Category Archives: Windows Deployment Services

WDS Capture Error using 2012 R2 or 8.1 install.wim \windows\system32\boot\winload.exe Status:0xc000000f

I recently ran into an issue were a capture wim image created from a windows 8.1 (x64) and Server 2012 R2 install.wim imaged repeatedly failed on boot with the error:

Windows failed to start. A recent hardware or software change might be the cause. to fix the problem:

  1. Insert your windows installation disc and restart your computer.
  2. Choose your language settings, and then click “Next.”
  3. Click “Repair your computer.”

if you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \Windows\System32\boot\winload.exe

Status: 0xc000000f

Info: The application or operating system couldn’t be loaded because a required filed is missing or contains errors.

 

I was able to solve this issue be mounting the wim with imagex, changing nothing, and then unmounting the wim using the /commit argument.

Follow these steps (assuming your file is located c:\capture.wim and your mount directory is c:\mount)

Once the image was committed, I opened the WDS console, selected the current Capture image, and selected “Replace Image…”. I then pointed to the c:\capture.wim file previously edited.

I then rebooted the client, and tried the capture image again, this time it worked without issue. I’m not sure what mounting and unmounting the image did, but i suspect perhaps it validates or changes certain files during the mounting and unmounting that are required for the image to be bootable.

Using Windows Deployment Services to install custom images of Windows 7

Prerequisites

We’re going to need a few things before we can get started. Here is what we’ll need to gather:

  • 2 Windows 7 workstations (1 if you really want to punish yourself)
  • Windows 7 Open License media (DVD)
  • Windows 7 WAIK (Windows Automated Install Kit)
  • 1 Server 2008 R2 Server
  • Drivers for all workstations you plan on imaging(if different models)
  • Installation media for all Applications that you wish to put on the Image
  • A Windows Active Directory Domain
  • A USB External Hard Drive large enough to hold the Image of the PC

Install WDS on Server 2008 R2

First Start by installing WDS on your Server 2008 R2 server. If this server is not already on a Windows Active Directory Domain, also install AD DS and create a domain.

  1. Open Server Manager
  2. Click on Roles for the Left hand pane
  3. Click “Add Roles”
  4. Check the box for “Windows Deployment Services”, click Next
  5. Install Both the “Deployment Server, and Transport Server” Role Services
  6. Finish the Installation of the Role and reboot if necessary
  7. Click on START > Administrative Tools > Windows Deployment Services
  8. Expand Servers, Right click on your server and select “Configure Server”, Click Next to start the wizard
  9. Choose a location for the RemoteInstall Directory, Click Next
  10. If this Server (The WDS Server) is running DHCP make sure both “Do not listen on port 67” and “Configure DHCP option 60 to ‘PXEClient’” are both CHECKED. If this server does not run DHSP leave both of these un-checked. Click Next.
  11. Select the Option for “Respond to all client computers (known and unknown)” we’ll lock this down to “Respond only to known client computers” in a later section. Click Next.
  12. Uncheck the box for “Add images to the server now”. We’ll take care of this in a little bit. Click Finish.
  13. If the Add Image Wizard appears, close it.
  14. Right Click on the Server in the console and select Properties, Click on the “Boot” Tab.
  15. If you are like me, and you want this to be as idiot proof as possible for your users, Change both Radio buttons to “Always continue the PXE boot” After we’ve loaded the “Install” and “Capture” images later, come back and assign them as the default choices as well, to future reduce user error possibilities.
  16. Click the “Client” tab, Check the box for “Enable Client logging”, Hopefully we won’t need these, but you’ll thank me if you do.
  17. Close the Server Properties and then Right Click on “Install Images”. Create a new Image Group.

