1. 3/23/2010
1
Presented by Rhonda J. Layfield
Copyright 2010
IT industry 25+ years
Contribute articles to Windows IT Pro mag
Setup and Deployment MVP
Desktop Deployment Product Specialist (DDPS)
Co-Author Windows Server 2003 R2 and Windows
Server 2008 books
NEW Microsoft Deployment Book
Deployment class – Vegas next week

2. 3/23/2010
2
Microsoft Assessment and Planning Tool (MAP)
Manually creating and deploying images
Windows Automated Installation Kit 2.0
Volume Activation and Key Management Service (KMS)
Microsoft Deployment Toolkit 2010
Deploy a bare metal Windows 7 client
Migrate an XP client to Windows 7
Advanced features
Windows Deployment Service (WDS)
Installation
Setup
Common issues
Application Compatibility Toolkit (ACT)
Deployment Process
Image Formats
WIM
VHD
Windows Automated Installation Kit (WAIK) 2.0
Windows Pre-Installation Environment (WinPE) 3.0
Windows System Image Manager (WSIM)
User State Migration Tool (USMT) 4.0
Deployment Image Servicing and Management (DISM)
Volume Activation 2.0

3. 3/23/2010
3

4. 3/23/2010
4
Agentless
Finding your clients
This is called discovery
Getting information from your clients
Inventory
Windows 7
Windows Vista
Windows XP Pro SP 2 or later
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003 R2
Windows Server 2003 SP 1 or later
Runs on either x86 or x64
Itanium processors are not supported

5. 3/23/2010
5
Discovery Methods
Active Directory Domain Services (AD DS)
Windows networking protocols
Import names of your computers from a file
IP address ranges
Manually enter a computer name
LDAP query to a DC
Asking for information that is:
Domain based
Container based
OU based
Some clients may not show up
Computers that have not been logged onto the AD
domain in over 90 days will not be inventoried
Supports up to 120,000 computer objects per domain
User Account that performs the LDAP query
member of the “Domain Users” group

6. 3/23/2010
6
Windows Networking Protocols
Machines that are connected to Workgroups or NT 4.0
domains
Queries are sent to the Browser service
Must be run on each subnet
Text file
Each computer name should be on a new line
No delimiters
Supports up to 120,000 computer names to inventory
NetBIOS names
Fully Qualified Domain Names (FQDN)
Only one file at a time can be imported
Hardware and Device Driver Planning
Windows 7
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Microsoft Office 2007
Microsoft Application Virtualization
Microsoft SQL Server 2008
Forefront Client Security and Network Access
Protection.

7. 3/23/2010
7
Windows Management Instrumentation (WMI)
Collects hardware, software and device information
Remote Registry Service
Finds the roles that are installed on a server
VMWare Webservice
Inventory hosts running VMWare ESX

8. 3/23/2010
8
11 Imaging ToolImaging Tool
MDT
ImageX
WDS Capture
22
Deployment Server
33
44
Targets
W7
Wims
Contain a single volume (c: d: e:)
Multiple images may be stored in a single .wim file
Single instancing
No redundant file storage
Service image offline
Apply patches quick and easily
Vhds
Brand new with Windows 7
Contain an entire hard drive (multiple volumes)
Microsoft Deployment Toolkit (MDT) 2010 does not support
.vhd
Windows Deployment Service does support .vhd

9. 3/23/2010
9
ToolTool What it does for You!What it does for You!
Deployment Tools Command Prompt cmd that is aware of the path that contains the
WAIK tools
CopyPE create a WinPE working environment
Deployment Image Servicing and
Management
(DISM)
mount, unmount and manage images, Add /
Remove packages and drivers to an image
Imagex Capture and apply images
OSCDIMG create an .ISO out of the contents of a folder
Windows System Image Manager
(WSIM)
create answer files (setup scripts) in .xml
format
User State Migration Tool 4.0
(USMT 4.0)
migrates users profile, IE favorites and
documents
Volume Activation Management Tool 1.2 centrally manage volume activation
Install an OS
XP SP3
Vista SP1 or later
Windows 7
Windows Server 2003 R2 (all SPs)
Windows Server 2008 (all SPs)
Windows Server 2008 R2
Configure Settings
Sysprep (Generalize switch)
Capture an image using ImageX
But you can’t get an image of an OS up and running…

10. 3/23/2010
10
So you’ll need to boot the reference machine into
another OS
That’s where Windows Pre Installation Environment
(WinPE) comes in
WinPE 3.0 that is
Scaled down version of the Windows 7 Kernel
You can think of it as W-7 Jr.
Boots into and runs from RAM
X: drive by default
Not appropriate for production, day-to-day use
Reboots every 72 hours
Command Line Interface Only
Can be converted to a bootable .ISO and placed on:
CD, DVD, USB Flash Drive, external hard drive
Where can you find a WinPE?
Boot.wim (from the sources folder on a DVD)

11. 3/23/2010
11
WPEUtil shutdown Regedit.exe
WPEUtil reboot Netsh
WPEUtil enablefirewall DiskPart
You want to create an image
You want to apply an image
You want to troubleshoot an issue with the OS offline
Root kit detectors

12. 3/23/2010
12
Create the WinPE structure
Copype x86 C:WinPE
C:WinPE folder cannot exist
If it does you’ll get an error:
Destination directory exists: C:WinPE
Copype amd64 C:WinPE
Copype ia64 C:WinPE
Copy winpe.wim c:winpeisosourcesboot.wim
Convert to an .ISO
oscdimg -n –h -betfsboot.com c:winpeiso
c:winpewinpe.iso

