell Latitude D630 laptops and Dell Optiplex 755 desktops. The total of machines in the environment is approximately 150.

- All our systems run Windows Vista Business 64 bit.

- My idea for involving a deployment server is to simplify the roll outs of new PC’s and make reinstallation of crashed systems easier.

My goal is to make a deployment environment as dynamic as possible. With that I mean that I don’t want to hardcode or inject loads of scripts, updates or drivers into the images that we are using, but have the chance to change drivers and updates by just changing them in the Deployment Workbench. Every time I launch a new computer, I want it to have all the newest packages and drivers, instead of applying an Image that’s containing old elements. If this is possible. :blink:

This is what I’ve been doing so far:

1. Installing all needed software to a server running Windows Server 2008, this includes WDS, Deployment Workbench(DW), SIM, Wsus (to get hold of the right updates to include in DW) and all the smaller application required by each element.

2. Made a local copy of a Windows Vista Business X64, none SP1, to the local disk on the server.

3. Added the source file (install.wim) to the Distribution share folder, under Operating Systems.

4. Added 3 applications to the Applications folder, with the right silent install commands.

5. Added Package_for_KB937287 and Package_for_KB938371, which I assume is the SP1 for Vista x64, all languages.

6. Made 2 groups in the Out-of-Box-Drivers, called D630 and 755. Included all the needed drivers for each system in the right group (Not exe files, only INF and CAB files).

7. Made a deployment point called “Core image creation”. In the “Windows PE” tab I have selected: “Generate a lite touch bootable RAM disk ISO image” as well as “ADO”. I’ve also selected to “Include all drivers from the selected driver group”, which is set to the D630 group. The rules tab have to following commands:

[Default]

OSInstall=YES

UserDataLocation=NONE

SkipAppsOnUpgrade=YES

SkipCapture=NO

SkipAdminPassword=YES

SkipProductKey=YES

8. Made a “Task sequence” called 1_COREIMAGE_D630. In this I added the product key and set the local administrator password, unattend.xml shown here:

<?xml version="1.0" encoding="utf-8" ?> 
- <unattend xmlns="urn:schemas-microsoft-com:unattend">
- <settings pass="windowsPE">
- <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
- <ImageInstall>
- <OSImage>
<WillShowUI>OnError</WillShowUI>
- <InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
- <InstallFrom>
<Path>.\Operating Systems\Windows Vista\Sources\install.wim</Path>
- <MetaData>
<Key>/image/index</Key>
<Value>1</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
- <UpgradeData>
<Upgrade>false</Upgrade>
</UpgradeData>
- <Display>
<ColorDepth>16</ColorDepth>
<HorizontalResolution>1024</HorizontalResolution>
<RefreshRate>60</RefreshRate>
<VerticalResolution>768</VerticalResolution>
</Display>
- <ComplianceCheck>
<DisplayReport>OnError</DisplayReport>
</ComplianceCheck>
- <UserData>
<AcceptEula>true</AcceptEula>
- <ProductKey>
<Key>xxxx-xxxx-xxxx-xxxx</Key>
</ProductKey>
</UserData>
</component>
- <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
</settings>
- <settings pass="generalize">
- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
</settings>
- <settings pass="specialize">
- <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
- <Identification>
- <Credentials>
<Username />
<Domain />
<Password />
</Credentials>
<JoinDomain />
<JoinWorkgroup />
<MachineObjectOU />
</Identification>
</component>
- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<ComputerName />
<ProductKey>xxxx-xxxx-xxxx-xxxx-xxxxx</ProductKey>
<RegisteredOrganization>MY ORGANISATION</RegisteredOrganization>
<RegisteredOwner>THE OWNER</RegisteredOwner>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<TimeZone>Pacific Standard Time</TimeZone>
</component>
- <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Home_Page>http://intranett</Home_Page>
<IEWelcomeMsg>false</IEWelcomeMsg>
</component>
- <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <RunSynchronous>
- <RunSynchronousCommand wcm:action="add">
<Description>EnableAdmin</Description>
<Order>1</Order>
<Path>cmd /c net user Administrator /active:yes</Path>
</RunSynchronousCommand>
- <RunSynchronousCommand wcm:action="add">
<Description>EnableAdmin_ploc</Description>
<Order>2</Order>
<Path>cmd /c net user Administrator_ploc /active:yes</Path>
</RunSynchronousCommand>
- <RunSynchronousCommand wcm:action="add">
<Description>UnfilterAdministratorToken</Description>
<Order>3</Order>
<Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
- <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
- <component name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TapiConfigured>0</TapiConfigured>
- <TapiUnattendLocation>
<AreaCode>""</AreaCode>
<CountryOrRegion>1</CountryOrRegion>
<LongDistanceAccess>9</LongDistanceAccess>
<OutsideAccess>9</OutsideAccess>
<PulseOrToneDialing>1</PulseOrToneDialing>
<DisableCallWaiting>""</DisableCallWaiting>
<InternationalCarrierCode>""</InternationalCarrierCode>
<LongDistanceCarrierCode>""</LongDistanceCarrierCode>
<Name>Default</Name>
</TapiUnattendLocation>
</component>
</settings>
- <settings pass="oobeSystem">
- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
- <UserAccounts>
- <AdministratorPassword>
<Value>P@SSWORD</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
- <LocalAccounts>
- <LocalAccount wcm:action="add">
<Description>Temp account</Description>
<DisplayName>Temp account</DisplayName>
<Group>Users</Group>
<Name>TempAccount</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
- <AutoLogon>
<Enabled>true</Enabled>
<Username>Administrator</Username>
<Domain>.</Domain>
- <Password>
<Value>P@SSWORD</Value>
<PlainText>true</PlainText>
</Password>
<LogonCount>999</LogonCount>
</AutoLogon>
- <Display>
<ColorDepth>32</ColorDepth>
<HorizontalResolution>1024</HorizontalResolution>
<RefreshRate>60</RefreshRate>
<VerticalResolution>768</VerticalResolution>
</Display>
- <FirstLogonCommands>
- <SynchronousCommand wcm:action="add">
<CommandLine>cscript.exe C:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
<Description>Lite Touch new OS</Description>
<Order>1</Order>
</SynchronousCommand>
- <SynchronousCommand wcm:action="add">
<CommandLine>cscript.exe D:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
<Description>Lite Touch new OS</Description>
<Order>2</Order>
</SynchronousCommand>
- <SynchronousCommand wcm:action="add">
<CommandLine>cscript.exe E:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
<Description>Lite Touch new OS</Description>
<Order>3</Order>
</SynchronousCommand>
- <SynchronousCommand wcm:action="add">
<CommandLine>cscript.exe F:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
<Description>Lite Touch new OS</Description>
<Order>4</Order>
</SynchronousCommand>
</FirstLogonCommands>
- <OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<RegisteredOrganization>MY ORGANISATION</RegisteredOrganization>
<RegisteredOwner>THE OWNER</RegisteredOwner>
<TimeZone />
</component>
- <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
</settings>
- <settings pass="offlineServicing">
- <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <DriverPaths>
- <PathAndCredentials wcm:keyValue="1" wcm:action="add">
<Path>C:\Drivers</Path>
</PathAndCredentials>
- <PathAndCredentials wcm:keyValue="2" wcm:action="add">
<Path>X:\Drivers</Path>
</PathAndCredentials>
- <PathAndCredentials wcm:keyValue="3" wcm:action="add">
<Path>D:\Drivers</Path>
</PathAndCredentials>
- <PathAndCredentials wcm:keyValue="4" wcm:action="add">
<Path>E:\Drivers</Path>
</PathAndCredentials>
- <PathAndCredentials wcm:keyValue="5" wcm:action="add">
<Path>F:\Drivers</Path>
</PathAndCredentials>
</DriverPaths>
</component>
</settings>
<cpi:offlineImage cpi:source="catalog://tpn-deploy/distribution$/operating systems/windows vista/sources/install_windows vista business.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