Create Boot and Capture files

  1. Take one of your windows 7 workstations and Install the Windows 7 WAIK on it. After installation place the Server 2008 R2 media in the drive.
  2. Create a new folder for all of the files you’ll be creating/editing C:\WDSStuff
  3. Copy the boot.wim from the [DVD Drive]\sources\boot.wim to C:\WDSStuff\Windows_2008_R2\
  4. Copy the NIC drivers for your workstation to C:\WDSStuff\NIC_Drivers. Make sure that the files are uncompressed, unzipped, extracted, etc. Basically make sure the .inf files are in this folder or subfolders. Also make sure these drivers are for Server 2008 R2 (x64 Windows 7 drivers if the vendor does not have 2008 R2 Drivers available). If you are unsure which drivers you need put everything except the kitchen sink in here (as far as different version of NIC drivers go)
  5. Click on START > All Programs > Microsoft Windows AIK > Deployment Tools Command Prompt
  6. Navigate to C:\WDSStuff\Windows_2008_R2\ and type: imagex /mountrw boot.wim 2 c:\WDSStuff\wim
  7. Change directory to C:\WDSStuff\NIC_Drivers and type: dism /image:c:\WDSStuff\wim /add-driver /driver:. /recurse
  8. Type: imagex /commit /unmount c:\WDSStuff\wim
  9. Copy C:\WDStuff\Windows_2008_R2\boot.wim to the WDS Server
  10. From the WDS Server: Open Windows Deployment Services, Right Click on Boot Images folder and select Add Boot Image…
  11. Add this boot.wim file that you just copied, and when Prompted name it “Install”
  12. Once the image is in the console, expand the “Boot Images” folder and right click on “Install” and then select “Create Capture Image…” Save this image in the same location as the Install image, and name it “Capture”

Create Custom Image on Windows 7 Computer

  1. Grab your Windows 7 installation media, and install a fresh copy of Windows 7 on one of your Windows 7 workstations. Format the drive in such a way that there is only 1 Partition.  When you get the prompts to create users and name the PC: STOP.
  2. Press CTRL + shift + F3 all at the same time. This will put you into Audit mode. Each time your PC restarts from here on forward it will remain on Audit mode. When it logs you into the desktop CLOSE the sysprep window that appears, don’t click anything on that little bastard.
  3. Install all of your drivers, Applications, Windows updates, etc, Join the domain, apply group policies, go hog wild, just do whatever you would normally do when creating an imaged PC.
  4. When you are all done make the core system the way you want it, we’ll create the default profile.

Setup Default Profile (the non stupid way)

Creating the Default Profile. What can I say? I can say this: Microsoft, are you paying attention? Okay here is what I can say about Default User Profiles on Windows 7: Microsoft, Go Fuck Yourselves. You dumb bastards. 10 years of being able to create default profiles by very easily moving customized profile over the “Default User” profile and you now want me to put the default profile where now? ON A DOMAIN CONTROLER? IN THE NETLOGON SHARE? What are you fucking serious? Name it .v2?!? That’s fucking stupid. I can’t wait until 70% of your product line is replaced with web apps and someone else’s browser. And for those of you saying that you can just use the copyprofile=true flag in the unattend.xml file? Technically you are right, except for it then discards pretty much every user customization you just spent 2 hours changing and then double checking. But alas, I digress…

  1. On your Domain Controller create a new Domain Admin called “DefaultUser”
  2. Log into your workstation as the user you just created: DefaultUser
  3. Customize your profile, IE, etc to the exact way you want it
  4. When you are all satisfied log out as that user and log back in as the Local Admin(note: while logged in as DefaultUser, re-enable the local admin and set it’s password)
  5. Now browser to c:\users\ and Right Click on DefaultUser (Not Default User). Take Ownership of this folder. Now grant “everyone” full control to this folder. Make sure NTFS permissions propagate to all sub folders.
  6. Open the Registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CurrentVersion\ProfileList Edit the Reg String for “Default” Change the value from %SystemDrive%\Users\Default to %SystemDrive%\Users\DefaultUser

This is the best work around I’ve found to date to get the Non-Stupid methods of the old Copy To functionality to work. Let me know if you’ve found a better solution.

Create unattend files

This is a very long complicated process that’s prone to errors, if you run into problems, it’s probably here that you are having problems.