13. 3/23/2010
13
XML scripting support is built-in
Additional packages are not inside WinPE
No more “Prepping”
Now you will “Profile”
You can put one on your system, add a .wim to it… and
tell bcdedit to boot that OS
Mounting a .VHD in Win7 is called “attaching"
Un-Mounting a .VHD is called “detaching”
Diskpart is the basic tool of choice to work with .vhds
Of course, W-7 & 2008 use them for backups now

14. 3/23/2010
14
Open elevated command prompt
Diskpart
create vdisk file=c:W7Ultimate.vhd maximum=25000
type=fixed
Select vdisk file=c:W7Ultimate.vhd
attach vdisk
List disk (find your new disk number)
Sel disk #
Create part primary
Sel part 1
Still in Diskpart
Sel part 1
Active
Format fs=ntfs quick
Assign
Detail partition (get the drive letter)
Exit
Mkdir f:windows
Imagex /apply c:wimsinstall.wim 4 f:
Edit Boot Configuration Database to boot from the
new .vhd

15. 3/23/2010
15

16. 3/23/2010
16
Allows you to service images offline
Both .wim and .vhd
Supports Vista SP1 and later images
Enable / disable / configure Windows features
Add and configure updates (MSU’s)
Gives you more functionality with consistent syntax
Replaced 3 tools
Package Manager (Pkgmgr.exe)
International Settings Configuration Tool (Intlcfg.exe)
Windows PE command-line tool (PEimg.exe)
No capture or apply feature
Elevated command prompt
Without image context
Dism /?
No image specified - your looking at the image
that is currently running - called the HOST
With Image Context
Dism /online /?
Don’t try this on WinPE

17. 3/23/2010
17
Image Context
DISM /?
Vs
DISM /online /?
DISM has an awesome help file
Pipe it to a text file
Edit the text file and save it
For example to mount an image:
Dism /Mount-Wim >C:MW.txt
Notepad C:MW.txt
Edit the command
Paste it into a new doc
Run it from the command prompt
The WinPE we created earlier needs ImageX added

18. 3/23/2010
18
Mount WinPE.wim
Dism /Mount-Wim /WimFile:winpe.wim /index:1
/MountDir:C:WinPEMount
Add Imagex to WinPE.wim
Copy C:Program FilesWAIKToolsamd64 (or x86,
ia64) Imagex.exe into C:WinPEMountWindows
Un-Mount WinPE.wim
Dism /Unmount-Wim /MountDir:C:WinPEMount
/commit
Or
Dism /Unmount-Wim /MountDir:C:WinPEMount
/discard
Un-Mount WinPE.wim
Dism /Unmount-Wim /MountDir:C:bootmount
/commit /discard
Oscdimg –n –h –betfsboot.com C:WinPEIso C:WinPEBoot.iso

19. 3/23/2010
19
It’s time to create the image from the C: volume
Within WinPE type:
imagex /capture c: c: name.wim “description”
Across the network
I have a server named WDS and a shared folder “Images”
Open a command prompt
Net use W: WDSImages
imagex /capture c: w:name.wim “description”
Imagex /capture c: w:Win7Ult.wim “Windows 7 Ultimate”

20. 3/23/2010
20
WindowsCSC (offline files)
RECYCLER
System Volume Information
pagefile.sys
hiberfil.sys
$ntfs.log
Compress your image fast (default), none or maximum
imagex /capture /compress switch c: c:mkt.wim “Mkt
Apps”
A Win7 image not compressed = 3.65 GB (35 mins)
A Win7 image with fast compression = 2.32 GB (45
mins)
A Win7 image with max compression = 2.24 GB (90+
mins)

21. 3/23/2010
21
Boot the target machine into WinPE
Applying the image
Copy the image to the new C: partition
imagex /apply c:imagename.wim 1 c:
Apply the image from a mapped drive (W:)
imagex /apply w:imagename.wim 1 c:
Must apply the image to the same partition it was
created from

22. 3/23/2010
22
What happens if your not the one who created the
image?
How do you know what is in it?
Drivers
Packages
Applications
Getting information on .wims

23. 3/23/2010
23
In the past we had Imagex
Imagex /info <Path to image file>
For example:
Imagex /info c:wimsinstall.wim
NOW we can use DISM
DISM /Get-WimInfo /wimfile:<Path to image file>
Another example:
Dism /get-wiminfo /wimfile:c:wimsinstall.wim
Document, document, document!

24. 3/23/2010
24
What you can do to a mounted image
Dism /Image:c:mountwin7 /?
Add all drivers from a folder:
Dism /image:C:winpemount /Add-Driver
/driver:C:drivers
Add all drivers from a top level folder and all
folders below:
Dism /image:C:winpemount /Add-Driver
/driver:C:drivers /recurse
Add a specific driver:
Dism /image:C:winpemount /Add-Driver
/driver:C:driversmydriver.INF
Get a listing of drivers:
Dism /image:C:winpemount /Get-Drivers
Dism /image:C:winpemount /Get-Drivers /format:table
Get driver information:
Dism /image:C:winpemount /Get-DriverInfo
/driver:C:testdriversusbusb.inf
Remove drivers:
Dism /image:C:winpemount /Remove-Driver /driver:oem1.inf
Remove multiple drivers
Dism /image: Cwinpemount/Remove-Driver /driver:oem1.inf
/driver:oem2.inf

25. 3/23/2010
25
Mount Install.wim
Dism /Mount-Wim /WimFile:C:wimsinstall.wim /index:5
/MountDir:C:Mount
Add drivers from C:Drivers
– Dism /image:C:mount /Add-Driver /driver:C:drivers
List your drivers
Dism /image:C:winpemount /Get-Drivers
List your drivers in table format
Dism /image:C:winpemount /Get-Drivers /format:table
Un-Mount Install.wim
Dism /Unmount-Wim /MountDir:C:Mount /commit
Check the status of your .wim
Get mounted .wim information
Dism /Get-MountedWimInfo
OK – good
Needs remount
Dism /Remount-Wim
/MountDir:<target_mount_directory>
If that doesn’t work
You’ll need to cleanup the wim
DISM /Cleanup-Wim
Then Remount