9. In WDS, I add LiteTouchPE_x64.iso to the “Boot Images”.

10. Starting up PXE boot on my test D630 laptop to boot the LiteTouch image.

Now to the questions for this part:

- Why do you have to automate this sequence of the installation? Correct me if I’m wrong, but this step is only run once, to create a deployment image of the installation of a D630 specialized Vista? Why can’t you just click through the installation, instead of making an unattended xml that makes all the choices for you? Is the unattended steps made in the core installation remembered in the image that is being written back to the server?

- What does WB do with the drivers I’ve added to the D630 group? Inject it into the LiteTouchPE_x64.iso or do WDS read it directly from the WB Out-of-Box-Drivers during the installation?

- When the installation finishes, the generalization process starts and sysprep is run automatically. Have I understood it correctly if I say that this process removes all the device drivers loaded during the installation? What is then the point of adding drivers to WD, if the drivers are only used during the installation part and then removed when the image is being compiled back to my WDS server? Isn’t the point that the core image that’s being written back to my WDS server to contain all the drivers and updates that I’ve added to my Deployment Workbench?

- Is it even possible to always have an up to date install, containing all the newest packages, drivers and applications, without first adding them to a core image? Is it possible to have a deployment point that consists of a core Vista Business X64 SP1 image, that looks for new drivers and packages from the WDS server during the installation?

I have a ton of other questions but let’s be gentle with you guys and take one step at the time :whistle: I’m grateful for any form of feedback and look forward to hear from the deployment gods out there :thumbup.

Edited by Kristian82
Link to comment
Share on other sites


- Why do you have to automate this sequence of the installation? Correct me if I’m wrong, but this step is only run once, to create a deployment image of the installation of a D630 specialized Vista? Why can’t you just click through the installation, instead of making an unattended xml that makes all the choices for you? Is the unattended steps made in the core installation remembered in the image that is being written back to the server?

- What does WB do with the drivers I’ve added to the D630 group? Inject it into the LiteTouchPE_x64.iso or do WDS read it directly from the WB Out-of-Box-Drivers during the installation?

- When the installation finishes, the generalization process starts and sysprep is run automatically. Have I understood it correctly if I say that this process removes all the device drivers loaded during the installation? What is then the point of adding drivers to WD, if the drivers are only used during the installation part and then removed when the image is being compiled back to my WDS server? Isn’t the point that the core image that’s being written back to my WDS server to contain all the drivers and updates that I’ve added to my Deployment Workbench?

Well basically people opt for the unattended solution so you don't have to click through everything. Sure you can make your unattend do all the background stuff and then click through the rest if you wanted to, else just skip all those steps and boot to the install.wim right away with no changes.

The Generalize pass does not remove all the drivers. It (may) remove unsigned drivers and (usually) removes the video driver... or to be more exact it reverts it back to "Standard VGA Device". Generalization removes the device specific information that Windows Activation refers to in order to determine if the install has been moved to other hardware. It still will keep most of the drivers for you.

One of the big things you will find is that while a bunch of us use WDS, imagex or whatever else, we all use it differently. As an example, I don't use the workbench at all, but I might look into it once I get some free time maybe.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...