  1. Log into the Windows 7 Workstation that has WAIK installed
  2. Copy the Windows 7 Install.wim and Install.cfg file from the [DVD Drive]\sources\ folder to C:\WDSSTuff\Windows_7 folder  NOTE: Make sure it’s the same as the machine ready to be syspreped  (x86 versus x64)
  3. Click START > All Programs > Microsoft Windows AIK > Windows System Image Manager
  4. In the bottom left hang box titled “Windows Image” right click and point this to the Install.wim or .cfg file that we’ve copied to C:\WDSSTuff\Windows_7 folder
  5. In the top box titled “Answer File” right click and select “New Answer File…”
  6. We’re going to need to Add sections from the catalog file in the bottom left Box Titled “Windows Image” to the answer file, if you are making an Answer file from a different version Windows or for a different hardware type (x86) these names are going to be different than the ones that I mention here, BUT they will be close, find the one that most closely resembles what I’m telling you to select.
  7. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-International-Core-WinPE_neutral” to the “1 windows PE” section of the answer file.
  8. Click on “amd64_Microsoft-Windows-International-Core-WinPE_neutral” to the “1 windows PE” and then change the value of “UILanguage” in the far right pane to “en-us”
  9. Expand “amd64_Microsoft-Windows-International-Core-WinPE_neutral” to the “1 windows PE”, Click on “SetupUILanguage” and then change the value of “UILanguage” in the far right pane to “en-us”
  10. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-setup_neutral” to the “1 windows PE” section of the answer file.
  11. Expand  “amd64_Microsoft-Windows-setup_neutral”, Click on “DiskConfiguration” and then change the value of “WillShowUI” to “OnError”
  12. Right Click on “DiskConfiguration” and select “Insert New Disk”
  13. Expand “DiskConfiguration” and Select the newly created disk, Change the setting on the far right side “DiskID” to “0”, Change the setting on the far right side “WillWipeDisk” to “true”
  14. Expand the newly created disk, Right Click on “CreatePartions” and select “Insert new CreatePartition”
  15. Expand the newly created “CreatePartition”, Change the setting “Extend” to “true”, change the setting “Order” to “1”, change the setting “Type” to “Primary
  16. Right click on “ModifyPartitions” and select “Insert new ModifyPartition”
  17. Expand “ModifyPartitions” and select the newly created “ModifyPartition”, change the setting  “Format” to “NTFS”, change the setting “Label” to “Windows”, change the setting “Order” to “1”, change the setting “PartitionID” to “1”
  18. Go back up to the level “amd64_Microsoft-Windows-Setup_neutral” and then expand “WindowsDeploymentServices”
  19. Expand ”ImageSelection”, Click on “InstallImage”, Change the setting “ImageGroup” to the name of the Image group created on the WDS Server.
  20. Click on “InstallTo” and change the setting “DiskID” to “0”, Change the setting “PartitionID” to “1”
  21. Expand “Login” and then click “Credentials”, change the setting “Domain” to the NETBIOS name of your Active Directory Domain, change the setting “Password” to the password of a Domain Admin, change the setting “Username” to that of a Domain Admin. You may be asking, is this safe? The password is encrypted before it’s put into the file, so that’s good, but I’m sure it’s not the safest thing to leave you Domain Admin credentials in this xml file that any user on the network can browse to, so see the addendum of how to get a Domain User account working instead of a Domain Admin.
  22. Save this answer file as “WDSUnattend.xml in your C:\WDStuff folder

Create a new blank answer file.