26. 3/23/2010
26
No more setup monkey…next, next, next
Answer files help to create consistent installations
Remember unattend.txt and winnt.sif from Windows
XP?
W-7’s autounattend.xml = XP’s unattend.txt/winnt.sif
Remember Setup Manager from Windows XP
W-7’s Windows System Image Manager (aka Windows
SIM or WSIM) = XP’s Setup Manager
Add third party drivers and applications via the answer
file

27. 3/23/2010
27
Open an image file (install.wim)
OR
Open an existing catalog file
Choose to create a New Answer File
Choose the components to configure
Configure the components
Validate the Answer file
Fix any issues until no error messages
Save the answer file
Windows Image
Pane
Answer File PaneDistribution
Share Pane
Properties
Pane
Message Pane

28. 3/23/2010
28
Open the Windows System Image Manager (Windows
SIM)
Click the Start button -> All Programs -> Microsoft Windows
AIK -> Windows System Image Manager
Opening the install.wim file you copied from the Windows
7 Product DVD
In the bottom left corner right-click “Select a Windows image
or catalog file” and choose Select Windows Image… (or from
the File menu)
Browse to the folder where you copied the install.wim to
OR
Open a catalog file directly from the Windows 7 DVD
/Sources folder

29. 3/23/2010
29
This is expected, click Yes to create a catalog
A Catalog is a binary file that contains all the component settings in a
Windows image file (.wim), which can be customized in an answer file
Create the catalog for the OS you are creating the answer file for
You wouldn’t want to attempt to configure Bitlocker for Win7 Business
The catalog will have a .clg extension and is created in the same
directory as the .wim you opened
Catalog files are typically 5 MB in size

30. 3/23/2010
30
Catalog
Windows 7 Installations
are performed in stages…
These stages are called
Configuration Passes
There are 7 but not all
passes must be run

31. 3/23/2010
31
Windows PE Configuration Pass (1)

32. 3/23/2010
32
Windows PE Configuration Pass (1)
Windows PE Configuration Pass (1)

33. 3/23/2010
33
Windows PE Configuration Pass (1)
Windows PE Configuration Pass (1)

34. 3/23/2010
34
2 Reboots
Specialize Configuration Pass (4) OR
Oobe System Configuration Pass (7)

35. 3/23/2010
35
Specialize Configuration Pass (4) OR
Oobe System Configuration Pass (7)
Specialize Configuration Pass (4) OR
Oobe System Configuration Pass (7)

36. 3/23/2010
36
Oobe System Configuration Pass (7)
Specialize Configuration Pass (4) OR
Oobe System Configuration Pass (7)

37. 3/23/2010
37
Specialize Configuration Pass (4) OR
Oobe System Configuration Pass (7)
There are three passwords that may be put in an
answer file:
Microsoft-Windows-Shell-Setup | AutoLogon |
Password
Microsoft-Windows-Shell-Setup | UserAccounts |
AdministratorPassword
Microsoft-Windows-Shell-Setup | UserAccounts |
LocalAccounts | LocalAccount
Passwords are hidden by default
Tools menu -> Hide Sensitive Data

38. 3/23/2010
38
Validating the answer file compares the setting values
you have input to a list of valid entries for the image
If a setting you have input does not match one of the
valid entries for the image an error message will be
displayed in the bottom right corner under Messages
Bottom Left corner in WSIM - Messages
Double-click the Component Location to go directly
to the setting with the error, correct until you see:

39. 3/23/2010
39
Windows could not parse or process the unattend
answer file for pass [specialize]. The settings specified
in the answer file cannot be applied. The error was
detected while processing settings for component
[Microsoft-Windows-Shell-Setup].

40. 3/23/2010
40
XP SP2
11Applications
Upgrade
Applications
network
Run
ScanState
Store locally
or across the
network
22 Deployment Server

41. 3/23/2010
41
Deployment Server
Windows 7
Install
Windows 7 33
LoadState
Run
LoadState 55
Windows 7XP SP2/SP3
11Applications
Upgrade
Applications
network
Run
ScanState
Store locally
or across the
network
22
Applications
Install
Applications 44
OS Supported ScanState LoadState
Windows XP Professional X
Windows XP Professional
x64 Edition
X
32-bit versions of
Windows Vista
X X
64-bit versions of
Windows Vista
X X
32-bit versions of Windows 7 X X
64-bit versions of Windows 7 X X

42. 3/23/2010
42
Can - Migrate a 32-bit OS to a 64-bit OS
Cannot - migrate a 64-bit OS to a 32-bit OS
Can - Migration from XP SP2 / SP3
Not supported on:
any of the Windows Server Oss
Starter editions for Windows XP, Windows Vista, or
Windows 7
USMT must be run in Administrator mode
Right-click a command prompt and choose “Run as
Administrator”
OR
If you don’t log on with an administrator account then
the only user profile that will be migrated is the one
you logged on as

43. 3/23/2010
43
MigUser.xml
MigApp.xml
MigDocs.xml
My Documents
My Video
My Music
My Pictures
Desktop files
Start menu
Quick Launch settings
Favorites
MigUser.XML
– Rules to migrate user profiles and data
– Describes a “core” migration
– Folders that will be migrated

