Geek of All Trades: Windows 7 Deployment in 7 Easy Steps
It’s easier to deploy Windows 7 than you may be led to believe by the online documentation that accompanies many of the free deployment tools.
By Greg Shields
There’s a certain sadness I feel when pondering the free Microsoft solutions for deploying Windows 7. Don’t get me wrong—the solutions are fantastic. They work exceptionally well for deploying Windows across tens or thousands of desktops.
No, it’s not the functionality of those tools that makes me sad. It’s the manner in which they’re presented. The documentation you’ll find on the Internet is confusing at best, and the alphabet soup of Microsoft acronyms makes me want to pull out my hair.
As you start reading, you learn that Microsoft wants you to PXE your machine to WDS, using an unattend.XML file built from WSIM in the WAIK after pre-staging your GUID inside the ADUC. Don’t forget MDT (formerly BDD), as its Deployment Workbench wraps around all of this. If this makes sense to you, then congratulations and move on to the next article. For the rest of us, there has to be a simpler way.
Fortunately, there is: using those same solutions with a slightly different approach. If you’re a Jack-of-all-trades IT professional, you’ll probably never find the time to decipher that lingo, let alone connect all the pieces. That’s why I started my newest book (available for free at nexus.realtimepublishers.com/awidv.php), “Automating Windows 7 Installation for Desktop and VDI Environments.”.
In the book, I outline the multistep process you’ll want to undergo to start with nothing and end up with a fully automated solution for deploying Windows. Automatically deploying Windows doesn’t always need to be fully automated. If you only need to deploy to a few systems, full automation might take you longer to set up than just installing Windows manually.
Let me suggest a simpler approach: Here are seven easy steps with which you can build an automated Windows 7 solution. You could probably complete these steps during your lunch hour. If you’ve already got a Windows image built and ready to go, you could have your entire office upgraded to Windows 7 by day’s end.
More importantly, these steps are the starting point for a fully automated solution, one that leverages the full-featured Microsoft Deployment Toolkit (MDT). Once you understand the basics of this deployment, those skills work wonders in deciphering the rich capabilities of the MDT.
Step 1: Install Windows Deployment Server
Got a spare Windows Server 2008 R2 around that isn’t doing much? This version adds a few niceties to Windows Deployment Services (WDS) that make it a must-have. Install the WDS role on that server and run through its Configure Server wizard. Add in a set of Windows 7 images directly from the DVD media within its Add Image Wizard. Those images will come in handy in a moment.
Step 2: Configure WDS for Over-the-Network Deployment
You can boot images from a USB hard drive or other bootable media, but WDS includes some nice boot-from-network capabilities. While you should always be on the lookout for using too much bandwidth (which can be a problem with WDS multicast over-the-network deployment), deploying images over the network means no more lugging computers around the office.
.jpg "Figure 1 The PXE Response tab")
Figure 1 The PXE Response tab
The initial WDS setup has nine different properties tabs you’ll want to review. The book covers settings for each, but there’s one in particular that warrants attention here. That tab, called PXE Response, is shown in Figure 1. One of the hardest parts about using the free Microsoft tools is naming the computers as they’re deployed. Until recently there hasn’t been an elegant solution for naming computers, short of discovering and pre-staging their GUIDs into Active Directory.
.jpg "Figure 2 The Name and Approve option")
Figure 2 The Name and Approve option
Consider this alternative to that annoying pre-staging step: configure your PXE response as in Figure 1. Doing this means you’ll have to “approve” any client computer that WDS doesn’t know about. It also exposes the ability to name a client as part of the approval. Take a look at Figure 2, where I’m about to approve a waiting client.
The option to Name and Approve a client lets me set the naming at the very start of the install process. I can then fully automate every other part of the installation. Essentially, after this click, I can walk away and come back to a fully complete Windows 7 instance. That’s handy.