  1. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-Security-SPP_neutral” to the “3 Generalize” section of the answer file.
  2. Click “amd64_Microsoft-Windows-Security-SPP_neutral”, change the setting “SkipRearm” to “1”
  3. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-Deployment_neutral” to the “4 specialize” section of the answer file.
  4. Expand “amd64_Microsoft-Windows-Security-SPP_neutral”,  right click on “RunSynchronous” and select “Insert New RunSynchronousCommand”. Perform this task twice.
  5. Select the first newly created RunSynchronousCommand, change the setting “Order” to “1”, change the setting “Path” to net user administrator /active:yes. This command enables the local Administrator account on the workstation.
  6. Select the second newly created RunSynchronousCommand, change the setting “Order” to “2”, change the setting “Path” to “reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 00000000 /f. This command sets the first newly detected network to “work” automatically.
  7. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-Security-SPP-UX_neutral” to the “4 specialize” section of the answer file.
  8. Select “amd64_Microsoft-Windows-Security-SPP-UX_neutral”, change the setting “SkipAutoActivation” to “true”
  9. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-Shell-Setup_neutral” to the “4 specialize” section of the answer file.
  10. Select “amd64_Microsoft-Windows-Shell-Setup_neutral”,change the setting “BluetoothTaskbarIconEnabled” to “false”,  change the setting “ComputerName” to %MACHINENAME%, change the setting “CopyProfile” to “false”, change the setting “ShowWindowsLive” to “false”,  change the setting “TimeZone” to “Eastern Standard Time”, or whichever time zone you are in.
  11. Expand “amd64_Microsoft-Windows-Shell-Setup_neutral”, Select “Display”, change the setting “ColorDepth” to “32”, Change the setting “HorizontalResolution” to “1024”, change the setting “VerticalResolution” to “768”. Note: change these values to that of your PC being ready to be sysprepped.
  12. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-UnattendedJoin_neutral” to the “4 specialize” section of the answer file.
  13. Expand “amd64_Microsoft-Windows-UnattendedJoin_neutral”, Select “Identification”, change the setting “DebugJoin” to “true”, change the setting “JoinDomain” to the FQDN of your Active Directory Domain, change the setting “UnsecureJoin” to “true”.
  14. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-International-Core_neutral” to the “7 oobeSystem” section of the answer file.
  15. Select “amd64_Microsoft-Windows-International-Core_neutral”, change “InputLocate” to “en-us”, change the setting “SystemLocale” to “en-us”, change the setting “UILanguage” to “en-us”, change the setting “UserLocale” to “en-us”. Note: Change these setting to match your locale.
  16. Expand Components in the Windows Image section and add “amd64_Microsoft-Windows-Shell-Setup_neutral” to the “7 oobeSystem” section of the answer file.
  17. Select “amd64_Microsoft-Windows-Shell-Setup_neutral”, change the setting “BluetoothTaskbarIconEnabled” to “false”, change the setting “Registered Organization” to the name of your organization, change the setting “RegisteredOwner” to the name of your organization, change the setting “ShowWindowsLive” to “false”, change the setting “TimeZone” to “Eastern Standard Time” or your local time zone.
  18. Expand “amd64_Microsoft-Windows-Shell-Setup_neutral”, Select “AutoLogon”, change the setting “Domain” to  the NetBIOS name of your Active Directory Domain, change the setting “Enabled” to “true”, change the “LogonCount” to “1”, change the setting “Username” to the name of your Domain Administrator account. Note: you don’t have to do this, this setting configures  an automatic logon after the system is imaged, which allows you to run commands automatically after the system is imaged, which we’ll do shortly.
  19. Expand “AutoLogon”, select “Password”, change the setting “Value” to the Password of the account that will automatically log in.  The password will be encrypted when the file is saved.
  20. Select “Display”, change the setting “ColorDepth” to “32”, Change the setting “HorizontalResolution” to “1024”, change the setting “VerticalResolution” to “768”. Note: change these values to that of your PC being ready to be sysprepped.
  21. Right Click on “FirstLogonCommands”, select “Insert New SynchronousCommand”. Perform this task 5 times.
  22. Select the first newly created SynchronousCommand, change the setting “CommandLine” to “c:\drivers\win\display\setup.exe -overwrite –s”, change the setting “order” to “1”, change the setting “RequiresUserInput” to “false”. Note: This is just something I thought to include because it seems like I run into it a lot, after imaging Intel Based graphics card don’t get configured with the correct driver, this just runs the setup silently and fixes that issue.
  23. Select the second newly created SynchronousCommand, change the setting “CommadLine” to cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX where XXXXX-XXXXX-XXXXX-XXXXX-XXXXX is your Windows 7 Open License MAK key, change the setting “Order” to “2”, change the setting “RequiresUserInput” to “false”
  24. Select the thrid newly created SynchronousCommand, change the setting “CommadLine” to cscript //b c:\windows\system32\slmgr.vbs /ato, change the setting “Order” to “3”, change the setting “RequiresUserInput” to “false”. These last two command activate windows with you MAK Open License Key.
  25. Select the fourth newly created SynchronousCommand, change the setting “CommadLine” to cscript //b "C:\program files\microsoft office\office14\ospp.vbs" /inpkey:XXXXX-XXXXX-XXXXX-XXXXX, change the setting “Order” to “4”, change the setting “RequiresUserInput” to “false”. where XXXXX-XXXXX-XXXXX-XXXXX-XXXXX is your Office 2010 Open License MAK key.
  26. Select the fifth newly created SynchronousCommand, change the setting “CommadLine” to cscript //b "C:\program files\microsoft office\office14\ospp.vbs" /act, change the setting “Order” to “5”, change the setting “RequiresUserInput” to “false”.
  27. Select “OOBE”, change the setting “HideEULAPage” to “true”, change the setting “NetworkLocation” to “Work”, change the setting “ProtectYourPC” to “3”, change the setting “SkipUserOOBE” to “true”. Note: The network location in this part may be redundant, because of the registry fix above.
  28. Expand “UserAccounts”, click on “AdministratorPassword”, change the setting “Value” to  the desired local administrator password of the workstation.
  29. Right click on “LocalAccounts”, select “Insert New LocalAccount”
  30. Select the newly created LocalAccount, change the setting “DisplayName” to that of a second local administrator account, change the value “Group” to “Administrators”, change the setting “Name” to a that of a second local administrator username.
  31. Expand, LocalAccount, change the setting “Value” to the desired password of this newly created account. Note: Both of these passwords will be encrypted in the file.
  32. Finally, save this file as Unattend.xml in your C:\WDSStuff folder
  33. Copy both of these files over to your WDS Server.