44. 3/23/2010
44
All Users profile
Windows XP
Public profile in Vista or Windows 7
Shared Documents
Shared Video
Shared Music
Shared desktop files
Shared Pictures
Shared Start menu
Shared Favorites
.accdb
.ch3
.csv
.dif
.doc*
.dot*
.dqy
.iqy
.mcw
.mdb*
.mpp
.one*
.oqy
.or6
.pot*
.ppa
.pps*
.ppt*
.pre
.pst
.pub
.qdf
.qel
.qph
.qsd
.rqy
.rtf
.scd
.sh3
.slk
.txt
.vl*
.vsd
.wk*
.wpd
.wps
.wq1
.wri
.xl*
.xla
.xlb
.xls*

45. 3/23/2010
45
Accessibility settings
Address book
Command-prompt settings
*Desktop wallpaper
EFS files
Favorites
Folder options
Fonts
Users, Groups and Group memberships
*Windows Internet Explorer® settings
* Settings not available for offline migration
Microsoft Open Database Connectivity (ODBC)
settings
Mouse and keyboard settings
Network drive mapping
*Network printer mapping
*Offline files
*Phone and modem options
RAS connection and phone book (.pbk) files
*Regional settings
Remote Access

46. 3/23/2010
46
*Taskbar settings
Windows Mail
Microsoft Outlook Express Mail (.dbx) files are
migrated from Windows XP
*Windows Media Player
Windows Rights Management
MigUser.XML
The following does not migrate with MigUser.xm
Files outside the user profile that don’t match any file
extensions listed in MigUser.xml

47. 3/23/2010
47
Adobe Acrobat Reader 9
AOL Instant Messenger 6.8
Apple iTunes 7, 8
Apple QuickTime Player 7
Apple Safari 3.1.2
Google Chrome beta
Google Picasa 3
Google Talk beta
IBM Lotus 1-2-3 9.8
IBM Lotus Notes 8
IBM Lotus Organizer 9.8
IBM Lotus WordPro 9.8
Intuit Quicken 2009
Money Plus Business 2008
Money Plus Home 2008
Mozilla Firefox 3
Microsoft Office Access 2003, 2007
Microsoft Office Excel 2003, 2007
Microsoft Office FrontPage 2003, 2007
Microsoft Office OneNote 2003, 2007
Microsoft Office Outlook 2003, 2007
Microsoft Office
PowerPoint
2003, 2007
Microsoft Office Publisher 2003, 2007
Microsoft Office Word 2003, 2007
Opera Software Opera 9.5
Microsoft Outlook Express (mailbox file)
Microsoft Project 2003, 2007
Microsoft Office Visio 2003, 2007
RealPlayer Basic 11
Sage Peachtree 2009
Skype 3.8
Windows Live Mail 12, 14
Windows Live Messenger 8.5, 14
Windows Live MovieMaker 14
Windows Live Photo Gallery 12, 14
Windows Live Writer 12, 14
Windows Mail Vista only
Microsoft Works 9
Yahoo Messenger 9
Zune 3

48. 3/23/2010
48
Cannot migrate from/to a different version of an
application
Except for Microsoft Office
USMT can migrate from an earlier version to a
later
Microsoft Project settings are not migrated from
Office 2003 to Office 2007
Mapped network drives
Local printers
Hardware-related settings
Drivers
Passwords
Application binary files
Synchronization files
DLL files
Executable files
Permissions for shared
folders
Languages must match
Customized icons for
shortcuts
Taskbar settings (Migrating
from XP)

49. 3/23/2010
49
Internet Connection Firewall check box and
settings are migrated
Internet Connection Sharing setting is not
migrated
Could make the network less secure if migrated to
the destination computer
The firewall advanced-configuration settings are
not migrated because of increased security risks
The Network Connections user interface does
not refresh properly until you log off or press F5
Data residing on USB hard disks will be migrated
Data residing on USB flash drives (UFD) will not be
included when you specify the /localonly option

50. 3/23/2010
50
Running ScanState
Command prompt
Scanstate C:Path To Store Data
Scanstate C:USMT
Scanstate C:USMT /Auto
Scanstate C:USMT /Auto /hardlink /nocompress
Running LoadState
Loadstate C:Path To Store Data
Loadstate C:USMT
Loadstate C:USMT /Auto
Loadstate C:USMT /Auto /hardlink /nocompress
Uncompressed (UNC)
Mirror image of the folder hierarchy being migrated
Settings are stored in a catalog file that also describes
how to restore files on the destination computer
Compressed
a single image file that contains all files being migrated
and a catalog file
You can encrypt and protect this file with a password
Hard-Link
a map that defines how a collection of bits on the hard
disk are to be migrated. These files remain fully in tact

51. 3/23/2010
51
Guarantees you are running a Genuine
Windows OS
Activation ensures the Windows Genuine
Advantage (WGA) ActiveX control is valid
OSs that require Activation
Vista
Server 2008
Windows 7
Server 2008 R2
Online validation experience unchanged

52. 3/23/2010
52
Multiple Activation Key (MAK)
One key multiple activations
Each client connects to Microsoft to activate
30 day initial activation period
Can be reset 3 times
Slmgr -rearm
Key Management Service (KMS)
Requires a KMS Server
KMS server activates with Microsoft directly
Volume license clients activate with internal KMS server

53. 3/23/2010
53
Microsoft Activation Server
112233
Deployment.Com
Service License Manager (SLMGR)
System32 folder (Vista and later Oss)
Volume license software does NOT prompt for a license
key
The license key is built into the software
Turn KMS on
Slmgr –ipk INPUTKEY
Slmgr –ipk 11111-22222-33333-44444-55555
Same KMS key can be used 6 times
Build 6 different KMS servers using the same key
KMS Servers can be re-activated 9 times
Re-build a KMS server