There’s a permission delegation you’ll have to configure in Active Directory to make this work. (See technet.microsoft.com/library/cc754005(WS.10) for more on permissions on common management taks.) Without that permission delegation, selecting Name and Approve will result in an error. Admittedly, you have to omit a few of the mentioned configuration details, but you should know that Name and Approve represents an important and new approach you might have otherwise missed.
Step 3: Deploy Your First Windows 7 Image
Once your WDS server is ready to go, you’re ready to deploy your first image. As you’ve already uploaded the “basic” images off the Windows 7 DVD media, try one of those. It should deploy, but it should also prompt you in two different locations for additional information. The first is inside the Windows Pre-Installation Environment (WinPE) serviced by WinPE. The second is within the Set Up Windows wizard at the end.
There’s another important step you might have missed on your own. Microsoft has three ways to set up multicast transmissions for over-the-network deployments. You can start a transmission based on the number of clients or a countdown timer. The third option is far more compelling, however. That option is called Auto-Cast, and is selected in Figure 3.
.jpg "Figure 3 The Auto-Cast option")
Figure 3 Selecting a Multicast Type
Auto-Cast is particularly exciting because it’s a multicast transmission that’s essentially always running. Once you set it up, you can connect computers to it at any time. Connected computers will automatically begin receiving an OS after they’ve completed the correct startup sequence.
Auto-Cast is particularly handy. Once I have an image I want to deploy, I just leave it running. Then, anytime I need to deploy, I kick off the process from the client. If that client is known, it’ll start immediately. If it’s unknown, I’m given the option to approve and name the client right at the beginning. Then, I can move on to better things while it installs.
Step 4: Dealing with Drivers
This basic installation is great if you’re deploying to hardware whose drivers are already on the Windows DVD. Most of us, however, have desktops that require special drivers to function.
Here the fantastic new Driver Packages node in WDS comes in extremely handy. You’re familiar with Plug and Play. Using Plug and Play, a Windows system will recognize when hardware is attached. Once detected, it will match the correct driver to that hardware. This activity happens while the system is running, but it also happens during the initial installation as well.
Driver Packages in WDS effectively make those drivers available for Plug and Play to find and match. The process is simple, but there is one slightly challenging step associated with unpacking your drivers. Take a look through any folder of desktop drivers. Many of those drivers may be packed up in .exe or .msi files, or maybe even in a .cab or .zip file.
To use Driver Packages, you’ll need to “unpack” those drivers so you can see the actual driver. WDS is looking for files with an .inf extension. There are multiple methods available for accomplishing this unpacking process, some of which are in the book.
.jpg "Figure 4 The Add Driver Package wizard")
Figure 4 The Add Driver Package wizard
WDS can ingest your drivers in a single step once they’re unpacked. You’ll see in Figure 4 that WDS will search through a folder and its subfolders for driver .inf files, ingesting each into its database. This is handy for those custom drivers you want automatically installed as you deploy Windows 7. Just add drivers to the default DriverGroup1 group. Be cautious, however, of similar-looking drivers that might conflict with each other. You don’t want Plug and Play accidentally matching the wrong driver. You’ll find that WDS is equipped with filters to prevent conflicts.
Step 5: Automating the Boot Image
WDS uses two different images to deploy Windows. A boot image loads the WinPE. That environment bootstraps enough of an OS so it can deploy the “real” OS instance over the network. That real instance is contained in what we call an install image.
Both images ask a set of questions during an installation. For my seven easy steps, I want those questions pre-answered so I don’t have to sit around and wait to manually answer them while the installation proceeds.
The first set of questions aligns with the boot image. Answering those questions requires two more Microsoft applications called the Windows System Image Manager (WSIM), which is found in the Windows Automated Installation toolKit (WAIK). Download the WAIK to get WSIM—another serving of alphabet soup.