Prepare Image for Capture

Now it’s time to get this image sealed and ready to be uploaded to the WDS Server.

  1. Copy the Unattend.xml file over to the local computer folder c:\windows\system32\sysprep\
  2. Create a new folder under C:\windows\Setup called “Scripts”
  3. Create a new file called “SetupComplete.cmd” in C:\windows\Setup\Scripts
  4. Edit this file with notepad, Enter the following commands, del /Q /F c:\windows\system32\sysprep\Unattend.xml & del /Q /F c:\windows\panther\Unattend.xml
  5. Save the SetupComplete.cmd file
  6. Prep Your Antivirus software for Imaging, for Symantec Endpoint Protection12 go here.
  7. Open Command prompt, Navigate to c:\windows\system32\sysprep\ enter for the following command: sysprep /generalize /oobe /shutdown /unattend:Unattend.xml

Upload image to Server

  1. Once the computer shuts down, connect the USB Hard Drive, and power the computer back up
  2. Turn on the computer, enter the BIOS, disable booting from the hard drive (just in case you miss the PXE boot), enable PXE boot on the NIC. Exit the BIOS
  3. Boot from the network card
  4. When prompted to select an image, select CAPTURE
  5. Follow the wizard to Select the C:\ drive, name the image, store it on the USB drive, and then upload it to the WDS Server.
  6. Once the image is done being uploaded to the WDS server shut this PC down.
  7. DO NOT IMAGE THIS PC, if you do, and the imaging does not work you’ll need to re-create the entire image.

Apply unattend file to WDS image

  1. Open the Windows Deployment Server MMC console
  2. Expand Install Images
  3. Expand the Install group you created earlier
  4. Find the image you just uploaded, right click it, and select properties
  5. Check the box titled “Allow Image to install in unattended mode”, select the WDSUnattend.xml file that was moved to the WDS Server
  6. Click OK.

Final Tasks

  1. Open the Windows Deployment Server MMC console
  2. Right click on your server and go to “properties”, click the “PXE Response” tab
  3. Select the radio button “Respond only to known client computers”
  4. Open Active Directory, Create a new computer account, when prompted during the new computer creation wizard check the box “This is a managed computer”, enter the GUID of this computer.
  5. You can obtain the GUID of the computer by booting from the NIC, and during the PXE attempt the GUID will be displayed, hit the pause button, and record that GUID, enter it into the Active Directory New Computer wizard.
  6. This step is how we a) Prevent unauthorized computers from being imaged, and b) give a value to the %MACHINENAME% variable we used in the answer file.
  7. Once the computer account has been pre-staged, reboot the computer and attempt to boot from the NIC again. You’ll now again see the option for INSTALL or CAPTURE, click INSTALL, and then select the image you just uploaded.
  8. If all goes well you’ll end up logged into windows as the Domain Administrator when you are done.

Making the install idiot proof for end users

  1. Disable the Capture image in the WDS console
  2. On the boot tab of the Server Properties in the WDS console, set the default boot image to the INSTALL image
  3. In the WDSUnattend.xml file, where we specified the Image Group, also specify the exact image name without the .wim extension, now when users PXE boot, everything will be hands free.

Appendix I: Updating Unattended files

Use the Windows System Image Manager to edit these files, they are seemingly easy to edit in notepad, but they’re harder to screw up in WSIM, Also if you ever need to change any of the passwords, re-import the component containing the password form the Components section, and re-do the entire section with the password, otherwise the updated password will not be encrypted and it will be visible in the file XML.

Appendix II: Installing additional drivers into an Image

Right click and Install Image in the WDS console and export it. Then follow the same steps that we used above to install the NIC drivers, but put all drivers and the associated files in subfolders of the folder where you run dism /image:[location of extracted files] /add-driver /driver:. /recurse command. The /recurse switch will add every driver that it can find in all subfolders, which allows you add a ton of drivers really easily.

Appendix III: Using a non Domain Admin account for the Unattend.xml file

This section coming as soon as I can figure it out.

Many Thanks for the following sites for contributing, even if you didn’t know you did.