54. 3/23/2010
54
KMS Server MUST activate with Microsoft
Activate Online:
Slmgr –ato
Activate via the phone:
Slui 4
Single domain
1 SRV record created in DNS
1 KMS servicing multiple domains
Default behavior
SRV record is published in the domain the KMS server is a
member of
Manually create SRV records in DNS
OR
HKLM/Software/Microsoft/Windows
NT/CurrentVersion/SL
New Multi-string value
Named: DnsDomainPublishList
Add each DNS domain suffix on it’s own line
(Deployment.Com)

55. 3/23/2010
55
Deployment.Com
Bigfirm.Com

56. 3/23/2010
56
Volume Media 30 day initial grace period
If activation does not occur
AND activation has not been reset
Activation is attempted every 2 hours
Once Activated
Activation is good for 6 months
Re-news activation every 7 days
Directly connect clients to a specific KMS server
Slmgr –skms kms_FQDN
Example:
Slmgr –skms kms_WDS.Deploy.Com
OR
Slmgr –skms kms_10.10.10.5
The default port is TCP 1688, to change it type:
Slmgr –skms kms_10.10.10.5:2050

57. 3/23/2010
57
Performed by DNS queries
KMS server registers SRV records in DNS
Vlmcs
Client queries DNS asking for all vlmcs SRV records
Random list is sent
Client chooses one of the KMS servers
Connection is successful
Client caches this KMS server for future activation attempts
Connection fails
Client chooses another KMS server until it finds one
Weight and Priority now COUNT! W7- 2008/R2 Clients
only
No
But it can be (recommended)
Support for SRV records (RFC 2782)
Support for dynamic updates (RFC 2136)
BIND 8.x & 9.x

58. 3/23/2010
58
Performance
• Modified hardware
tolerance values to
reduce # of
reactivations
• Count virtual systems
towards KMS
activation threshold
• Improved KMS
discovery through
DNS Suffix List
Reliability
• Improved
notifications,
clarified error
messages and
troubleshooting
instructions
• Multiple
improvements in
WMI for SLSVC
Compatibility
• Updated tools to
support Windows 7
• Single KMS for
multiple operating
systems
System Center Configuration Manager 2007
System Center Operations Manager 2007
Alerts for major conditions
Initialization issues
DNS SRV record registration failures
Reports client activations
monitor license conditions and asset intelligence
use wmi to capture data
health of KMS service
Event logs on KMS and clients

59. 3/23/2010
59
Can be installed on:
XP SP2
Server 2003 SP1
Vista
Windows 7
Server 2008
Server 2008R2

60. 3/23/2010
60
22 MDT
Deployment Server
Store ImageReference
11
W7 DVD
WinPE
Custom
MDT
WinPE
Targets
33
44
Download Image
MDT WinPE
XP
SP2
XP
SP3
Bare Metal
New machines
Refresh
Keeping the old hardware
Refreshing the OS on the existing machine
Replace
Replacing existing hardware with new
Maintaining user’s settings and data
Upgrade
Unless your upgrading from Vista there is no upgrade
path

61. 3/23/2010
61
11 Imaging ToolImaging Tool
MDT
ImageX
WDS Capture
22
Deployment Server
33
44
Targets
W7
11Upgrade
Applications
Store Users
Data and
Settings
22 Deployment Server
XP SP2/SP3

62. 3/23/2010
62
Install
Windows 7 33
Restore
Users
Settings and
Data
55
Windows 7XP SP2/SP3
11Upgrade
Applications
Store Users
Data and
Settings
22
Install
Applications 44
Deployment Server
11
Deployment Server
XP SP2/SP3
Upgrade
Applications
Store Users
Data and
Settings
22

63. 3/23/2010
63
Install
Windows 7 33
Restore
Users
Settings and
Data
55
Windows 7
11
Install
Applications 44
Deployment Server
Upgrade
Applications
Store Users
Data and
Settings
22
XP SP2/SP3

64. 3/23/2010
64
Bare MetalBare Metal
MDT Deployment Image
Pro No Network Connectivity
Con No Version Control

65. 3/23/2010
65
Operating system must be:
Vista SP1
Windows 7
Server 2003 SP2
Server 2008
Server 2008 R2
Windows Automated Installation Kit (WAIK) 2.0
Required software is included in the WAIK
NET Framework 2.0
MSXML 6.0
MMC 3.0 if Server 2003
New default installation of W7
2 partitions
(hidden): - Bootmgr and friends
C:Windows
All commands are Powershell
New .vhd image format
NOT supported in MDT 2010
.Wims only

66. 3/23/2010
66
Create a Deployment Share
Import OSs
Add applications
Add drivers
Add patches
Create a task sequence
Update Deployment Share
Deploy
The Deployment Share is the shared folder on the
Deployment Server where target machines connect to
perform the deployment
You must create it
Old MDT created it for you
But it put it on the C: drive
Now you decide where to create it
MDT
Deployment Server
Deployment
Share

67. 3/23/2010
67
XP SP3
Vista SP1 or later
Windows 7
Windows Server 2003 R2
Windows Server 2008 & R2
Supported
OSs

68. 3/23/2010
68
3rd party drivers

69. 3/23/2010
69
OS patches
Language Packs
A list of tasks to be run in order to complete the
deployment
The order in which the tasks will be run
Run task sequences in two different ways
Standard Client TS
LiteTouchPE_x86.iso
Within XP

70. 3/23/2010
70
TASK SEQUENCE TEMPLATE NAME DESCRIPTION
Sysprep and Capture TS Syspreps and reboots into WinPE then runs
ImageX to capture an image of the machine.
Standard Client TS Deploys a desktop operating system,
applications, drivers and patches.
Standard Client Replace TS Backs up the target machine before deploying
an image including gathering users state
information
Custom Task Sequence TS Task sequence you create that deploys
applications, drivers and packages to machine
that already contains an operating system.
Lite Touch OEM TS Used by OEMs to deploy OS images to target
machines en mass
Standard Server TS Basic server task sequence that will deploy a
Server operating system, applications, drivers
and patches to a target server (including roles
like DNS, AD and DHCP).
Post OS Installation TS Performs installation tasks after the operating
system is deployed to a target machine.