WSIM can be a bit challenging to use. Here’s the exact step-by-step from my book. You can also spin up a short set of answers in just a few minutes if you know the minimum required questions of the WinPE. Figure 5 outlines the set of questions and answers required to fully configure your boot image.
| Windows Image Pane (Question) | Upper-Right Pane (Answer) |
| amd64_Microsoft-Windows-International-Core-WinPE_{version}_neutral | InputLocale = en-us SystemLocale = en-us UILanguage = en-us UILanguageFallback = en-us UserLocale = en-us |
| amd64_Microsoft-Windows-International-Core-WinPE_{version}_neutral\ SetupUILanguage | UILanguage = en-us |
| amd64_Microsoft-Windows-Setup_{version}_neutral\ WindowsDeploymentServices\ Login\Credentials | Domain = {yourDomain} Username = {yourUsername} Password = {yourPassword} |
| amd64_Microsoft-Windows-Setup_{version}_neutral\Disk Configuration\Disk | DiskID = 0 |
| amd64_Microsoft-Windows-Setup_{version}_neutral\Disk Configuration\Disk\Create Partitions\CreatePartition | Extend = true Order = 1 Type = Primary |
| amd64_Microsoft-Windows-Setup_{version}_neutral\Disk Configuration\Disk\Modify Partitions\ModifyPartition | Active = true Format = NTFS Label = Windows Letter = C Order = 1 PartitionID = 1 |
| amd64_Microsoft-Windows-Setup_{version}_neutral\ WindowsDeploymentServices\ ImageSelection\InstallTo | DiskID = 0 PartitionID = 1 |
| amd64_Microsoft-Windows-Setup_{version}_neutral\ WindowsDeploymentServices\ ImageSelection\InstallImage | Filename = {Filename} ImageName = {imageName |
Figure 5 Questions and answers for Step 5
In the last row of Figure 5, the three entries tell the boot image which install image to use. If you enter values here, your boot image will automatically start installing the Windows image you identify. If you omit these values, you’ll be prompted for an image during the deployment. Both options have merit: one gives more automation versus more control with the other. Whichever you choose, attach your completed, unattended installation file under the Client tab in the properties screen for your WDS server.
Step 6: Automating Set Up Windows in the Install Image
Step 5 pre-answered the questions for your boot image. However, full automation requires answering the questions asked by the Set Up Windows wizard at the end of installation. You pre-answer these using the same WSIM tool you used in Step 5. The only difference is that you’ll attach a different unattended installation file to your install image, rather than the server itself.
Figure 6 gives you that minimum list of questions.
| Windows Image Pane (Question) | Upper-Right Pane (Answer) | Explanation |
| amd64_Microsoft-Windows-Shell-Setup_{version}_neutral (Pass 4) | ComputerName = %MACHINENAME% TimeZone |
Setting ComputerName to %MACHINENAME% will pass through the name you set in WDSs Name and Approve. Set TimeZone to your correct time zone, such as Mountain Standard Time. (Note: See technet.microsoft.com/library/cc749073(WS.10)for a list of applicable time zone strings.) |
| amd64_Microsoft-Windows-International-Core_{version}_neutral (Pass 7) |
InputLocale = en-us SystemLocale = en-us UILanguage = en-us UserLocale = en-us |
This item configures the Windows language to US English. |
| amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ oobe (Pass 4) |
HideEULAPage = true HideWirelessSetupIn OOBE = true NetworkLocation = work ProtectYourPC = 1 |
Hides the EULA and wireless setup screens, sets the network location to work, and enables Automatic Updates. |
| amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ UserAccounts\LocalAccounts\ LocalAccount (Pass 7) |
DisplayName = LocalAdmin Group = Administrators Name = LocalAdmin |
This item adds a local administrator account named LocalAdmin. |
| amd64_Microsoft-Windows-Shell-Setup_{version}_neutral\ UserAccounts\LocalAccounts\ LocalAccount\Password (Pass 7) |
Value = {Password} | This item configures the password for the administrator account created above. |
Figure 6 Questions and answers for Step 6
If you want to use the Name and Approve method of naming computers, make sure to set the value for ComputerName to %COMPUTERNAME%. This variable passes whatever you entered during Name and Approve through to the installation.