Office Activation Commands(just add these after the RunSynchronous commands for activating Windows): http://blogs.technet.com/b/office2010/archive/2009/12/18/volume-activation-tips-and-tricks.aspx

Refernence for the fact that the WDSUnattend.xml file is the account used to join to the domain: http://social.technet.microsoft.com/Forums/fi-FI/w7itproinstall/thread/c90fe1ac-198d-4337-bb8a-8d6f3991fede

Sample unattend files:
http://social.technet.microsoft.com/Forums/fi-FI/w7itproinstall/thread/c90fe1ac-198d-4337-bb8a-8d6f3991fede

How to setup the answer file (mostly): http://blog.brianleejackson.com/sysprep-a-windows-7-machine-%E2%80%93-start-to-finish-v2

Changing the Deafult User profile: http://www.windows7hacker.com/index.php/2009/05/how-to-change-user-profile-default-location-in-windows-7/

Deploying Windows Deployment Services & Windows XP (WDS) Walkthrough

This is my First walkthrough guide that I’m posting up here at the site. This was done a few years ago, and I realize that Windows XP is now taking a second row seat behind windows 7, however I know that many companies are going to keep using it for the next few years, and it certainly helps to be able to roll out (almost)zero touch Windows XP images alongside your Windows 7 Images. So here goes:

Deploying Windows Deployment Services & Windows XP (WDS) Walkthrough

  1. Overview
    1. Assumptions
    2. Network Design
    3. Preparations
  2. Installation
    1. Concerns
    2. Installing Software
  3. Pre image configuration
    1. Configuration of server
      1. WDS
      2. DHCP
      3. Configuration
  4. Configuring a PC for an Image
    1. Preping a PC
    2. Staging Active Directory
  5. SysPrep and Image Capture
  6. Configuring an image in WDS
    1. Post Capture Configuration
    2. Making Changes
  7. Deploying (Almost)Zero Touch Images
    1. Creating an unattended installation
    2. Testing

Overview

  • Assumptions

I’m writing this guide with the assumptions that you’ve gone through the process of deploying software via group policy before and that you have an understanding of imaging and the problems related to HALs. I’ve also planned on using only Open License software for this deployment as I have not had success in getting OEM software working as outlined in this guide. Finally I’m making the assumption that this is a domain environment and that the machines being imaged are all the same make and model. The server should be partitioned with two drive letters C: and D:

This guide was produced with the intention of creating a “self service portal” where laptop users could bring their laptop and have it “refreshed” with the most recent image created by the IT department. This was intended as a mostly hands off approach where users could plug in their laptops, hit F12, grab a cup of coffee and when they get back they will have a fresh installation of windows.

  • Network Design

In my setup I’ve created a domain environment where the Domain Controller has two network cards installed. One network card is connected to network 192.168.1.x/24 and is our normal Local Area Connection, used for normal everyday production network (referred to as Production network going forward). The second network card is 172.16.1.x/24 and is plugged into a secondary network that does not have access to the production network. This network is for use with Windows Deployment Services (referred to as WDS network going forward).

The Prodction Network will be used for configuring the client machine, testing the software, joining the domain, and all other tasks related to prepping the client machine for production use. Once the client machine is properly prepped it will be SysPreped and moved over to the WDS network in order to capture the image. The WDS network was configured so that normal production machines could not accidentally “refresh” themselves, machines would need to be physically moved to the WDS network in order to do this. Adjust this guide to fit your design needs.

The WDS server is 192.168.1.1 and 172.16.1.1 respectively. It is running DHCP, DNS, and WDS, it’s all running a basic RRAS setup with just basic routing between the WDS and Production networks.

  • Preparations

In order to move forward you should have the following:

  1. Windows XP Open Licenses CD (Pro, tablet, etc)
  2. Windows Vista Business or Enterprise DVD (32 bit)
  3. CDs for all hardware and software applications for client computer
  4. Server 2003 Service Pack 2 installed and running as a Domain Controller(2008 can be used as well)
  5. Networks configured as listed above
  6. External USB Hard Drive

Installation

  • Concerns

There are methods available to upgrade from RIS and to install WDS without having service pack 2 installed. This guide does not go over those methods.

This guide relies on DHCP running on the same physical server as WDS is installed in. This guide also relies on Microsoft’s DHCP server.

  • Installing the Software

To install DHCP and WDS: Click Start and then select Control Panel, Click Add or Remove Programs. On the left click Add/Remove Windows Components.  Select Windows Deployment Services and Dynamic Host Configuration Protocol

Figure 1

(DHCP) from under Network Services container. Click Next. Finish the wizard and close out of all open windows.

Open DHCP and create two Scopes one for each network LAN and WDS Make sure each scope binds to the correct NIC card and that both are functioning before continuing, Authorize DHCP. Your settings should look something like Figure 1.

Create a folder on the D: drive to hold all the files that we’ll be working with. Call it something along the lines of WDS_Files.