71. 3/23/2010
71
Boot the MDT WinPE
CD
DVD
External hard drive
UFD (USB flash device)
Run the Deployment Wizard

72. 3/23/2010
72
Choose which pages are displayed during the
deployment
Suppress the pages you do not want anyone to change
or see like:
Product Key
Administrator’s password
Properties of your deployment share
Rules tab
F:DeploymentShareControlCustomSettings.ini
[Settings]
Priority=Default
[Default]
DeployRoot=DeploySrvDeploymentShare$
SkipBDDWelcome=YES

73. 3/23/2010
73
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=DeploymentDr
OSInstall=Y
SkipTaskSequence=YES
TaskSequenceID= W7X64
SkipComputerName=YES
ComputerName=%SerialNumber%
SkipUserData=YES
SkipLocaleSelection=YES
KeyboardLocale=En-US
UserLocale= En-US
UILanguage= En-US
SkipTimeZone=YES
TimeZoneName=Eastern Standard Time
SkipApplications=YES

74. 3/23/2010
74
SkipCapture=YES
SkipAppsOnUpgrade=YES
SkipAdminPassword=YES
AdminPassword=Swordfish1
SkipProductKey=YES
ProductKey=11111-22222-33333-44444-55555
SkipBitLocker=YES

75. 3/23/2010
75
Selection profiles allow you to group MDT components
The grouped MDT components can be used for different
reasons
The MDT components you group will determine what you
can do with the selection profile:
Group drivers and packages to inject into the MDT generated
WinPEs
Group drivers to inject into an OS task sequence
Control which MDT components are included in “media”
Group MDT components to replicate (and keep in sync) to
other deployment shares
Pick and choose which TS and applications appear in the
deployment workbench
R-click
Selection
Profile
Choose New
Selection
Profile
Choose your
components

76. 3/23/2010
76
Media allows you create a fully deployable image complete
with OS, applications, drivers, packages and task sequences
that can be deployed with NO NETWORK CONNECTIVITY
Create Media
First you’ll need a selection profile containing the MDT
components needed for deployment to a client (include
everything)
Within DW r-click Media
Choose New Media
Give it a name, choose your selection profile
Update Media (r-click the MEDIA001 and choose Update
Media Content)
Copy files to external hard drive, UFD or burn the .ISO to DVD
LDS allow you copy a subset (or all if you choose) of
components to another machine
Even windows 7 can be a LDS
MDT 2010 does not need to be installed on the machine
To create a LDS
First create a selection profile containing all the MDT
components you would like replicated
From within the Deployment Workbench R-click Linked
Deployment Shares node and choose New Linked
Deployment Share
Type in the UNC path to where you want the new LDS
ComputerNameSharedFolderName

77. 3/23/2010
77
Choose your selection profile
Select one of the options:
Merge the selected contents into the targert deployment share
OR
Replace the contents of the target deployment share folders with
those selected
R-click LINKED001 and choose Replicate Content
The contents you selected in your selection profile will
be copied to the new LDS via ROBOCopy
I would change the replication technology to be DFS-r

78. 3/23/2010
78
Bare-MetalBare-Metal
DHCP/WDS
Discover IP
Acknowledge
DHCP
WDS
AD/DNS
Bare-MetalBare-Metal
1
2
3

79. 3/23/2010
79
Installing WDS on a 2003 SP1 Server
Install RIS
Install patch from the WAIK:
windows_deployment_services_update.exe
Installing WDS on a 2003 SP2 Server
Control Panel / Add/Remove Programs / Windows
Components / WDS
Installing WDS on a 2008 (& R2) server
Server Manager
Add Roles
Select Windows Deployment Services from the list of
roles
WDS snap-in
Right-click Servers
Add Server –
defaults to local
server
Right-click your
server and choose
Configure Server.

80. 3/23/2010
80
Store your images on a drive other than where the OS
resides

81. 3/23/2010
81

82. 3/23/2010
82
564D49219C768546A956C310ED7D2BF6

83. 3/23/2010
83
The most current will always be best
Windows 7 Boow.wim can deploy
Vista SP1
Windows Server 2003 R2
Windows 7
Server 2008 & R2
Accidently use a Vista or Vista SP1 boot.wim?
Vista boot.wim cannot deploy W7 or 2K8 R2
Failure on the Offline servicing pass even if it’s not
configured to install patches
Both .wim and .vhd are supported
Adding a .wim
Right–click Install Images
Add Install Image
Image Groups
Single Instancing occurs
Adding a .vhd
Elevated command prompt
WDSUTIL /Add-Image /ImageFile:ServerShare
Win7.vhd /Server:WDSServer /ImageType:Install
/ImageGroup:Windows7 /Filename:"Windows7.vhd"

84. 3/23/2010
84
Dynamic Driver Provisioning (DDP)
Add drivers to a driver group
Driver groups can be filtered to make the packages in the
group available to a specific group of clients
No filters?
All packages are available to all clients with matching hardware
You define
Clients have access to all packages in a group
or
Only packages that match the hardware (Plug and Play hardware)
Filters
Based on the hardware of the client (manufacturer or BIOS)
Based on an attribute of the install image selected for the client
(version or edition of the image
167
R-click boot
image
Choose Add
Driver
Packages to
Image
168

85. 3/23/2010
85
PXE Protocol is an extension of DHCP
Created by Intel as a standard with a set of pre-boot
services stored in the boot firmware
The goal:
Perform a network boot
Find and download a network boot program (NBP) from
a Network Boot Server

