You skipped Vista. Now you plan to start deploying Windows 7. You face a blizzard of jargon and you feel you should know how it all works. But what technologies do you really need, and how can you make rational decisions when everything is so muddled?
Here are just some of the terms:
- DISM
- Driver injection
- DS
- HII
- ISO
- KMS
- Lite Touch
- MAK
- MDOP
- MDT
- OOBE
- PE
- PXE
- Sysprep
- TFTP
- Unattend
- WAIK
- WDS
- WIM
- WSIM
And these are just the current terms. How about RIS, SIF, BDD, PKGMGR, INF in previous versions?
The first thing to note is that you need hardly any of this to perform consistent automated deployment. Deployment covers a vast spectrum of use cases, and it is important to focus on exactly what you need to do. A school re-imaging computers between lessons has very different requirements from a hardware vendor shipping PC’s, so a lot of the tools and techniques simply are not relevant to your own requirements. Here is a minimum automated deployment toolset:
- A USB drive with a bootable copy of the utility OS WinPE, and the network drivers for your make and model of PC
- The program imagex.exe stored on the USB, to capture and deploy the image of a reference computer
- Windows Automated Installation Kit (WAIK) on a technician’s workstation, to use Deployment Image Servicing and Management (DISM) to manipulate images and Windows System Image Manager (WSIM) to create unattend.xml files. WAIK is free, and it is a set of workstation tools, not a server product.
What else could we possibly need?
Well, firstly it is a bit uncontrolled to maintain copies of WinPE on USB drives, and images stored somewhere on the network. This will lead to people using different or wrong versions. If you have only one or two engineers you might be able to live with this, but otherwise you can automate the use of correct versions with Windows Deployment Services (WDS).
WDS provides a networking infrastructure to copy images down to the PC and up to the server. This includes copying the version of WinPE that you use to perform the imaging process, as well as the Window Image (WIM) file that contains the image of Windows 7. Using WDS means that you don’t need to maintain USB drives containing WinPE. When the PC starts, if you press F12 the PC will boot into a Pre-Execution Environment (PXE) stored on the network card itself. This enables the PC to contact the WDS server, through a DHCP advertising process. The WDS server responds by using Trivial File Transfer Protocol (TFTP) to copy a boot manager and a small file, boot.sdi, to the PC and this in turn will download and run WinPE. WinPE will run entirely in memory, as a RAM Disk, so that you are free to erase and re-partition the hard disk (or the SCSI array or whatever mass storage devices you have). WinPE will capture an image of a reference computer, or deploy a selected image to the PC.
Select the boot option F12
Press F12 again to start the PXE boot, and select the version of WinPE to use
In WDS you first add a Boot Image (which is WinPE) from the installation CD or ISO. If you boot to this version of WinPE it will automatically connect to the Deployment Server and offer you the images to install. You can also select an option to create a Capture Image. This one is also based on the WinPE Boot Image but contains a wizard to capture the image of the PC and load it up to the server. After you capture an image, it becomes available as one of the images to deploy.
Capture an image using the Capture version of WinPE
Deploy an image using the Boot version of WinPE
The aim here is just to show that WDS is a self contained tool capable of easily creating and deploying images. WDS is a role of Server 2008. It also provides the multicast functions so you can deploy images to many PC’s at the same time. Server 2008 R2 has some improvements to multicast.
As before, when using WDS you can automate the answers provided during setup by creating an unattend.xml file. The answer file is edited using WSIM, part of the WAIK. To use WSIM you first need to open and catalogue a Windows 7 image file. Then you can build an unattend.xml file with the attributes you want.
The custom answer file can be put in the image when you run Sysprep before capturing the image. Or you can open the captured image offline using the command line tool DISM, also part of the WAIK, and insert the file then. DISM also enables you to add drivers, updates, features and language packs to the image file.
The setup process with unattend.xml is an immensely powerful and flexible process. Every process taking place during the setup is controlled by sysprep.exe and unattend.xml. Because it has the ability to run executables and scripts it can do almost anything that can be done.
So now we have WAIK and WDS and we have an almost fully automated deployment process. What more could we want?
If you have a well organized PC estate with one or two current standard models of laptop and desktop then you don’t need many images, and you don’t need to create or edit them very often. In this case WAIK and WDS may well be sufficient. But there are cases where you may need more flexibility, for example:
- You have many different makes and models and you need to re-image them. Perhaps you don’t even have a good record of what models you have.
- You want to automate server builds and have a guided installation for different models and roles of server.
Microsoft Deployment Toolkit (MDT) 2010 provides a way to automate the workflow when imaging a computer so you can both standardize and cover more variation. MDT is another "toolkit" that sits on the technician’s workstation, but this time with a Deployment Share on a server where the resources (images, drivers, applications) are made available to the deployment process. MDT provides:
- A wizard-style dialogue when you run WinPE, before the imaging process itself
- The ability to skip any or all parts of the dialogue and provide a pre-defined answer or task sequence
- A database to store configuration plans for different makes and models or computer, or for a given computer identity, or for a selected role (e.g. Web Server).
These components (dialogue, pre-defined answers etc) are used to generate an unattend.xml file dynamically, and setup then runs with this.
The scripts that operate the process
The dialogue in WinPE
The settings that control the dialogue
The pre-defined Task Sequences that automate sections of the process
The database to store configuration plans
MDT sits in a slightly confusing relationship to the other tools. You don’t need WDS to use MDT. You don’t need MDT to use WDS. MDT creates a deployment share, and you can use a USB Drive with WinPE to connect to it. WDS is just about the transfer process between client and server. If you do use WDS with MDT, you need to copy the MDT version of WinPE into the WDS directory, and then it uses the OS images in the MDT directory. You don’t need the WAIK with MDT, because the process of creating the unattend.xml at runtime replaces having a sophisticated editing tool for a static unattend.xml. You also don’t need the DISM because the MDT adds drivers, updates, features and applications also at runtime. But you can certainly use parts of all three components in the same imaging workflow.