Download and Install Windows Automated Installation Kit (WAIK) from Microsoft’s website. (you’ll want to grab the Windows Vista version not the Windows 7 version)

Insert your Windows Vista Business or Enterprise CD and copy boot.wim from the Sources\ folder on the CD to the WDS_files folder.

Download and extract the Depoly.cab from Microsoft’s website or an XP CD. Put all of the files in a folder called SysPrep under the d:\WDS_files\ folder.

Click on Start and then All Programs, Choose Administrative Tools, and then select Windows Deployment Services.

Pre Image Configuration

  • Configuration of Server

Windows Deployment Services Configuration

In the MMC Console expand Servers and select your server. Right click your server and select Configure Server. Click Next at the initial screen. Choose D:\RemoteInstall as the installation directory and click Next. On the DHCP Option 60 screen, select Do not listen on port 67 and Configure DHCP option 60 to “PXEClient” Click Next. Select Respond to all (known and unknown) client computers. (we’ll change this setting later for security and functionality). Choose not to add images now. Click Finish.

DHCP Server Configuration

After the wizard finishes Right Click on the server in the WDS mmc and choose properties. Click the DHCP tab. Make sure both options are checked.

Open the DHCP admin console and configure an additional option on the WDS scope, Option 60. Leave this option with default settings and then remove this same option from the Server Settings section of the DHCP console. Now only the WDS network card is configured for Option 60 but the LAN network card is not. Exit DHCP.

Configuration of WDS options

Open the WDS MMC Console. Expand until you can see the 4 folders (install images, boot images, legacy images, and pending devices). Right click Boot Images, select Add Boot Image. Browse to D:\WDS_Files\boot.wim. During the wizard name this something along the lines of INSTALL.

Once the Image has been installed Right Click on the image and select Create Capture Boot Image. During the wizard name this something along the lines of CAPTURE and save it in the WDS_files directory.

Right click on the Boot Images folder and select Add Boot Image. Browse to the D:\WDS_Files\capture.wim file you just created.

Right click on the Install Images folder and select Add Image Group. Give this group a name.

Right click on the server within the WDS console and click properties. On the Advanced tab verify that Yes, I want to authorize the Windows deployment Services server in DHCP is selected.

The WDS aspect of the server configuration is now complete

Configuring a PC for Image

  • Preping a PC

Install windows from the Open License media and install all drivers

Join computer to the domain and deploy any applications necessary to the computer either by Group Policy or off of CD. Name the computer something easy to locate in AD and that is not part of your final naming convention (ex. WDSclient)

Configure the PC with any custom wallpaper, power settings, Desktop Theme, etc. Once finished restart the computer and log in as an administrator copy the configured profile to the Default Profile folder and set proper permissions. I use the Everyone group by default.

Copy the sysprep folder from the server to the C:\ drive of the client computer.

  • Staging Active Directory

Boot a client PC and press whatever key is necessary to PXE boot during the boot device screen. During this time the GUID of the PC should be displayed. Write this GUID down, it may be necessary to reboot and try again if there is not enough time to get the GUID during the first try. Some manufactures will display the GUID in the bios, you can also check there.

In Active Directory go to the OU where you want new client computers to be placed and Right Click, Choose New Computer from the pop up window. Enter the Computer’s unique name, click Next, click This is a managed computer, Enter the computers GUID without the dashes. Click Next. Select Any Available remote installation server. Click Next. Click Finish. Repeat for all computers that will be using WDS, this only needs to be done once per unique piece of hardware regardless of how many times that machine is reimaged.

SysPrep and Image Capture

Run C:\sysprep\setupmgr.exe on the client PC.

On the welcome screen click Next. Select Create New and click Next. Select Sysprep setup and click Next. Select Windows XP Professional (assuming your using any flavor of windows XP pro, tablet edition included) click Next. Click Yes, Fully Automate the Installation. Click Next. On the First Screen enter your name and organization, click Next, On the display Settings section click Next, set your time zone and click Next, Enter your Open License cd key and click Next, on the computer name section enter %MACHINENAME% and click Next, on the password section select Use the following Administrator Password (127 characters maximum; case-sensitive): and leave both boxes blank (this will keep the password you already configured when setting up the PC make sure to use a strong password on the PC before taking an image) click Next. On the Networking Components section click Next, on the domain section highlight domain and enter the domain name, Select Create a computer account in the domain. And enter a domain account and password (don’t worry this will be removed in a minute) Click Next, on the Telephony section enter the proper settings, click Next, Click Next 5 more times, or enter custom settings if you wish. Click Finish.

When prompted save the sysprep.inf to the server’s WDS_Files directory.