86. 3/23/2010
86

87. 3/23/2010
87

88. 3/23/2010
88

89. 3/23/2010
89
1) Choose your OS Image

90. 3/23/2010
90
All PXE / DHCP traffic is local traffic only
DHCP – port UDP 67
PXE traffic – port UDP 4011

91. 3/23/2010
91
Mis-configured Switch or Router
Where will the client go?
Known clients can be configured to connect to a specific
WDS Server
Or
You could create a list of WDS Servers to be presented
to the client so they can manually choose which WDS
Server they connect to:
Registry entry
Restart the WDS Service

92. 3/23/2010
92
What happens when there is more than one WDS
Server
But you don’t want to set in stone which WDS Server
the client attaches to
You want to be able to pick and choose your WDS
Server
Registry setting changed on the WDS Server
HKLMSYSTEMCurrentControlSetservicesWDSS
erverProvidersWDSPXEProvidersBINLSVC
AllowServerSelection = 1
Restart the WDS service
net stop WDSServer & net start WDSServer
3 Scenarios
1. WDS and DHCP on the same subnet/ different
servers
Client will find WDS by broadcasting
2. WDS and DHCP on different subnets
Client must find WDS through options 66 and 67 set in
DHCP
3. WDS & DHCP on same server
Client finds WDS through Option 60 in DHCP

93. 3/23/2010
93
BareBare--MetalMetalBareBare--MetalMetal
DHCP
WDS
Discover IP/PXE
Server
Discover IP/PXE
Server
BareBare--MetalMetalBareBare--MetalMetal
DHCP
WDS
Discover IP/PXE
Server
Acknowledge
Request

94. 3/23/2010
94
BareBare--MetalMetalBareBare--MetalMetal
DHCP / WDS
Discover IP
Acknowledge
• IP helpers configured properly on your switches and
routers are more reliable
Older PXE ROMs have issues with DHCP options
60,66,67
Options 66 & 67 are referred to as a Network Boot
Referral (NBR)

95. 3/23/2010
95
Server1 sends packet 1 to client1
Server1 sends packet 1 to client2
Server1 sends packet 1 to client3
• Server1 sends packet 1 to all clients
• Server1 sends packet 1 to client1,
client5 client9, client22
Multiple Stream Transfer
Multiple streams of traffic
Optimized rates based on
client connection
Client Auto Removal
Slower clients can be
dropped to unicast or
entirely (only in standard
multicast)
Boot Image Multicast
Windows PE boot
images can use multicast
(clients with EFI)
FastFast
MediumMedium
SlowSlow

96. 3/23/2010
96
Clients
WDS Server
Multicast
Transmission
First client joins “transmission”
Clients
WDS Server
Multicast
Transmission
Waiting for other clients to join…

97. 3/23/2010
97
Clients with multiple transfer speeds
WDS Server
Multicast
Transmission
Additional clients join stream
Fastest Mediu
m
Slowest Mediu
m
Clients with multiple transfer speeds
WDS Server
Multicast
Transmission
More clients to join
FastestMediu
m
Slowest Mediu
m
FastestMediu
m
Mediu
m

98. 3/23/2010
98
Clients with multiple transfer speeds
WDS Server
Multicast
Last clients complete…
Mediu
m
Mediu
m
Slowest
Clients
WDS Server
Multicast
All clients complete.
Transmission ends.

99. 3/23/2010
99
2 ways to start creating a multicast transmission from
within the WDS snap-in
Right-click Multicast Transmissions and choose Create
Multicast Transmission
OR
Drill down to your Install Image and right-click the
image then choose Create Multicast Transmission

100. 3/23/2010
100
You will need 2 scripts
WinPE Phase
Language of installation
Keyboard layout
Credentials for Image
Which Image to install
Disk Configuration (partitioning)
Where to install the image
The rest of the installation (specialize and OOBE)
Computer name
User account
Time zone
WinPE script
Store script in RemoteInstallWDSClientUnattend folder
WDS snap-in -> R-click server -> Properties Client tab
Enable unattended installation
Browse to WinPE script
Sets the script for all computers of that architecture

101. 3/23/2010
101
Switch that doesn’t support IGMP uses broadcast
instead of multicast
The slowest computer on the switch dictates the speed of
all broadcast traffic
Client computers that are in a sleep power state
Windows operating system reduce the speed of the
network connection to 10 Mbps to save power
So a client attempting to multicast an image on the
same switch as a sleeping client causes severe
performance problem for multicast
The fix
switching hardware supports IGMP

102. 3/23/2010
102
Default Permissions
Local administrator on the WDS server
Full Control of the RemoteInstall folder
Full Control permissions on
HKEY_LOCAL_MACHINESystem
Domain administrator (domain where the WDS
server resides)
Full Control permissions on the Service Control Point
(SCP) in AD DS for the WDS server.
WDS depends on AD DS for the PXE provider to create
computer accounts and service control points (SCPs)
in AD.
The SCP is a child object under a WDS server’s
account object used to store configuration data
Identifies the server as a WDS server
Finding the SCP - DEMO
ADSIEdit -> Find your servers computer object ->
Expand your server -> CN=NameOfMyServer-Remote-
Installation-Services Properties

103. 3/23/2010
103
Enterprise administrator
Dynamic Host Configuration Protocol (DHCP)
authorization permissions
Admin Approval
The computer account is created using the server’s
authentication token (not the admins token performing
the approval)
WDSSERVER$ must have “create computer account
objects” on the containers / OUs where the approved
pending computers will be created
Admin Approval of Pending Computers
R/W to the F:RemoteInstallMGMT
contains Binlsvcdb.mdb
Active Directory Users and Computers
Create a custom task to delegate on OU where the
computer account will be created -> Write all properties
on Computer Objects

104. 3/23/2010
104
ADUC
R-click the container or OU and go to Properties
Click the Advanced button and add a user or group then
click the Edit button
Under Apply to: This object and all descendant objects
Allow “Create Computer objects” Ok (3x)
BUT now that user can create computer objects and join
machines to the domain
What if you only want someone to be able to join a
machine to the domain?
JoinRights registry setting determines the set of
security privileges
located at:
HKEY_LOCAL_MACHINESYSTEMCurrentContro
lSetServicesWDSServerProvidersWDSPXEPro
vidersBINLSVCAutoApprove<arch>
Name: JoinRights
Type: DWORD
Value: 0 = JoinOnly.; 1 = Full

105. 3/23/2010
105
The User registry setting determines which users have
the right to join the domain
User setting located at:
HKEY_LOCAL_MACHINESYSTEMCurrentContro
lSetServicesWDSServerProvidersWDSPXEPro
vidersBINLSVCAutoApprove<arch>
Name: User
Type: REG_SZ
Value: group or user.
Creating computer accounts against a non-English
domain controller using the default user property.
Set the Auto-Add settings to use an account that does
not contain extended characters.
Acceptable characters ([A-Z, a-z, 0-9, , -, and so on])
For example if the German "Domänen-Admins“ is used
the Auto-Add will fail.
WDSUTIL /set-Server /AutoAddSettings
/Architecture:x86 /User:DeployAdministrator

106. 3/23/2010
106
TASK Permission
Prestage a computer ADUC -> Create a custom task to
delegate on OU where you are putting
the computer account -> Write all
properties on Computer Objects
Add/Remove Image or Image Group FC
F:RemoteInstallImagesImageGroup
Disable an image R/W for the image (on image properties
in WDS)
ADD boot image R/W F:RemoteInstallBoot
R/W F:RemoteInstallAdmin (if
upgrading from 2K3 server)
Remove boot image R/W F:RemoteInstallBoot
TASK Permission
Manage properties on an OS image R/W on image Res.rwm file found:
F:RemoteInstallImages<ImageGroup>
Convert a RIPREP image R original RIPREP image
R/W %TEMP% and destination folder
Create Discover / Capture image R original boot image
R/W %TEMP% and destination folder
Create a multicast transmission FC on:
HKEY_LOCAL_MACHINESYSTEMC
urrentControlSetServicesWDSServ
erProvidersMulticast
R
F:RemoteInstallImages<ImageGroup
>

107. 3/23/2010
107
Server 2008 increased the TFTP block size from 512
bytes to 1,456 bytes to speed things up.
If your network has a TFTP block size of less than 1,456
bytes this breaks WDS.
Resolution:
Install hotfix 975710
HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
servicesWDSServerProvidersWDSTFTP
Create a new REG_DWORD
Name: MaximumBlockSize
Value range: 512–1456
Renaming a machine
Moving a machine from one domain to another
You’ll need to uninitialize & reinitialize WDS server
From a cmd on the WDS server
Wdsutil /uninitialize-server
Wdsutil /initialize-server /reminst:E:RemoteInstall

108. 3/23/2010
108
WDSCapture WinPE
Add boot.wim from a 2K8 Server .iso
Right-click the boot.wim and choose “Create capture
image…”
Add the new .wim file that you just created
Sysprep
-reseal
generalize
No
Volume to
capture?

109. 3/23/2010
109
Ensure there are not duplicate machine accounts pre-
staged for the same machine
Pre-stage using the MAC address
Swap the NIC to another machine
Dual Admins
1st admin creates a computer object in ADUC
2nd admin pre-stages a computer object with the NIC or GUID
The first one found is used

110. 3/23/2010
110
Using an older boot.wim
Architectures and WinPE
Copype – WinPE
Creating your own
The most current will always be best
Windows 7 Boow.wim can deploy
Vista SP1
Windows Server 2003 R2
Windows 7
Server 2008 & R2
Accidently use a Vista or Vista SP1 boot.wim?
Vista boot.wim cannot deploy W7 or 2K8 R2
Failure on the Offline servicing pass even if it’s not
configured to install patches

111. 3/23/2010
111
Multicast traffic running really slow
Which version of IGMP is being used?
V3 or v2?
Multiple WDS servers multicast traffic
Overlapping IP addresses
WDS snap-in -> Properties of Server -> Multicast tab ->
change the IP addresses

112. 3/23/2010
112
Unattend .xml scripts (2)
XP & 2K3 vs Vista and later
Unattend.xml does not process settings
Not named properly
Not stored in the correct folder

113. 3/23/2010
113
From the client
Client receives an IP address
Discovers a Network Boot Server (NBS)
Downloads the Network Boot Program (NBP) from the
NBS (TFTP) and executes it
From the server
Servers IP address
Name of a NBP the client may request
• IP helpers configured properly on your switches and
routers are more reliable
Older PXE ROMs have issues with DHCP options
60,66,67
Options 66 & 67 are referred to as a Network Boot
Referral (NBR)

114. 3/23/2010
114
MDT
Deployment Server
Store ImageModel
W7 DVD
WDS Server
MDT & WDS Together
MDT WinPE
Targets
F12
MDT WinPE
Download Image
MDT can use WDS
Multicast feature
WDS
Installation
Configuration
Known clients vs Unknown clients
PXE Booting
Multiple WDS Server Selection
Common issues
Multicasting
Automating
Integrating WDS and MDT
PXE boot
Multicast

115. 3/23/2010
115
Questions or Comments
Rhonda@DeploymentDr.com
Please fill out your evaluations!
WWW.DeploymentDr.Com
RhondaLayfield@Twitter.com