Also make sure you set your time zone with the correct label. You can get the list of exact time zone labels at technet.microsoft.com/library/cc749073(WS.10). Finally, the last two rows create a local administrator named LocalAdmin and assign it a password. You may change this name, but don’t call this user Administrator or you might experience problems.
.jpg "Figure 7 A look at the image properties")
Figure 7 A look at the image properties
Once you’ve created your second unattended installation file, attach it to your favorite install image by viewing the properties of that image. Notice the checkbox at the bottom of Figure 7 called “Allow image to install in unattended mode.” Check that box and provide a path to the correct file.
At this point, you’ve fully automated both parts of the installation. If you’ve done everything correctly, you should be able to kick off an installation and come back later to a ready-to-go Windows instance.
Step 7: Customize Your Own Image
Obviously, deploying basic Windows 7 images with no configurations or applications isn’t that useful. Most of us want to create our own images that include software and other customizations. Microsoft refers to this computer as the master computer. WDS can grab an image off from the master computer using a third type of image called a capture image.
Create a capture image in WDS by right-clicking a boot image and choosing Create Capture Image. Give the image a name, description and path in the resulting wizard, and then add that image back to your WDS server.
At this point, you can either create bootable media with this image or deploy it over the network. A capture image is itself a boot image. By creatively enabling and disabling different boot images in WDS, you can deploy the capture image to your master computer right over the network.
Obviously, you’ll need that master computer already created. The very last step before capturing the image is to run the System Preparation Tool, or Sysprep. Sysprep is already part of Windows 7, so invoking it only requires running C:\Windows\System32\sysprep\sysprep.exe.
.jpg "Figure 8 The System Preparation Tool")
Figure 8 The System Preparation Tool
When you run Sysprep, configure its System Cleanup Action to Enter System Out-of-Box Experience, and set it to Shutdown when complete, as shown in Figure 8. Then, make sure you don’t power that machine back on until after you’ve captured its image.
Capture your master image by booting and connecting it to the WDS server over the network. If you’ve enabled the correct capture image, it will boot the computer to the capture wizard and transfer the image to WDS. This can take a while. Once this process is complete, you should be able to use the same unattended installation files to automate this custom image just like the basic image you deployed in Step 3.
7 Simple Steps
These seven simple steps are intended to get you started. This might be all you ever need to get yourself started down the road to automatically deploying Windows 7. If you’re looking for more out of your deployment solution, look at the MDT. That solution has a lot more moving parts (and acronyms). It can accomplish more, but only after you’ve invested the time to set it up.
.jpg "Greg Shields")
Greg Shields, MVP, is a partner at Concentrated Technology. Get more of Shields’ Jack-of-all-Trades tips and tricks at ConcentratedTech.com.
Get Recognized for Your Best Tips
Are you a Jack-Of-All-Trades (JOAT) Windows administrator? Are you responsible for networks, servers, printers, and everything in-between? If so, you’ve surely developed some useful tips and tricks for keeping those servers running. Interested in sharing? TechNet Magazine’s Geek-of-all-Trades columnist Greg Shields is looking for a few good tips for an upcoming column, and he’s seeking your help.
Got a smart tip for managing your Windows servers? Figured out a nifty tactic for keeping desktops running? Care to share a secret trick for managing your IT environment? Greg’s “Top 20 IT Tips” will appear in an upcoming TechNet Magazine issue. There, he’ll be recognizing the top 20 smartest IT JOATs in the industry alongside their game-changing tip or trick. Submit yours today! Get your name in print, extol your virtues, and remind everyone why you’re the ones that get the real work done. Send your tips to gshields@concentratedtech.com. Every submitted tip will get a response.
—G.S.