Edit the sysprep.inf in notepad

Change the [Identification] section to look like this:

[Identification]
JoinDomain=%MACHINEDOMAIN%
DoOldStyleDomainJoin=Yes

Save the sysprep.inf file in the WDS_Files directory.

On the client PC run c:\sysprep\sysprep.exe. Select use Mini-Setup and change shutdown mode to Shut down. Click Reseal. The PC will now turn off.

Unplug the client PC from the LAN network and plug it into the WDS network. Plug in your external USB hard drive. Boot the PC and quickly enter the PXE boot mode by pressing F12 on most PCs. When prompted by WDS press F12 again to enter WDS setup.

You should be brought to a black and grey screen titled Windows Boot Manager. If you followed the steps above you should see two options. Install and Capture. Select Capture.

At the Welcome to the Windows Deployment Services Image Capture Wizard click Next. Choose C: from the Volume to Capture drop down. Name your image something appropriate. Enter a Description and click Next, on the Image Capture Destination section choose to save on your External USB hard drive.  Give the image a simple short name. Click Upload image to WDS server: enter the server’s name and click connect. Enter the domain\username of the administrator and click ok. Select the image group from the drop down and click Finish.

Turn the PC off when finished uploading.

Your image should now appear in WDS under the image group that you created earlier.

Configuring an Image in WDS

  • Post Capture Configuration

Open Windows Explorer and browse to D:\RemoteInstall\Images\[Image group name you created]\

Note the name of the wim file in this directory create a new folder with the same name as the file but without the .wim at the end. Example: WindowsXP.wim would need a folder called WindowsXP.

Open this new folder so that you are in D:\RemoteInstall\Images\[Image group name you created]\[Image name folder]\   Create a new folder called $OEM$ and inside that $OEM$ folder create a new folder called  $1 and inside that $1 folder create a folder called sysprep. Your path should now look like this:

D:\RemoteInstall\Images\[Image group name you created]\[Image name folder]\$OEM$\$1\sysprep\ Copy and paste the sysprep.inf from D:\WDS_Files into this directory.

  • Making Changes to an already captured image file

Note: You’ll need to Right click on an Image in WDS, Export it, then edit it using the steps below, afterwards you’ll need to re-import it and either replace the existing or rename it to a new one.

Browse to C:\Program Files\Windows AIK\Tools\x86 folder, right-click wimfltr.inf, and select Install.

Create a folder on D: called Mount

Open Command Prompt and move to C:\Program Files\Windows AIK\Tools\x86 issue the following command to open a image called xp.wim with read/write permissions:

Imagex /mountrw d:\RemoteInstall\Images\[Image Group]\xp.wim 1 d:\mount

Note: to open it in read only mode us /mount instead of /mountrw

Now the contents of the mount folder are the contents of the image file. Make your changes or add/remove files and then issue the following command to save:

Imagex /unmount /commit d:\mount

Deploying (Almost) Zero touch Installations

  • Creating an unattended installation

In the WDS mmc console click on Boot images, Right Click on Capture and choose Disable.

We now need to create an unattend.xml file we would normally use Windows Automated Installation Kit for this but it does not support Windows XP images so we’ll make one from a template:

Use notepad to create a new unattend.xml in D:\RemoteInstall\WdsClientUnattend

Enter the following but make changes to the parts in BOLD: You can download an Rich Text File here: unattend_xml, edit the parts that are bolded, and copy the entire contents into notepad, save as an XML file.

One the unattend.xml file is configured open the WDS mmc console. Right Click the server and choose properties. On the Boot tab under Default boot image (optional) click Select… and then choose INSTALL (boot.wim) from the list. Click the Client tab. Check Enable unattended installation click the browse button and browse to D:\WdsClientUnattend\unattend.xml. Click Apply and then click OK.

  • Testing

Boot a client computer while connected to the WDS network without a USB hard drive attached. Press F12 to boot from the Network (PXE). Press F12 again to boot from WDS server. From this point forward the installation should be unattended and it should format the hard drive on the PC, make 1 partition for drive C: and use all space. It should then copy the image over to the PC, use it’s GUID to obtain a PC name from Active Directory, name the PC, join the domain and reboot. When it is done rebooting users should be able to log into the domain and use the applications configured before the sysprep was run. All PCs that have been pre staged in AD should perform this same process

Note: If the installation does not automate itself during the join domain section you can follow the steps listed above to edit the image and place a copy of the sysprep.inf in the c:\sysprep folder on the client image. This should take care of the problem and the file will be deleted after the machine joins the domain.

Attached Files: