MICROSOFT
LEARNING
PRODUCT
6294A
Planning and Managing Windows 7 Desktop Deployments and Environments Volume 1
Be sure to access the extended learning content on your Course Companion CD enclosed on the back cover of the book.
ii
Volume 1
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2009 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Press, Access, Active Desktop, Active Directory, ActiveSync, ActiveX, Aero, Authenticode, BitLocker, BizTalk, DirectX, Encarta, Excel, Forefront, Hyper-V, Internet Explorer, Microsoft Dynamics, MS, MSDN, MS-DOS, MSN, OneCare, OneNote, Outlook, PowerPoint, ReadyBoost, SharePoint, SmartScreen, SoftGrid, SpyNet, SQL Server, Visio, Visual Basic, Visual C#, Visual Studio, Win32, Windows, Windows Live, Windows Media, Windows Mobile, Windows NT, Windows PowerShell, Windows Server, Windows Vista, and Zune are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
MICROSOFT LICENSE TERMS OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER EDITION Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to the Licensed Content named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft updates, supplements, Internet-based services, and support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply. By using the Licensed Content, you accept these terms. If you do not accept them, do not use the Licensed Content. If you comply with these license terms, you have the rights below.
1. DEFINITIONS. a. Academic Materials means the printed or electronic documentation such as manuals,
workbooks, white papers, press releases, datasheets, and FAQs which may be included in the Licensed Content. location, an IT Academy location, or such other entity as Microsoft may designate from time to time. conducted at or through Authorized Learning Centers by a Trainer providing training to Students solely on Official Microsoft Learning Products (formerly known as Microsoft Official Curriculum or MOC) and Microsoft Dynamics Learning Products (formerly know as Microsoft Business Solutions Courseware). Each Authorized Training Session will provide training on the subject matter of one (1) Course. Center during an Authorized Training Session, each of which provides training on a particular Microsoft technology subject matter.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and
d. Course means one of the courses using Licensed Content offered by an Authorized Learning
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or
analog device.
f.
Licensed Content means the materials accompanying these license terms. The Licensed Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student Content, (iii) classroom setup guide, and (iv) Software. There are different and separate components of the Licensed Content for each Course. Software means the Virtual Machines and Virtual Hard Disks, or other software applications that may be included with the Licensed Content.
g.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i.
Student Content means the learning materials accompanying these license terms that are for use by Students and Trainers during an Authorized Training Session. Student Content may include labs, simulations, and courseware files for a Course. Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer and b) such other individual as authorized in writing by Microsoft and has been engaged by an Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its behalf. Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and demonstration guides and script files for a Course. Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single computer or other device in order to allow end-users to run multiple operating systems concurrently. For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content. Microsoft Virtual PC or Microsoft Virtual Server software that consists of a virtualized hardware environment, one or more Virtual Hard Disks, and a configuration file setting the parameters of the virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content. you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these license terms.
j.
k. Trainer Content means the materials accompanying these license terms that are for use by
l.
m. Virtual Machine means a virtualized computing experience, created and accessed using
n.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and electronic), Trainer Content, Student Content, classroom setup guide, and associated media. License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center location or per Trainer basis.
3. INSTALLATION AND USE RIGHTS. a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you
may: i. either install individual copies of the relevant Licensed Content on classroom Devices only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of copies in use does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by classroom Devices and only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of Devices accessing the Licensed Content on such server does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session. iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to use the Licensed Content that you install in accordance with (ii) or (ii) above during such Authorized Training Session in accordance with these license terms.
i.
Separation of Components. The components of the Licensed Content are licensed as a single unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license terms will apply to the use of those third party programs, unless other terms accompany those programs.
b. Trainers:
i. Trainers may Use the Licensed Content that you install or that is installed by an Authorized Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content.
You may install and Use one copy of the Licensed Content on the licensed Device solely for your own personal training Use and for preparation of an Authorized Training Session. personal training Use and for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own 4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions
in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not
contain the same information and/or work the way a final version of the Licensed Content will. We may change it for the final, commercial version. We also may not release a commercial version. You will clearly and conspicuously inform any Students who participate in each Authorized Training Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with any further content, including but not limited to the final released version of the Licensed Content for the Course. Microsoft, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software, Licensed Content, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your feedback in them. These rights survive this agreement.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to
c. Confidential Information. The Licensed Content, including any viewer, user interface, features
and documentation that may be included with the Licensed Content, is confidential and proprietary to Microsoft and its suppliers. i. Use. For five years after installation of the Licensed Content or its commercial release, whichever is first, you may not disclose confidential information to third parties. You may disclose confidential information only to your employees and consultants who need to know the information. You must have written agreements with them that protect the confidential information at least as much as this agreement. Survival. Your duty to protect confidential information survives this agreement.
ii.
iii. Exclusions. You may disclose confidential information in response to a judicial or governmental order. You must first give written notice to Microsoft to allow it to seek a
protective order or otherwise protect the information. Confidential information does not include information that d. becomes publicly known through no wrongful act; you received from a third party who did not breach confidentiality obligations to Microsoft or its suppliers; or you developed independently.
Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs you is the end date for using the beta version, or (ii) the commercial release of the final release version of the Licensed Content, whichever is first (beta term). Use. You will cease using all copies of the beta version upon expiration or termination of the beta term, and will destroy all copies of same in the possession or under your control and/or in the possession or under the control of any Trainers who have received copies of the pre-released version. Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you for such copies and distribution.
e.
f.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced Server and/or other Microsoft products which are provided in Virtual Hard Disks. A. If the Virtual Hard Disks and the labs are launched through the Microsoft Learning Lab Launcher, then these terms apply: Time-Sensitive Software. If the Software is not reset, it will stop running based upon the time indicated on the install of the Virtual Machines (between 30 and 500 days after you install it). You will not receive notice before it stops running. You may not be able to access data used or information saved with the Virtual Machines when it stops running and may be forced to reset these Virtual Machines to their original state. You must remove the Software from the Devices at the end of each Authorized Training Session and reinstall and launch it prior to the beginning of the next Authorized Training Session. B. If the Virtual Hard Disks require a product key to launch, then these terms apply: Microsoft will deactivate the operating system associated with each Virtual Hard Disk. Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized Training Session, you will obtain from Microsoft a product key for the operating system software for the Virtual Hard Disks and will activate such Software with Microsoft using such product key. C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with the terms and conditions of this agreement and the following security requirements: o o You may not install Virtual Machines and Virtual Hard Disks on portable Devices or Devices that are accessible to other networks. You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at the end of each Authorized Training Session, except those held at Microsoft Certified Partners for Learning Solutions locations. You must remove the differencing drive portions of the Virtual Hard Disks from all classroom Devices at the end of each Authorized Training Session at Microsoft Certified Partners for Learning Solutions locations. You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or downloaded from Devices on which you installed them. You will strictly comply with all Microsoft instructions relating to installation, use, activation and deactivation, and security of Virtual Machines and Virtual Hard Disks. You may not modify the Virtual Machines and Virtual Hard Disks or any contents thereof. You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
o o o o
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an
Authorized Training Session will be done in accordance with the classroom set-up guide for the Course. iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip art, animations, sounds, music, shapes, video clips and templates provided with the Licensed Content solely in an Authorized Training Session. If Trainers have their own copy of the Licensed Content, they may use Media Elements for their personal training use. iv. iv Evaluation Software. Any Software that is included in the Student Content designated as Evaluation Software may be used by Students solely for their personal training outside of the Authorized Training Session.
b. Trainers Only:
i. Use of PowerPoint Slide Deck Templates. The Trainer Content may include Microsoft PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those portions of the Licensed Content that are logically associated with instruction of the Authorized Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer agrees: (a) that any of these customizations or reproductions will only be used for providing an Authorized Training Session and (b) to comply with all other terms and conditions of this agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and use the Academic Materials. You may not make any modifications to the Academic Materials and you may not print any book (either electronic or print version) in its entirety. If you reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use You will not republish or post the Academic Materials on any network computer or broadcast in any media; You will include the Academic Materials original copyright notice, or a copyright notice to Microsofts benefit in the format provided below: Form of Notice: 2009 Reprinted for personal reference use only with permission by Microsoft Corporation. All rights reserved. Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the US and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed
Content. It may change or cancel them at any time. You may not use these services in any way that could harm them or impair anyone elses use of them. You may not use the services to try to gain unauthorized access to any service, data, account or network by any means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allow you to use it in certain ways. You may not install more copies of the Licensed Content on classroom Devices than the number of Students and the Trainer in the Authorized Training Session; allow more classroom Devices to access the server than the number of Students enrolled in and the Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network server; copy or reproduce the Licensed Content to any server or location for further reproduction or distribution; disclose the results of any benchmark tests of the Licensed Content to any third party without Microsofts prior written approval; work around any technical limitations in the Licensed Content; reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent that applicable law expressly permits, despite this limitation; make more copies of the Licensed Content than specified in this agreement or allowed by applicable law, despite this limitation; publish the Licensed Content for others to copy;
transfer the Licensed Content, in whole or in part, to a third party; access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not been authorized by Microsoft to access and use; rent, lease or lend the Licensed Content; or use the Licensed Content for commercial hosting services or general business purposes. Rights to access the server software that may be included with the Licensed Content, including the Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting. Content marked as NFR or Not for Resale.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed 10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as
Academic Edition or AE. If you do not know whether you are a Qualified Educational User, visit www.microsoft.com/education or contact the Microsoft affiliate serving your country. fail to comply with the terms and conditions of these license terms. In the event your status as an Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this agreement, you must destroy all copies of the Licensed Content and all of its component parts.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-
based services and support services that you use, are the entire agreement for the Licensed Content and support services.
13. APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law
governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of
using it. Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this agreement cannot change. To the extent permitted under your local laws, Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES. This limitation applies to anything related to the Licensed Content, software, services, content (including code) on third party Internet sites, or third party programs; and claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages. Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en franais. EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues. LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices. Cette limitation concerne: tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre gard. EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays si celles-ci ne le permettent pas.
Welcome!
Thank you for taking our training! Weve worked together with our Microsoft Certied Partners for Learning Solutions and our Microsoft IT Academies to bring you a world-class learning experiencewhether youre a professional looking to advance your skills or a student preparing for a career in IT.
Microsoft Certied Trainers and InstructorsYour instructor is a technical and instructional expert who meets ongoing certication requirements. And, if instructors are delivering training at one of our Certied Partners for Learning Solutions, they are also evaluated throughout the year by students and by Microsoft. Certication Exam BenetsAfter training, consider taking a Microsoft Certication exam. Microsoft Certications validate your skills on Microsoft technologies and can help differentiate you when finding a job or boosting your career. In fact, independent research by IDC concluded that 75% of managers believe certications are important to team performance1. Ask your instructor about Microsoft Certication exam promotions and discounts that may be available to you. Customer Satisfaction GuaranteeOur Certied Partners for Learning Solutions offer a satisfaction guarantee and we hold them accountable for it. At the end of class, please complete an evaluation of todays experience. We value your feedback!
We wish you a great learning experience and ongoing success in your career!
IDC, Value of Certication: Team Certication and Organizational Performance, November 2006
xiii
Acknowledgement
Microsoft Learning would like to acknowledge and thank the following for their contribution towards developing this title. Their effort at various stages in the development has ensured that you have a good classroom experience.
xv
Contents
Module 1: Preparing to Deploy Windows 7 Business Desktops
Lesson 1: Overview of the Desktop Lifecycle Lesson 2: Desktop Deployment: Challenges and Considerations Lesson 3: Tools and Technologies Used in the Desktop Deployment Lifecycle Lesson 4: Assessing the Current Computing Environment for Deploying Windows 7 Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit Lesson 5: Designing Windows Activation Lab B: Recommending an Activation Strategy 1-4 1-12 1-22 1-34 1-56 1-63 1-78
xvi
xvii
Course Description
This five-day instructor-led course is intended for desktop administrators who want to specialize in desktop deployment, configuration, and management. In this course, students learn how to plan and deploy Windows 7 desktops in large organizations. They also learn how to design, configure, and manage the Windows 7 client environment. This course helps students prepare for the Exam 70-686, Pro: Windows 7, Enterprise Desktop Administrator.
Audience
This course is intended for IT professionals who are interested in specializing in Windows 7 desktop and application deployments and managing the desktop environments for large organizations. People attending this training could be support technicians or currently in deployment roles and are looking at taking the next step in their career or enhancing their skills in the areas of planning and deploying Windows 7 desktops.
Student Prerequisites
In addition to their professional experience, students who attend this training should have the following prerequisite knowledge and skills: Solid understanding of TCP/IP and networking concepts Solid Windows and Active Directory knowledge. For example, domain user accounts, domain vs. local user accounts, user profiles, and group membership Good understanding of scripts and batch files Solid understanding of security concepts such as authentication and authorization Perform a clean installation of Windows 7, Upgrade to Windows 7, and migrate user-related data and settings from Windows XP Configure disks, partitions, volumes, and device drivers to enable Windows 7 to function as desired Configure and troubleshoot permissions and other settings to allow access to resources and applications on Windows 7 Systems
ii
Configure settings to enable network connectivity Configure and troubleshoot a wireless network connection Configure and troubleshoot Windows 7 security Configure mobile computers and devices Familiar with the client administration capabilities of Windows Server and familiar with management tools such as the System Center suite of products Familiar with deployment, packaging, and imaging tools Ability to work in a team or in a virtual team Good documentation and communication skills to create proposals and make budget recommendations Train and mentor others
Passing the Exam 70-624: TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops is preferable but not mandatory.
Course Objectives
After completing this course, students will be able to: Prepare to deploy Windows 7 business desktops Assess and resolve application compatibility issues with Windows 7 Determine the most appropriate method to deploy Windows 7 based upon specific business requirements Design a standard Windows 7 image by assessing and evaluating the business requirements Deploy Windows 7 by using WAIK Deploy Windows 7 by using WDS Deploy Windows 7 by using Lite Touch Installation Deploy Windows 7 by using Zero Touch Installation Migrate user state by using Windows Easy Transfer and User State Migration Tool 4.0 Design, configure, and manage the Windows 7 client environment Plan and deploy applications and updates to Windows 7 client computers
iii
Course Outline
This section provides an outline of the course: Module 1: Preparing to Deploy Windows 7 Business Desktops Module 2: Assessing Application Compatibility in Windows 7 Module 3: Evaluating Windows 7 Deployment Methods Module 4: Designing Standard Windows 7 Images Module 5: Deploying Windows 7 by using WAIK Module 6: Deploying Windows 7 by using Windows Deployment Services Module 7: Deploying Windows 7 by using Lite Touch Installation Module 8: Deploying Windows 7 by using Zero Touch Installation Module 9: Migrating User State by using WET and USMT 4.0 Module 10: Designing, Configuring, and Managing the Client Environment Module 11: Planning and Deploying Applications and Updates to Windows 7 Clients Module 12: Deploying Windows 7 Challenge Scenario
iv
Course Materials
The following materials are included with your kit: Course Handbook. A succinct classroom learning guide that provides all the critical technical information in a crisp, tightly-focused format, which is just right for an effective in-class learning experience. Lessons: Guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience. Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned in the module. Module Reviews and Takeaways: Provide improved on-the-job reference material to boost knowledge and skills retention. Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its needed.
Course Companion CD. Searchable, easy-to-navigate digital content with integrated premium on-line resources designed to supplement the Course Handbook. Lessons: Include detailed information for each topic, expanding on the content in the Course Handbook. Labs: Include complete lab exercise information and answer keys in digital form to use during lab time. Resources: Include well-categorized additional resources that give you immediate access to the most up-to-date premium content on TechNet, MSDN, Microsoft Press Student Course Files: Include the Allfiles.exe, a self-extracting executable file that contains all the files required for the labs and demonstrations.
Note: To access the full course content, insert the Course Companion CD into the CD-ROM drive, and then in the root directory of the CD, double-click StartCD.exe.
Course evaluation. At the end of the course, you have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor.
To provide additional comments or feedback on the course, send e-mail to support@mscourseware.com. To inquire about the Microsoft Certification Program, send e-mail to mcphelp@microsoft.com.
Important: At the end of each lab, you must close the virtual machine and must not save any changes. To close a virtual machine without saving the changes, perform the following steps: 1. On the host computer, start Hyper-V Manager. 2. Right-click the virtual machine name in the Virtual Machines list, and click Revert. 3. In the Revert Virtual Machine dialog box, click Revert.
The following table shows the role of each virtual machine used in this course:
Virtual machine 6294A-LON-DC1 6294A-LON-CL1 6294A-LON-CL2 6294A-LON-CL3 6294A-LON-IMG1 6294A-LON-IMG2 6294A-LON-VS1 6294A-LON-VS2 6294A-LON-VS3 6294A-LON-SVR1 Role Domain controller in the Contoso.com domain Windows 7 computer in the Contoso.com domain Windows 7 computer in the Contoso.com domain Virtual machine with no operating system installed Virtual machine with no operating system installed Virtual machine with no operating system installed Windows Vista computer in the Contoso.com domain Windows Vista computer in the Contoso.com domain Windows Vista computer in the Contoso.com domain Windows Server 2008 R2 in the Contoso.com domain
vi
Software Configuration
The following software is installed on the VMs: Windows Server 2008 R2 Windows 7 Windows Vista System Center Configuration Manager 2007 R2 SP2 Various deployment tools such as the Windows Automated Installation Kit and Microsoft Deployment Toolkit 2010
Classroom Setup
Each classroom computer has the same virtual machines configured in the same way.
Hardware Level 6
Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor Dual 120 gigabyte (GB) hard disks 7200 RM SATA or better* 4 GB RAM expandable to 8GB or higher DVD drive Network adapter Super video graphics array (SVGA) 17-inch monitor Microsoft Mouse or compatible pointing device Sound card with amplified speakers
*Striped In addition, the instructor computer must be connected to a projection display device that supports SVGA 800 x 600 pixels, 256 colors.
1-1
Module 1
Preparing to Deploy Windows 7 Business Desktops
Contents:
Lesson 1: Overview of the Desktop Lifecycle Lesson 2: Desktop Deployment: Challenges and Considerations Lesson 3: Tools and Technologies Used in the Desktop Deployment Lifecycle Lesson 4: Assessing the Current Computing Environment for Deploying Windows 7 Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit Lesson 5: Designing Windows Activation Lab B: Recommending an Activation Strategy 1-4 1-12 1-22 1-34 1-56 1-63 1-78
1-2
Module Overview
Running a new operating system has many benefits; however, many organizations consider the new operating system deployment process to be complicated and expensive. The complexity and cost of a migration may make it difficult for users to quickly realize new operating system benefits. Additional migration and deployment challenges include: Application incompatibilities Complicated user state migrations Lack of migration resources Lack of best practices and implementation guides Deficient end-user training and support
This course is intended for people who wish to enhance their planning and deploying desktops skills.
1-3
This module helps you plan and perform effective preparation tasks for deploying Windows 7 operating system clients. It begins by discussing client, hardware, and deployment lifecycles. To prepare a successful deployment you must understand processes associated with lifecycles and the Microsoft tools that are available for individual phases. Efficient and automated desktop deployment processes result in significant cost savings to the enterprise. Each step within the Desktop Deployment Lifecycle framework incorporates tools and technologies to support a Lite Touch or Zero Touch deployment process. Before deploying Windows 7, ensure that the computers meet minimum hardware requirements for Windows 7. You must decide what edition of Windows 7 best suits organizational requirements and whether to use the 32-bit or the 64-bit platform of Windows 7. Product activation is a requirement in the Windows 7 operating system. Validation is required for each Windows 7 license through an online activation service at Microsoft.
1-4
Lesson 1
The Desktop Lifecycle (Client Lifecycle) includes: Planning the deployment Preparing for the deployment Deploying the images to the hardware clients
Support is part of Management and is also a critical phase in the Client Lifecycle.
1-5
Key Points The first phase in the client lifecycle called Procurement is the complete process of obtaining goods and services from preparation and processing of a requisition through to receipt and approval of the invoice for payment. The second phase is Deployment which involves the process of installing the operating system and applications on the user computers. Management is the third phase in which updates are applied and support is provided to end-users. The final phase of the lifecycle is Retirement or the process in which the computers are taken out of operation and recycled. Procurement: The complete action or process of acquiring or obtaining personnel, material, services, or property from a vendor by means authorized in relevant, specific directives. It is the action or process of acquiring or obtaining items at the operational level, for example, purchasing, contracting, and negotiating directly with the supply source for the purchasing of computers.
1-6
Deployment: All of the activities that make a software system available for use is called deployment. The general deployment process consists of several interrelated activities with possible transitions between thorough build and test phases, and stabilization. Management: Consists of updates and support. Updates include facilities, software upgrade, and hardware transfer to new users. Support includes training, IT support, and service hardware. Updates: To keep computers that are running Windows operating systems stable and secure, you must update them regularly with the latest security updates and fixes. Windows Update enables you to download and install important and recommended updates automatically, instead of visiting the Windows Update Web site. Microsoft Support Lifecycle Policy: The policy applies to most products currently available through retail purchase or volume licensing, and most future release products.
Retirement: The focus of the retirement phase is the successful removal of a system from production. This is an issue faced by most organizations today; as legacy systems are phased out and new systems replace them, you must complete this effort successfully and without a major interruption to daily organizational business needs.
Software systems do not last forever. Eventually, they become obsolete or are superseded by other systems and must be removed. Systems are removed from production for several reasons: They are no longer needed for the current business model. For example, legislation was passed requiring a system updateand now that legislation has been repealed. They are obsolete (for example, systems created to handle the Y2K issue). The system is being replaced. For example, it is common to see homegrown systems for human resource functions being replaced by commercial off-theshelf (COTS) systems such as Microsoft Dynamics GP or Microsoft Dynamics NAV.
Question: Provide a brief description of the activities in the Client Lifecycles Management Phase.
1-7
Key Points A standardized hardware infrastructure forms the foundation for desktop optimization. It is by standardizing desktop hardware and software that organizations can ultimately advance toward a more flexible, agile, and optimized infrastructure. When the entire span of the PC lifecycle is viewed as a whole, from purchase through retirement, it is clear that purchase price is just one component of PC lifecycle costs. Standardizing and managing hardware s as a fleet, with consistent policies and practices, enables the enterprise to benefit from its scale. With a consistent approach to fleet management, organizations can achieve numerous benefits: Effective PC fleet management: Understanding PC lifecycle costs leads to better fleet strategy decisions, such as prioritization of investments and optimal configuration choices. By managing the PC fleet as a whole, the value of these decisions can be leveraged across the entire enterprise.
1-8
Reduced costs of IT complexity: As hardware configurations grow, so do costs. A 2004 study found that each additional hardware configuration introduced into a desktop environment results in a 12 United States dollar (USD) increase in yearly support costs for each desktop PC, on average. An optimized PC fleet management strategy helps to reduce the complexity of deployment, asset management, system monitoring, and software updates.
Adaptable PC Infrastructure: System flexibility allows users to repurpose hardware to meet the needs of different roles and business needs across the organization.
The Hardware Lifecycle includes the following steps. Some lifecycles merge some of these stages to reduce the number. Plan includes hardware strategy, demand forecasting, hardware selection, and design configuration Buy includes hardware, software image, accessories, and delivery Deployment includes logistics, software deployment, configuration, and data migration Operate includes facilities, PC security, software upgrade, data protection, and IT administration Support includes training, IT support, and service hardware Upgrade includes facilities, software upgrade, and hardware transfer to new user Retire includes hardware pickup. hardware re-sell preparation, administrative processing, shipping and packing, and residual value
Question: What are the main reasons for upgrading or replacing hardware?
1-9
Key Points The desktop deployment life cycle provides a framework of the tasks needed to successfully deploy a software application or operating system. You must understand the life cycle phases to properly plan for resources and tools required to ensure effective implementation. The desktop deployment life cycle phases are: planning, building, and deploying.
Planning
During the initial planning phase, organizations assess their business needs to determine the value of their investment and define the scope and objectives of the project. In this phase, you assess the current hardware, software, and network configurations to determine: Organizational readiness for desktop deployment. Tools required in the assist of the build and deploy phases of the project.
1-10
Examples of deliverables expected from this phase include deployment details, application compatibility and user state migration requirements, a schedule for deployment, an assessment of the current configuration, test and pilot plans, and a rollout plan.
Building
The building phase provides the opportunity to streamline and simplify the deployment process. This includes developing the automated solution and procedures to be used for the deployment. Developing and testing the baseline operating system images are essential parts of this phase; without the test system, you might fail to identify and correct any errors, and subsequently duplicate these errors to all computers in your environment during the actual deployment.
Deploying
After thorough build and test phases, deployment can begin. The deployment phase is the period during which the team implements the solution and ensures that it is stable and usable. A typical deployment takes place in phases throughout the networking environment, and includes the deployment team stabilizing each phase before moving on to the next section for upgrade or installation. Question: What are some of the benefits of having a Pilot Plan during the Planning Phase?
1-11
Use the following questions to encourage discussion: Discuss the client, hardware, and deployment lifecycles used in your organization. What best practices have you implemented?
1-12
Lesson 2
Many organizations recognize that there is the potential for significant cost savings when an efficient and automated desktop deployment process is implemented. To realize this potential, you must identify the challenges and understand the roadmap to follow so that your organization can move to a more dynamic network environment. This lesson provides information about some of the challenges you may face when deploying new desktops; and guidelines for implementing an effective desktop deployment process. This lesson also discusses the Infrastructure Optimization Model; and how automating the desktop deployment can provide cost savings within your organization.
1-13
Discussion: What Are the Challenges When Deploying a New Business Desktop?
Use the following questions to encourage discussion: Discuss deployment challenges. How do these challenges relate to your experiences during previous deployment projects?
1-14
Key Points
An effective desktop deployment process can be accomplished through the implementation of several basic guidelines: Take an inventory and establish a network map of the existing client computers, servers, and other relevant networking services, to determine the installed application base and hardware types currently deployed. Determine which hardware can be reused as part of the new computer deployment, and which types might need to be retired. You must have a full understanding of the new operating systems hardware requirements. Determine which applications can be redeployed on the new desktop systems, and start a process for packaging or scripting those applications so that they can be reinstalled quickly and consistently without user intervention.
1-15
Define a strategy for addressing applications that cannot be supported on the new platform. For example, you may have a business-critical application that is not supported on the new operating system, but may be a candidate for virtualization technology such as Microsoft Virtual PC 2007, Microsoft Virtual Server, or Microsoft Enterprise Desktop Virtualization (MED-V). With Hyper-V in the Windows Server and System Center, the virtualization of your enterprise with Microsoft can cost less than competitive products and help to maximize the return on your virtualization investment.
Create an imaging process to produce a standard enterprise image of a base desktop computer to aid in configuration management and to speed deployments. Establish a process for capturing the user data, settings, and preferences on the currently deployed systems, and for restoring them on the newly deployed systems. Provide a method for backing up all relevant data on the current computer before redeployment. Provide an end-to-end process for the actual deployment of the new desktops. Create a plan for training users on the updated desktop system.
Question: What is the purpose for creating a hardware and software baseline?
1-16
Key Points The Infrastructure Platform Optimization model provides IT organizations with a tool that can help them understand and adopt a flexible and agile infrastructure platform. Key elements of each of these models include optimization levels, capabilities, and optimization-level transition projects. Optimization Levels Within each model, there are four optimization levels: Basic Standardized Rationalized or advanced Dynamic
1-17
Organizations fall within one of these four deployment and management network infrastructure optimization levels. These levels range from relatively little automation, to full automation integrated with an original equipment manufacturer (OEM) partner. You must understand the Infrastructure Optimization Model so you can determine the current maturity of your organization, and realize the benefit of a more automated deployment process. Common automation levels can be categorized within the Infrastructure Optimization Model, which includes basic, standardized, rationalized, and dynamic environments.
Basic Level
At the basic level, it is assumed that the organization does not maintain a standardized desktop operating system. The basic automation level implies the following general characteristics and issues: A non-standardized desktop infrastructure results in an environment that is more complex and difficult to manage. Patch management is either nonexistent or inconsistent, resulting in an environment that is vulnerable to security issues. Deploying or upgrading a new computer system is usually a manual process that is accomplished by using DVDs or CDs, and which typically results in an inconsistent baseline for business desktops.
Standardized Level
Organizations at the standardized automation level still maintain multiple desktop operating systems; however, desktop installation and upgrades are managed by an automated deployment method using a defined set of base image standards for each platform. The deployment method is considered a Lite Touch approach which requires minimal interaction with the clients on the network. The standardized level assumes that methods are in place for an automated patch management process that consistently maintains the business desktops update status. Application testing is typically at the departmental level to ensure compatibility after the desktop deployment or upgrade.
1-18
Rationalized Level
A rationalized automation level has a fully automated infrastructure with processes in place to implement Zero Touch desktop upgrades, new installations, and automated patch management. Zero Touch performs installations without any manual interaction and requires an enterprise deployment solution such as Microsoft System Center Configuration Manager 2007 or Microsoft Systems Management Server 2003, with the Operating System Deployment (OSD) Feature Pack. The rationalized level requires that the desktop environment follow a common standard, and corporate level defines the common image. Application testing follows structured corporate certification standards and processes.
Dynamic Level
The dynamic automation level automates the entire desktop deployment and management process, and increases the automation scope-to-server platforms. As new computers are purchased, the OEM partner ensures that a corporate-approved reference image is applied before shipping the computer to the organization. The dynamic environment also incorporates a structured and more centralized application testing process that is more automated and defined with certification standards and processes. Question: What is the reason for adopting an optimization-level transition project?
1-19
Key Points An effective desktop deployment strategy must minimize the costs associated with the implementation. This goal is realized when the deployment method incorporates tools and processes that are automated and require minimal resources.
1-20
Lite Touch deployment: the standardized approach minimizes costs by incorporating an increased level of Lite Touch automation by using deployment tools and technologies. A Lite Touch deployment still requires minimal user interaction and can incorporate multiple operating systems within the environment, which can result in moderate organizational costs. Zero Touch deployment: the cost for a Zero Touch deployment process based upon a rationalized or dynamic automation environment might be initially higher than other methods; however, the ongoing management and subsequent deployment initiatives will be significantly lower than the manual or Lite Touch deployment methods.
Question: What are the financial benefits of changing the optimization level?
1-21
Use the following questions to encourage discussion: Which automation level describes your organizations current network environment? Describe the network environment characteristics that determine your automation level. What can you do to promote your network environment to a higher automation level?
1-22
Lesson 3
An effective desktop deployment project follows a framework that outlines specific steps and processes throughout the task. Each step within the framework incorporates tools and technologies to support a Lite Touch or Zero Touch deployment process. This lesson describes the desktop deployment lifecycle and provides information on tools and technologies used for each step within the process.
1-23
Key Points One major challenge in deploying a new business desktop is to determine compatibility with existing systems that might be upgraded to Windows 7. You might also face challenges when attempting to migrate applications and user settings from previous desktop configurations to the new desktop installation. Hardware and application compatibility issues can significantly delay an upgrade or migration to a new operating system, and the loss of user settings can affect productivity and user satisfaction with deployment. The key to a successful desktop deployment is to obtain as much information about the existing desktop environment as possible. Also, try to obtain guidance and best practices to assist you in each of your desktop deployment project phases. Microsoft Assessment and Planning Toolkit (MAP) Microsoft Application Compatibility Toolkit (ACT) Enterprise Learning Framework (ELF)
1-24
Microsoft Deployment Toolkit (MDT) System Center Configuration Manager 2007 Microsoft Desktop Optimization Pack for Asset inventory planning
These tools can be used to support the planning phase to help ensure an effective desktop deployment.
1-25
1-26
1-27
Metering software usage Assessing variation from desired configurations Taking hardware and software inventory Remotely administering computers
Configuration Manager 2007 collects information in a Microsoft SQL Server database, allowing queries and reports to consolidate information throughout the organization. Configuration Manager 2007 can manage a wide range of Microsoft operating systems, including client platforms, server platforms, and mobile devices. Question: What is the purpose of the System Configuration Manager 2007?
1-28
Key Points
Deploying a Windows 7 desktop is now simpler because of a number of enhanced engineering tools used to create and maintain computer images. Windows 7 support for Windows Imaging (WIM) file format provides the ability to create and distribute hardware-independent images to desktops throughout the organization. The following sections provide an overview of the various tools that are used to build and maintain images for a Windows 7 deployment.
1-29
An MDT deployment solution includes the following: Deployment Share: This component is used to create and manage the distribution share, which contains source files related to the operating systems, applications, packages, and out-of-box drivers used in the deployment process. This component also provides the ability to configure various deployment methods such as a single-server deployment, a separate deployment share, and removable media such as a USB or DVD image, or the ability to create a directory containing all of the files needed for customizing a Systems Management Server deployment program. Task Sequences: This component is used to create and manage various builds for deployment throughout the organization.
1-30
ImageX
ImageX is a tool used to create system images. It provides many capabilities that improve the disk-imaging experience which includes the following: Mount an image file to perform offline updates. Take an image of an existing computer for distribution or for backup. You can save the image to a distribution share from which users can install the image, or you can push the image out to a target desktop. Use scripting tools to create and edit images. Minimize the number of standard images by providing hardware abstraction layer (HAL) independence.
1-31
USMT 4.0 enables you to do the following: Configure the migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they are migrated. USMT also allows you to configure user account migration on the ScanState and LoadState command lines. Fit a customized migration into your automated deployment process by using ScanState and LoadState which control collecting and restoring user files and settings. Perform offline migrations. You can run the ScanState command in Windows PE or you can perform migrations from previous installations of Windows contained in Windows.old directories.
USMT provides the following features: Operating system components migration: There are several operating system components that might be included in a USMT migration, such as Internet Explorer settings, Microsoft Outlook Express mail files, desktop wallpaper and icons, accessibility settings, Favorites, or Microsoft Open Database Connectivity settings. Application settings migration: A limited type of application settings can be migrated by using the USMT. Applications include Microsoft Office and MSN Messenger. USMT does not migrate the applications, only the application settings.
Question: You have decided to use the Windows AIK to deploy Windows 7. What do you use to create the images for the magazine development group?
1-32
Key Points
Deploying Windows 7 using Lite Touch or Zero Touch requires specific tools to support the technologies and scripts used for the deployment scenario. The following sections provide an overview of tools used for these types of scenarios.
1-33
System Center Configuration Manager 2007/Systems Management Server 2003 (SMS 2003)
System Center Configuration Manager 2007 and Systems Management Server 2003 provide a comprehensive solution for change to and configuration management of the Microsoft platform. Either management solution can be used for distributing operating systems, applications, and software updates. If your organization uses Systems Management Server 2003, you will need to integrate the Systems Management Server 2003 Operating System Deployment (OSD) Feature Pack to assist with deploying the operating systems. The OSD Feature Pack is a Systems Management Server 2003 add-on that is used to create operating system images within Systems Management Server 2003, which you can then deploy to and manage for your clients using Zero Touch installation methods. The OSD Feature Pack is free and can be downloaded from the Microsoft Web site. Configuration Manager 2007 collects information in a Microsoft SQL Server database, allowing queries and reports to consolidate information throughout the organization. Configuration Manager 2007 can manage a wide range of Microsoft operating systems, including client platforms, server platforms, and mobile devices.
1-34
Lesson 4
Before deploying Windows 7, ensure that your computer meets the minimum hardware requirements. In addition, decide what edition of Windows 7 best suits your organizational needs. You must also decide which architecture to use, either the 32 or the 64-bit platform of Windows 7. Once you have established your hardware requirements and decide which edition of Windows 7 to deploy, there are several options to install and deploy Windows 7. Depending on several factors, such as your organizations deployment infrastructure, policy and automation, you may want to select one or more installation options.
1-35
Key Points
Windows 7 includes many features that enable users to be more productive. It also provides a safer desktop environment and a higher level of reliability when compared to the previous versions of Windows. The key features of Windows 7 are categorized as follows: Usability: Windows 7 includes tools to simplify a users ability to organize, search for, and view information. In addition, Windows 7 communication, mobility, and networking features help users connect to people, information, and devices by using simple tools.
1-36
Security: Windows 7 is built on a fundamentally safer platform based on the Windows Vista foundation. User Account Control (UAC) in Windows 7 adds security by limiting administrator-level access to the computer, restricting most users to run as Standard Users. Streamlined UAC in Windows 7 reduces the number of operating system applications and tasks that require elevation of privileges and provides flexible prompt behavior for administrators, allowing standard users to do more and administrators to see fewer UAC elevation prompts.
Multi-tiered data protection: Rights Management Services (RMS), Encrypting File System (EFS), Windows BitLocker Drive Encryption, and Internet Protocol Security (IPsec) provides different level of data protection in Windows 7. RMS enables organizations to enforce policies regarding document usage. EFS provides user-based file and directory encryption. BitLocker and BitLocker To Go provides full-volume encryption of the system volume, including Windows system files and removable devices. IPsec isolates network resources from unauthenticated computers and encrypts network communication.
Reliability and performance: Windows 7 takes advantage of modern computing hardware, allowing it to run more reliably and provide more consistent performance than previous versions of Windows. Deployment: Windows 7 is deployed by using an image, which makes the deployment process efficient because of the following factors: Windows 7 installation is based on the Windows Imaging (WIM), which is a file-based, disk-imaging format. Windows 7 is modularized, which makes customization and deployment of the images simpler. Windows 7 uses Extensible Markup Language (XML)-based, unattended setup answer files to enable remote and unattended installations. Deploying Windows 7 by using Windows Deployment Services in Windows Server 2008 R2 is optimized with Multicast with Multiple Stream Transfer and Dynamic Driver Provisioning.
1-37
Consolidated tool for servicing and managing image in Deployment Image Servicing and Management (DISM). Migrating user state is made more efficient with hard-link migration, offline user state capture, volume shadow copy, and improved file discovery in USMT 4.0.
Manageability: Windows 7 introduces several manageability improvements that can reduce cost by increasing automation. Microsoft Windows PowerShell 2.0 enables IT professionals to create and run scripts on a local PC or on remote PCs across the network. Group Policy scripting enables IT professionals to manage Group Policy Objects (GPOs) and registry-based settings in an automated manner.
Windows 7 improves the support tools to keep users productive and reduce help desk calls, including: Built-in Windows Troubleshooting Packs that enable end-users to solve many common problems on their own. Improvements to the System Restore tool that informs users of applications that might be affected when they are returning Windows to an earlier state. The new Problem Steps Recorder, that enables users to record screenshots, click-by-click, to reproduce a problem. Improvements to the Resource Monitor and Reliability Monitor, which enable IT Professionals to more quickly diagnose performance, compatibility, and resource limitation problems.
Windows 7 also provides flexible administrative control with the following features: AppLocker, which enables IT professionals to have more flexibility when setting policy on which applications and scripts users can run or install. Auditing improvements, which enable IT professionals to use Group Policy to configure more comprehensive auditing of files and registry access. Group Policy Preferences that define the default configuration, which users can change, and provide centralized management of mapped network drives, scheduled tasks, and other Windows components that are not Group Policy-aware.
1-38
Productivity: Windows 7 improvements to the user interface help users and IT Professionals increase their productivity with features such as Windows Search. Windows 7 improves mobile and remote users experience by introducing BranchCache, DirectAccess, and VPN Reconnect. BranchCache increases network responsiveness of applications and gives users in remote offices an experience like working in the head office. DirectAccess connects mobile workers seamlessly and safely to their corporate network any time they have Internet access, without the need to VPN. VPN Reconnect provides seamless and consistent VPN connectivity by automatically re-establishing a VPN when users temporarily lose their Internet connections.
Windows 7 XP Mode: Windows 7 introduces Windows Virtual PC that provides the capability to run multiple environments, such as Windows XP mode, from Windows 7 computer. This feature enables you to publish and launch applications installed on virtual Windows XP directly from Windows 7 computer, as if they were installed on the Windows 7 host itself.
Question: What key feature of Windows 7 will help your organization to control the applications that employees can install on their computers?
1-39
Editions of Windows 7
There are six Windows 7 editions: two editions for mainstream consumers and business users and four specialized editions for enterprise customers, technical enthusiasts, emerging markets and entry level PCs. The following are the available editions of Windows 7: Windows 7 Starter: This edition is targeted specifically for small form factor PCs in all markets. It is only available for 32-bit platform. Features include an improved Windows Taskbar and Jump Lists, Windows Search, ability to join a HomeGroup, Action Center, Device Stage, Windows Fax and Scan, enhanced media streaming, including Play To, and broad applications and device compatibility. Windows 7 Home Basic: This edition is targeted for value PCs in emerging markets, it is meant for accessing the internet and running basic productivity applications. This edition includes all features available in Windows 7 Starter, and other features, such as Live Thumbnail previews, enhanced visual experiences and advanced networking support.
1-40
Windows 7 Home Premium: This is the standard edition for customers. It provides full functionality on the latest hardware, simple ways to connect, and a visually rich environment. This edition includes all features available in Windows 7 Home Basic and other features, such as Windows Aero, advanced windows navigation and Aero background, Windows Touch, ability to create a HomeGroup, DVD Video playback and authoring, Windows Media Center, Snipping Tool, Sticky Notes, Windows Journal and Windows Sideshow. Windows 7 Professional: This edition is the business-focused edition for small and lower mid-market companies and users who have networking, backup, and security needs and multiple PCs or servers. It includes all features available in Windows 7 Home Premium, and other features, such as core business features including Domain Join and Group Policy, data protection with advanced network backup and Encrypted File System, ability to print to the correct printer at home or work with Location Aware Printing, Remote Desktop host and Offline folders. Windows 7 Enterprise: This edition provides advanced data protection and information access for businesses that use IT as a strategy asset. It is a business-focused edition, targeted for managed environments, mainly large enterprises. This edition includes all features available in Windows 7 Professional, and other features, such as BitLocker, BitLocker To Go, AppLocker, DirectAccess, BranchCache, Enterprise Search Scopes, all worldwide interface languages, Virtual Desktop Infrastructure (VDI) enhancements and ability to boot from a VHD. Windows 7 Ultimate: This edition is for technical enthusiasts who want all Windows 7 features, without a Volume License agreement. It includes all of the same features as the Windows 7 Enterprise. Windows 7 Ultimate is not licensed for VDI scenarios.
Note: Microsoft also produces an N edition of Windows 7 Starter, Windows 7 Home Basic and Windows 7 Professional. The N editions of Windows 7 include all of the same features as the corresponding editions, but do not include Microsoft Windows Media Player and related technologies. This enables you to install your own media player and associated components. Note: There are 32 and 64-bit versions available for all editions of Windows 7 except Windows 7 Starter, which is available only as a 32-bit operating system.
1-41
Question: Which edition of Windows 7 must you choose in the following scenarios? Scenario 1: There are a few users in your organization. Currently, you do not have a centralized file server and all the computers are not joined to a domain. Scenario 2: Your organization has more than one hundred users who are located in several offices across the country. In addition, you have several users that travel frequently. Question: What is the difference between the Enterprise and the Ultimate edition of Windows 7?
1-42
Key Points
It is important to know the hardware requirements for Windows 7. Your system must meet the minimum requirements for the edition that you are installing. If it does not, you must know what components need to be upgraded to meet the requirements. In general, hardware requirements for Windows 7 are the same as Windows Vista.
1-43
Windows BitLocker Drive Encryption requires a Universal Serial Bus (USB) Flash Drive or a system with a Trusted Platform Module (TPM) 1.2 chip. Windows XP Mode Requires Windows 7 Professional, Windows 7 Ultimate, or Windows 7 Enterprise.
If you plan to implement BitLocker to protect your computers system drive, you must create two partitions on your hard disk when installing the operating system. Both partitions must be formatted for the NTFS file system. One partition is encrypted while the other remains unencrypted. The unencrypted partition contains the necessary boot files to initialize the operating system. The unencrypted partition contains the BOOT folder and the bootmgr file. Question: What is the typical computer specification within your organization? Contrast that specification to what was available when Windows Vista was released. Do you think Windows 7 can be deployed to the computers within your organization as they currently are?
1-44
Key Points
You can use MAP to inventory and assess IT environments to simplify the planning process for solutions related to the following technologies: Windows 7 Windows Vista the 2007 Microsoft Office system The Windows Server 2008 operating system Windows Server 2008 Hyper-V virtualization technology Microsoft Virtual Server 2005 R2 Microsoft SQL Server 2008 Microsoft Application Virtualization 4.5 Microsoft Online Services Microsoft Forefront
1-45
MAP performs three key functions: hardware inventory, compatibility analysis, and readiness reporting.
Hardware Inventory
MAP collects hardware inventory throughout your network environment using agentless collection methods such as Windows Management Instrumentation (WMI) the Remote Registry Service, Simple Network Management Protocol (SNMP) Active Directory Domain Services (AD DS), and the Computer Browser Service. MAP can inventory and assess the following Windows platforms: Windows 7 Windows Vista Windows XP Professional operating system The Windows Server 2003 or Windows Server 2003 R2 operating systems The Microsoft Windows 2000 Professional or Windows 2000 Server operating systems Windows Server 2008
Compatibility Analysis
After the hardware inventory takes place, MAP performs a hardware and device compatibility analysis for migration to Windows 7. If migration is not recommended, a detailed report describes the roadblocks and possible mediations.
1-46
Readiness Reporting
MAP generates a variety of summary and assessment result reports in Office Excel and Office Word format. Some of the Windows 7 or Windows Server 2008 deployment reports that can be generated include: Details about computers currently installed with Windows client operating systems, and recommendations for migration to Windows 7. Details about computers currently installed with Windows server operating systems, and recommendations for migration to Windows Server 2008. Details of currently installed Microsoft Office versions, and recommendations for migrating to the 2007 Office system.
Question: You need to create a hardware inventory throughout the enterprise. This might involve up to 800 computers plus peripherals. What is the best tool to accomplish this and why?
1-47
This demonstration shows how to use the Microsoft Assessment and Planning Toolkit.
2. 3. 4.
1-48
5. 6.
Create a New Account on the Inventory Account page. Complete and close the wizard.
Question: If your company was going to slowly migrate to Windows 7, how do you generate assessment reports for each planned deployment?
1-49
Key Points
You can use Configuration Manager 2007 to collect hardware and software inventory from Configuration Manager 2007 clients by enabling the client agents on a site-by-site basis. When enabled, the inventory client agents create an inventory report based on the client inventory information collected and then send it to the clients management point. The management point then forwards the inventory information to the Configuration Manager site server, which stores the inventory information in the site database. Question: You have decided to use Configuration Manager 2007 to collect inventory data in the enterprise. Many of the computers are Windows 2003 Server and you are unable to collect data on those computers. What might be the problem?
1-50
Key Points
Microsoft Desktop Optimization Pack (MDOP) helps IT professionals improve control of their desktop environments. MDOP provides a comprehensive set of tools to help IT professionals move their organizations desktop strategy from a basic infrastructure maturity level to a dynamic maturity level. MDOP is a collection of tools that help streamline all aspects of managing a desktop environment. You can use the following MDOP tools to make your IT environment more dynamic: Microsoft Application Virtualization (Formerly SoftGrid) Microsoft Diagnostics and Recovery Toolset (DaRT) Microsoft Asset Inventory Service (AIS) Microsoft Advanced Group Policy Management (AGPM) Microsoft System Center Desktop Error Monitoring (DEM)
1-51
AIS helps you move to the Rationalized IT maturity level by providing up-to-date and insightful reports, thus keeping you informed about your environment. Asset Inventory Service (AIS) is a hosted, Web-based service that collects information and provides reports about the software being used in your environment. AIS deploys an agent to the computers that you want to inventory. The agent then securely reports the software inventory to the AIS database.
1-52
Typically, the client installation will require an image greater than 2 GB to be copied to the target computer. If the network share or Windows Deployment Services option is selected, the ideal situation is when the target computer is connected to the deployment share or deployment server by a gigabit-switched network connection to maximize the available network bandwidth. However, this ideal scenario is not usually a requirement for single installations, such as the support scenario that is the focus of this course. A 100-MB Ethernet connection is more than capable of supporting a single installation. However, the desktop support technician needs to determine the bandwidth available on the network before starting the installation. If the network is already heavily used for large file transfers or real-time data transfers such as video streaming or Voice over IP (VoIP) traffic, the additional overhead of a network-based installation might be too much.
1-53
If the connection between the target computer and the network share or deployment server is a limited-bandwidth link such as a remote connection or wide area network (WAN), a network-based installation is typically not recommended.
Note: If your network infrastructure supports a mechanism to control the bandwidth allocationsuch as Quality of Service (QoS)and the extended installation times are within the support requirements, it is possible that your network can support a remote deployment solution.
1-54
To help gather the required information for the assessing of the current network infrastructure phase of the project, certain prerequisites for the deployment phase must be met or recognized:
1-55
Question: What is your best option for deployment if you have a large number of customizations at a location?
1-56
Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
Scenario
You are the team lead for the Windows 7 deployment project at Contoso Ltd. Contoso currently uses Windows Vista on the company desktop computers. You are planning for the Windows 7 deployment to take place within the next month. As part of the deployment process, you need to determine if there are any hardware compatibility issues with Windows 7. You will use the Microsoft Assessment and Planning Toolkit to help inventory, analyze, and then determine the necessary hardware upgrades.
1-57
1-58
Results: After this exercise, you will have MAP 4.0 configured on LON-CL2.
1-59
Exercise 2: Use the Microsoft Assessment and Planning Toolkit to Create a Client Assessment Report
Note: LON-DC1 is the computer running Windows Server 2008 R2 which is the domain controller and shared network location for the labfiles. LON-CL2 is the client computer running Windows 7.
Results: At the end of this exercise you will have collected a Windows 7 Readiness assessment and the Wizard will have created the Proposal and Assessment documents.
1-60
Question: How many client systems were inventoried? Question: How many systems are ready for Windows 7? Question: How many systems would be ready for Windows 7 with hardware upgrades?
1-61
Open the Windows7Assessment-<date-time> report just created. Question: Which clients are in the Meets minimum system requirements Category? Question: Which clients are in the Not Ready for Windows 7 Category? Question: What are the minimum upgrades required to the Not Ready for Windows 7 Category systems?
1-62
Lab Review: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
Question: What are the requirements for deploying the Microsoft Assessment and Planning Toolkit? Question: What are the Remote Computer configuration requirements for using the MAP Toolkit? Question: What discovery methods are available for the MAP Toolkit? Question: In addition to the Hardware Analysis, what information is available in a Windows 7 proposal generated by the MAP Toolkit?
1-63
Lesson 5
Product Activation is a requirement of the Windows 7 operating system. It requires validation for each Windows 7 license through an online activation service at Microsoft, or by phone and through KMS. Activation is designed to enhance protection from software piracy, and to help better manage the operating system and application instances within an environment. In this lesson, you learn how activation works and the volume activation models to consider for an effective Windows 7 desktop deployment.
1-64
Activation Options
All editions of Windows 7 and Windows Server 2008 require activation. Activation confirms the status of a Windows product, and ensures that the product key has not been compromised. The activation process establishes a relationship between the softwares product key and a specific installation of that software on a device. When you first install Windows 7, a grace period is provided for up to 30 days. For Windows 7, if the system is not activated within the grace period, the computer will be placed within a persistent notification mode. This mode allows the system to function normally with the following exceptions: The desktop background is black. Persistent notifications will alert the user of the need to activate. Windows update only installs critical updates.
1-65
There are three main methods for activation: Retail: Any Windows 7 product purchased at a retail store comes with one unique product key that is typed in during product installation. Use the product key to complete the activation after installing the operating system. Original Equipment Manufacturer (OEM): OEM system builders typically sell computer systems that include a customized build of Windows 7. OEM activation is performed by associating the operating system to the computer system BIOS. Volume Licensing (Volume Activation): Volume licensing is a series of software licensing programs that are tailored to the size and purchasing methods of your organization. Volume customers set up volume license agreements with Microsoft. These agreements include Windows upgrade benefits in addition to other benefits related to value add software and services. Volume license customers use Volume Activation to assist in activation tasks, which consist of the Key Management System (KMS) and Multiple Activation Key (MAK) models.
1-66
Volume Activation provides a simple and security-enhanced activation experience for enterprise organizations, while addressing issues associated with Volume License Keys (VLKs). The previous version (Vista) used volume activation. Volume activation provides system administrators the ability to centrally manage and protect product keys, in addition to several flexible deployment options that activate the computers in the organization regardless of the organization size.
1-67
The KMS model allows organizations to perform local activations for computers in a managed environment without connecting to Microsoft individually. By default, Windows 7 volume editions connect to a system that hosts the KMS service, which in turn requests activation. KMS usage is targeted for managed environments where more than 25 physical and, or virtual computers are consistently connected to the organizations network or where there are five servers.
Note: A computer installed with a Windows 7 retail version must be activated with Microsoft either online or over a telephone. Each Windows 7 installation requires a separate product key. Windows 7 retail versions cannot use a KMS or MAK for activation purposes.
Question: You have already installed multiple instances of the Windows 7 client. Which Volume Licensing method do you use?
1-68
MAK Model
MAKs are installed on each volume-licensed computer that will activate once with Microsoft over the Internet or by telephone. As each computer contacts Microsofts activation servers for activation, your pre-purchased activation pool is reduced. You can verify the number of remaining activations from the Microsoft Licensing Web site and with the VMAT, and request additional activations by contacting the Microsoft Activation Call Center.
1-69
The primary advantage to using MAK activation is that there is no requirement to periodically renew activation. However, if significant hardware changes occur on a desktop workstation, you may be required to renew activation. Another advantage for small organizations is that there is no minimal number of clients required for using MAK as opposed to KMS, which requires at least 25 physical and/or virtual desktop clients or five servers before activation begins.
1-70
The Volume Activation Management Tool (VAMT) is the application that can be used to perform MAK Proxy Activation requests. You can use the VAMT to manage and specify a group of computers to be activated based upon the following: AD DS Workgroup names IP addresses Computer names
The VAMT receives activation confirmation codes, and then re-distributes them back to the systems that requested activation.
1-71
An MAK performs a one-time activation of computers with Microsoft. Once the computers are activated they require no further communication with Microsoft. The number of computers that can be activated with a specific MAK is based on the type and level of the organizations volume license agreement with Microsoft. VAMT version 1.1 enables the following functionality: MAK Independent Activation: each computer individually connects and activates with Microsoft either online or through telephone MAK Proxy Activation: activation of multiple computers with one online connection to Microsoft Activation Status: ability to determine the activation status of Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 computers Remaining MAK activations: the current remaining activations associated with a MAK key XML Import/Export: allows for exporting and importing of data in a wellformed XML format to enable activation of systems in disconnected environment scenarios Local reactivation: enables reactivation of computers based on saved activation data stored in the VAMT XML computer information list Configure for KMS activation: convert MAK activated volume editions of Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 to KMS activation
Supported Operating Systems include: Windows Server 2003 Service Pack 1 Windows Server 2003 Service Pack 2 Windows Server 2008 Windows Server 2008 R2
1-72
KMS Model
KMS enables organizations to perform local activations for computers in a managed environment, without the need to connect to Microsoft individually. You can enable KMS functionality on a physical or virtual system that is running Windows Server 2008, Windows Server 2003, or a Windows 7 computer. KMS is automatically included with Windows Server 2008 and Windows 7. After you initialize KMS, the KMS activation infrastructure is self-maintaining. The KMS service does not require dedicated computers, and can be co-hosted with other services. A single KMS host can support hundreds of thousands of KMS clients. It is expected that most organizations will be able to operate with just two KMS hosts for their entire infrastructure (one main KMS host, and a backup host for redundancy).
1-73
You can then activate the KMS host by using either online or telephone activation. During installation, a KMS host automatically attempts to publish its existence in Service Location (SRV) resource records within Domain Name System (DNS). This provides the ability for both domain members and stand-alone computers to activate against the KMS infrastructure. Client computers locate the KMS host dynamically by using the SRV records found in the DNS, or connection information specified in the registry. The client computers then use information obtained from the KMS host to self-activate.
1-74
Client computers connect to the KMS host for activation by using anonymous RPC over TCP/IP, and by using default port 1688. This port information can be configured. The connection is anonymous, enabling workgroup computers to communicate with the KMS host. The firewall and the router network may need to be configured to pass communications for the TCP port that will be used.
A KMS host and KMS clients must use Volume License media, which includes the Windows 7 Professional operating system, Windows 7 Business operating system and the Windows 7 Enterprise operating system editions.
Question: What are the hardware requirements for the KMS host?
1-75
KMS clients activate only after the activation threshold is met. To ensure that the activation threshold is met, a KMS host counts the number of physical and virtual computers requesting activation on the network. The count of activation requests is a combination of Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 computers. However, each of these operating systems begins activating after a different threshold is met. The Windows Server 2008 R2 KMS client threshold is five (5) physical and virtual computers. The Windows 7 KMS client threshold is twenty-five (25) physical and virtual computers. A KMS host responds to each valid activation request from a KMS client with the count of how many physical computers have contacted the KMS host for activation. Clients that receive a count below the activation threshold do not activate. KMS activation works with minimal administrative action. If your network environment has dynamic DNS (DDNS) and allows computers to publish services automatically, you may not need to configure your KMS host. If you have more than one KMS host or your network does not support DDNS, you may need to perform some additional configuration tasks.
1-76
The troubleshooting volume activation steps you need to perform depend upon whether the problem is associated with MAK activation or KMS activation.
1-77
1-78
1-79
The QA network consists of 10 servers and over 100 Desktop systems. The servers for the QA network are located at the Corporate HQ location. The QA network includes clients at each of the regional offices and branch offices with an IT staff connected to the corporate headquarters through a VPN. The test network is isolated from the production network and the Internet and wholly resides in the Corporate Headquarters location. This network consists of 10 servers and 50 desktop systems. The systems in the test network are frequently rebuilt due to the nature of their use. The current network was built in a gradual fashion based on both growth and acquisitions. Because of this growth pattern, a consistent licensing model has not been deployed. A recent internal audit has revealed inadequacies with the existing licensing activation. The network is due for a technology refresh, and because of the issues revealed by the audit upper management has asked you to recommend an activation model that will provide the most efficient method of activating all systems while maintaining a documentable method of managing the licenses.
1-80
1-81
Review Questions
1. Under which circumstances is it unnecessary to configure KMS?
2.
What does Microsoft offer through the Support Lifecycle Policy for Operating Systems?
3.
What is the main difference between the standardized information optimized infrastructure model and the rationalized optimized Infrastructure model?
4.
How does the Microsoft Assessment and Planning Toolkit assess your organizations readiness for Windows 7?
5.
1-82
Although the capability of storing user files locally has been available for some time, the process can take several hours and files are double-instanced on the local hard drive and require free disk space to accommodate them. With hardlinks, the files do not move and the index of links can be created and remapped to the new operating system within a few minutes. The hard-link catalog also consumes little space on the hard drive since files are not doubleinstanced. Hard-Link Migration can be performed before the operating system installation from within the legacy operating system. In that case, the index of links is stored in a protected folder while the operating system is installed and other folders are deleted as part of the install routine. The migration store protects files from deletion.
1-83
This process is how the Microsoft Deployment Toolkit 2010 Beta (http://go.microsoft.com/fwlink/?LinkID=108442) performs a default computer refresh. The second option is to perform a clean install of the operating system and by default the new operating system will create a windows.old folder with user files and settings and retain any legacy folders found in the root directory. Offline hard-link migration can be used to target files within windows.old and map them to the appropriate locations in the Windows Vista or Windows 7 operating system. This process takes only a few minutes and the risk for data loss using this solution is minimal. After migration has occurred from windows.old, the user can use the disk cleanup utility to remove windows.old, and hard-link migrated files are protected from deletion. 3. Are there any changes in the Windows Deployment Services server role in Windows Server 2008 R2? Windows Deployment Services in Windows Server 2008 R2 enables network deployments of WIM images or Virtual Hard Disks (VHD) as files used for operating system deployments. The previous release of Windows Deployment Services (WDS) in Windows Server 2008 included the capability of multicast for image transmission to computers in the deployment pool. This can reduce network bandwidth consumption and increase deployment capacity by using a single-image transmission to multiple clients; instead of one 5-GB image passing to 100 clients and consuming 500 GB of network bandwidth. The same deployment using multicast can consume as little as five (5) to ten (10) GB of network bandwidth. One consequence of using multicast in Windows Server 2008 is that the slowest client determined the transfer rate for all client machines. In Windows Server 2008 R2, multicast now supports the use of Multiple Stream Transfer of two to three speeds to ensure that the fastest clients can receive deployment images faster. Additionally, using standard multicast (not with Multiple Stream Transfer), you can set minimum transfer thresholds and automatically remove slow clients from the multicast pool. Windows Server 2008 R2 with WDS also enables Dynamic Driver Provisioning. With Dynamic Driver Provisioning, driver files can be stored centrally and outside the image and only the required drivers are installed at the time of deployment using Plug and Play device matching. For organizations now including large driver payloads into standard networkinstalled images, Dynamic Driver Provisioning can help to reduce image size and ease driver management routines.
1-84
Best Practices
Supplement or modify the following best practices for your own work situations.
Comprehensive PC Security
The Comprehensive PC Security best practice involves proactively addressing security with antivirus software, anti-spyware software, patching, and quarantine. It helps organizations move from a basic to a standardized, and then from a standardized to a rationalized, level of optimization for security and networking in the Core Infrastructure Optimization model.
1-85
1-86
Tools
Tool Windows System Image Manager (Windows SIM) Use for The tool used to open Windows images, create answer files, and manage distribution shares and configuration sets. The tool used to capture, create, modify, and apply Windows images. The tool used to apply updates, drivers, and language packs to a Windows image. DISM is available in all installations of Windows 7 and Windows Server 2008 R2. A minimal operating system environment used to deploy Windows. The AIK includes several tools used to build and configure Windows PE environments. A tool used to migrate user data from a previous Windows operating system to Windows 7. USMT is installed as part of the AIK in the %PROGRAMFILES%\Windows AIK \Tools\USMT directory. For more information about USMT, refer to the User State Migration Tool Users Guide (%PROGRAMFILES% \Windows AIK\Docs\Usmt.chm). Where to find it http://go.microsoft.com /fwlink/?LinkID=162632
ImageX
http://go.microsoft.com /fwlink/?LinkID=162635
http://go.microsoft.com /fwlink/?LinkID=140374
2-1
Module 2
Assessing Application Compatibility in Windows 7
Contents:
Lesson 1: Overview of Application Compatibility Lesson 2: Assessing and Resolving Application Compatibility Issues by Using ACT 5.5 Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit Lab B: Creating Application Compatibility Fixes 2-3 2-16 2-34 2-43
2-2
Module Overview
Application compatibility can have a large effect on an organization and it can determine whether an operating system deployment project is successful. Whether deploying new applications with the new operating system or using existing applications, the ability of users to log on after a new Windows deployment and continue with their normal work is a critical goal. This module describes the process for addressing common application compatibility issues experienced during a typical operating system deployment. The module also explains how to use the Microsoft Application Compatibility Toolkit (ACT) to help inventory, analyze, and mitigate application compatibility issues.
2-3
Lesson 1
Before upgrading from its current version of the Windows operating system to Windows 7, an organization must test its applications to ensure that they are compatible with the new operating system. If an organization has several thousand applications installed across its network, compatibility issues with one or many of these applications can prevent users from performing their roles and affect core business functions. Therefore it is important to plan for these issues by understanding common problems that can occur. Windows 7 is highly compatible with most applications written for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, and their respective service packs. However, some compatibility breaks are inevitable due to innovations, security tightening, and increased reliability, so it is important to understand how updates to the operating system impact application compatibility. This lesson describes common application compatibility problems and provides guidelines on resolving any issues using the Microsoft Application Compatibility Toolkit (ACT).
2-4
You are deploying the Windows 7 operating system throughout your organization. You need to ensure that all business applications continue to function correctly after deployment. Use the following questions as a guide to discuss common applications that must be tested during the planning phase of an operating system deployment project. Question: Which standard desktop core applications must be tested within your environment? Question: Which line-of-business applications must be tested within your environment?
2-5
Question: Which types of administrative tools or desktop utilities must be tested within your environment? Question: Which custom tools must be tested within your environment? Question: Can you name any other applications that must be tested?
2-6
Key Points
Before deploying new operating systems, it is important to test your business applications for compatibility. New features in a new operating system, such as improved security features, can impact the functionality of some applications. Most commercial applications will run on Windows 7 without issue. However, it is recommended that specific application-compatibility testing be performed to ensure that all business-critical features continue to function as expected. Common tests to perform include: Install the application while logged on as a standard user and again as an administrator. Log on as a standard user and as several members of the Users group to test the features most important to your end users. Try all the installation options that are used in your business. Apply Group Policy to users and computers, and verify that the Group Policy settings still apply as expected.
2-7
Test combinations of applications, such as standard desktop configurations. Run several applications for several days or weeks without stopping them. Manipulate large graphics files. Perform rapid development sequences of edit, compile, edit, compile. Test Object Linking and Embedding (OLE) custom controls. Test with hardware, such as scanners and other Plug and Play devices. Test the applications on a Terminal Services server. Test with multiple users running the same and different applications, and with user-specific settings. Test concurrent database use including simultaneous access and update of a record, and perform complex queries.
Question: Why is it recommended that you install an application while logged on as a standard user and again as an administrator?
2-8
Key Points
During the planning phase, identify all applications that your organization currently uses, including custom software. As you identify custom applications, prioritize them and note which ones are required for each business unit in your organization. Remember to include operational and administrative tools, including antivirus, compression, backup, and remote-control programs. Custom applications can require a more extensive testing strategy than pretested commercial applications. Test custom applications on a clean Windows 7 installation and, if Windows Vista is deployed in your organization, on a computer upgraded from the Windows Vista operating system. If these scenarios are successfully completed and the application performed properly, then the application functions correctly on the Windows 7 platform.
2-9
Key Points
From a security and liability perspective, significant changes were made in Windows Vista to limit how much control applications can have over the operating system. Although those changes continue in Windows 7, new technologies within the operating system can still cause some applications to behave differently. When you are deploying Windows 7, compatibility problems will vary depending upon the source operating system. Available migration paths to Windows 7 include: Migrating from Windows Vista Migrating from Windows XP
2-10
To troubleshoot and address the problems effectively, you must be aware of general areas that typically cause the most compatibility issues. When upgrading to Windows 7, most compatibility problems relate to the following areas: Setup and Installation User Account Control Kernel-mode drivers Windows Resource Protection Internet Explorer 7 and Internet Explorer 8 Protected mode Internet Explorer 8 User Agent String 64-bit architecture Windows Filtering Platform API Deprecated components
Question: How can you mitigate the application compatibility issues related to User Account Control?
2-11
Key Points
Resolving application compatibility issues requires first having to determine which client computers must be analyzed for application compatibility issues, and then making a decision on which applications must be tested in the test environment.
2-12
Key Points
Mitigating an application compatibility issue typically depends upon various factors, such as the application type, and current application support. Some of the more common mitigation methods include the following: Applying updates or service packs to the application: Determine if updates or service packs are available that address many of the compatibility issues and enable the application to run under the new operating system environment. Modifying the existing applications configuration: Tools such as the Compatibility Administrator or the Standard User Analyzer can be used to detect and create application fixes (also called shims) to address these issues. Upgrading the application to a compatible version: If a newer, more compatible application version exists, the best long-term mitigation method is to upgrade to the newer version. Modifying the security configuration: If your compatibility issues appear to be permissions-related, a short-term solution is to modify the applications security configuration.
2-13
Running the application in a virtualized environment: If all other methods are unavailable, try running the application in an earlier Windows version using virtualization tools such as Microsoft Virtual PC and Microsoft Virtual Server. Using application compatibility features: Application issues, such as operating system versioning, can be mitigated by running the application in compatibility mode. Selecting another application that performs the same business function: If another compatible application is available, consider switching to the compatible application.
Question: You have an application that fails to run in Windows 7. What mitigation process can be considered if all the other recommended processes are tried on the application and none of them worked?
2-14
Key Points
The following are general guidelines for deploying a new operating system: Standardize the list of supported applications: For each supported application, allocate time, training, tools, and resources to plan, test, deploy, and support the application. To help reduce the long-term supported application costs, standardize your organization-approved applications. Identify applications that can be retired: Many organizations accumulate multiple application versions and numerous applications that are no longer relevant to current business processes. Eliminate as many applications as possible early in the application compatibility mitigation process.
2-15
Ensure that your test environment emulates your production environment: To ensure accurate test results, your test environment needs to emulate your production environment. The test environment needs to be physically separate from the production environment and consist of computers at the same service pack and hotfix levels. Also ensure that the tests are performed with accounts that have similar permissions to the production environment. Do not overlook user training: If the application compatibility mitigation results in a change in application behavior or general application use, provide user training delivered by the most appropriate method. Methods include online training, instructor-led training, or self-paced documentation provided to the users.
2-16
Lesson 2
Many organizations implement automated methods or use specialized application compatibility tools to assist with the mitigation of inventory, analysis, and application compatibility issues. One such tool is the Application Compatibility Toolkit (ACT) version 5.5. This lesson provides an overview of ACT, including its architecture and functionality.
2-17
Key Points
The Application Compatibility Toolkit (ACT) is a set of tools used during the Inventory, Analyze, and Mitigate phases of the application compatibility testing process. You can use ACT to do the following: Identify and manage your overall application portfolio within your organization. Verify your applications, devices, and computers compatibility with a new version of the Windows operating system, including determining your risk assessment. Help evaluate the impact of Windows updates.
2-18
Reduce the cost and time involved in resolving application compatibility issues. Create application mitigation packages to be deployed to client computers.
Question: How does the Application Compatibility Toolkit reduce the cost and time involved in resolving application compatibility issues?
2-19
Key Points
To use ACT 5.5, the following minimum software and hardware is required.
Operating Systems
ACT supports the following operating systems: Windows 7 Windows Vista Windows Vista with Service Pack 1 (SP1) Windows XP with Service Pack 2 (SP2) Windows XP with Service Pack 3 (SP3) Windows Server 2003 with Service Pack 2 (SP2) Windows Server 2008 R2
2-20
ACT does not support the following operating systems: Windows NT Server 4.0 Windows 2000 Professional operating system and earlier versions.
Database Components
After ACT is installed, it requires one of the following database components: Microsoft SQL Server 2008 Microsoft SQL Server 2008 Express Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express
2-21
Key Points
ACT includes the following features: Application Compatibility Manager (ACM) Compatibility Administrator Mitigation and Development Tools Setup Analysis Tool Internet Explorer Compatibility Test Tool Standard User Analyzer (SUA) Tool
2-22
Question: What is the benefit provided by running the ACM tool? Question: What is the benefit provided by running the SUA tool?
2-23
Key Points
The ACT 5.5 architecture consists of the following major components: Application Compatibility Manager (ACM): A tool used to configure, collect, and analyze data, to fix any issues before deploying a new operating system or deploying a Windows update in your organization. Data Collection Package (DCP): A Windows Installer (.msi) file created by the ACM for deployment to each of your client computers. Each DCP can include one or more compatibility evaluators, depending on what is being evaluated. ACT Log Processing Service: A service used to process the ACT log files uploaded from your client computers. It adds the information to your ACT database. ACT Log Processing Share: A file share, accessed by the ACT Log Processing Service, to store the log files that will be processed and added to the ACT database.
2-24
ACT Database: A Microsoft SQL Server database that stores the collected application, computer, device, and compatibility data. The information stored in the ACT database can be viewed as reports from the ACM. Microsoft Compatibility Exchange: A Web service that propagates application-compatibility issues from the server to the client and enables the client computers to connect to Microsoft through the use of the Internet to check for updated compatibility information.
2-25
Key Points
The Application Compatibility Toolkit (ACT) uses compatibility evaluators to collect and process your application information. Each evaluator performs a set of functions that provide a specific type of information to ACT. ACT contains the following compatibility evaluators for the Windows 7 operating system: Inventory Collector: examines each of your organizations computers that have a Data Collection Package installed. For each computer, the Inventory Collector evaluator identifies all of the computers installed applications, devices, and system information. After the data is collected, view all the information from within the Analyze screen of the Application Compatibility Manager.
2-26
User Account Control Compatibility Evaluator (UACCE): identifies potential compatibility issues due to an application running under a Protected Administrator or Standard User account on the Windows 7 operating system. When running, UACCE monitors your running applications to verify interactions with the operating system and to identify potentially incompatible activities. UACCE provides information about both potential application permission issues and ways to fix the problems so that a new operating system can be deployed. Update Compatibility Evaluator (UCE): identifies the potential impact from a new Windows update. Use the collected update impact data to prioritize your testing and reduce the uncertainty in deploying updates. The compatibility evaluator collects information about the modules loaded, the files opened, and the registry entries accessed by the applications currently running on the computers. It then writes that information to .xml files uploaded to the ACT database.
2-27
How Application Compatibility Manager Helps in Collecting and Analyzing Application Data
Key Points
The Application Compatibility Manager (ACM) is a tool used to configure, collect, and analyze data to fix any issues prior to deploying a new operating system in your organization. The functionality performed within the ACM is divided into the following phases: Phase 1 Collect your inventory and compatibility data: Before analyzing potential compatibility issues, first collect your organizations inventory and the associated compatibility issues. After configuring your data collection package, you can save and distribute it to your network clients from a network share, or from removable media such as a CD or portable USB drive, or through Active Directory Group Policy. Phase 2 Analyze your compatibility data: After collecting inventory and associated compatibility data, organize and analyze your issues. This includes categorizing, prioritizing, setting your deployment status and application assessment to create customized reports.
2-28
Phase 3 Test and mitigate your issues: After analyzing compatibility issue reports, test your applications to determine if the specified compatibility issues are actually problems within your organization. If it is determined that the issues are valid, use the Compatibility Administrator to create mitigation packages to fix the issues, or use the other developer tools provided with ACT. These tools, which can be used to determine additional issues and possible mitigation strategies, include the Internet Explorer Compatibility Tool, the Setup Analysis Tool, and the Standard User Analyzer tool.
This training focuses on the tasks performed in phases 1 and 2. Question: After configuring your data collection package, you can save and distribute it to your network clients. What are some methods you can use to distribute the DCP to your clients?
2-29
Key Points
The Application Compatibility Manager enables you to create new data-collection packages, collect the inventory information, and view the information through a series of quick reports. There are a number of configuration tasks that you need to be familiar with to successfully perform these tasks, including: Modify your configuration settings: The ACMs Tools menu includes a Settings option used to modify your database and log-processing service settings, change your membership status in the ACT Community, and receive ACT software updates. Create and configure the ACT database: The ACT database is used for storing information related to your organizations inventory, including information about your computers, devices, installed applications, and associated compatibility issues.
2-30
Create and configure a data collection package: The DCP is used for collecting the information that is stored in the ACT database. Each DCP must be configured to identify the scenario related to the evaluation (such as deploying a new operating system or service pack, applying Windows updates, or updating to a new version of Internet Explorer), and the starting date and time for monitoring application use. Analyze your compatibility data using the ACM reports: Once the data has been collected, you can organize it by using priorities, assessment ratings, categories, and subcategories. After organizing your data, you can filter it, determine which applications have compatibility issues, and view the information in customized ACM reports.
2-31
Key Points
The Standard User Analyzer (SUA) is used to test the Application Compatibility Manager for known user account control (UAC) issues. The SUA does this by monitoring API calls to detect compatibility issues related to the Windows 7 UAC feature. The SUA is also used to apply the recommended fixes and then export the fixes to a Microsoft Windows Installer (.msi) file for deployment to all your organizations computers. Some applications might not run properly under Standard User credentials due to applications that require access to restricted file or registry locations. The SUA monitors and reports many issues, including issues related to file, registry keys, .ini files, tokens, privileges, name space, and processes.
2-32
The Application Compatibility Toolkit includes the following tools that provide standard user analysis: Standard User Analyzer Tool: used to perform a full-function, in-depth analysis and mitigation for Windows 7 UAC issues. Standard User Analyzer Wizard: provides a step-by-step process to locate and mitigate UAC issues. The wizard does not include advanced analysis features that are available with the Standard User Analyzer Tool.
Question: The Standard User Analyzer Wizard provides a step-by-step process to locate and mitigate UAC issues. However, the wizard provides limited functionality when compared to the Standard User Analyzer Tool. What is this limitation?
2-33
Key Points
The same fix tested in the Standard User Analyzer (SUA) tool must be applied to all the computers in your organization that are running that application. This is done by creating a new, global fix in the Compatibility Administrator tool that is based on the SUA fix. The Compatibility Administrator Tool helps to resolve application compatibility issues before deploying a new Windows operating system version. This tool can assist you by: Providing built-in compatibility fixes, compatibility modes, and Application Help messages used to resolve specific compatibility issues. Creating customized compatibility fixes, compatibility modes, Application Help messages, and compatibility databases. Providing a query tool that can search local computers for installed fixes.
2-34
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
2-35
The main tasks for this exercise are as follows: 1. 2. Install ACT. Configure ACT settings.
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL1 is the computer running Windows 7. LON-VS1 is the computer running Windows Vista.
2-36
On the Settings tab, review the following configuration settings: SQL Server name SQL Database name Log Processing Service status Log Processing Service account Log Share and Log Share path
On the Preferences tab, review, but do not change, the following default configuration settings: Community Settings Update Settings
Open the Services console and confirm that the ACT Log Processing Service has started.
Results: After this exercise, ACT 5.5 will be installed and configured on LON-DC1.
2-37
Note: LON-DC1 is the computer configured with the Application Compatibility Toolkit. LON-VS1 is the Windows Vista computer that will have the Data Collection Package installed.
2-38
When to monitor application usage: Duration: 60 Minutes Where to output collected data: LON-DC1 (\\LON-DC1\ACTLogs)
Save as C:\Data\DataCollectionPKG.msi.
Open the Task Manager, click the Processes tab, and then click Show processes from all users. Provide Administrator credentials in the User Account Control box. On the Processes tab, verify that the data collection is running by looking for the actdcsvc.exe process.
Results: After this exercise, a data collection package is created and then it must be installed on LON-VS1.
2-39
Note: LON-DC1 is the computer configured with the Application Compatibility Toolkit. LON-VS1 is the Windows Vista computer that has reported its application inventory.
2-40
Assign Microsoft Office PowerPoint Viewer 2007 (English) and Microsoft Office Word Viewer 2003 to the Customer Service subcategory. Select Microsoft BackInfo and Office Diagnostics Service. On the Actions menu, click Assign Categories. Create a new category called System Utilities. Add a subcategory called Desktops. Assign BackInfo and Office Diagnostics Service to the Desktops subcategory.
Save the filter report as Business Critical Apps in the Documents folder. Clear the filter to display all applications. Click the Toggle Filter button to close the Filter pane.
Results: After this exercise, application memory will be categorized and prioritized.
2-41
The main tasks for this exercise are as follows: 1. 2. Track application status. Create a custom issue.
Note: LON-DC1 is the computer configured with the Application Compatibility Toolkit. LON-VS1 is the Windows Vista computer that has reported its application inventory.
2-42
Click Save and then click the Solutions tab. Add a solution with the following options: Title: Office Diagnostics Service Fix Solution Type: Application has an update Solution Details: Install the latest Service Pack
Close all windows to return to the main Application Compatibility Manager window.
Results: After this exercise, the application status is tracked and a custom issue is created.
2-43
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL1 is the computer running Windows 7 with the Stock Viewer application installed.
2-44
Task 1: Start the Stock Viewer application to determine application compatibility issues
Log on to LON-CL1 as Contoso\Alan with the password of Pa$$w0rd. On LON-CL1, click Start and then click Stock Viewer. Take note of the Permission denied box. Test the following tasks to determine potential issues: Click Trends. Click the Tools menu and then click Options. Click the Tools menu and then click Show Me a Star.
2-45
Note: LON-DC1 is the computer configured with the Application Compatibility Toolkit. LON-CL1 is the Windows 7 computer that has the Stock Viewer application installed.
Click Launch. In the User Account Control box, type Administrator and then type the password: Pa$$w0rd. Click Yes at the prompt. Test the following tasks to record compatibility issues: Click OK on the Permission denied box. Click Trends. Click the Tools menu and then click Options.
2-46
Click Continue to close the error. Click the Tools menu and then click Show Me a Star.
Close the Stock Viewer application. Review the following tabs: File, Registry, Token, Name Space, and Other Objects. Note that these are the errors that were detected while SUA was monitoring the application. On the Mitigation menu, apply the mitigations.
2-47
Click Fix and provide the following information: Name of the program to be fixed: StockViewer Program file location: C:\Program Files\StockViewer\StockViewer.exe Compatibility Modes: None Compatibility Fixes: ElevateCreateProcess ForceAdminAccess LocalMappedObject VirtualizeHKCRLite
Name the database StockViewerFix and save it to C:\Data\StockViewerFix. Click Fix and provide the following information: Name of the program to be fixed: Star Program file location: C:\Program Files\StockViewer \DWM Compositing Rendering Demo.exe Compatibility Modes: None Compatibility Fixes: WinXPSP2VersionLie
Click Save. Right-click StockViewerFix, and then click Install. Close the Compatibility Administrator.
2-48
2-49
Review Questions
1. You have just installed ACT and configured the initial settings. What final task must be completed to ensure that inventory collection occurs?
2.
What are some examples of common application categories or considerations to use when organizing your application inventory?
3.
How can assigning application priorities help in your subsequent application compatibility analysis tasks?
4.
What are some examples of applications that might be rationalized out of the priority application list?
2-50
5.
During your application analysis, what is the main advantage of adding issue details or certifying applications using ACT?
6.
After analyzing your compatibility issues, what are some examples of ways to mitigate any issues discovered?
7.
8.
2.
You have just installed Windows 7 on your organizations client computers. How do you ensure that the new Windows 7 features work as expected with your current application portfolio?
3.
You plan to use the Application Compatibility Toolkit to determine whether your organizations applications are compatible with Windows 7. However, you are concerned that the data collection and inventory process will cause performance issues on your client workstations. What can you do to minimize performance issues?
2-51
2.
The Application Compatibility Manager is used to restrict access for the testing and remediation processes being done by the various application owners throughout your organization. Perform the following steps to enable restricted access: a. b. Provide read and write access to the database for any users that require access to the compatibility reports. Start the Application Compatibility Manager for the first time, and then select the View and manage reports only option from the Configuration Type Selection page of the ACT Configuration Wizard. Selecting this option creates an instance of the ACT that cannot connect to the ACT Log Processing Service, but enables users to create data collection packages and to analyze their data. The users provided with read and write access will now be able to record their assessment ratings, their issue reproduction steps, and their solutions. In addition, you can create queries for each group and enable them to review only the relevant information for their specific applications.
2-52
3.
After compatibility analysis using the Application Compatibility Toolkit, vendor and community assessment, and manual application-to-operating system testing, you can perform the following best practices to remediate applications: The first priority is to locate a compatible version of the application with vendor support for third party applications. This ensures the application will work as intended and support for that application is available. For in-house developed applications, the best practice is to recode the application for native compatibility or in the cases where it exists, use the compatible version. Guidance for recoding applications can be found in the Application Quality Cookbook for Windows 7. For third party applications without support (for example, the vendor is no longer in business) or for in-house developed applications where recoding is not an option, compatibility fixes (or shims) can be used to assist the incompatible application for use with Windows 7. The Compatibility Administrator tool is part of ACT and can be used to create and edit shim database (SDB) files to mitigate compatibility issues. The Standard User Analyzer also creates SDB files to correct issues it detects where administrative privilege (or elevation) is required. SDB files are created to include fixes for as many applications as possible, not one for each application. They can be serviced through scripted commands if and when updates and additions are needed. After exhausting ways of making applications run natively in Windows 7 or with the help from Compatibility Fixes, legacy operating system virtualization (Microsoft Enterprise Desktop Virtualization or Windows XP mode) or Remote Desktop Services can be used as a last resort or transitional path while applications are in the process of compatibility remediation.
4.
Establish the Application Lifecycle for ongoing management of application versions. When companies stay up-to-date on applications and utilities, they usually can avoid these issues. Maintain application inventory for future Operating System and Service Pack testing. This is not disposable work to be used only once.
5.
3-1
Module 3
Evaluating Windows 7 Deployment Methods
Contents:
Lesson 1: Evaluating In-Place Deployment Lesson 2: Evaluating Side-by-Side Deployment Lesson 3: Evaluating Lite-Touch Deployment Method Lesson 4: Evaluating Zero-Touch Deployment Method Lab: Determining the Windows 7 Deployment Method 3-3 3-12 3-19 3-28 3-37
3-2
Module Overview
When deploying Windows 7 in your organization, you must evaluate the feasibility of the different deployment scenarios and methods available. Suitable deployment methods and scenarios may depend on the organizations business environment and several other considerations, such as current infrastructure, available budget, and organization policy. This module discusses different deployment scenarios and methods that are available when deploying Windows 7. It also discusses various tools and technologies to use in the different scenarios and considerations for selecting a deployment scenario and method.
3-3
Lesson 1
There are several deployment scenarios that can be used when you are deploying the Windows 7 operating system. Depending on the source and destination computer, these scenarios are categorized as: new computer, refresh computer, replace computer, and upgrade computer scenarios. Refresh computer and upgrade computer are categorized as in-place deployment scenarios, whereas the replace computer is categorized as a side-by-side deployment scenario.
3-4
Key Points
In-place deployment means that the source and destination computers are the same computer. There are two kinds of in-place deployment methods: In-place upgrade: upgrade the original operating system, maintaining existing configurations. Wipe-and-load: replace the original operating system and selectively migrate sections of the old configuration to the new one.
In-Place Upgrade
When deploying Windows 7 using an in-place upgrade scenario, the installation program runs fully unattended and it automatically keeps all user settings, data, hardware device settings, applications, and other configuration information.
3-5
Typical steps in an in-place upgrade scenario include the following: 1. 2. 3. Back up computers entire hard disk. Perform upgrade to Windows 7. Upgrade, uninstall, and install additional applications as required.
Wipe-and-Load
When deploying Windows 7 using the wipe-and-load scenario, you must first perform a clean installation of Windows 7, followed by the migration of user settings and data from the earlier version of Windows. To perform a clean installation run setup.exe, the Windows 7 installation program, and select Custom. The option allows you to install Windows 7 on a partition that already has an operating system, such as earlier versions of Windows. After the installation is done, the earlier version of Windows will be placed in a folder called Windows.old, along with the previous Program Files and Documents and Settings folders. Typical steps in a wipe-and-load scenario include the following: 1. 2. 3. 4. 5. Back up the computers whole hard disk. Save user settings and data for migration. Perform a clean installation of Windows 7 selecting Custom. Reinstall applications. Restore user settings and data.
3-6
Key Points
The main advantage of in-place deployment is that you do not have to invest in purchasing a new computer because the source computer and the destination computer is the same computer. However, this can result in an irreversible process, in which as soon as the in-place deployment is complete, it cannot be undone or reversed. (You can protect yourself from failed installations, such as this, by being sure to use a third party backup or imaging solution prior to deployment.) In addition, because the destination computer is the same as the source computer, there is downtime associated with in-place deployment for the end-users that may affect productivity.
3-7
The advantages and disadvantages of the two kinds of in-place deployment scenarios are summarized in the following table.
Scenario In-place Upgrade Advantages Keeps user settings, application settings, and files and has minimal impact to user productivity. Disadvantages
Avoids decrease in
performance issues.
Requires re-installation of
applications.
At first glance, an in-place upgrade scenario seems to be the best choice. Windows 7 setup runs unattended and users maintain their existing configurations. However, this method is not always attractive when the goal is a managed environment and a reduction in the total cost of operation (TCO). The inplace upgrade scenario does not reset the computer to a reference configuration. And, as mentioned in the table, some applications may not work correctly after the upgrade is completed. A key benefit of the wipe-and-load scenario over the upgrade scenario is that it does not replicate the existing configurations known and unknown problems. Wipe-and-load is best when you want to standardize configurations across the organization, as deployment, management, and support costs are reduced because each computer can be deployed with the same reference configuration, applications, files, and settings.
3-8
Key Points
The in-place upgrade scenario is a direct upgrade of the current operating system to Windows 7. The wipe-and-load scenario (refresh) involves first performing a clean installation of Windows 7, followed by the migration of user settings and data from a computer that is running an earlier version of Windows.
3-9
Windows Deployment Services (WDS), which is a server-based deployment solution that enables an administrator to set up new client computers over the network A WDS server must be at least a member of an Active Directory domain. You must also have a working DHCP and DNS server on the network. In addition, you cannot configure WDS server role on a server core installation.
Consider using Windows Automated Installation Kit (Windows AIK). This is a collection of tools and documentation designed to help IT professionals deploy Windows. The tools in Windows AIK include: Windows System Image Manager (Windows SIM): The tool used to open Windows images, create answer files, and manage distribution shares and configuration sets. ImageX: The tool used to capture, create, modify, and apply Windows images. Deployment Image Servicing and Management (DISM): The tool used to apply updates, drivers, and language packs to a Windows image. DISM is available in all installations of Windows 7 and Windows Server 2008 R2. User State Migration Tool (USMT): The tool used to migrate user data from a previous Windows operating system to Windows 7.
Budget: This requires no investment in additional hardware. The phase of the desktop: This requires no new hardware. Therefore, it is not important to consider the organizations hardware life cycle. Valid upgrade options for Windows 7: Only Windows Vista with SP 1 or later versions supports in-place upgrades to Windows 7. In-place upgrade also does not support: Cross architecture: You can only upgrade to the same platform. You cannot upgrade from a 32-bit to a 64-bit or vice versa. Cross language: You cannot upgrade from one language to another. For example, you cannot upgrade a U.S. English (EN-US) version of Windows to a German (DE-DE) version of Windows. Edition changes: You cannot upgrade Windows Vista Enterprise to Windows 7 Ultimate.
3-10
Amount of interaction: This does not require significant user interaction. You can use the answer file to minimize user interaction and effort when performing an in-place deployment. State of user data: This does not require reinstallation of applications, or any of the user settings, data, hardware device settings, applications, or other configuration information. However, some applications may have to be reinstalled after the upgrade is performed.
Wipe-and-Load Considerations
The following list describes several considerations when you select wipe-and-load deployment: Infrastructure: This requires no additional computer hardware. You may need additional space to save the existing user state data on the computer. Budget: Because no additional hardware or software is required, there is no additional cost associated with wipe-and-load deployment. The phase of the desktop: This requires no new hardware. Amount of interaction: The refresh scenario does not require a lot of user interaction. However, it may affect user productivity, because users have to reconfigure their settings and reinstall certain applications manually after deployment. The following tools can be used to help migrate user settings and data: Windows Easy Transfer (WET): Supports user settings and data transfer to the destination computer by using the network, WET cable, removable media, or a writable CD or DVD. User State Migration Tool (USMT): Supports user settings and data transfer for large deployments.
3-11
State of user data: This deployment requires a reinstallation of applications. You can use the User State Migration Tool (USMT) to create a snapshot of current user data files before reinstallation. This keeps data in the same location on the disk while you are upgrading the system and rebuilds the links after Windows 7 is installed. This is also known as a hard-link migration. Hard-link migration eliminates the need for storage space to store migration data and reduces the time required to migrate user state. In the wipe-and-load deployment, you can also use the Windows.old folder to recover all personal files. The Windows.old folder contains the following folders: Windows Documents and Settings Program Files
When you have moved all important data from the Windows.old folder, remove the folder using Windows Disk Cleanup.
3-12
Lesson 2
The replace computer scenario is categorized as side-by-side deployment, where the source and the destination computers are different computers. Depending on the existing environment in your organization and your deployment plan and strategy, you can select to use in-place deployment, side-by-side deployment, or a combination of both.
3-13
Key Points
Side-by-side deployment is frequently used when new, or replacement, computers are purchased and deployed. In this scenario, the user settings and data must be moved from the source computer to the new destination computer. Typical steps in a side-by-side deployment scenario include the following: 1. 2. 3. 4. Save user settings and data for migration. Perform a clean installation of Windows 7. Install applications. Restore user settings and data.
3-14
Key Points
The key benefit of the side-by-side deployment scenario is that it is useful when you have to move the user state and files from a source computer to a new, destination computer. For example, if you have a computer currently running a supported Windows operating system that has to be replaced with another computer, you can save the existing user state data from the original computer and then deploy the new installation of Windows to the new computer. Finally, you can restore the user state data to the new computer. The only requirement from the user in this case is to create an association between the source and destination computer. The user can then continue to work while the new workstation is installed and configured.
3-15
Key Points
Side-by-side deployment is recommended when you want to achieve a standardized environment in a large enterprise and need to move applications and user states to new computers. This method guarantees that all systems begin with the same configuration, and that the company has a standardized environment for all users who are running Windows 7. The following list describes several considerations for selecting the side-by-side deployment scenario: Infrastructure: This deployment requires an existing computer, intermediate storage space, and a destination computer. You can use the following tools to install Windows 7: Windows Setup (setup.exe) Windows images by using network share Windows Deployment Services (WDS)
3-16
Also consider using Windows AIK to assist in deploying Windows operating system. To migrate user settings and data, you can use the following tools: Windows Easy Transfer (WET) for small volume deployment User State Migration Tool (USMT) for large volume deployment
Budget: The side-by-side deployment scenario requires a new destination computer. This generates additional costs in replacing the existing computer hardware. The phase of the desktop: Because the side-by-side deployment scenario is typically used when replacing computers in the organization, the hardware life cycle of your computers is an important factor. Amount of interaction: This deployment method enables users to continue working while a new workstation is installed and configured. You can automate the deployment and minimize the user interaction by using the following tools: Answer file: To help configuring Windows settings during Windows installation. User State Migration Tool (USMT): To perform the migration for many computers.
State of user data: Because side-by-side deployment requires a reinstallation of applications on the destination computer, before you perform the deployment, identify which elements to migrate to the new computer. These elements include user accounts, application settings, operating system settings and file types, folders, and settings.
3-17
Scenario One
You work as a Desktop Administrator in a large corporation. The organization has a standardized computer environment, with most of the users running Windows XP operating systems and some running Windows Vista. You have Active Directory and all workstations are domain joined and centrally managed by Group Policy. All the computers have the latest updates and service packs installed. Your organization plans to deploy Windows 7 but you were told that there is no budget available to purchase new hardware for computers that are less than three years old. For computers more than three years old, the general organization policy applies and you can replace these computers. Your Human Resource Department has indicated that there were some new employees hired in the past couple of months, and there will be more in the next month. According to company policy, you can purchase new hardware for new employees, as needed.
3-18
Question: How might you determine the deployment scenarios in your organization?
Scenario Two
You work as a Desktop Administrator in a large corporation. Your organization has a standardized computer environment, with most of the users running Windows XP operating systems and some running Windows Vista. You have Active Directory and all workstations are domain-joined and centrally managed by Group Policy. All the computers are current with the latest updates and service packs installed. You have the budget to buy new computers for 50 managers, and have to reallocate the 50 older portable computers to new employees. All employees need to run Windows 7 since your organization is in the process of standardizing the computer environment. Question: How might you determine the deployment scenarios in your organization?
3-19
Lesson 3
There are many tools and strategies available for deploying operating systems. Microsoft Deployment Toolkit (MDT) 2010 is a unified set of tools and resources designed to simplify the complex and time-consuming process involved with deploying desktop and server software. It provides end-to-end process guidance, a common deployment console, and tools to automate deployment tasks. Some organizations have deployment processes that require extensive interaction from an administrator or end-user, whereas other organizations have their deployment tasks completely automated. With MDT 2010 and the integration with Microsoft System Center Configuration Manager 2007 (for ZTI), organizations can choose between Lite-Touch and Zero-Touch deployment methodologies to perform high-volume deployment.
3-20
Key Points
Lite-Touch deployment is a deployment methodology that requires light interaction from the administrator or a user who has administrator access to input customized information during deployment. It is a high-volume deployment strategy and is targeted for medium-sized organizations that have an information technology (IT) staff and sometimes use partners to help with technology adoption. Lite-Touch deployment is based on the Microsoft Deployment Toolkit (MDT) Lite Touch Installation (LTI) method. With LTI, you start the deployment on each computer and configure deployment settings. After that, the deployment is usually automated and requires no intervention.
3-21
3-22
Key Points
Lite-Touch deployment provides the following benefits: Limited interaction: Lite-Touch deployment requires limited interaction, only at the beginning of the installation. Consistent and standardized configurations: Lite-Touch deployment takes advantage of a standardized image. This means that all computers start in the same state. Fast deployment and streamlined maintenance: Lite-Touch deployment uses MDT capabilities to handle the installation of applications, device drivers, and updates, which simplifies the deployment process and reduces deployment time. Minimal infrastructure requirement: Lite-Touch deployment requires little investment. The minimum infrastructure requirement is a file server and a local area network, and most organizations already have these.
3-23
3-24
Key Points
The following list describes several considerations for Lite-Touch deployment strategy. Infrastructure: Lite-Touch deployment requires a managed network and a file server to store the Windows images. In addition, the following tools and technologies are available to assist Lite-Touch deployment: Microsoft Assessment and Planning Toolkit Microsoft Application Compatibility Toolkit Volume-licensed media Microsoft Deployment Toolkit Windows Automated Installation Kit User State Migration Tool Installation media or Windows Deployment Services to start the client computers during deployment.
3-25
Budget: Lite-Touch deployment requires no significant investment in additional hardware or software. IT department skill and deployment experience: Lite-Touch deployment can be scaled simply. This makes it a good choice for small and medium-sized organizations. Number of end-users and end-user experience: Lite-Touch deployment requires limited interaction at the beginning of installation. This can be done by the IT department or by technically knowledgeable users who can visit each computer to be deployed. In addition, Lite-Touch deployment is best suited for deployment scenarios of up to 500 client computers. Supported Deployment Scenario: Lite-Touch deployment supports the following deployment scenarios: new computer, upgrade computer, refresh computer, and replace computer.
3-26
Scenario
You work as a Desktop Administrator in a large corporation. Your team consists of an IT staff that is experienced in deploying the Windows XP operating system. Your organization has multiple offices around the country that are connected to the head office, some with high-speed network connections and other offices with fairly slow connections, with the slowest being a 256Kbps connection. There is at least one dedicated IT employee in every remote office. Your organization has a standardized computer environment, with most of the users running Windows XP operating systems, and some running Windows Vista. You have Active Directory and all workstations are domain joined and centrally managed by Group Policy. All the computers are current with the latest updates and service packs installed.
3-27
Your organization plans to deploy Windows 7, a project that will be driven from the head office. Currently, the organization does not have the infrastructure that supports System Center Configuration Manager. The Windows 7 image that aligns with the corporate standard has already been created on the MDT servers in the head office. You have to distribute this Windows 7 corporate image to all workstations in all offices nationwide. This corporate image is almost 7 GB. Your organization has already set aside sufficient budget for this deployment project to ensure the most efficient and effective deployment experience and future maintenance. Question: How do you determine the feasibility of using Lite-Touch deployment method to deploy Windows 7 to workstations in your head office and your remote offices, without bringing down the network at the same time?
3-28
Lesson 4
Zero-Touch deployment is primarily targeted toward enterprise-class organizations that have deployed network infrastructure prerequisites. These organizations can take advantage of robust deployment automation capabilities and can select whether any end-user involvement is required. Organizations that already have a rationalized or dynamic network environment can use Zero-Touch deployment, which uses automated deployment capabilities of the Microsoft Deployment Toolkit (MDT) 2010 Zero Touch Installation (ZTI).
3-29
Key Points
Zero-Touch deployment is a deployment methodology that requires no manual interaction during the installation process. Zero-Touch deployment builds upon many techniques and processes that are used for Lite-Touch deployment. It is a high-volume deployment strategy, which is targeted for large organizations that have dedicated IT staff that have expertise in deployment and networking. Zero-Touch deployment is based on Microsoft Deployment Toolkit (MDT) Zero Touch Installation (ZTI) method. ZTI requires System Center Configuration Manager 2007 SP2 to provide fully-automated deployment of the operating system and applications, without the need of user intervention.
3-30
With ZTI, you deploy operating systems from Configuration Manager distribution points. The installation process can be initiated by Configuration Manager. The Zero-Touch deployment process is initiated automatically, which eliminates the need to visit each computer.
3-31
Key Points
Zero-Touch deployment provides the following benefits: Full automation: Zero-Touch deployment requires no interaction, which means deployment is fully-automated. You spend more effort up front engineering the process, but overall deployment costs are less and deployment rates are much faster. Consistent and standardized configurations: Zero-Touch deployment takes advantage of standardized image, which means that all computers start in the same state. Fast deployment and streamlined maintenance: Zero-Touch deployment uses MDT and Configuration Manager capabilities to handle installation of applications, device drivers, and updates, which eases deployment process and reduces deployment time.
3-32
3-33
Key Points
The following list describes several considerations for Zero-Touch deployment strategy. Infrastructure: Zero-Touch deployment requires an in-place rationalized or dynamic network infrastructure, which includes the following: System Center Configuration Manager 2007 SP2: the primary foundation of the Zero-Touch deployment is the centralized management and infrastructure provided by System Center Configuration Manager 2007 SP2. Windows Deployment Services (WDS): this engine can be used by specific operating system deployment scenarios that are managed by Configuration Manager.
3-34
Active Directory Domain Services (AD DS): this is used by clients to find Configuration Manager management points and to store metadata related to WDS. In addition, several network services such as Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) are required to support ZTI. Network bandwidth: the target computers must have a high-speed, persistent connection to the servers used in the deployment process.
In addition, Zero-Touch deployment also offers several other tools and technologies: Microsoft Assessment and Planning Toolkit Microsoft Application Compatibility Toolkit Volume-licensed media Microsoft Deployment Toolkit Windows Automated Installation Kit User State Migration Tool
Budget: The cost for a Zero-Touch deployment, based on a rationalized or dynamic automation environment, is at first higher than other methods. Costs associated with a Zero-Touch deployment include implementing the infrastructure required and training for the IT staff. IT department skill and deployment experience: Zero-Touch deployment requires the IT department to have expertise in deployment, networking, and familiarity with Configuration Manager. Number of end-users and end-users skill: Zero-Touch deployment requires no interaction during the installation process. Therefore, technical knowledge is not required from the end-users. Supported Deployment Scenario: Zero-Touch deployment does not support the upgrade computer scenario.
3-35
You work as a Desktop Administrator in a large corporation. Your team consists of IT staff that has experience in deploying Windows XP operating system. Your organization has multiple offices around the country that are connected to the head office, some with high-speed network connections and others with fairly slow connections, with the slowest being 256Kbps connection. There is at least one dedicated IT staff in every remote office. Your organization has a standardized computer environment, with most of the users running Windows XP operating systems, and some running Windows Vista. You have Active Directory and all workstations are domain joined and centrally managed by Group Policy. All the computers are current with the latest updates and service packs installed.
3-36
Your organization plans to deploy Windows 7, a project that will be driven from the head office. Currently, the organization does not have the infrastructure that supports System Center Configuration Manager. The Windows 7 image that aligns with the corporate standard has already been created on the MDT servers in the head office. You have to distribute this Windows 7 corporate image to all workstations in all offices nationwide. This corporate image is almost 7 GB. Your organization has already set aside sufficient budget for this deployment project to ensure that the most efficient and effective deployment experience and future maintenance. Question: How do you determine the feasibility of using Zero-Touch deployment method to deploy Windows 7 to workstations in your head office and your remote offices, without bringing down the network at the same time?
3-37
Bobby Moore, the manager of the Production department, wants to replace his existing Windows Vista workstations with Windows 7. You are tasked with creating the documents that detail the steps required to enable this deployment. You have been liaising with Charlotte Weiss in the IT Department for more information.
3-38
3-39
Supporting Documentation
E-mail thread of correspondence with Charlotte:
Ed Meadows
From: Sent: To: Subject: Hey Ed, That plant is fairly small, and it is located on the edge of Slough. The computers there all have static IP addresses as there is no DHCP provision. They have a single server that is running Windows Server 2008, configured as an RODC. The link to the head office in London is sometimes down, so it helps facilitate logons. That server also hosts all shared data. I hope that helps. Regards, Charlotte. ----- Original Message ----From: Ed Meadows [ed@contoso.com] Sent: 28 June 2009 10:52 To: Charlotte@contoso.com Subject: Network Services Hi Charlotte, As you may be aware, Bobby Moore wants us to come up with a plan for upgrading/migrating his Windows Vista computers throughout the Production department. Initially, he is talking about around ten computers in the production plant over at Slough. Can you please advise what network services we have in-place over there? Thanks, Ed Charlotte Weiss [charlotte@contoso.com] 28 June 2009 11:01 ed@contoso.com Re: Network Services
3-40
Ed Meadows
From: Sent: To: Subject: Hey Ed, Well, the departmental and corporate information is on the server, but the users Documents folder is not redirected; it is all local. Regarding custom applications, the whole of production uses a number of custom apps. At Slough, these applications are installed on some of the workstations, but not all. All workstations are installed with the standard office productivity suite: Excel, Word, and some with PowerPoint. If you need anything else, let me know. Charlotte. ----- Original Message ----From: Ed Meadows [ed@contoso.com] Sent: 15 July 2009 09:30 To: Charlotte@contoso.com Subject: Slough plant upgrade Hi Charlotte, You mentioned in the last email that Slough has a file server for shared data. What about user data, and I am especially thinking about application settings (custom dictionaries, email folders, and the like), and any other personal information? What I am concerned about, is how to deal with user data during the upgrade/migration, depending on the way we decide to go. Oh, and one other thing. Do you know if there are any custom applications installed at Slough? Thanks, Ed Charlotte Weiss [charlotte@contoso.com] 15 July 2009 09:51 ed@contoso.com Re: Slough plant upgrade
3-41
Slough Production Plant: Windows 7 Upgrade Proposal Document Reference Number: EM3007 Document Author Date Ed Meadows July 30
Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the Slough production plant. To migrate applications and user data during the upgrade process. Additional Information There are ten computers currently running Windows Vista at the Slough plant. The staff at Slough works in three shifts. This means that at some point in the day, all computers are not being used. 1. Is deployment by using WDS suitable in this situation? Why or why not?
2.
3.
4.
5.
How would you propose to handle user state data and application settings?
3-42
(continued)
Slough Production Plant: Windows 7 Upgrade Proposal Proposals
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Slough Production Plant: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal must include details about the specific services needed to support your deployment method. Where appropriate, the proposal must also include details about answer files, images, and other related material.
Results: After this exercise, you will have a proposal to present to Bobby Moore for the Slough Production Plant Windows 7 upgrade.
3-43
3-44
Supporting Documentation
E-mail thread of correspondence with Charlotte:
Ed Meadows
From: Sent: To: Subject: Attachment: Ed, Hammersmith has a larger number of workstations but there is an opportunity here. Unlike Slough, these machines are quite old and are due for replacement in the coming months. If we are going to be deploying a new OS, perhaps we can bring that replacement forward? Regarding applications, due to the reasonable link between Hammersmith and the head office, most settings are managed through Group Policy including application deployment. Having said that, most user-state data is still local we have not configured any folder redirection policies. To help with the infrastructure questions, I have attached a Visio diagram of Hammersmiths network in addition to a description of the services provided there. If you need anything else, ping me. Charlotte. ----- Original Message ----From: Ed Meadows [ed@contoso.com] Sent: 4 August 19:03 To: Charlotte@contoso.com Subject: Hammersmith Charlotte, Thanks for getting Slough operational. Quick work! I have just heard from Bobby again. He wants to get Hammersmith upgraded as soon as possible. What can you tell me about the infrastructure there? Also, as with last time anything I need to know about the applications deployed there, and the location of user-related data? Charlotte Weiss [charlotte@contoso.com] 5 August 2009 08:10 ed@contoso.com Re: Hammersmith Hammersmith.doc; Hammersmith.vsd
Ed
3-45
Contents of Hammersmith.doc: Twenty-five workstation computers installed with Windows Vista Enterprise edition. A single network printer is required. Windows Server 2008 Enterprise Edition (Server Core) deployed with the following roles: Domain Controller/Global Catalog DNS DHCP single scope to allocate addresses in the appropriate subnet. DFS-R used to distribute SYSVOL and the standard office applications. Shared folders used to store departmental data.
3-46
Hammersmith Production Plant: Windows 7 Upgrade Proposal Document Reference Number: EM1008 Document Author Date Ed Meadows August 10
Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the Hammersmith production plant. To ensure that user data is migrated as part of the upgrade process. To ensure that there is minimal downtime of the workstations at the Hammersmith plant, they are in constant use. Additional Information There are 25 computers running Windows Vista at the Hammersmith plant. The computers at Hammersmith are in constant use. 1. Is deployment by using WDS suitable in this situation? Why or why not?
2.
3.
4.
How would you propose to handle user state data and application settings?
3-47
(continued)
Hammersmith Production Plant: Windows 7 Upgrade Proposal Proposals
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Hammersmith Production Plant: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal must include details about the specific services that you need to support your deployment method. Where appropriate, the proposal must also include details about answer files, images, and other related material.
Results: After this exercise, you will have a proposal to present to Bobby Moore for the Hammersmith Production Plant Windows 7 upgrade.
3-48
3-49
Supporting Documentation
E-mail thread of correspondence with Charlotte:
Ed Meadows
From: Sent: To: Subject: Attachment: Ed, Thanks and it was my pleasure. With regard to Reading, I have attached a couple of files you might find useful. There are lots of workstations, but all are a standard configuration. They work in three shifts down at Reading, so we need to think of a way of quickly deploying to the available computers during their respective downtime. Let me know if you need more information than the attachments provide. User data and settings are stored locally. Charlotte. ----- Original Message ----From: Ed Meadows [ed@contoso.com] Sent: 15 August 10:15 To: Charlotte@contoso.com Subject: Reading upgrades Charlotte, Good work down at Hammersmith! Bobby wants to complete the departmental upgrade. It is all at one site: Reading, or just outside Reading. Before I can complete the plan, I need to know a little more about the site. How many computers are located there? What network services are available? It might be nice if we can go for a little less of a hands-on approach with this deployment. Also, I do not know how much information you have on the location of user related data and settings. Thanks in advance, Charlotte Weiss [charlotte@contoso.com] 15 August 11:59 ed@contoso.com Re: Reading upgrades Reading.doc; Reading.vsd
Ed
3-50
Contents of Reading.doc: One hundred and fifty workstation computers installed with Windows Vista Enterprise in one of three subnets. A single network printer is provided in each subnet. Fundamental network services are provided on a backbone, including DHCP, DFS with replication from head office, DNS, and there is a local DC/GC. Each subnet hosts a Windows Server 2008 Enterprise Edition (Server Core) server deployed with the following roles: File Services Application Server
3-51
Production Department: Windows 7 Upgrade Proposal Document Reference Number: EM0109 Document Author Date Ed Meadows September 1
Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the rest of the production department based at the Reading plant. Additional Information There are 150 computers running Windows Vista at the Reading plant. At any time, around one third of all computers are not in use. The computers are all in one of three subnets, with core services on the backbone. Each subnet has its own file server that hosts shared data and applications. 1. Is deployment by using WDS suitable in this situation? Why or why not?
2.
3.
4.
How would you propose to handle user state data and application settings?
3-52
(continued)
Production Department: Windows 7 Upgrade Proposal Proposals
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Production Department: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal must include details about the specific services needed to support your deployment method. Where appropriate, the proposal must also include details about answer files, images, and other related material.
Results: After this exercise, you will have a proposal to present to Bobby Moore for the Production Department Windows 7 upgrade.
3-53
3-54
Supporting Documentation
E-mail thread of correspondence with Ryan Ihrig:
Ed Meadows
From: Sent: To: Subject: Attachment: Hi Ed, The best I can do is send over the network documentation. It is attached to this message. It will answer all of your questions. Regarding the applications, all workstations in each department has a standardized build, although the build varies from department to department. Finally, in terms of user data, we use folder redirection to store user settings and data onto the appropriate server; there is no user data stored locally. Ryan. ----- Original Message ----From: Ed Meadows [ed@contoso.com] Sent: 1 December 2009 17:55 To: Ryan@contoso.com Subject: Contoso Windows 7 upgrade Ryan, I have been working with Charlotte on a project to upgrade the computers in the Production department. We now need to upgrade the rest of the computers in Contoso, and I understand that you head up the support team at Kensington. I need to know what network infrastructure we have there so I can determine the appropriate deployment method. I also need an idea of how the workstations are distributed around the network. Finally, can you provide information about the applications on each computer and information about where user data resides, in other words, locally or on a server? Ryan Ihrig [Ryan@contoso.com] 2 December 2009 08:50 ed@contoso.com Re: Contoso Windows 7 upgrade Kensington.doc; Kensington.vsd
Many thanks, Ed
3-55
Contents of Kensington.doc: Each floor of the head office consists of two VLANs, each with 75 workstations. All workstations are connected to an Ethernet switch, and each VLAN has a Windows Server 2008 Enterprise Edition (Server Core) file server to support local data and applications. There are ten floors in the building, so that is approximately 1,500 workstation computers. To provide for core infrastructure services, there are four domain Windows Server 2008 Enterprise edition servers that provide the following services: DHCP DNS AD-DS, Global Catalog AD-CS DFS-R
In addition, there are two Windows Server 2008 Enterprise Edition (Server Core) servers installed with the Hyper-V role to support additional corporate services. There are three departments in Kensington: IT, Marketing, and Research. Contoso occupy the bottom two floors, Marketing is on the top four floors, and the rest of the floors are occupied by Research. Applications are deployed as part of a thick operating system build; those applications that fall outside of the scope of this departmental build are deployed using an Organizational Unit-based Group Policy Object (OU-based GPO). All user data is stored on local file servers by using folder redirection settings from GPOs. All workstations support PXE-boot. Kensington.vsd partial network diagram:
3-56
Contoso: Windows 7 Upgrade Proposal Document Reference Number: EM1712 Document Author Date Ed Meadows December 17
Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the Contoso organization. To deploy applications as part of the upgrade and ensure that all user data and settings are accessible after the upgrade. Additional Information There are 1,500 computers running Windows Vista at the Kensington head office. The staff at Kensington usually works standard office hours 9.00 a.m. until 5.30 p.m. 1. Do you envisage using deployment images?
2.
3.
4.
5.
How would you propose to handle user state data and application settings?
3-57
(continued)
Contoso: Windows 7 Upgrade Proposal Proposals
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Contoso: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal must include details about the specific services needed to support your deployment method. Where appropriate, the proposal must also include details about answer files, images, and other related material.
Results: After this exercise, you will have a proposal to present to the board for the Contoso Windows 7 upgrade.
3-58
Tools
Tool Microsoft Deployment Toolkit (MDT) 2010 Use for Where to find it Microsoft Download Center
3-59
(continued)
Tool Windows Deployment Services Use for Deploying Windows over the network Where to find it Microsoft Download Center for Windows Server 2003 SP1 Server Role in Windows Server 2008 and Windows Server 2008 R2 Microsoft Assessment and Planning Toolkit Application Compatibility Toolkit Assessing organization readiness for Windows 7 Inventorying and analyzing organization application compatibility Supporting the deployment of Windows operating system Microsoft Download Center Microsoft Download Center
Windows Automated Installation Kit (Windows AIK) User State Migration Tool Windows Easy Transfer (WET)
Migrating user settings and data for a large number of computers Migrating user settings and data in side-by-side migration for a single or a few computers
Windows AIK
4-1
Module 4
Designing Standard Windows 7 Images
Contents:
Lesson 1: Overview of Windows 7 Installation Architecture Lesson 2: Overview of Imaging Process Lesson 3: Determining the Image Strategy Lesson 4: Selecting the Image Servicing Methods Lab: Determining the Windows 7 Imaging Strategy 4-3 4-16 4-23 4-42 4-49
4-2
Module Overview
Similar to Windows Vista, the Windows 7 setup process relies on image-based installation architecture. This architecture consists of deployment tools and technologies to assist with customizing and deploying Windows 7 throughout the organization. Using these tools, organizations can configure an effective computer imaging and deployment methodology provides a safe and standardized Microsoft Windows desktop environment. This module explains the underlying architecture of the computer imaging system that you can use to create and deploy a custom image of a Windows 7 desktop. It also discusses the different phases of the imaging process and how to determine imaging strategy and image servicing opportunities in Windows 7.
4-3
Lesson 1
Many organizations use an image-based model to deploy desktop operating systems. After you install and configure a reference computer, most imaging solutions capture an image based on a sector-by-sector copy of the reference computer. This technology, though effective, has some disadvantages. The Windows 7 setup process relies on image-based installation architecture. This is modularized such that the setup files are composed of multiple elements instead of a single file. Modularization is advantageous because additional features, such as image servicing for example, can be plugged into the operating system. The Windows 7 installation architecture consists of a collection of deployment tools and technologies compiled in the Windows Automated Installation Kit (Windows AIK). By using these tools you can provide a safe and standardized deployment of the Microsoft Windows desktop environment.
4-4
Key Points
Windows 7 has a unique setup and imaging process that addresses the deployment challenges of earlier operating systems. Deploying a Windows 7 image is based on the following major elements: Windows Imaging (WIM) file format: This is a file-based image format used to deploy Windows operating systems. Tools to create and manage WIM files: Windows 7 provides different kinds of tools to create and manage a WIM file. The primary tools for creating and managing a WIM file are ImageX and Deployment Image Servicing and Management (DISM). Both are included in Windows AIK.
4-5
Imaging application programming interface (API): Windows 7 uses an API named WIMGAPI that provides the layer to programmatically access and manipulate WIM files. (Tools such as ImageX and DISM use the WIMGAPI to manipulate WIM files.) Enabling technologies: This includes the Windows Imaging File System Filter (WIM FS Filter), and the WIM boot filter. The WIM FS Filter enables users to mount and browse the WIM as a file system. The WIM boot filter enables users to start a computer from a Windows Preinstallation Environment (Windows PE) image in a WIM file.
4-6
Key Points
The Windows Imaging File format (WIM) file is a file-based disk image format introduced in Windows Vista. WIM files are compressed packages that contain some related files or resources that you use to install Windows 7.
4-7
Lookup Table contains the memory location of resource files in the .wim file. XML Data contains additional miscellaneous data about the WIM image, such as directory and file counts, total bytes, creation and modification times, and description information. Integrity Table contains security hash information that is used to verify the images integrity during an apply operation.
4-8
Key Points
WIM addresses many challenges experienced with other imaging formats. The benefits of WIM file format include the following: A single WIM file can address different hardware configurations. Therefore, you only one image to address the different hardware configurations. WIM can store multiple images in a single file, which helps you store images with and without core applications in a single image file. WIM reduces the size of image files significantly by enabling compression and single instancing. WIM enables you to service an image offline. You can add or remove certain operating system elements, files, updates, and drivers without creating a new image. WIM enables you to install an image on a partition that is smaller, equal to, or bigger than the original partition that was captured, as long as the target partition has sufficient space to store the image content.
4-9
WIM image format WIMGAPI provides developers with a layer that can be used to access and change the WIM image files. WIM allows for nondestructive image deployment. Therefore, you can leave data on the volume where you apply the image, because when the image is applied, it does not delete the disks existing contents. WIM enables you to start Windows PE from a WIM file.
4-10
Key Points
One of the complicating factors of using a sector-based disk-imaging system is that adding new hardware, language packs, updates, and drivers usually requires creating a new disk image. When a critical fix appears, updating multiple images and testing each of them is costly and time-consuming. Modularization provides the following benefits: Device drivers and updates can be added to the image file used to deploy Windows 7. You can do this offline, without deploying the image on a computer. You can customize some optional Windows 7 elements to your specific requirements. When Microsoft releases an update for one of the elements, you can update just that feature in the installation image without re-creating the whole image. You can deploy multiple Windows 7 language versions with a single image file.
4-11
The Windows 7 imaging and deployment platform incorporates a single operating system image, answer files, and a collection of imaging and deployment tools. The following list provides a brief overview of core technologies in Windows 7 Imaging and Deployment Platform, in addition to the WIM file format: Windows System Image Manager (Windows SIM): Use this to create unattended installation answer files and distribution shares, or change the files that are contained in a configuration set. Answer files: This is an XML file that stores the answers for a series of graphical user interface (GUI) dialog boxes. Windows Setup: This is a program that installs the Windows operating system or upgrades previous Windows operating system versions. Windows Preinstallation Environment (Windows PE): This is a minimal operating system that prepares a computer for Windows installation. Sysprep: This is a command-line tool that is used to prepare a Windows installation for imaging, system testing, or delivery to end-users.
4-12
Diskpart: This is a command-line tool used to configure hard-disk objects, such as disks, partitions, or volumes. Windows Deployment Services (WDS): This is a server-based deployment solution that enables you to set up new client computers over the network. ImageX: This is a command line tool that enables you to capture, change, and apply WIM images for rapid operating system deployment. Deployment Image Servicing and Management (DISM): This is a commandline tool used to service Windows images.
4-13
Key Points
Configuration passes are the phases of a Windows installation, during which you can customize an image. These phases determine the appropriate modifications that you can make at each point in the installation process. This is the key to developing your Windows deployment strategy when you are deploying using setup.exe or performing/configuring sysprep. (When you image using ImageX, no configuration pass is applied.) When creating an answer file, you specify the setting that you want to apply during a specific configuration pass. Different settings can be processed during different phases of Windows Setup.
4-14
The following table describes the modifications that you can perform in each configuration pass.
Configuration Pass windowsPE Description Configures Windows PE options and basic Windows Setup options. Use to apply updates, packages, and other security updates to a Windows image. Use to create and configure information in the Windows image, and is specific to the hardware that the Windows image is installing to. Enables you to minimally configure sysprep /generalize, and configure other Windows settings that must persist on your reference image. Processes unattended Setup settings while Windows is running in system context, before a user logs on to the computer in audit mode. Processes unattended Setup settings after a user logs on to the computer in audit mode. Use to apply settings to Windows before Windows Welcome starts.
offline Servicing
specialize
generalize
auditSystem
auditUser
oobeSystem
4-15
5. 6.
After Windows Setup Is Finished, you can make additional modifications to the system. When you complete your modifications, run sysprep /generalize /audit /reboot to run the generalize pass and remove any system-specific data. This command also configures Windows to run audit mode on the next start. This Windows installation is ready to be captured as an image. The image then becomes your reference image that you save and then install on computers of the same configuration.
7.
4-16
Lesson 2
Before deploying Windows 7 operating system, identify the high-level steps in the Microsoft Deployment process. These high-level steps encapsulate the imaging process of Windows deployment.
4-17
Key Points
There are five high-level phases in the Microsoft deployment process. They are as follows: Envisioning phase: this is the stage of the project when you conduct your initial thinking and project planning. This phase ends with the scope of the project defined. Planning phase: This is the stage of the project when you make several decisions. This includes which strategies, scenarios, and methods you will use. This phase ends with the identification of the deployment scope and objectives. Typically, by the end of this stage, the build lab has also been created. Developing phase: This is the stage of the project when most technical work is done. This typically involves building and creating images. This phase ends with the images captured and ready for testing.
4-18
Stabilizing phase: This is the stage of the project when testing the images in the test environment occurs. This phase ends with all the images tested and ready to be deployed. Deploying phase: This is the stage of the project when you conduct the actual deployment. This phase ends with completion of the deployment based on the project scope defined in the beginning of the project.
The imaging process, also known as image engineering process, typically focuses on the planning, developing, and stabilizing phase.
4-19
Key Points
The primary focus of the planning phase is to select the appropriate imaging scenarios and methods. The secondary focus is to add sources to the imaging application or server. Typically, the planning phase involves the following tasks: Select an image strategy: Most of the work in this task is to determine what kind of images to be created. There are three image strategies to select: thick, thin, and hybrid. Prepare the build lab: This involves installing the Deployment Workbench and adding sources to the distribution share. These sources may include boot images, drivers, packages, or operating systems.
When you have defined the deployment scope and objectives, together with the image strategy, and prepared the build lab, you are ready to move to the next phase of the deployment project.
4-20
Key Points
The focus of the developing phase is to develop the build processes and create images to be used in the imaging environment. The developing phase involves the following tasks: Populate the imaging application: You can add applications to the distribution share, including hardware-specific applications, and specify dependencies between applications, including platform-specific requirements. Configure builds and packages: Builds and packages operating system and application configurations that include an unattended setup answer file and task sequence. You can use Windows SIM to create answer files and configure task sequences in Deployment Workbench.
4-21
Configure deployment points: Deployment points are the originating locations where images and packages are deployed. The Deployment Workbench defines specific types of deployment points to use in the imaging process. Capture operating system images: The captured images can then be used for customization and deployment.
Completion of the developing phase is marked with the captured images ready for testing.
4-22
Key Points
You can use the stabilizing phase to test all the images in the test environment and to verify that they are consistent and will work correctly in the production environment. You need to have a test lab and images ready to test before beginning this phase of the project. The stabilizing phase involves the following tasks: Perform lab tests and pilot imaging before you deploy to the production environment, verify the imaging process in test labs by conducting pilot imaging. In this phase, user acceptance testing and application verification must be performed. Prepare for deployment once the images are tested, you can prepare for the actual deployment. Typically, a pilot deployment is rolled out, targeting a small, representative population of users in the production environment.
At the end of the stabilizing phase, you will have completed the pilot imaging process, tested all images (including driver packages and applications), and be ready for the deployment.
4-23
Lesson 3
The goal of most organizations is to have a standard configuration that is based on a common image for each version of the operating system. Ideally, you use a common image and apply it to any computer, in any region, at any time, and then customize that image to provide specific services to users. In reality, most organizations build and maintain many images, sometimes up to 100 images. The following list describes costs associated with building, maintaining, and deploying images: Development costs include creating a well-engineered image that improves security and reliability, and creates a predictable, flexible, work environment. Test costs include testing time and labor costs for the standard image and applications, and also the development time that is required to stabilize disk images.
4-24
Storage costs include storage of the distribution points, disk images, migration data, and backup images. Network costs include moving images to distribution points and to computers.
When organizations determine their image strategy, one of the main objectives can be to reduce the number of images they have to maintain. They can do this by making disciplined hardware purchases, use advanced scripting techniques and implementing enterprise deployment solutions with supporting software distribution infrastructure to deploy operating systems, applications, and updates.
4-25
Types of Images
Key Points
During the planning phase of a deployment project, you need to determine whether to create: a thick image, thin image, or hybrid image. How you will deploy applications differs, depending on the strategy you selected. Thick image: thick images are monolithic images that contain core applications, language packs, and other files. Advantages: Thick images can be deployed in a single step. They can also be less costly to develop, because advanced scripting techniques are frequently not required and because thick images are typically quicker to develop and deploy. Disadvantages: Thick images involve maintenance, storage, and network costs and deployment is not as flexible. In addition, you have to rebuild, retest, and redistribute the image every time there is a new version of an application or language pack.
4-26
Thin Image: Thin images contain few, if any, core applications or language packs. Organizations deploy applications and language packs separately from the image, outside operating system deployment. Advantages: Thin images cost less to build, maintain, and test. In addition, network and storage costs associated with the disk image are reduced because the image file is physically smaller. Thin images also provide far more flexibility. Disadvantages: Thin images can be more complex to develop at first and frequently require scripting and a software distribution infrastructure to deploy applications and language packs. This also means that core applications and language packs are not available when the end-user first starts the computer.
Hybrid Image: Hybrid images mix thin and thick image strategies. In a hybrid image, the image is configured so that applications and language packs are installed at the first start. The user experiences this in a manner similar to that of a thick image, even though the applications and language packs are installed from a network source. Advantages: Hybrid images have the advantages of thin images, but they are not as complex to build and do not require a software distribution infrastructure. Disadvantages: Hybrid images require longer installation time than thin images. This can raise initial deployment costs. If you decide to build hybrid images, store applications and language packs on the network and include the commands to install them when the images are deployed. This process differs from installing the applications and language packs in the image itself.
Alternative Strategy: An alternative strategy is to build one-off thick images from a thin image. You can do this by first building a reference thin image. Then, after the thin image is tested, add core applications and language packs, capture them, test them, and distribute a thick image based on the thin image.
4-27
Key Points
An image strategy has several key elements: Type of images: Most elements are closely related to the kinds of images you are creating, whether you use a thick, thin, or hybrid image strategy. Image maintenance, or how long you plan to maintain your image, will influence the kind of image that you create. Number of images: Different versions and editions of operating systems frequently result in the creation and subsequent maintenance of multiple images. Number of WIM files: Multiple images can be stored in one actual WIM file.
4-28
Preconfigured Settings in an Image: Depending on your organization policy, you can preconfigure settings in your image so that every installation is standardized. Additional Operating System Elements: Operating system elements such as drivers, updates, and language packs can be added to an image. During the deployment process, you can determine which language packs to preserve on the computer and also remove the unwanted language packs.
4-29
Key Points
As the size of image files increase, costs increase. Consider the following factors when designing the image strategy: Geographical distribution of the clients: If the clients are well separated, the network cost of distributing the images may be high. If this is the scenario, a thin image strategy may be more helpful. Function specific client requirements: How aligned the department requirements are in your organization can also determine which strategy you use to create an image. For example, if your Sales department requires custom applications preinstalled, and your Finance department requires additional security precautions, you might end-up having several images with different preconfigured operating system elements to fulfill these requirements. Dual boot option: There may be a need for some users to have multiple operating systems in one computer. (You can explore the use of VHD with native boot or MED-V and Windows XP boot options, which can be used to work with previous versions of operating system applications.)
4-30
Current client and network infrastructure: This affects the network and storage cost of the images. How many clients, how they are located, and the current network infrastructure influence the way you create your images. For example, if many clients are located remotely with slow or no network connection, you must consider reducing the image size or using deployment media to deploy the images. Administrative considerations: You have to balance what you put into your images. Operating system settings that can be implemented using group policy is better managed in that manner, therefore reducing the customization in your images. However, settings that cannot be implemented using group policy must be enforced and incorporated into the images. These may include custom application settings, driver configurations and customized help, and support. Reducing different customized settings is the key to reducing the number of images you need to maintain.
4-31
Key Points
All installations of Windows 7 contain at least one language pack and languageneutral binaries that make up the core operating system. Language packs contain resources that are specific to a particular language and are used to localize the user interface (UI). There are two multilingual deployment scenarios: Deploying an image that contains multiple languages, but only one language is activated as the default: Most licensing requirements state that Windows 7 can include only a single language, with the exception of Windows 7 Ultimate and Windows 7 Enterprise. Besides these two editions, the remaining Windows 7 editions are known as single-language editions. Deploying a multilingual image that lets the user switch between different languages: Windows 7 Ultimate and Enterprise editions are multilingual editions that can include multiple languages.
4-32
When planning a multilingual deployment, you must understand which multilingual deployment scenario is best to implement. Also, it is beneficial to know the different kinds of language packs available and how they differ.
4-33
Key Points
You must include drivers for devices that you support in your organization. These devices can include network adapters, display adapters, and peripherals such as printers and scanners.
4-34
Driver Management
Consider the following when managing your drivers: If you are adding multiple drivers, create separate folders for each driver or driver category. If all drivers in the specified directory and subdirectory are added to the image, manage the answer file or your DISM commands and these directories carefully to address concerns about increasing the size of the image with unnecessary driver packages. If it is not practical to manage your driver shares so that only the required drivers are added to your image, you can add non-boot-critical drivers online by calling the Driver Package Installer (DPInst). DPInst selectively installs non-boot-critical drivers only if the hardware is present, or if the driver package is a better match for the device.
Adding Drivers
You can add device drivers to a Windows image during various phases of deployment. They can be added offline while the Windows image is offline or while the operating system is running. When a driver is added to an offline image, it is either staged or reflected in the image: Non-boot-critical drivers are staged. They are added to the driver store of the offline image. When the computer is started, Plug and Play (PnP) will detect the driver and complete the installation. Boot-critical drivers are reflected on the system. The critical device database (CDDB) and the registry will be changed, and files will be copied to the system according to what is specified in the .inf file.
4-35
Key Points
You can install additional applications on the Windows image, or you can install them during unattended installation. If you install applications on the Windows image, you can make sure that all computers include the application. However, this may result in bigger image size and users having to install applications that they may not need. If you decide not to include applications in your images and select to create thin images, there are several ways you can make applications available to be installed during an unattended installation: In networked environments, you can create a distribution share. Distribution shares are Universal Naming Convention (UNC) paths located on a network drive. This can be accessed by a destination computer during Windows Setup. In non-networked environments, or in environments where you only have a subset of the content located on a distribution share, you can create a configuration set. A configuration set copies all the applications and drivers referenced by a distribution share to media, such as a USB flash drive (UFD).
4-36
Create a data .WIM file that contains all the applications, drivers, and other resources that you want available on the destination computer. During unattended installation, you can configure the data .WIM file to be applied to the Windows installation. This only provides the installation files and the actual installation still needs to take place. A data WIM file does not ensure applications are installed or run correctly.
Categorizing the applications helps the organization select the applications for the image and also gives a view of all the applications and where the organization must focus on which applications must be available when the image becomes active.
4-37
4-38
Key Points
When developing an image, ensure that all critical security updates are included in the image so that computers deployed with the image are as current as possible. There are a few options to apply updates and determine how you add updates to your images. The different approaches to add updates are: Slipstreaming updates to the install source Adding updates to a master image Adding updates post deployment
4-39
The advantage is that all images created from your updated installation source will be protected from known security exploits. The image building process is faster because all security updates are installed before building the image. The disadvantage is that the integration of the security updates may take some effort. In addition, it may not be obvious which updates can be integrated, as some have to be installed as part of the unattended build process.
4-40
The following list outlines several best practices for image-based deployment: Use a single image strategy to reduce the number of images to maintain and service. In Windows 7, you can take advantage of the redesigned Windows imaging and Windows edition-servicing commands, which supports changing one edition of Windows 7 to a higher edition within the same edition family. Use a multilingual strategy to add multiple language packs to your image to reduce the number of language-specific images that you support. Run the sysprep /generalize command when preparing the Windows image to be captured, even if all computers have the same hardware configuration. The sysprep/generalize command removes unique information from your Windows installation, which enables you to reuse that image on different computers. Do not deploy the default image (install.wim) file that is included with the Windows product DVD directly by using ImageX. You can use the default image only with Windows Setup (setup.exe).
4-41
Use the imagex /flags option when capturing a Windows image to create the metadata to apply to the image that you are capturing. If storing more than one Windows image in a .wim file, you must specify the correct metadata setting in your unattended answer file. For example, if you maintain a single .wim file that has multiple Windows images for different editions and architecture types, you can use the Metadata setting to specify the exact Windows image to install.
Do not duplicate features for different architecture types in an answer file, if you are performing cross-platform deployments. If there are multiple features that apply to different architecture types in an answer file, there may be instances when the settings in the features are applied one or more times, or are incorrectly applied. Create architecture-specific settings for each configuration pass in an answer file for cross-platform deployments. For example, for a 32-bit preinstallation environment and a 64-bit destination computer, you specify only x86-based features in the windowsPE configuration pass, and x64-based features in all other configuration passes.
4-42
Lesson 4
After you create and capture the Windows image from the reference computer, store the image on the server for the actual deployment. Sometimes, you may have to service the stored images to keep them current with updates and fixes. Servicing the image involves adding or removing packages, drivers, modifying language settings, enabling or disabling Windows features, and upgrading to a newer edition of Windows.
4-43
Key Points
Images are serviced because this ensures that they are have the latest updates and fixes, that they conform to new organizational policies, support new devices or hardware, and that they align with changes in deployment strategies. Examples of common image servicing scenarios are as follows: Add out-of-box or boot critical drivers to support new hardware Add operating system updates, such as hot fixes and Windows features Add or remove a language pack and configure international settings
4-44
Servicing an image by using Windows setup involves providing an answer file (Unattend.xml) that Windows Setup uses. Servicing a running operating system (online servicing) involves starting up Windows in audit mode and adding drivers, applications, and other packages.
During automated
installation (Windows Setup) by using unattended answer file.
4-45
Key Points
Most servicing and management operations can be performed on an offline Windows 7 image by using the Deployment Image Servicing and Management (DISM) command-line tool. DISM extends the offline servicing functionality to include the ability to add and remove drivers without using an unattended answer file, enumerate drivers and packages, modify configuration settings, and more. Two scenarios where you can use offline servicing are as follows: Mount scenario: Done at a technician computer to maintain master images. In this scenario, you use DISM to mount and service the image. Apply scenario: Done at the destination computer during deployment. In this scenario, you use ImageX to apply the image and then use DISM to service the image.
4-46
4-47
Online servicing (on a running operating system) is conducted in audit mode and bypasses Windows Welcome. Audit mode allows you to make additional changes and configurations to a Windows installation before shipping the computer to its final destination. After starting in audit mode, you can verify and take inventory of the image, add plug and play device drivers, install applications and system features, and test the validity of the installation. In addition, online servicing can be used to add service packs while the operating system is running.
4-48
4-49
4-50
Job Aid
You might find the following job aid useful when determining the appropriate imaging strategy.
4-51
4-52
Supporting Documentation
E-mail thread of correspondence with Bobby Moore:
Charlotte Weiss
From: Sent: To: Subject: Charlotte, You are right that many of the computers have an identical build, but not all. Within the 25 computers at the plant, there are several distinct builds. Although application maintenance is done with GPOs, the line speed to the head office has proved inadequate for large application installations. It might be worth having a word with Ryan Ihrig at Kensington for the technical details. I have copied him in on this. I hope that helps. Regards Bobby. ----- Original Message ----From: Charlotte Weiss [charlotte@contoso.com] Sent: 12 August 2009 08:42 To: bobby@contoso.com Subject: Hammersmith Upgrade: Images Bobby, As you know, we are planning to upgrade the Hammersmith plant computers to Windows 7. The new workstations are arriving next week. Can you help me understand what applications are installed on which computers? The way I remember it, they were all identical and all applications are being deployed with GPOs. Can you confirm this? Thanks, Charlotte Bobby Moore [bobby@contoso.com] 12 August 2009 10:35 charlotte@contoso.com; ryan@contoso.com Re: Hammersmith Upgrade: Images
4-53
Charlotte Weiss
From: Sent: To: Subject: Charlotte, Bobby is correct; the line speed and reliability prohibit excessive use of GPOs for managing applications. At Hammersmith, they use Microsoft Office 2007 Professional on all computers. They also use a custom design program on about half of the machines. In addition, some of the computers also use some plant management software that runs in a VM; it is quite old, and the VM provides a DOS/Windows 3 environment that enables it to run. One other thing: Hammersmith is rather pressed for storage; their Server Core box is due for a disk upgrade shortly, so until then, try to conserve space. Good luck. Ryan. ----- Original Message ----From: Bobby Moore [bobby@contoso.com] Sent: 12 August 2009 10:35 To: charlotte@contoso.com; ryan@contoso.com Subject: Re: Hammersmith Upgrade: Images Charlotte, You are right that many of the computers have an identical build, but not all. Within the 25 computers at the plant, there are several distinct builds. Although application maintenance is done with GPOs, the line speed to the head office has proved inadequate for large application installations. It might be worth having a word with Ryan Ihrig at Kensington for the technical details. I have copied him in on this. I hope that helps. Regards Bobby. Ryan Ihrig [ryan@contoso.com] 12 August 2009 11:00 charlotte@contoso.com; bobby@contoso.com Re: Re: Hammersmith Upgrade: Images
4-54
Hammersmith Production Plant: Desktop Image Document Reference Number: CW1408 Document Author Date Charlotte Weiss August 14
Requirement Overview Design a Windows 7 image strategy that supports the deployment of the new operating system to newly delivered computers at the Hammersmith plant. Conserve server storage because the server will not be getting a disk upgrade in the near future and has limited capacity. Minimize support staff effort during the rollout. There are 25 computers in total, all of which use Office 2007 Professional. All computers connect to a printer, the driver for which is not in the current driver store in Windows 7. Ten computers use a custom line-of-business application that runs within a virtual machine; currently, the guest OS runs within Virtual PC 2007. The remaining group of 15 computers runs another LOB application that runs natively within Windows Vista. Additional Information 1. Will you use a standard image(s) or create a custom image(s)?
4. How will you handle the printer driver and required updates and patches?
5. How will you create the images that you plan to implement?
4-55
(continued)
Hammersmith Production Plant: Desktop Image Proposals
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Hammersmith Production Plant: Desktop Image document with your planned course of action.
Results: After this exercise, you will have a proposal for the Hammersmith Production Plant upgrade.
4-56
In addition, there are two Windows Server 2008 Enterprise Edition (Server Core) servers installed with the Hyper-V role to support additional corporate services. There are three departments in Kensington: IT, Marketing, and Research. IT occupies the bottom two floors, Marketing is on the top four floors, and the rest of the floors are occupied by Research. The specification of the computers installed varies from department to department, and within each department. All departments use departmental LOB applications; consequently, few computers are identically configured. Most, although not all, computers are installed with some elements of the Microsoft Office 2007 suite. Specifics depend on many factors, including security group membership of the user and the physical location of the computer. All computer settings are managed extensively with GPOs. This includes application deployment, update management, and security settings. The main tasks for this exercise are as follows: 1. 2. Read the scenario. Update the Kensington Head Office: Desktop Image document with your planned course of action.
4-57
Kensington Head Office: Desktop Image Document Reference Number: RI0201 Document Author Date Ryan Ihrig January 2
Requirement Overview Design a Windows 7 image strategy that supports the deployment of the Windows 7 operating system to all computers at the Kensington head office. Storage space on the file servers is not restricted. There is spare network bandwidth to support the deployment process. It is desirable to use GPOs to perform as much centralized management of computers as possible. Additional Information 1. Will you use a standard image(s) or create a custom image(s)?
4. How will you handle the various drivers, updates, and patches?
5. How will you deploy the images that you plan to implement?
4-58
(continued)
Kensington Head Office: Desktop Image Proposals
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Kensington Head Office: Desktop Image document with your planned course of action. Your proposal must include details about the specific services you will need to support your imaging method.
Results: After this exercise, you will have a proposal for the image strategy at the Kensington Head Office.
4-59
Review Questions
1. Describe some of the benefits of using modularization when deploying a sector-based disk imaging system.
2.
There are a few options to apply updates and determine how you add updates to your images. List some of the different approaches.
3.
4-60
Tools
Tool Windows Automated Installation Kit (Windows AIK) Use for Collection of tools that provide the conceptual and procedural information required for an unattended installation of Windows operating systems, including: Where to find it http://go.microsoft.com /fwlink/?LinkId=136976
4-61
(continued)
Tool Windows Preinstallation Environment (Windows PE) Deployment Image Servicing and Management (DISM) Use for A minimal operating system environment that is part of Windows AIK. It is used to deploy Windows. Where to find it Windows AIK
A command-line tool that is part of Windows AIK. It can be used to service a Windows image or to prepare a Windows PE image. (DISM is available in all installations of Windows 7 and Windows Server 2008 R2.) Use the Ocsetup.exe tool at the command prompt to install or remove Windows optional elements and system features.
http://go.microsoft.com /fwlink/?LinkId=163072
Tool used to install non-boot critical drivers on a running operating system. DPInst is a part of Driver Install Frameworks (DIFx) version 2.1 which is available in the Windows Driver Kit (WDK). Tool used to add, remove and enumerate drivers when updating Windows 7 operating system. This tool uses the Windows Update Agent API to install update packages. Update packages must have a.msu file extension name. Tool used to add or remove language packs.
http://go.microsoft.com /fwlink/?LinkId=163073
Windows 7
http://go.microsoft.com /fwlink/?LinkId=163074
Windows 7
5-1
Module 5
DeployingWindows7byUsingWindowsAIK
Contents:
Lesson 1: OverviewofWindowsAIK2.0 Lab A: Installing Windows Automated Installation Kit Lesson 2: BuildingaReferenceWindows7ImagebyUsingWindowsSIM andSysprep Lab B: BuildingaReferenceImageUsingWindowsSIMandSysprep Lesson 3: ManagingtheWindowsPreinstallationEnvironment Lab C: CreatingWindowsPEBootMedia Lesson 4: Capturing,Applying,andServicingaWindows7Image Lab D: CapturingandApplyingaWindows7ImageUsingImageX Lab E: ServicingImagesusingDISM 5-3 5-12 5-16 5-25 5-34 5-40 5-45 5-53 5-69
5-2
Module Overview
The installation of the Windows 7 operating system can be simplified by taking advantage of the image-based installation architecture found in the Windows Automated Installation Kit (AIK). This architecture consists of deployment tools and technologies that assist with customizing the Windows 7 installation and deployment throughout an organizations user base. By using the Windows AIK tools, an organization can configure an effective computer imaging and deployment methodology that ensures a secure and standardized Windows desktop environment. This module describes the underlying computer imaging architecture of Windows AIK 2.0, which can be used to create and deploy a custom Windows 7 desktop image.
5-3
Lesson 1
OverviewofWindowsAIK2.0
Windows Automated Installation Kit 2.0 is a collection of documentation and tools used to assist in Windows 7 deployments. The main goal of Windows AIK is to provide a methodology and toolset to help optimize the Windows 7 deployment experience, regardless of whether you are deploying 10 or 10,000 computers throughout your environment.
5-4
Key Points
Windows AIK 2.0 is a collection of tools and documentation designed to help IT professionals deploy Windows. Highly customized environments are ideal for using Windows AIK, because its tools can be used to configure many deployment options, and they provide a high degree of flexibility. Depending on your business needs, you can choose to use all or part of the resources available in this installation kit.
5-5
Imaging APIs for Windows (Wimgapi.chm) Windows Pre-installation Environment (Windows PE) User's Guide (Winpe.chm) Component Platform Interface (CPI) Reference (Cpiapi.chm) Windows Unattended Setup Reference (Unattend.chm)
Planning Preparing the deployment environment Creating and customizing an image Capturing, modifying, and testing the image Deploying, maintaining, and servicing the image
Provides comprehensive coverage of all the Windows imaging application programming interfaces (APIs). Provides instructions on creating a customized version of Windows PE and enabling Windows PE to start from different types of media. Documents the APIs that are used in Windows SIM.
Provides comprehensive coverage of all the customizable settings in the Windows Unattend.xml file. Provides basic instructions on building an end-toend deployment. This guide is ideal for new users who want to learn the basics of Windows deployment.
5-6
Key Points
By default, the Windows AIK is installed to the C:\Program Files\Windows AIK directory. This directory contains all the tools and documentation included in the Windows AIK 2.0 release. This includes the tools, shown in the following table, that are used in most Windows deployment scenarios: Windows System Image Manager (Windows SIM): The tool used to create unattended installation answer files and distribution shares, or to modify the files contained in a configuration set. ImageX: The Microsoft command-line tool that enables OEMs and corporations to capture, modify, and apply file-based disk images for rapid deployment. ImageX copies Windows image (.wim) files to a network. Deployment Image Servicing and Management (DISM): The tool used to apply updates, drivers, and language packs to a Windows image. Windows Pre-installation Environment (Windows PE): A minimal operating system designed to prepare a computer for Windows installation.
5-7
User State Migration Tool (USMT): A tool used to migrate user data from a previous Windows operating system to Windows 7. Volume Activation Management Tool (VAMT): This tool enables network administrators and other IT professionals to automate and centrally manage the Windows volume activation process for computers in their organization.
5-8
Key Points
Windows AIK is organized based on the typical installation phases performed during a Windows installation and includes the following information for each phase: Phase 1 Planning your deployment: describes conceptual information about a Windows deployment, including information about managing images, installing applications, and device-driver management. Phase 2 Building your deployment environment: describes the infrastructure work that can be required to deploy Windows. For example, this section describes how to create a technician computer, configure a network, and build a Windows PE image. Phase 3 Preparing and customizing your Windows image: describes the many configuration options available during a Windows deployment. This phase enables creation of an answer file with specific unattended settings.
5-9
Phase 4 Deploying your Windows image: describes the process for deploying a Windows image, whether using Windows Setup or ImageX. Phase 5 Managing and servicing your Windows image: describes the servicing tasks involved in updating and maintaining a Windows image. This section includes information about using Deployment Image Servicing and Management (DISM) to install language packs, device drivers, and other updates.
5-10
Key Points
Windows AIK 2.0 supports the following methods of deploying the Windows operating system: Using Windows PE and ImageX to deploy a custom Windows installation image from a network share. Using Windows Deployment Services (WDS) to deploy a custom Windows installation image from a server. Installing the Windows operating system from a media device directly on to a new computer.
5-11
When selecting the deployment method that best satisfies your organizations needs, you must take into account the following factors: Speed: The relative time it takes each deployment method to deploy Windows 7 to the organizations client computers. Volume: The number of computers that require deployment. Customization: The amount of automated modifications made to the installed software.
The following table summarizes and compares the basic methods according to these factors.
Method Deploy from a network Description Deploy an image of the reference installation from a network share. The image can be customized, if necessary. Connect blank destination computer to the network, start from the network by using PXE boot, and choose the image to install. Run Windows Setup from the destination computer by using the Windows product DVD; manually customize, audit, and reseal the installation. Speed Fast Volume High Customization High
Fast
Medium
High
Slow
Low
Low
5-12
5-13
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer.
5-14
Exercise 2: Identifying Resources and Tools Included with the Windows Automated Installation Kit
Scenario
Your manager has asked you to hold a meeting to explain the functions of the WAIK to the rest of the department. To prepare for this meeting, you need to review the resources and tools that are included with the Windows Automated Installation Kit. The main tasks for this exercise are as follows: 1. 2. 3. Examine the Windows Automated Installation Kit Start Menu folder. Examine the Windows Automated Installation Kit folder structure. Examine the Windows Automated Installation Kit Users Guide.
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer.
Task 1: Examine the Windows Automated Installation Kit Start Menu folder
Examine the Start menu to determine which of the WAIK tools have shortcuts. Question: Which applications are represented in the Start Menu? Open the Deployment Tools Command Prompt as administrator and note the environment changes Question: Most of the WAIK Tools are command line based, what happened to the PATH when you opened the Deployment Tools Command Prompt?
5-15
5-16
Lesson 2
BuildingaReferenceWindows7ImagebyUsing WindowsSIMandSysprep
The first step in performing an image-based deployment is building a reference computer and then capturing an image of its configuration for use in later deployments. The System Preparation (Sysprep) command line tool and the Windows SIM tool of Windows AIK assist in building and capturing a reference computer image. These tools are the focus of this lesson.
5-17
Key Points
Windows System Image Manager (Windows SIM) is a tool used for customizing and automating Windows 7 installations. Windows SIM enables you to create and manage unattended Windows Setup answer files. These answer files are used during the Windows Setup installation phases to apply additional configurations and customizations to the default installation. For example, you can change the Windows Internet Explorer home page, configure the network settings, enable or disable Windows Firewall, and partition and format a disk before the Windows operating system is installed.
Note: Windows SIM does not modify the Windows image itself; Windows SIM is used only to create an answer file. This answer file is used during Windows Setup to apply the settings to the Windows installation. Windows SIM does not modify the settings in a Windows image file.
5-18
Windows SIM provides the following features: Create a New Answer File for a Windows Image: Windows SIM enables you to create an answer file to be used during Windows Setup. Answer files created in Windows SIM are associated with a particular Windows image. Edit an Existing Answer File: Windows SIM enables you to add new components, packages, or other updates to an existing answer file. Add Additional Device Drivers to an Answer File: You can add device drivers during Windows Setup by using Windows SIM. Add Applications or Additional Drivers to an Answer File: You can add applications or drivers to be installed during Windows Setup with Windows SIM by using an optional set of folders called a distribution share. Add Updates to a Windows Image Offline: Windows SIM enables the addition of offline updates to a Windows image, including software updates, device drivers, language packs, and other packages. Packages are provided by Microsoft. Import Packages to a Distribution Share: Windows SIM imports packages that are not part of a Windows image (.wim) file to an optional set of folders called a distribution share. Create a Configuration Set: A configuration set contains a complete collection of files, drivers, applications, patches, and answer files that are used to customize Windows installations.
5-19
Key Points This demonstration shows how to create an answer file by using Windows SIM. Build an Answer File by Using Windows SIM 1. 2. 3. Log on to the computer by using the required credentials. Open the Windows System Image Manager from Microsoft Windows AIK. Open the Select an Image dialog box, browse to the folder containing the WIM file, and select the catalog file.
Note: If a catalog file does not exist for this edition of Windows 7, follow the prompts to create a catalog file. The creation process takes several minutes. In this demonstration, there are no prompts to create a catalog file because one already exists.
4.
Expand Components and expand x86_Microsoft-Windows-Setup to configure settings primarily used in the windowsPE stage of an unattended installation and for disk configuration.
5-20
5.
Expand UserData and click ProductKey to configure settings for unattended installation, where Windows 7 is installed from the install.wim file on the Windows 7 installation DVD. Expand x86_Microsoft-Windows-Shell-Setup and open Add setting to Pass 4 specialize at x86_Microsoft-Windows-Shell-Setup to configure settings that will be applied after an operating system has been generalized by using Sysprep. Enter a product key in the Microsoft-Windows-Shell-Setup Properties area.
6.
7.
Note: Placing a product key in this answer file prevents the need to enter in the product key during the installation of a new image.
8.
Close Windows System Image Manager and do not save any changes.
Note: For more information, please refer to Windows SIM Technical Reference at http://go.microsoft.com/fwlink/?LinkID=154216.
Question: Why use an answer file rather than manually completing the installation of Windows 7?
5-21
Using Sysprep
Key Points
The System Preparation (Sysprep) tool is a technology used in conjunction with other deployment tools to install Windows 7 onto new hardware. The Sysprep tool performs the following functions: Prepares a computer for disk imaging by configuring the computer to create a new computer security identifier (SID) when the computer is restarted. Cleans up user-specific and computer-specific settings and data that must not be copied to a destination computer.
When running Sysprep, consider the following: Use Sysprep only to configure new installations of Windows. Run Sysprep as many times as required to build and configure the Windows installation; however, Windows activation can be reset no more than three times.
5-22
Do not use Sysprep to reconfigure an existing installation of Windows which is already deployed.
Option /audit
Description Restarts the computer in audit mode. Use audit mode to add drivers or applications to Windows. An installation of Windows must be tested before it is sent to an end user. If an unattended Windows setup file is specified, the audit mode of Windows Setup runs the auditSystem and auditUser configuration passes.
/generalize Prepares the Windows installation to be imaged. If this option is specified, all unique system information is removed from the Windows installation. The security ID (SID) resets, any system restore points are cleared, and event logs are deleted. The next time the computer starts, the specialize configuration pass runs. A new security ID (SID) is created, and the clock for Windows activation resets if the clock is not already reset three times. /oobe Restarts the computer in Windows Welcome mode. Windows Welcome enables end users to customize their Windows operating system, create user accounts, name the computer, and other tasks. Any settings in the oobeSystem configuration pass in an answer file are processed immediately before Windows Welcome starts. Restarts the computer. Use this option to audit the computer and to verify that the first-run experience operates correctly. Shuts down the computer after the Sysprep command finishes running. Runs the Sysprep tool without displaying on-screen confirmation messages. Use this option if you automate the Sysprep tool.
/reboot
/shutdown /quiet
5-23
(continued)
Option /quit Description Closes the Sysprep tool after running the specified commands.
/unattend:answerfile Applies settings in an answer file to Windows during unattended installation. answerfile Specifies the path and file name of the answer file to use.
5-24
5-25
5-26
In addition to these settings, to assist with the customization process, you will need to install the system in Audit mode and have the system auto-log on five times. The main tasks for this exercise are as follows: 1. 2. 3. 4. 5. Mount the external media on LON-CL2. Create a new answer file. Add and configure windows settings. Validate the answer file. Unmount the external media on LON-CL2.
5-27
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer.
windowsPE
5-28
(continued)
Component x86_Microsoft-Windows-Setup\ImageInstall\OSImage \InstallTo x86_Microsoft-Windows-Setup\UserData x86_Microsoft-Windows-International-Core-WinPE x86_Microsoft-Windows-Shell-Setup\OEMInformation x86_Microsoft-Windows-Shell-Setup\OOBE x86_Microsoft-Windows-Shell-Setup\Autologon x86_Microsoft-Windows-Deployment\Reseal Configuration Pass windowsPE
All the settings you added must appear in the Answer File pane. Select and configure each setting as specified in the following table.
Component x86_Microsoft-Windows-International-CoreWinPE Value InputLocale = en-US SystemLocale = en-US UILanguage = en-US UILanguageFallback = en-US UserLocale = en-US UILanguage = en-US WillShowUI = OnError DiskID = 0 WillWipeDisk = true Extend = true Order = 1 Type = Primary
5-29
(continued)
Component Microsoft-Windows-Setup \DiskConfiguration \Disk\ModifyPartitions\ModifyPartition Value Active = true Format = NTFS Label = Windows Letter = C Order = 1 PartitionID = 1 WillShowUI = OnError DiskID = 0 PartitionID = 1 AcceptEula = true FullName = Administrator Organization = Contoso WillShowUI = OnError HelpCustomized = false Manufacturer = Contoso IT Group SupportHours = 9 - 5 SupportPhone = 555-9988 SupportURL = http://Technet.Microsoft.Com Enabled = true LogonCount = 5 Username = Administrator Password = Pa$$w0rd ForceShutdownNow = false Mode = Audit NetworkLocation = Work ProtectYourPC = 1
Microsoft-Windows-Shell-Setup\OOBE
5-30
5-31
Exercise 2: Installing a Reference Computer from a DVD Using a Custom Answer File
Scenario
After creating the answer file, you will build the reference computer. To accomplish this, you will install Windows 7 on LON-IMG1 from a DVD and use the answer file that you saved to the Diskette drive in the previous exercise. When you start a blank computer with a Windows DVD and a completed answer file, the operating system will be installed without user input. The main tasks for this exercise are as follows: 1. 2. Mount the external media on LON-IMG1. Start LON-IMG1.
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer. LON-IMG1 is the computer that will be used to install a fresh installation of Windows 7 using the custom answer file.
5-32
Exercise 3 can be completed with either 6294A-LON-IMG1 or 6294A-LON-IMG2, depending on available time. LON-IMG2 is used as the name in the exercise task steps.
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-IMG1 or LON-IMG2 is the computer that will be used to install applications and be prepared for imaging using Sysprep.
5-33
5-34
Lesson 3
ManagingtheWindowsPreInstallation Environment
The Windows Pre-installation Environment (Windows PE) is an important component for building the reference computer and deploying an image to new computers. This lesson provides information on what Windows PE is and how you can customize it to meet your specific imaging and deployment requirements.
5-35
Key Points
Windows Pre-installation Environment (Windows PE) version 3.0 is the core deployment foundation for Windows 7. Windows PE is a compact, special-purpose Windows operating system that prepares and initiates a computer for Windows setup, maintenance, or imaging tasks, and recovers operating systems such as Windows 7. With Windows PE, you can start a subset of Windows 7 from a network or removable medium, which provides network and other resources necessary to install and troubleshoot Windows 7. While Windows PE is not a general-purpose operating system, it can be used to start a computer that has no functioning operating system installed, and it can act as a replacement for MS-DOSbased boot disks that were utilized in previous Windows operating system versions.
5-36
Windows PE is designed to make large-scale, customized deployments of the new Windows 7 operating system notably simpler by addressing the following tasks: Installing Windows 7: Windows PE runs every time Windows 7 is installed. The graphical tools that collect configuration information during the setup phase are running within Windows PE. Troubleshooting: Windows PE is also useful for automatic and manual troubleshooting. For example, if Windows 7 fails to start because of a corrupted system file, Windows PE can automatically start and launch the Windows Recovery Environment. Recovery: Original Equipment Manufacturers (OEMs) and Independent Software Vendors (ISVs) can use Windows PE to build customized, automated solutions for recovering and rebuilding computers running Windows 7.
Question: What are some of the tasks in which you can use Windows PE for troubleshooting?
5-37
Key Points
Windows PE supports the following command-line utilities used for Windows 7 installation and Windows PE image creation: BCDboot Command-Line Options: BCDboot is a tool used to quickly set up a system partition, or to repair the boot environment located on the system partition. Bootsect Command-Line Options: Bootsect.exe updates the master boot code for hard disk partitions to switch between Bootmgr and NT Loader (NTLDR). Drvload Command-Line Options: The Drvload tool adds out-of-box drivers to a Windows PE image. Expand Command-Line Options: Expand.exe expands one or more compressed update files. Lpksetup Command-Line Options: Use Lpksetup to perform unattended or silent-mode language-pack operations, such as adding or removing a language pack.
5-38
Oscdimg Command-Line Options: Oscdimg is a command-line tool for creating an image file (.iso) of a customized 32-bit or 64-bit version of Windows PE. Winpeshl.ini Files: Winpeshl.ini controls whether a customized shell is loaded in Windows PE or the default Command Prompt window. Wpeinit Command-Line Options: Wpeinit is a command-line tool that initializes Windows PE each time that Windows PE boots. Wpeutil Command-Line Options: The Windows PE utility (Wpeutil) is a command-line tool that enables you to run various commands in a Windows PE session.
5-39
This demonstration shows how to customize a Windows PE boot disk. 1. 2. Open Deployment Tools Command Prompt from Microsoft Windows AIK. At the command prompt, type copype.cmd <architecture> <destination> to copy the necessary files for Windows PE to the destination folder. This also creates the folder, if it does not exist. You will also need to copy the winpe.wim file to the \Sources folder and rename it to boot.wim. 3. 4. At the command prompt, type copy <source> <destination> to copy the ImageX tool from the source folder to the destination folder. At the command prompt, type oscdimg n b <source location> <target file> to create an iso file for the Windows PE from the source location.
Note: For more information on copype, copy, and oscdimg, please refer to: http://go.microsoft.com/fwlink/?LinkID=154217, http://go.microsoft.com/fwlink/?LinkID=154218, http://go.microsoft.com/fwlink/?LinkID=154219
5-40
5-41
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer.
5-42
5-43
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer.
5-44
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer. LON-IMG1 or LON-IMG2 is the computer that will be used as the reference system.
5-45
Lesson 4
Capturing,Applying,andServicingaWindows7 Image
The Windows Automated Installation Kit (Windows AIK) includes the tools needed to create, build, deploy, and manage a Windows 7 image. This lesson examines the key Windows AIK components used in capturing and deploying a Windows image, and managing and servicing the image once it has been deployed. This lesson begins by introducing the command-line tool known as ImageX. This tool enables you to capture a Windows 7 installation image from the Windows Preinstallation Environment (Windows PE). Once the operating system image is captured, it can then be deployed on another computer. Once a Windows 7 image has been deployed, you can service the image by adding or removing language packs or drivers, and updating an existing offline or online image when new software and hardware become available. The recommended way to service a Windows image is offline with the Deployment Image Servicing and Management (DISM) tool, which is examined at the end of this lesson.
5-46
What Is ImageX?
Key Points
ImageX is a command-line tool that enables the creation, modification, and deployment of file-based Windows 7 images in a manufacturing or corporate IT environment. ImageX works with Windows image (.wim) files for copying to a network. ImageX is commonly used in a Windows PE environment during image-based deployments. Start your technician computer in the Windows PE environment, and then run ImageX to capture your Windows 7 image. The ImageX tool is used to perform the following tasks: View WIM file contents: ImageX provides the ability to view WIM file contents and shows the available images and those images that can be deployed from within the WIM file. Capture images: A source computer image can be captured and then saved in a WIM file format. The image can be saved to a distribution share from which users can employ Windows 7 Setup to install it, or pushed out to the desktops using various deployment techniques.
5-47
Mount images for offline image editing: Use ImageX to customize an existing image, including updating files and folders. This involves adding, removing, editing, and copying files from the image by using the Windows Imaging File System Filter (WIM FS filter). ImageX can also be used to update and edit an offline image without creating a new image for distribution. Store multiple images in a single file: Use ImageX to store multiple images in a single WIM file, which minimizes the image file size. This makes it much simpler to deploy multiple images across a slower network connection, or by using removable media. When Windows 7 is installed using a file with multiple images, users can select which image to apply. For example, it is possible to have a WIM file that contains several role-based configurations, or images that contain both preupdate and post-update versions.
Compress the image files: ImageX supports two different compression algorithms, Fast and Maximum, to further reduce the image size. Implement scripts for image creation: Use scripting tools to create and edit images.
Question: ImageX provides the ability to store multiple images in a single WIM file. What benefit does this provide?
5-48
Key Points
The ImageX tool captures a source computer image and saves it in a Windows Imaging (.wim) file for later deployment.
5-49
b.
Select the hard disk with the select disk command. For example: DISKPART> select disk 0
c.
View the partitions with the list volume command. For example: DISKPART> list volume
Fs
Type
Size
Status
Info
---------------------------------------------------------------------------------------------------------------------------Volume 0 Volume 1 C NTFS Partition 49 GB Healthy FAT32 Partition 300 MB Healthy Windows System
d. Select the partition with the select volume command. For example: DISKPART> select volume 1 e. Assign a letter to the partition with the assign letter command. For example: DISKPART> assign letter=S f. Type exit to return to the Windows PE command prompt. DISKPART> exit X:\> 3. At the Windows PE command prompt, open the directory that contains the ImageX tool. For example: cd C:\Windows\System32 4. Capture images for each customized partition. To capture the images, use the ImageX command with the /capture option. For example: imagex /capture c:\ c:\my-windows-partition.wim "My Windows partition" imagex /capture s:\ c:\my-system-partition.wim "My system partition
5-50
5.
Connect to your distribution share by using the net use command. For example: net use n: \\MyNetworkShare\Images
6.
Copy the partitions to your network share. For example: copy c:\my-windows-partition.wim n:\ copy c:\my-system-partition.wim n:\
After the image is captured and stored, you can: Mount it to your reference computer for modification. Split the file into smaller files. Apply the images to a destination computer. Set up a network-based installation of Windows. Set up Windows on a Virtual Hard Disk. Set up Windows using other deployment options. Service the image.
Command flags
Description Specifies the version of Windows that needs to be captured. This is required when redeploying a custom Install.wim with Windows Setup. Adds a volume image to an existing .wim file. Creates a single instance of the file, comparing it against the resources that already exist in the .wim file, so the same file is not captured twice. When running this command, ensure there is sufficient disk space for the /append option to run. If available disk space runs out during the /append option, the appended .wim file may become corrupted.
append
5-51
(continued)
Command apply Description Applies a volume image to a specified drive. All hard disk partitions must be created before users begin this process. Run this option from Windows PE. The parent directory must be included for the /apply option. Otherwise, when the image is applied, it will overwrite everything in that location. For example, if you are applying the image to the C drive, the /apply option overwrites everything that exists on the C drive with your image files. capture Captures a volume image from a drive to a new .wim file. Captured directories include all subfolders and data. Deletes all the resources associated with a mounted image that is abandoned. Saves changes to a mounted .wim file without unmounting the .wim file. Deletes the specified volume image from a .wim file with multiple volume images. This option must be run from Windows PE. There must always be at least one volume image in a .wim file, so you can only delete a volume image if more than one image exists. Display a list of files and folders within a volume image. Exports a copy of a .wim file to another .wim file. Ensure there is sufficient disk space for the /export option to run. If available disk space runs out while the /export option runs, the Destination.wim file may become corrupted. Returns information about the .wim file. Information includes total file size, the image index number, the directory count, file count, and a description. Mounts a .wim file with read or read/write permission. Once the file is mounted, all the information contained in the directory can be viewed but not modified. The WIMMount filter must be installed before an image can be mounted.
cleanup
commit
delete
dir export
info
mount
5-52
(continued)
Command mountrw Description Mounts a .wim file with read/write permission to a specified directory. Once the file is mounted, all the information contained in the directory can be viewed and modified. The WIMMount filter must be installed before an image can be mounted. Unmounts a mounted image from a specified directory. If a mounted image is modified, the /commit option must be applied to save the changes. Splits large .wim files into multiple read-only .wim files. This option generates the .swm files into the specified directory, naming each file the same as the specified image_file, but with an appended number and the .swm file-name extension. For example, if choosing to split a file named Data.wim, this option creates a Data.swm file, a Data2.swm file, a Data3.swm file, and so on, defining each portion of the split .wim file.
unmount
split
Note: The preceding table is only a subset of the tools and functionality provided by ImageX. For a more detailed list of syntax commands, refer to the ImageX Technical Reference document included in the Windows Automated Installation Kit Users Guide.
5-53
5-54
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer. LON-IMG1 or LON-IMG2 is the computer that will be used as the reference system.
5-55
Note: The capture process will take approximately 20 minutes. To save time, the remainder of the lab will use an image that has already been prepared.
5-56
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer. LON-CL3 is the computer that will receive the new image.
5-57
Type Assign letter=C and press ENTER. Type Exit and press ENTER.
After the installation is complete, verify the following: Open computer properties to determine if the manufacturer and IT support information match the values used in the UnattendAnswer script. The custom applications are installed.
Shutdown LON-CL3.
Results: After this exercise, the image will be deployed to LON-CL3 and the customizations verified.
5-58
What Is DISM?
Key Points
Deployment Image Servicing and Management (DISM) is a new command-line tool in Windows 7 and Windows Server 2008 R2 that combines separate Windows platform technologies into a single, cohesive tool for servicing Windows images. DISM enables IT professionals to view components of an applied or mounted operating system image and add or remove packages, software updates, and drivers. DISM can be used to service Windows images offline before deployment or to prepare a Windows Pre-installation Environment (Windows PE) image.
5-59
5-60
The commands and options that are available for servicing an image depend on which Windows operating system is being serviced (Windows 7, Windows Vista with Service Pack 1 (SP1), Windows Server 2008 R2, Windows Server 2008, or Windows PE), and whether the image is offline or a running operating system. All commands work on an offline Windows image. Subsets of the commands are available for servicing a running operating system. The DISM command-line options are global and can be used with most servicing command-line options. The servicing command-line options work individually and cannot be used in combination with other servicing command-line options. To service a Windows image offline, it must be applied or mounted. WIM images can be mounted using the Windows Image (WIM) commands within DISM, or applied and recaptured using ImageX.
5-61
The base syntax for nearly all DISM commands is the same. After mounting or applying your Windows image so that it is available offline as a flat file structure, you can specify any DISM options, the servicing command that will update your image, and the location of the offline image. You can use only one servicing command on each command line. If a running computer is being serviced, you can use the /Online option instead of specifying the location of the offline Windows Image. The base syntax for DISM is as follows:
DISM.exe {/Image:<path_to_image> | /Online} [dism_options] {servicing_command} [<servicing_argument>]
The following DISM options are available for a running operating system:
DISM.exe /online [/LogPath:<path_to_log_file>] [/LogLevel:<n>] [/Quiet] [/NoRestart] [/ScratchDir:<path_to_scratch_directory>]
5-62
The following table shows some of the more common command-line options available for DISM:
Option /Commit-Wim Description Applies the changes that are made to the mounted image. The image remains mounted until the /unmount option is used. Example:
Dism /Commit-Wim /MountDir:C:\test\offline
/Get-Help /?
Displays information about available DISM command-line options and arguments. The options available for servicing an image depend on the servicing technology that is available in your image. Specifying an image, either an offline image or the running operating system will generate information about specific options that are available for the image currently being serviced. Example:
Dism /? Dism /image:C:\test\offline /? Dism /online /?
/GetMountedWimInfo
Lists the images currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index. Example:
Dism /Get-MountedWimInfo
Image
This is the full path to the root directory of the offline Windows image that will be serviced. If the directory named Windows is not a subdirectory of the root directory, /WinDir must be specified. This option cannot be used with /Online.
5-63
(continued)
Option LogLevel Description Specifies the maximum output level shown in the logs. The default log level is 3. The accepted values are: 1 = Errors only 2 = Errors and warnings 3 = Errors, warnings, and informational 4 = All the above and debug output Example:
Dism /image:C:\test\offline /LogPath:AddPackage.log /LogLevel:1 /AddPackage /PackagePath:C:\packages\package.cab
/LogPath
Specifies the full path and file name to log to. If not set, the default is: %WINDIR%\Logs\Dism\dism.log. In Windows PE, the default directory is the RAMDISK scratch space which can be as low as 32 MB. The log file will automatically be archived. The archived log file will be saved with .bak appended to the file name and a new log file will be generated. Each time the log file is archived the .bak file will be overwritten.
/Mount-Wim
Mounts the WIM file to the specified directory so that it is available for servicing. /ReadOnly sets the mounted image with read-only permissions. Optional. An index or name value is required for most operations that specify a WIM file. Example:
Dism /Mount-Wim /WimFile:C:\test\images\install.wim /index:1 /MountDir:C:\test\offline /ReadOnly Dism /Mount-Wim /WimFile:C:\test\offline\install.wim /name:"Windows 7 Enterprise" /MountDir:C:\test\offline
5-64
(continued)
Option /Online Description Specifies that the action is to be taken on the operating system that is currently running. This option cannot be used with the /Image or the /WinDir option. When /Online is used the Windows directory for the online image is automatically detected. /NoRestart Suppresses restart. If a restart is not necessary, then this command does nothing. This option will keep the application from prompting for a restart (or keep it from restarting automatically if the /Quiet option is used). Turns off information and progress output to the console. Only error messages will be displayed. To run in quiet mode, this option must be set every time that the command-line utility is run. It must be present before the servicing command. /ScratchDir Specifies a temporary directory to be used when extracting files for temporary use during servicing. The directory must exist locally. If not specified, the \Windows\%Temp% directory will be used, with a subdirectory name of randomly generated hexadecimal value for each run of DISM. Items in the scratch directory are deleted after each operation. Do not use a network share location as a scratch directory to expand a package (.cab or .msu file) for installation. The directory used for extracting files for temporary usage during servicing must be a local directory.
/Quiet
5-65
(continued)
Option /Unmount-Wim Description Unmounts the WIM file and either commits or discards the changes made while the image was mounted. Example:
Dism /unmount-Wim /MountDir:C:\test\offline /commit Dism /unmount-Wim /MountDir:C:\test\offline /discard
/WinDir
Used with the /Image option to specify the path to the Windows directory relative to the image path. This cannot be the full path to the Windows directory; it must be a relative path. If not specified, the default is the Windows directory in the root of the offline image directory. This option cannot be used with the /Online option.
Demonstration
This demonstration shows how to modify an image by using DISM. Servicing Windows 7 Images by Using DISM 1. 2. 3. 4. 5. 6. 7. Log on to the computer by using the required credentials. Open the Deployment Tools Command Prompt from Microsoft Windows AIK. At the command prompt, type dism to display help information for the command. At the command prompt, type CD C:\Program Files\Windows AIK \Tools\Servicing. At the command prompt, type MD C:\Servicing. At the command prompt, type DISM /get-wiminfo /wimfile:C:\Images \LON-REF.wim. At the command prompt, type DISM /mount-wim /wimfile:C:\Images \LON-REF.wim /index:1 /mountdir:C:\Servicing.
5-66
8. 9.
At the command prompt, type cd C:\Servicing. At the command prompt, type dir.
10. At the command prompt, type CD C:\Program Files\Windows AIK \Tools\Servicing. 11. At the command prompt, type DISM /get-mountedwiminfo to display information about the mounted image. 12. At the command prompt, type DISM /image:c:\servicing /?. 13. At the command prompt, type DISM /Unmount-Wim /Mountdir:C:\Servicing /commit to display a list of available servicing options. Discuss the available options.
5-67
Key Points
A Windows PE image can be mounted, and packages, drivers, and language packs can be added or removed in the same way any Windows 7 image is, by using the appropriate driver, package, or international-servicing commands. There are also commands that are specific to a Windows PE image, which can be used to prepare the Windows PE environment. These commands enable profiling, list packages, and preparing the Windows PE image for deployment. The base syntax for servicing a Windows PE image is:
DISM.exe /Image:<path_to_image_directory [dism_options] {servicing_command} [<servicing_argument>]
5-68
In addition to the DISM options, the following Windows PE servicing options are available for an offline image.
DISM.exe /Image:<path_to_image_directory> [/Get-PESettings | /GetProfiling | /Get-ScratchSpace | /Get-TargetPath | /Set-ScratchSpace: | /Set-TargetPath : | /Enable-Profiling | /Disable-Profiling | /ApplyProfiles<path_to_myprofile.txt>]
Note: These options cannot be used with an online, running version of Windows PE. A Windows PE image must be specified using the /Image:<path_to_image_directory> option.
5-69
5-70
Note: LON-DC1 is the computer running Windows Server 2008 R2 and which contains the domain services. LON-CL2 is the computer running Windows 7 that will be used as the technician computer.
Setup
Before starting this lab, copy the LON-REF.wim file from the \\LON-DC1\Labfiles\Mod5\Image folder to the C:\Images folder on LON-CL2.
5-71
5-72
5-73
3.
You have installed Windows 7 on your companys client computers. However, you are later informed that one of the computers has a corrupted system file and will not start. From the list of tools covered in this module, which tool can you use to help fix the computer? Paul is the lead technologist at London-based Tailspin Toys Inc. He is assigned the task of deploying Windows 7 across each of the organizations client computers. In an effort to decrease costs and scheduling risks, Paul plans to install Windows as rapidly as possible, including all relevant updates, applications, and settings. To accomplish this objective, he has decided to use ImageX to capture Windows Image (.wim) files for later deployment. What steps must Paul perform to prepare for the image capture?
4.
5.
In Pauls hurry to get his Windows 7 image deployed as quickly as possible at Tailspin Toys, he failed to consider any security threats to his images. Why is this concern a serious shortcoming in his planning efforts?
2.
5-74
2.
3. 4.
5-75
Tools
The following table provides a consolidated list of the tools covered in this module.
Tool Windows Pre-installation Environment (Windows PE) Use for Windows PE is a compact, specialpurpose Windows operating system that prepares and initiates a computer for Windows Setup, maintenance, or imaging tasks, and recovers operating systems such as Windows 7. With Windows PE, a subset of Windows 7 can be started from a network or removable medium, which provides network and other resources necessary to install and troubleshoot Windows 7. Windows PE can also start a computer that has no functioning operating system installed, and act as a replacement for MS-DOS based boot disks that were utilized in previous Windows operating system versions. Sysprep prepares a Windows image for disk imaging, system testing, and delivery to an end user. Sysprep can remove any system-specific data from a Windows image, such as the security identifier (SID). After removing unique system information from an image, you can capture that Windows image and use it to deploy on multiple systems. In addition, Sysprep can configure the Windows image to start to audit mode. Audit mode enables you to test the integrity of the system and install additional applications and device drivers. Sysprep is also used to configure Windows to start to Windows Welcome the next time the system starts. Where to find it Located in the Windows AIK, which is installed to the C:\Program Files \Windows AIK directory.
Windows command line tool. Syntax: sysprep.exe [/oobe | /audit] [/generalize] [/reboot | /shutdown | /quit] [/quiet] [/unattend:answerfil]
5-76
(continued)
Tool Windows System Image Manager (Windows SIM) Use for Windows SIM is a tool used for customizing and automating Windows 7 installations. Windows SIM enables you to create and manage unattended Windows Setup answer files. These answer files are used during the Windows Setup installation phases to apply additional configurations and customizations to the default installation. ImageX is a command-line tool that enables the creation, modification, and deployment of file-based images by using a shared imaging format across operating system images, including applications. ImageX works with Windows image (.wim) files for copying to a network. The .wim files contain one or more volume images for a Windows operating system. A volume image represents the captured volume or partition of a Windows operating system. The primary purpose of the ImageX tool is to capture, modify, and apply images for deployment in a manufacturing or corporate IT environment. DISM is a new command-line tool in Windows 7 and Windows Server 2008 R2. DISM consolidates the core image management functions of multiple tools found in the Windows Automated Installation Kit (AIK). DISM enables IT professionals to view components of an applied or mounted operating system image and add or remove packages, software updates, and drivers. DISM can service Windows images offline before deployment or to prepare a Windows Preinstallation Environment (Windows PE) image. Where to find it Located in the Windows AIK, which is installed to the C:\Program Files \Windows AIK directory.
ImageX
Located in the Windows AIK, which is installed to the C:\Program Files \Windows AIK directory.
Located in the Windows AIK, which is installed to the C:\Program Files \Windows AIK directory.
5-77
The following table describes the documentation resources available on the Windows AIK DVD and installed with the Windows AIK tools. Additional documentation can be included on the Windows AIK DVD but not listed in this table.
Documentation Windows Automated Installation Kit (Windows AIK) User's Guide (Windows AIK.chm) Description Provides the conceptual and procedural information required for unattended installation of Windows operating systems. This user's guide includes information on:
Imaging APIs for Windows (Wimgapi.chm)
Planning Preparing the deployment environment Creating and customizing an image Capturing, modifying, and testing the image Deploying, maintaining, and servicing the image
Provides comprehensive coverage of all the Windows imaging application programming interfaces (APIs). Provides instructions on creating a customized version of Windows PE and enabling Windows PE to start from different types of media. Documents the APIs that are used in Windows SIM.
Windows Pre-installation Environment (Windows PE) User's Guide (Winpe.chm) Component Platform Interface (CPI) Reference (Cpiapi.chm) Windows Unattended Setup Reference (Unattend.chm)
Provides comprehensive coverage of all the customizable settings in the Windows Unattend.xml file. Provides basic instructions on building an end-toend deployment. This guide is ideal for new users who want to learn the basics of Windows deployment.
6-1
Module 6
Deploying Windows 7 by Using Windows Deployment Services
Contents:
Lesson 1: Overview of WDS Lesson 2: Designing and Configuring WDS for Windows 7 Deployment Lab: Deploying Windows 7 by Using Windows Deployment Services 6-4 6-15 6-37
6-2
Module Overview
Deploying a new operating system is a balancing act. On one side of the scale are the benefits of the new operating system. On the other side are the costs to deploy the new operating system. When you compare the two, deployment complexities may make it hard to quickly realize the benefits of the new operating system because of the following challenges: Time, cost, and effort required to deploy a new operating system Compatibility issues between applications and the new operating system Ambiguous and error-prone deployment processes that increase costs Lack of best practices for deploying desktop operating systems Lack of a comprehensive suite of deployment tools
6-3
Windows Deployment Services (WDS) addresses these challenges by enabling you to remotely deploy Windows 7 and custom system images to client computers located within the network infrastructure. WDS can now deploy images using multicast in standalone mode using Transport Server. The Transport Server is a new Trivial File Transfer Protocol (TFTP) server with better performance, support for Extensible Firmware Interface (EFI)-based x64 systems, and enhanced installation metrics reporting. Multicasting is useful for the point-to-multipoint delivery of information on an Internet work.
6-4
Lesson 1
Overview of WDS
By using WDS, the IT professional can deploy Windows 7 over the network. This means that they do not have to install each operating system directly at the computer from a CD or DVD. WDS can be used for storing, managing, and deploying client and server images, using the Preboot Execution Environment (PXE) startup process to install the operating system over the network. WDS can also deploy to new computers that do not have a formatted hard drive. This is called bare-metal installations.
6-5
What Is WDS?
Key Points
In Windows Server 2008 and later, WDS is a configurable server role. The following are the main WDS elements: Server Elements: Use to network boot a client and install an operating system. Client Elements: Communicates with server elements and used to select and install an operating image. Management Elements: Use this set of tools to manage the server, operating system images, and client computer accounts.
6-6
6-7
Key Points
WDS consists of two role services: Deployment Server and Transport Server. While you are installing WDS, there are two options. You can install: Both the Deployment Server and Transport Server role services (default) Only the Transport Server role service
Full WDS
Selecting both the Deployment Server and Transport Server role services is also called the Full WDS option which provides the full functionality of WDS. This option requires that Active Directory Domain Services (AD DS), DHCP, and DNS be available in the environment.
6-8
Features provided by the Full WDS role include: PXE boot services Microsoft Management Console (MMC) tools The ability for the client to select which image to install from a presented list Unicast and multicast deployments
6-9
The following table contains requirements for installing these roles, depending on whether you select the default installation (both Deployment Server and Transport Server), or only the Transport Server role service.
Full WDS Transport Server Only
6-10
Key Points
WDS uses two basic image types, both of which use the Windows Image (.wim) file format: Install image Boot image
You can also create two additional types of boot images: Capture image Discover image
In most cases, use the standard boot image included on the Windows 7media (located at \Sources\boot.wim). You can use the tools in the Windows Automated Installation Kit (AIK) to create custom boot images. You may want to create custom boot images for different tasks and architecture types.
6-11
Capture images are boot images that contain Windows PE and the WDS Image Capture Wizard. When you start a computer into a capture image, the wizard creates an install image of the computer and saves it as a .wim file. Then you can upload the image to the WDS server or copy them to bootable media. Capture images provide a subset of the functionality included in the ImageX /capture command. For example, the Image Capture Wizard does not capture and image directly to a network location without making a local image copy and also does not capture a partial volume. Discover images are generally used in scenarios where the client cannot perform a network boot using PXE. These images enable a computer to locate a WDS server and use it to install an image. Use a discover image in the following scenarios: A client is not PXE-enabled A client is on a different subnet and there is no method of getting PXE to the client You have many WDS servers and want to target a specific server
6-12
Key Points
The process of deploying Windows 7 by using WDS involves multiple steps.
Install WDS
You can install WDS by using the Initial Configuration Wizard, Server Manager, or the command line. During the installation, select a role service as follows: Deployment Server: To install this option, ensure that Deployment Server and Transport Server are selected on the second screen of the installation wizard. Transport Server: To install this option, clear the Deployment Server check box on the second screen of the installation wizard.
6-13
Configure WDS
The following are the key steps of this phase: Create a shared folder that contains the following: Files necessary for PXE boot Files for starting Windows PE into RAMDISK Windows PE boot images Install images
Configure the answer settings of the PXE listener to control whether and how the server services incoming client start requests.
If Microsoft DHCP is installed on the same physical computer as WDS, the configuration wizard allows you to do the following: Add DHCP option tag 60, with the PXE client setting selected, to all DHCP scopes (as a DHCP global option). This is necessary so that a starting PXE client can be notified that there is a listening PXE server on the network. Select the Do not Listen on port 67 option. This is necessary so that starting clients can find the DHCP server on the network.
6-14
To deploy a Windows 7 to a large set of available machines, the simplest approach consists of three steps: 1. 2. 3. Prepare an initial computer with Windows 7 and perform the software configuration required. Use WDS to create an image. Use WDS to deploy the image onto the target computers.
6-15
Lesson 2
To successfully deploy Windows 7, you need to understand how to design and configure WDS deployment. Some of the prerequisite decisions and activities important for a successful deployment include the determination of WDS servers that will be used, whether there is a WDS or remote installation infrastructure, server resource requirements, and the WDS server roles. Knowing which boot and install images are needed, and in what situations, may lead you to decide to capture a custom image for deployment by using the Image Capture Wizard. Finally, you need to understand how to deploy a Windows 7 client using WDS, including prestaging clients and approving and rejecting client deployment requests.
6-16
Key Points
The following steps represent the critical design decisions and activities in a successful, well-planned WDS implementation.
6-17
Task 2: Determine the Need for Multiple WDS Installations in a Single Location
Although a single WDS instance may be sufficient to meet the image deployment requirements of a location, additional requirements may force the architect to plan for multiple WDS instances within a single physical location for reasons such as isolated networks and low bandwidth or high latency.
6-18
CPU
WDS is primarily input/output (I/O) bound by the network and the speed that the image data file can be read from the disk. If additional services are placed on the same server as WDS, then the type, number, and speed of processors can be adjusted to handle the additional load.
Memory
WDS attempts to cache the operating system image files in memory after the initial client request for the image. This decreases the response time for additional requests of the image as the server does not read the image from disk again. Increasing the memory capacity of the server to allow for more images to be cached can improve the performance of the server. Use the size and number of images required for a location to help determine how much RAM to allocate to the server above the base requirements for the operating system.
Network
For each server, determine the size and number of network adapters. The available bandwidth and the latency of the network between the clients and the location of the WIM-based images have the greatest impact on the performance of the infrastructure. WDS performs best using a 1 Gb per second network adapter.
6-19
Disk
Disk performance has the second greatest impact on the performance of the infrastructure. The disk subsystem is scaled to handle the expected number of IOs per second (IOPS) generated by the client requests. The capacity of each spindle, numbers of spindles, speed of the spindles, and RAID configuration of the spindles all have an effect on the number of IOPS that can be handled at a given time. The choice to use unicast versus multicast streaming can also affect the performance requirements of the disk system. A multicast stream requires less performance around IOPS than a unicast SMB stream handling the same number of clients.
Step 5: Determine the File Share Fault Tolerance and Consistency Mechanism
To increase the availability of the infrastructure, the share through which the WIMbased images are accessed can be made fault tolerant. The shares that are made fault tolerant include the REMINST share on the WDS server and any shares used on remote file servers.
6-20
6-21
This demonstration shows you how to install and configure the WDS server role.
6-22
3.
On the DHCP Option 60 page, select the following options based on your requirements: Do not listen on port 67: Select this if you are installing the WDS server role on a server that also hosts the DHCP server role. Configure DHCP option 60 to PXEClient: Select this to provide DHCP scope information for locating the PXE server.
4.
On the PXE Server Initial Settings page, select the option based on your requirements: Do not respond to any clients: Select this to disable the PXE services from providing boot or install images to clients. Respond only to known clients: Select this if you want only those clients that are pre-staged into Active Directory to use PXE services. (Known and unknown) Respond to all client computers (Known and unknown): Select this if you want both known and unknown clients to use PXE services. This requires you to select the Require administrator approval for unknown computers option for additional security.
5. 6.
On the Operation Complete page, do not add images to the server. In the Windows Deployment Services console, right-click the WDS server and then click Properties to view the properties that can be configured for the server. Take note of the following tabs: General: Contains information about the Computer name, location of the remote installation folder, and the Server mode. PXE Response: Contains options for configuring the PXE Response Policy AD DS: Contains options for defining how to name unknown computers and for specifying where computer accounts should be created. Boot: Contains options for providing default PXE boot settings and default boot image selections. Client: Contains options for providing an unattend file, joining a domain, and client logging.
6-23
Multicast: Contains options for configuring multicast IP Addresses and transfer settings. Advanced: Contains options for integrating with domain controllers and DHCP authorization. Network: contains options for configuring the UDP Port Range.
Question: What is the difference between the Deployment Server and the Transport Server?
6-24
Key Points
You must add at least one boot image and one install image before booting to the WDS server and installing an image. Perform the following procedure to add the Install.wim from the product DVD: 1. 2. 3. 4. In the Windows Deployment Services MMC snap-in, right-click the Install Images node, and then click Add Install Image. Specify a name for the image group, and then click Next. Browse to select the default install image (Install.wim), which is located in the \Sources folder of the product DVD, and then click Open. To add a subset of the images included in the Install.wim file, clear the check boxes for the images that will not be added to the server. Add only those images for which you have licenses. Follow the instructions in the wizard to add the images.
5.
6-25
6.
Click the image group to verify that the correct images are added.
7.
Perform the following steps to add the default boot image included on the product DVD: 1. 2. 3. 4. 5. In the left pane of the Windows Deployment Services MMC snap-in, right-click the Boot Images node, and then click Add Boot Image. Browse to choose the default boot image (Boot.wim) on the product DVD, located in the \Sources folder. Click Open and then click Next. Follow the instructions in the wizard to add the image. Repeat this procedure to add other boot images. When multiple boot images are available to client computers, clients are presented with a boot menu that displays the boot images. To modify any of the settings of the server, right-click the server in the MMCsnap in and then click Properties. Now that there is at least one boot and install image on the server, you can perform a PXE boot on a client computer to install an operating system using the steps in the following section.
6. 7.
4. 5.
6-26
Key Points
You can create custom install images for Windows 7. To do this, create a capture image, prepare a reference computer using Sysprep, and then capture the operating system using the Image Capture Wizard.
6-27
4.
Type a name, description, and the location to save a local copy of the file. You must specify a location in case there is a problem with the network when you deploy the capture image.
5. 6. 7. 8. 9.
Continue to follow the instructions in the wizard, and when it is complete, click Finish. Right-click the boot image folder and then click Add Boot Image. Browse to select the new capture image. Follow the instructions in the wizard. Once you have created the capture image, follow the instructions in the next section to start a client computer into the capture image and capture the operating system into a .wim file.
4. 5. 6. 7.
6-28
8. 9.
On the Image Capture Destination page, browse to the location where you want to store the captured image. In the File name text box, type a name for the image using the .wim file name extension.
10. Click Upload image to WDS server. 11. Type the name of the WDS server and then click Connect. 12. If prompted for credentials, enter a user name and password for an account with sufficient privilege to connect to the WDS server. 13. In the Image Group drop-down list, choose the image group to store the image in. Now you can PXE boot a client computer to install this image. Question: What are the prerequisites for creating custom install images?
6-29
This demonstration shows you how to add and filter drivers using WDS.
6-30
Question: You have a driver package for a specific manufacturer that needs be deployed. Which type of filter do you configure?
6-31
Key Points
The following client management tasks are done as part of the WDS configuration: Prestaging clients Enabling the Auto-Add policy Approving and rejecting pending computers Specifying settings for pre-staged client computers
6-32
2. 3. 4. 5.
6.
With the WDSUTIL tool: Run the following command at an elevated command prompt:
WDSUTIL /Set-Server /AutoAddPolicy /Policy:AdminApproval
6-33
If this policy is enabled, when an unknown computer attempts to start against the server, the computer appears in the Pending Devices node of the MMC snap-in. The computer remains in this pending queue until it is approved or rejected, the time-out is reached, or the user cancels the attempt. If the computer is approved, the computer continues to start from the network, and a computer account object is created in AD DS to represent the physical computer. If the computer is rejected, the network start aborts, the computer starts from the next item in the boot order, and a computer account is not created.
If this policy is not enabled, WDS does not create a computer account for unknown clients. It does, however, still answer clients according to the settings on the server. The Auto-Add policy applies only when the WDS server is set to answer all clients, and WDS does not find a prestaged computer account for a booting computer. In all other cases, this policy is not in effect. Also note that this policy does not pertain to computers that use EFI.
Perform the following steps to reject a pending computer using the MMC snap-in: 1. 2. Select the Pending Devices node. Right-click the computer and then click Reject or Reject All.
6-34
Question: You want to configure properties on the computer account to control the installation for the client. What do you need to do to the client?
6-35
Key Points
You can deploy virtual hard disk (.vhd) images of Windows 7 to a physical (not virtual) computer using WDS. In general, you deploy .vhd images in the same way that you deploy .wim images. Using WDSUTIL at the command line is the only supported method of adding and configuring the .vhd images. In addition, the deployment must be part of an automated installation. Deploying a virtual hard disk image is as follows: 1. 2. 3. Add a .vhd image to the server. Configure an unattended installation for the .vhd image. Deploy the .vhd image.
6-36
2.
Create an image group. You need an image group specifically for .vhd images because they cannot be in image groups with .wim images. To create an image group for the .vhd image, use the following syntax:
WDSUTIL /Add-ImageGroup /ImageGroup:<image group name>
3.
To add the .vhd image to the server, use the following syntax:
WDSUTIL /Verbose /Progress /Add-Image /ImageFile:<path> /ImageType:Install /ImageGroup:<image group name>
Question: In general, you deploy .vhd images the same way that you deploy .wim images. What WDS command-line tool do you use to do this?
6-37
6-38
6-39
Supporting Documentation
E-Mail from Adam Carter:
Ed Meadows
From: Sent: To: Subject: Hey Ed, Since the Marketing department has been chosen for the Windows 7 deployment pilot program, I think it would be great if we could deploy a Windows Server 2008 R2 Windows Deployment Services server role. We have a server named LON-DC1 that can be used for the server role. All of the new client computers will be PXEenabled. However there are some considerations that I will list below: LON-DC1 also hosts the DHCP server role for the department. LON-DC1 has two volumes: Drive C: which is 80 percent full, and Drive E:, which is only 10 percent full. The Marketing department does not have any special image requirements other than a default installation (all settings will be configured postdeployment). We do plan on deploying 64-bit laptops in the next few weeks. I have an updated driver for the VX 6000 Lifecam that I will have available for when we need it. To ensure security, we need to make sure that only known or approved computers can be installed over the network. We will start off with only a couple of computers, but do think about how we can scale WDS so that we have availability and also minimize network congestion. Adam Carter [Adam@contoso.com] 28 June 2009 11:01 ed@contoso.com Re: Windows Deployment Services for the Marketing Department
6-40
Windows Deployment Services Design and Configuration Document Reference Number: WDS2009 Document Author Date Requirement Overview To install and configure Windows Deployment Services server role. To deploy Windows 7 to the new Marketing department computers. Additional Information You have purchased 10 new computers for the Marketing department. The Marketing department has a single server name LON-DC1. 1. Since LON-DC1 also hosts the DHCP server role, how does this affect the Windows Deployment Services server role? Ed Meadows 2nd August
2.
3.
What types of images are required for your deployment? How can you organize the install images for future deployment with other departments?
4.
6-41
(continued)
Windows Deployment Services Design and Configuration 5. What specific platform considerations do you have for your deployment?
6.
What are some ways that you can provide availability and minimize network congestion?
Task 2: Update the design and configuration document with your planned course of action
Answer the questions in the additional information section of the document.
Results: After this exercise, you have the main points of how the WDS sever role is configured for the Marketing department.
6-42
Exercise 2: Installing and Configuring the Windows Deployment Services Server Role
Scenario
Your first step for the Windows 7 deployment is to install and configure the WDS server role. You will use the information gathered from the Windows Deployment Services Design and Configuration document. The main tasks for this exercise are as follows: 1. 2. Install the Windows Deployment Services server role. Configure Windows Deployment Services.
Note: LON-DC1 is the computer that is to be configured with the WDS server role.
6-43
PXE Server Initial Settings: Respond to all client computers (known and unknown) Require administrator approval for unknown computers: selected Add images to server now: Not selected
Results: After this exercise, you have installed and performed initial configuration tasks for the WDS server role.
6-44
Note: LON-DC1 is the computer that is configured with the WDS server role.
Results: After this exercise, you have added the default boot and install images from the Windows 7 DVD media to WDS.
6-45
Note: LON-DC1 is the computer that is configured with the WDS server role.
Available Driver Packages: Accept default selections. Driver Groups: Create a new driver group named: VX6000 Lifecam
6-46
Results: After this exercise, you have added a driver package to WDS and created a driver deployment filter.
6-47
Note: LON-DC1 is the computer that is configured with the WDS server role. LON-CL3 is a network client that does not contain any operating system.
6-48
6-49
Review Questions
1. Windows 7 needs to be deployed to a variety of clients in a heterogeneous computer environment. How do you handle the creation of multiple images for deployment to each kind of client?
2.
You are tasked with deploying Windows 7 to clients in several countries. Is it necessary to create a different install image for each language?
3.
4.
What type of image must be used to capture the operating system of a client as a .wim file?
6-50
Best Practices
Supplement or modify the following best practices for your own work situations:
6-51
In situations where a server is overburdened, configure a network boot referral to direct starting clients to different WDS servers for TFTP downloads. Alter your physical network topology by doing one or more of the following: Add a WDS server closer to the client computer. Move the client computer closer to the WDS server. Repair the existing network infrastructure (in the case of high-packet loss). Upgrade to better cabling (Cat 5e is recommended). Check the condition of the switches between the client computer and the WDS server to ensure that packets are not being dropped.
6-52
Processor (% Processor Time) WDS Multicast Server (all counters) WDS TFTP Server (all counters) WDS Server (all counters)
Use Dynamic Driver Provisioning in Windows 7 to Reduce the Size of the Images and Reduce the Number of Images to Maintain
It is not necessary to update images when you introduce new hardware into the environment. By storing drivers centrally on deployment servers, separate from images, you can install drivers dynamically or assign sets of drivers based on information contained in the BIOS. If you choose to install drivers dynamically, Windows 7 enumerates Plug and Play devices during installation. Then, it chooses drivers based on the Plug and Play IDs of the actual devices on the PC. Reducing the number of drivers on individual PCs reduces the number of potential driver conflicts. This ultimately streamlines installation and setup times, and improves the reliability of the PC.
6-53
Partition network segments to distribute the load across multiple servers. Keep network latency to a minimum to optimize TFTP transfers. Ensure that the disk that contains the remote install folder has enough throughput to meet the client demand. Ensure that there is sufficient memory on the server to handle the demands. Ensure that there is enough processor bandwidth on the server to handle the demands.
3. 4.
7-1
Module 7
Deploying Windows 7 by Using Lite Touch Installation
Contents:
Lesson 1: Designing the Lite Touch Installation Environment Lesson 2: Implementing MDT 2010 for Deploying Windows 7 Lab A: Planning and Configuring MDT 2010 Lab B: Deploying Windows 7 by Using Lite Touch Installation 7-3 7-13 7-31 7-40
7-2
Module Overview
The Microsoft Deployment Toolkit (MDT) 2010 delivers end-to-end guidance for efficient planning, building, and deploying of the Windows 7 operating system. MDT 2010, together with several related technologies, allows you to deploy Windows 7 using a Lite Touch Installation (LTI) methodology, or a Zero Touch Installation (ZTI) methodology. This module describes how to design the LTI environment, and provides an overview of the techniques that you can use to build and deploy Windows 7 using the MDT and the LTI scenario.
7-3
Lesson 1
The Windows 7 operating system deployment method that you use depends primarily on the infrastructure management processes in place within your organization. Some organizations have deployment processes that require extensive interaction with an administrator or end-user, whereas other organizations have their deployment tasks completely automated. Many organizations that still maintain a standardized environment but have not yet deployed the infrastructure required for ZTI will likely take advantage of the functionality contained in MDT 2010 to support the Lite Touch Installation scenarios. This lesson provides an overview of the LTI requirements and the tasks that take place within the LTI process. It also explains considerations for designing the LTI environment and implementing MDT 2010 for the Lite Touch Installation of Windows 7.
7-4
Key Points
LTI may require an administrator or user with administrative access, to customize the information during deployment. The setup process is usually started manually, and custom information is provided by a preconfigured answer file, or by a deployment wizard that appears when the installation process starts. Organizations that use the LTI deployment method are typically in a standardized network environment. This consists of the Active Directory Domain Services (AD DS), and prerequisites that are in place so Windows 7 can be implemented by using the automated techniques provided by MDT 2010. The process of deploying Windows 7 using LTI consists of the following high-level steps: Design the LTI environment: The initial planning involves ensuring that the required infrastructure to support LTI tools exists. This part of the process results in a set of design documents that are used to build the MDT 2010 deployment infrastructure, and to perform automated operating system and application deployments.
7-5
Implement the LTI infrastructure: Several server roles may be required to support the Lite-Touch deployment process. These roles can reside on a single server or separate servers as required. These roles may include: Build server: This is the source for custom deployment images, including out-of-box drivers, service packs, and additional language packs. Data server: This is used to store computer backups and user state migration data. Application installation server: This is used to store the source files for core and supplemental application installations. Microsoft Windows Deployment Services (WDS) server: This is the engine for Pre-boot Execution Environment (PXE) booting. Database server: This optional component can be used as a centralized repository for managing deployment configuration settings.
Install MDT 2010: After installing the prerequisite software, including the Microsoft Management Console (MMC) 3.0, Microsoft .NET Framework 2.0 or higher, Windows PowerShell version 2.0 and the Windows Automated Installation Kit (Windows AIK) version 2.0, you can install a new instance of MDT 2010 on each computer where you want to manage MDT 2010 deployment shares. Typically, MDT 2010 is installed on the build server. MDT 2010 may also be installed on a technician computer and configured to point the deployment share to the build server or the data server. After MDT is installed, you can open the Deployment Workbench. The Deployment Workbench is the administration console for MDT 2010 and the LTI deployment process. Most of the daily MDT 2010 management tasks are performed in Deployment Workbench.
Create and populate a deployment share: A deployment share is a storage location for all the scripts, operating systems, applications, drivers, and other files that are necessary to perform an operating system deployment. Typically, the deployment share is created on the build server, but it can also be located on the data server. The deployment share is created by using the MDT 2010 Deployment Workbench. You can use the New Deployment Share Wizard to create the deployment share and to store the source files in the deployment share folder. (You will associate these stored items with task sequences later in the configuration process.)
7-6
Create and customize a task sequence: The task sequences in MDT 2010 contain the steps performed during the LTI deployment. Task sequences are stored in the deployment share. You create and manage the task sequences that are used to perform the deployments to the reference and destination computers in your organization by using Deployment Workbench. You can use the New Task Sequence Wizard to create new task sequences. MDT 2010 includes task sequence templates that are used to perform common deployment scenarios. In many instances, you can perform deployments using the templates without any modification to the task sequence. Task sequences consist of a combined series of steps that are designed to complete an action. Each task sequence step performs a specific task, such as validating that the target computer is capable of receiving the deployment image, storing user data in a safe location, deploying an image to a target computer, restoring saved user data, and so on. Task sequence steps can be added to a task sequence group, which help keep similar task sequence steps together for better organization and error control.
Create Windows PE and Windows 7 images: After the LTI infrastructure is in place, you can use the Deployment Workbench to manage the Windows PE boot images, and the operating system images that will be deployed. You can create the Windows PE image to be used to initiate the LTI deployment process by updating the deployment share. For the operating system images, you can use the default image from the product DVD or you can install Windows 7 to a reference computer, capture the image of the reference computer, and deploy this custom image as a standardized deployment throughout your organization. Deploy the operating system images to the client computers: Deploying the operating system to a client computer is a matter of having an administrator or a user who has administrative rights run the deployment wizard.
7-7
Key Points
When designing the LTI environment, you must consider the following: Infrastructure: At a minimum, LTI requires a managed network and a file server. In addition, you must consider where you should store distribution files and images, user data, and application installation sources. These files may use a great deal of storage space. Deployment scenario: LTI supports the new computer, upgrade computer, refresh computer, and replace computer scenarios. There are three things that may influence your decision: whether to preserve user state, whether to preserve the file system, including currently installed applications, and whether to deploy to the same computer where the previous operating system resides.
7-8
Deployment method: LTI with MDT 2010 supports both the deployment share method, which uses a network shared folder to store all the deployment files, and the deployment media method, which creates an image that you can use to perform deployments from removable media. Based on the network connectivity, you may choose between these two deployment methods. WDS: If you choose to deploy the images by using WDS, you must ensure that there is a high-speed, persistent connection to the WDS servers that are used in the deployment process from the destination computers. This is because the size of the images being distributed is generally quite large. The WDS servers must be on subnets adjacent to the destination computers to ensure high-speed connectivity to the computers. If this is not possible, you can consider the following: Temporarily positioning the servers closer to the target computers during migration Moving the computers to a staging area for deployment Storing user state migration data locally on the destination computer Performing LTI locally by using deployment media
User data: If you decide to migrate user settings and data, you must determine the amount of storage space required. When this is known, you can designate local storage on the target computers, or on the shared folders that are located on a local server. Also consider the security and privacy of the user data and profile placed in the temporary storage location, whether it is a local storage or a shared folder on a network drive. If you are using Windows Easy Transfer, you can protect the migration file with a password If you are using User State Migration Tool, you can encrypt the migration store with an encryption key If you use network share for the temporary storage location, ensure the security and permission for the network share, so that the respective users will have access to only the share where their user data is located
7-9
Custom images: LTI supports deploying custom images or default images from the Windows product DVD, depending on the business need. However, you will rarely be able to take the images from the Windows product DVD and deploy them unmodified to the reference and destination computers. Typically, you have to create customized images that include the Windows operating system, language packs, applications, device drivers, software updates, and software. The MDT 2010 process allows the creation of customized images that are first deployed to a reference computer, captured from the reference computer, and then deployed to the destination computers.
Deployment share: MDT 2010 deployment shares can be stored on the computer that is running MDT 2010, or in any network shared folder. The computer that is running MDT 2010 has the following storage requirements: At least 4 GB of free space is required on the drive containing the %TEMP% folder if you plan to create a media deployment International Organization for Standardization (ISO) image. Otherwise, 1 GB of free space is required on the drive containing the %TEMP% folder. Free space of 1 GB is required on the drive containing the MDT 2010 program files.
You must also determine the size of each image, how many images are required in the deployment and ensure that sufficient space is available for storing the distribution files, which include operating system images, language packs, and device drivers used in Deployment Workbench. These distribution files are stored in the MDT 2010 deployment shares created in Deployment Workbench. You need to decide where to create the deployment share, whether in the local computer (local deployment share) or in a network shared folder (remote deployment share).
7-10
Scalability: To support deployment load, you can implement the LTI infrastructure to be highly scalable. To scale the LTI infrastructure, you must have several technologies in place, such as WDS server, SQL Server, and Distributed File System Replication (DFS-R) technologies. You can use SQL server and create MDT Database (MDT DB) as a solution to centralize configuration settings that are dynamic and extensible. The highly scalable LTI deployment infrastructure uses a hub-and-spoke topology for replication of content. Therefore, you must nominate a deployment server in the production environment that will perform the role of the master deployment server. Each of the child deployment servers will act as spokes. To enable this architecture, you need to use DFS-R to replicate the deployment share to each of your deployment servers. Then, use SQL Server snapshot replication to provide a copy of the deployment database to each of the child deployment servers.
7-11
Key Points
Read the following scenario and answer the following questions. Scenario You work as a Desktop Administrator in a large multi-national corporation, which is headquartered in California. Your organization has decided to deploy Windows 7 throughout the enterprise. You are in charge of the deployment project for the European offices, which are located in Copenhagen, London, and Paris. You work at the main office in Copenhagen, which has around 50 users. The offices in London and Paris have approximately 20 users each. The Paris office is connected with a high-speed internet link to the Copenhagen office, whereas the London office has a slower internet connection. Most of the users in Europe are using fairly new computers due to a hardware refresh that was completed in the European offices less than a year ago. In each office, there is a sole IT support person that helps troubleshoot daily computer issues on-site.
7-12
You have received a custom Windows 7 image from your corporate headquarters in California. You have been tasked with deploying this custom image to all employees in Europe. All required applications are included in the custom image, and any software updates are managed by Group Policy. You have two servers that you can use for this deployment project. You have decided to deploy this custom image by using the Lite Touch Installation process. Question: What elements in your current infrastructure support Lite Touch Installations? Question: How might you use your current resources to perform LTI deployment? Question: What deployment method do you choose for the three offices? Question: How do you optimize the user data migration in this scenario?
7-13
Lesson 2
After you design and implement the infrastructure to support the LTI tools, the next step in the LTI deployment process is to install and configure MDT 2010 for LTI deployments. You can then use MDT 2010 Deployment Workbench to create a deployment share, add operating system files and device drivers, create task sequences to deploy and capture reference installation, and deploy the captured image to destination computers. This lesson provides an overview of the requirements and installation of MDT 2010, and how to use the MDT 2010 Deployment Workbench to deploy Windows 7 with a Lite Touch Installation.
7-14
Key Points
The following list shows the software requirements and files required to install MDT 2010: Microsoft Management Console (MMC) 3.0 Microsoft .NET Framework 2.0 or higher Windows PowerShell command-line interface version 2.0 Windows AIK version 2.0 MDT 2010 installation file Windows installation files to be deployed
7-15
3.
Deployment Workbench
After installing MDT 2010, use the Deployment Workbench to perform LTI-based deployments. The top-level nodes in the Deployment Workbench and the kinds of tasks that can be performed in each are as follows: Information center node: Provides access to documentation, displays breaking news about MDT 2010, and lists the requirements for using the Deployment Workbench. Deployment share node: Lists operating systems, applications, operating system packages, task sequences, and out-of-box drivers populated in the Deployment Workbench.
7-16
The Deployment Workbench uses component files to help perform LTI-based deployments. Perform the following steps to make sure that the required components are installed: 1. 2. Open the Microsoft Deployment Toolkit and select the Deployment Workbench. Select Components in the Information Center, and in the Installed section, confirm that either the Windows Automated Installation Kit (x86) 2.0, or the Windows Automated Installation Kit (x64) 2.0 is installed.
Perform the following steps to download and install Deployment Workbench components: 1. In the Deployment Workbench, expand the Information Center, and select Components. Select the name of the component that you want to download from the Available for Download section. Use the Details pane to download the component from the Internet, browse for the installation file of the component, and complete the installation process by using the instructions that are provided. After the component is installed, it appears in the Installed section of the Details pane.
2.
3.
After you prepare the MDT 2010 environment and install the Deployment Workbench components, perform the following steps in the Deployment Workbench: 1. 2. 3. 4. 5. Create an MDT 2010 deployment share. Add operating system files to the deployment share. Add device drivers to the deployment share. Create task sequences. Update the deployment share.
7-17
Key Points
This demonstration shows how to create the deployment share, how to add an operating system to the deployment share, and how to add device drivers to the deployment share.
3.
7-18
4. 5.
Specify a descriptive name for the deployment share. This name is used to identify the share in the Deployment Workbench console. Select whether or not to ask to capture an image. Typically, you are prompted to capture an image from systems installed in a workgroup. Clearing this check box allows you to skip this step. Select whether or not to ask users to set a local administrator password. You can select this check box to allow users to set the Local Administrator password when an image is deployed from this share. Select whether or not to ask users for a product key. Selecting this check box will allow the users to specify an installation key. Review the Summary page and the summary information, and continue with the creation of the deployment share. Review the Confirmation page and review the log file for any errors that occurred during the creation of the deployment share. In addition, you can view the PowerShell code used to create the deployment share. Upon completion, the deployment share is created in the target folder that you defined in the wizard and shown in the Deployment Workbench.
6.
7. 8. 9.
10. Review the properties of the deployment share that you have created. On the General tab, there is a check box to enable multicast support on this deployment share. This requires the deployment share to be created on a Windows 2008 server with WDS installed. On the Rules tab, you can adjust the behavior of this deployment share. You can see some of the settings specified earlier such as SkipAdminPassword=YES. (Refer to the MDT Documentation for the available options on this tab.) On the Windows PE x86 Settings tab, you can configure the boot images created for this deployment share. The Windows PE x64 Settings tab contains the same settings for the 64-bit environment. On the Windows PE x86 Components tab, you can specify additional components for the Windows PE boot environment. The Windows PE x64 Components tab contains the same settings for the 64-bit environment.
7-19
3.
4. 5. 6.
7-20
Question: How do you create a deployment share on a Server (such as LON-DC1) if the MDT was deployed to a workstation (such as LON-CL2)?
7-21
Key Points
This demonstration shows you how to create a task sequence for a deployment share.
3.
7-22
4. 5. 6. 7.
Select the operating system to be installed. You can only install Operating Systems that have been previously imported. Select whether or not to specify product key. The option selected here depends on how the organization is licensed. Specify the user name and organization. Select whether or not to specify an Administrator password. If this system is to be deployed into production, you may want to specify a password here, or in a custom setup file. Review the Summary page, proceed and confirm the wizard, and complete the New Task Sequence Wizard.
8.
Question: How do you deploy Windows 7 to three different departments with different application needs?
7-23
Key Points
This demonstration shows you how to update a deployment share.
3.
7-24
Question: When might you decide to completely regenerate the boot images when updating a deployment share?
7-25
You can initiate the deployment of Windows to destination computers by running the Windows Deployment Wizard. Each deployment scenario (upgrade computer, replace computer, new computer, or refresh computer) uses a different process. You can select to initiate the deployment from Windows Deployment Services, a network share, from local drives, or by using a bootable media. Windows PE starts on the destination computer and initiates the MDT 2010 deployment process. The Windows Deployment Wizard displays different wizard pages depending on the task sequence and the configuration options specified in CustomSettings.ini. For example, if a product key is specified in the task sequence, the wizard will not prompt for a product key.
7-26
The following shows the pages available in Windows Deployment Wizard: Welcome to the Windows Deployment Wizard: Select whether to deploy Windows using Windows Deployment Wizard, go to Windows Recovery Environment or to the command prompt. Specify credentials for connecting to network shares: Specify credentials to connect to network shares. These credentials are used to access network shared folders used during the deployment process. Select a task sequence to execute on this computer: This page shows the task sequences available. Specify the product key needed to install this operating system: Enter the product key to be assigned to the destination computer or select MAK activation method. Select a migration type: Select between refresh computer and upgrade computer scenario. Configure the computer name: Enter the computer name to be assigned to the destination computer. Join the computer to a domain or workgroup: Specify workgroup or domain information for the destination computer. Specify where you should save your data and settings: Specify whether to save data and settings and determine the storage location. Specify whether to restore user data: Specify whether to restore user data and from which location. Specify where you should save a complete computer backup: Specify whether to back up your computer and determine the backup location. Specify the product key needed to install this operating system: Assign the product key if it is required. Packages: Specify language packs to be installed on the destination computer. Locale selection: Here you can set the locale of the destination computer. Set the time zone: Set the time zone of the destination computer. Select one or more applications to install: Specify which applications are to be installed on the destination computer.
7-27
Administrator password: Set administrator password for the destination computer. Specify whether to capture an image: Specify whether to capture the image of the destination computer and set the location to store the WIM file, prepare the computer for image capturing at later time, or not to capture the image of the computer for typical deployment. Specify the BitLocker configuration: Enable BitLocker drive encryption on destination computer. Ready to begin: The Windows Deployment Wizard finishes and deployment of the new operating system begins.
7-28
The Deployment Workbench includes advanced configuration options that extend the features provided in basic LTI deployments. These configuration options provide you with more granular support in the deployment process. They can be used, for example, to support deployments in larger organizations, or deployments using stand-alone media, without the need to connect to a deployment share. The advanced configuration tasks include more detailed management of the following: Selection profiles: Selection profiles enable you to select one or more folders in Deployment Workbench that contain one or more items. These items include: applications, device drivers, operating systems, operating system packages, and task sequences. You can also use the selection profiles to group items. MDT 2010 creates several default selection profiles including: Everything, All drivers, All drivers and packages, Nothing, and Sample.
7-29
Linked deployment shares: Linked deployment shares provide a logical connection between two deployment shares, a source and a target deployment share. The items to be linked between the source and target deployment share is determined by a selection profile. You can create linked deployment shares in the Deployment Workbench by using the New Linked Deployment Share Wizard. Linked deployment shares enable you to easily replicate an entire deployment share or parts of a deployment share to another deployment share. This enables you to change one deployment share and then update others based on the selection profiles that you selected when you create the linked deployment shares.
Deployment media: Deployment media enables you to perform LTI-based deployments solely from local media, without connecting to a deployment share. After creating the deployment media, generate bootable WIM images that enable the deployment to be performed from portable media devices locally available on the destination computer. The items to be included on the deployment media are determined by a selection profile specified when the media is created. Deployment media lets you easily generate stand-alone media that can be used to perform LTI-based deployments. Deployment Workbench automatically includes Windows PE in the media so that Windows PE is started from the media at the destination computer. When Windows PE starts, the Windows Deployment Wizard is automatically started as in any LTI-based deployment. You can generate media images of the media content in Deployment Workbench by using the Generate Media wizard. This wizard creates WIM file images of the media content that can be used to perform stand-alone, LTIbased deployments from media.
7-30
MDT database: Use the MDT database (MDT DB) to provide configuration settings for LTI-based and ZTI-based deployments. The MDT DB provides centralized configuration and management of configuration settings for the destination computers. Conceptually, the MDT DB can be viewed as a centralized version of the CustomSettings.ini file. The main advantage of using the MDT DB is that it provides a centralized repository for managing deployment configuration settings. This eases largescale deployments. Although large-scale deployments can be performed by using the CustomSettings.ini file, it is recommended that you use MDT DB for large-scale deployments, especially in ZTI-based deployments. You can configure the MDT DB through Deployment Workbench in MDT 2010 or any other data management tools that can change information stored in Microsoft SQL Server. The MDT DB can be stored on the same SQL Server used for Configuration Manager, on an SQL Server on the same computer where MDT 2010 is installed, or any other SQL Server in your organization.
7-31
7-32
7-33
Supporting Documentation
E-mail thread with Jonas:
Adam Carter
From: Sent: To: Subject: Adam, You know my philosophy on this, keep it uncomplicated and reduce the opportunity for errors. I know there were a few complaints when we had to reimage several systems in Seattle after that virus outbreak but the company policy remains, all Contoso related files are to be stored on a server. Since we use roaming profiles I do not see the need to migrate profiles for users. Since there is nothing critical on the client systems I do not think we need to worry about that feature either. For the time being we are going to continue deploying applications to the client systems post installation. Unless purchasing changes their policies we do not want to deploy any applications until the requesting department has secured their licenses. As for the rest of the features, I like the idea of deploying from a central image and since we are not giving the users local administrative rights we need to include any drivers they might need, for instance the IntelliPoint drivers for the Microsoft Mice we use in our department. Keep in mind not all the custom applications have been tested in a 64 bit environment yet. If anything else comes up just use your best judgment and we can discuss it at the next meeting. Thanks, Jonas Jonas Brandel [jbrandel@contoso.com] 17 July 2009 2:30 PM Adam Carter [acarter@contoso.com] Re: Automated Windows 7 deployment
7-34
----- Original Message ----From: Adam Carter [acarter@contoso.com] Sent: 17 July 2009 11:15 AM To: Jonas Brandel [jbrandel@contoso.com] Subject: Re: Automated Windows 7 deployment Jonas, I have had a chance to download the Microsoft Deployment Toolkit. I am not sure if you are aware of all the features in the Toolkit. Besides deploying Windows 7 we could do the following: Partially Automated Deployment of Windows 7 (Lite-Touch) Fully Automated Deployment of Windows 7 (Zero-Touch) Deploy Windows 7 from an Image Deploy Applications Pre-Install device Drivers Migrate User Profiles Enable BitLocker on deployed systems
I know you want a report at the next department meeting. Do you have a preference for the features that we evaluate before then? Thanks, Adam ----- Original Message ----From: Jonas Brandel [jbrandel@contoso.com] Sent: 15 July 2009 09:30 AM To: Adam Carter [acarter@contoso.com] Subject: Automated Windows 7 deployment Adam, As discussed in the last planning meeting we are looking at rolling out Windows 7 next quarter. I want you to download the Microsoft Deployment Toolkit and evaluate it for use in automating the deployment of Windows 7. Thanks, Jonas
7-35
Task 2: Complete the Microsoft Deployment Toolkit Job Aid to help plan the deployment
Fill out the attached Microsoft Deployment Toolkit Job Aid. Use the check boxes to indicate your decision. In the Rationale for the Decision section, list your supporting reason for this decision. Be prepared to discuss your answers with the class.
Microsoft Deployment Toolkit PlanningJob Aid Information Rationale for the Decision 32 bit Windows 7 64 bit Windows 7 What Operating 32 Windows Server System are you going 2008 R2 to deploy? 64 bit Windows Server 2008 R2 Question What System is going to be deployed as the Technicians system? Are you going to be deploying Applications? What MDT additional components are you going to install? Where will you store your distribution files? Windows 7 client Windows 2008 R2 server Yes No MAP WAIK USMT Local Deployment Share Remote Deployment Share
7-36
(continued) Microsoft Deployment Toolkit PlanningJob Aid Information Rationale for the Decision Will you be deploying Yes any drivers not included with No Windows 7? Question Will you deploy across the network, with removable media, or both? Network Removable Media New Computer Upgrade Existing Computer Refresh Computer Replace Computer Full OS File Set Custom WIM Professional Ultimate Business Enterprise Multiple Activation Key (MAK} Key Management Service(KMS)
Which Deployment Scenario will you use? Will you deploy a full set of operating system files or a custom Windows Imaging Format (WIM)? Which product editions will you deploy? How will you handle product keys and licensing?
Results: After this exercise you have planned your MDT 2010 deployment.
7-37
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL2 is the computer running Windows 7 that will contain MDT 2010.
7-38
Question: What category is the Windows Automated Installation Kit in and what is the status?
Results: After this exercise you should have installed Windows AIK and verified the installation.
7-39
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL2 is the computer running Windows 7 that contains MDT 2010.
Results: After this exercise you should have created a new deployment share.
7-40
7-41
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL2 is the computer running Windows 7 that contains MDT 2010.
7-42
(continued)
On this wizard page OS Settings Do this Full Name: Admin Organization: Contoso LTD. Do not specify an Administrator password at this time Review the Summary. Click Finish.
7-43
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL2 is the computer running Windows 7 that contains MDT 2010.
Note: For the Lab the LiteTouchPE_x86.iso file has already been copied to the host machine.
Task 2: Start the reference computer with the LTI bootable media
To deploy using the Lite Touch Installation you need to mount the boot image to the reference computer and boot it into the WinPE environment. On LON-IMG1, mount C:\Program Files\Microsoft Learning\6294 \drives\LiteTouchPE_x86.iso. Start LON-IMG1.
7-44
Select a task sequence to execute on this computer Configure the computer name Join the computer to a Domain or workgroup Specify whether to restore user data Language and other preferences Set the Time Zone Specify whether to capture an image Ready to begin
Accept the default selections. Accept the default selections. Capture an image of this reference computer
Click Begin.
Review the Deployment Summary page for any errors, click Finish, and turn off LON-IMG1.
Results: After this exercise you should have created the LTI bootable media and started LON-IMG1 to complete the deployment wizard.
7-45
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL2 is the computer running Windows 7 that contains MDT 2010.
Task 1: Add the captured image of the reference computer to Deployment Workbench
On LON-CL2, in the Deployment Workbench import the wim file created during Exercise 2. Complete the Import Operating System Wizard with the following information:
On this wizard page OS Type Source Setup Destination Summary Confirmation Do this Custom image file C:\DeploymentShare\Captures\WIN7_REFERENCE.wim Accept the default selection. Accept the default name. Review the summary. Click Finish.
7-46
Standard Client Task Sequence WIN7_REFERENCEDDRIVE in WIN7_REFERENCE WIN7_REFERENCE.wim Accept the default selections. Full Name: Organization: Admin Contoso LTD.
Admin Password
Administrator Password: Pa$$w0rd Please confirm Administrator Password: Pa$$w0rd Review the summary. Click Finish.
Summary Confirmation
Results: After this exercise you should have added the captured image to the deployment workbench and created a task sequence for the target computer.
7-47
Note: LON-DC1 is the computer running Windows Server 2008 R2. LON-CL2 is the computer running Windows 7 that contains MDT 2010. LON-CL3 is the computer that will be installed with a new copy of Windows 7.
Specify Credentials for connecting to network shares Select a task sequence to execute on this computer Configure the computer name
LON-CL3
7-48
(continued)
On this wizard page Join the computer to a Domain or workgroup Specify whether to restore user data Language and other preferences Set the Time Zone Specify the BitLocker configuration Ready to begin Do this Join a domain Domain: Contoso Accept the default selections.
Click Begin.
Review the Deployment Summary page for any errors; and then click Finish and turn off LON-CL3.
7-49
7-50
Tools
Tool Microsoft Deployment Toolkit (MDT) 2010 Use Where to find it Microsoft Download Center
Microsoft Windows Deployment Services (WDS) Windows Preinstallation Environment (Windows PE) Deployment Workbench Windows PowerShell
Deploys Windows. (The AIK includes several tools used to build and configure Windows PE environments.) An administration console for MDT 2010 Provides an environment to perform administrative tasks by execution of cmdlets Migrates user settings and data for a large number of computers) Supports the deployment of Windows operating system
User State Migration Tool (USMT) Windows Automated Installation Kit (Windows AIK) Windows 7 installation files
Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
L1-1
Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
Scenario
You are the team lead for the Windows 7 deployment project at Contoso Ltd. Contoso currently uses Windows Vista on the company desktop computers. You are planning for the Windows 7 deployment to take place within the next month. As part of the deployment process you need to determine if there are any hardware compatibility issues with Windows 7. You will use the Microsoft Assessment and Planning Toolkit to help inventory, analyze, and then determine the necessary hardware upgrades.
L1-2
Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
L1-3
Exercise 2: Use the Microsoft Assessment and Planning Toolkit to Create a Client Assessment Report
Task 1: Run the Windows 7 Readiness Assessment Wizard
1. 2. 3. In the Discovery and Readiness pane, click Inventory and Assessment Wizard. Review the Computer Discovery Methods page and then click Next. Configure the Active Directory Credentials page with the following: Domain: Contoso.com Domain Account: Contoso\Administrator Password: Pa$$w0rd Click Next. Review the Active Directory Options page and then click Next. On the Windows Networking Protocols page ensure the following: Workgroups and Windows domains to include in the inventory: Contoso Click Next. On the WMI Credentials page, click New Account. Fill in the Inventory Account page with the following: Domain name: Contoso Account name: Administrator Password: Pa$$w0rd Confirm password: Pa$$w0rd Click Save. On the WMI Credentials page, click Next. On the Summary page, click Finish.
4. 5.
6. 7.
8. 9.
10. Once the inventory is complete, on the Status page, click Close.
L1-4
Lab A: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
L1-5
Q. What are the minimum upgrades required to the Not Ready for Windows 7 Category systems? A. Answers will vary based on the final VMs 6. 7. Close the Windows7Assessment-<date-time> report. Close all open windows.
L1-6
Lab Review: Assessing the Computing Environment by Using the Microsoft Assessment and Planning Toolkit
Question: What are the requirements for deploying the Microsoft Assessment and Planning Toolkit? Answer: Windows XP or above, NET Framework v3.5SP1, Windows Installer v4.5, Microsoft Word 2003 SP2 or above (Microsoft Word 2007 recommended), Microsoft Excel 2003 SP2 or above (Microsoft Excel 2007 recommended), Microsoft Office Primary Interop Assemblies, SQL Server 2008 Express Edition (or above) and installation of all updates for the operating system and Microsoft Office. Question: What are the Remote Computer configuration requirements for using the MAP Toolkit? Answer: In order to run the MAP Toolkit wizards, the only required configuration is to configure the Windows Firewall (where appropriate) to enable remote access to WMI. The Remote Registry service is used to find the roles installed on a server. It is also required for running the Gather Performance Metrics Wizard. Question: What discovery methods are available for the MAP Toolkit? Answer: MAP can discover computers in your environment or you can specify which computers to inventory using one of the following methods: Active Directory Domain Services (AD DS), Windows networking protocols, Import computer names from a file, Scan an IP address range, or Manually enter computer names. Question: In addition to the Hardware Analysis, what information is available in a Windows 7 proposal generated by the MAP Toolkit? Answer: Software Analysis, including a summary of devices and how to obtain drivers discovered on client computers, current client operating system, and a summary of the most prevalent applications discovered on client computers.
L1-7
L1-8
A recent internal audit has revealed inadequacies with the existing license activation. The network is due for a technology refresh and due to the issues revealed by the audit Upper Management has asked you to recommend an activation model that will provide the most efficient method of activating all systems while maintaining a documentable method of managing the licenses.
L1-9
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
L2-11
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
Computers in this lab
Before you begin the lab, you must start the virtual machines. The virtual machines used at the start of this lab are: 6294A-LON-DC1 6294A-LON-CL1 6294A-LON-VS1
L2-12
2. 3. 4. 5. 6. 7.
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
L2-13
8. 9.
On the Configure Your Log File Location page, next to Share as, ensure the ACTLogs is entered, and then click Next. On the Configure Your ACT Log Processing Service Account page, ensure that Local System is selected, and then click Next.
10. On the Congratulations page, clear the check mark next to Automatically check for updates on launch, and then click Finish. The Microsoft Application Compatibility Manager console opens. 11. On the Tools menu, click Settings. 12. In the Settings box, on the Settings page, verify that LON-DC1 is configured as the SQL Server, and that ACTDB is configured as the Database. 13. Under Log Processing Settings, verify that a check mark is visible next to This computer is configured as a Log Processing Service. 14. Verify that the Log Processing Service Account is configured as a Local System Account. 15. Verify that the Log Share is configured to be \\LON-DC1\ACTLogs. 16. Click the Preferences tab. 17 Under Community Settings, verify that a check mark is visible next to Yes, I want to join the ACT Community. 18. Under Update Settings, ensure that the check box next to Notify me when a newer version of ACT is available is cleared. Normally you would select this; however, the virtual computer is not connected to the Internet, so it will remain cleared for this exercise. 19 To close the Settings box, click OK. 20. Click Start, point to Administrative Tools, and then click Services. 21. Verify that the Act Log Processing Service has started. If it is not started, rightclick the service, and then click Start. 22. Close the Services console.
L2-14
5.
6.
Under When to monitor application usage, for Duration, configure 60 Minutes. In production, you will want to set this for at least 35 days to capture sufficient detail. Under Where to output collected data, ensure that the Output Location shows LON-DC1 (\\LON-DC1\ACTLogs). From the File menu, click Save and Create Data Collection Package. Save the file as DataCollectionPKG.msi in C:\Data.
7. 8.
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
L2-15
The DataCollectionPKG installation runs. Close the Explorer window. Right-click the Taskbar, and then click Task Manager. Click the Processes tab. Click Show processes from all users. In the User Account Control dialog box, provide the following credentials and then click OK: User name: Administrator Password: Pa$$w0rd
9.
On the Processes tab, verify that the data collection is running by looking for the actdcsvc.exe process.
L2-16
9.
10. Click the Actions menu, and then click Assign Categories. 11. In the Assign Categories dialog box, click the Category List button. 12. Click Add on the Categories side, and then type Line of Business. 13. Click Add on the SubCategories side, type Customer Service, and then click OK. 14. In the Assign Categories box, select the Customer Service sub-category, and then click OK. 15. Select the following applications: Microsoft BackInfo Office Diagnostics Service
16. Click the Actions menu, and then click Assign Categories. 17. In the Assign Categories dialog box, click the Category List button.
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
L2-17
18. Click Add on the Categories side, and then type System Utilities. 19. Click Add on the SubCategories side, type Desktops, and then click OK. 20. In the Assign Categories box, select the Desktops sub-category, and then click OK.
L2-18
10. In the Set Deployment Status box, click Mitigating, and then click OK.
Lab A: Evaluating Application Compatibility Using the Microsoft Application Compatibility Toolkit
L2-19
5. 6. 7.
After you have saved the new issue, click the Solutions tab. On the toolbar, click Add Solution. In the Add Solution dialog box, enter the following, and then click Save: Title: Office Diagnostics Service Fix Solution Type: Application has an update Solution Details: Install the latest Service Pack
8. 9.
Close all windows to return to the main Microsoft Application Compatibility Manager window. Close the Microsoft Application Compatibility Manager.
L2-20
L2-21
On the Stock Viewer toolbar, click Trends. Click the Tools menu, click Options, and then click OK. Click the Tools menu, and then click Show Me a Star. Click OK to close the Unsupported Version box. Close the Stock Viewer application.
L2-22
2. 3. 4. 5. 6.
On the Warning dialog box, click Yes. On the Permission denied dialog box, click OK. On the Stock Viewer toolbar, click Trends. An error appears.
10. On the Error box, click OK. 11. Click the Tools menu and then click Options. An unhandled exception error appears. 12. Click Continue to close the error. 13. Click the Tools menu, and then click Show Me a Star. An error appears stating that the application requires Windows XP. 14. Click OK to close the Unsupported Version box. 15. Close the Stock Viewer application. 16. In the Standard User Analyzer window, review the following tabs: File, Registry, Token, Name Space, Other Objects. Note that these are the errors that were detected while SUA was monitoring the application. 17. Click the Mitigation menu, and then click Apply Mitigations. 18. On the Mitigate AppCompat Issues, click Apply.
L2-23
In the left pane, expand Installed Databases. Under Installed Databases, expand AppCompat Shims for StockViewer.exe. Notice that this was installed by the SUA. Expand Applications and then click the application GUID entry. Notice the types of compatibility fixes that were applied when the SUA was used. Right-click AppCompat Shims for StockViewer.exe, click Uninstall, and then click OK. In the left pane, expand Custom Databases, and then click New Database(1) [Untitled_1]. On the toolbar, click Fix.
L2-24
10. In the Create New Application Fix box, on the Program Information page, provide the following and then click Next: Name of the program to be fixed: StockViewer Program file location: C:\Program Files\StockViewer\StockViewer.exe
11. On the Compatibility Modes page, click None, and then click Next. 12. On the Compatibility Fixes page, select the following, and then click Next: ElevateCreateProcess ForceAdminAccess LocalMappedObject VirtualizeHKCRLite
13. On the Matching Information page, click Finish. 14. On the toolbar, click Save. 15. In the Database Name box, type StockViewerFix, and then click OK. 16. In the Save Database box, type C:\Data\StockViewerFix, and then click Save. 17. On the toolbar, click Fix. 18. In the Create New Application Fix box, on the Program information page, provide the following information, and then click Next: Name of the program to be fixed: Star Program file location: C:\Program Files\StockViewer\DWM Compositing Rendering Demo.exe
19. On the Compatibility Modes page, click None, and then click Next. 20. On the Compatibility Fixes page, select WinXPSP2VersionLie, and then click Next. 21. On the Matching Information page, click Finish. 22. On the toolbar, click Save. 23. Right-click StockViewerFix, click Install, and then click OK. 24. Close the Compatibility Administrator.
L2-25
L3-27
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Slough Production Plant: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal should include details about the specific services you would need to support your deployment method. Where appropriate, the proposal should also include details about answer files, images, and other related material.
Slough Production Plant: Windows 7 Upgrade Proposal Document Reference Number: EM3007 Document Author Date Ed Meadows 30th July
Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the Slough production plant. To migrate applications and user data during the upgrade process.
L3-28
(continued)
Slough Production Plant: Windows 7 Upgrade Proposal Additional Information There are 10 computers running Windows Vista at the Slough plant. Following research with the staff at Slough, you have determined that they work in three shifts; this means that at some point in the day, all computers are not being used. 1. Is deployment by using WDS suitable in this situation? Why or why not? Answer. WDS is not suitable; the network is not provided with a DHCP server, which is a requirement of deploying WDS. 2. Would the use of WAIK be beneficial in the Slough plant upgrade? Answer. Depending upon the deployment method selected, it might be helpful to use Windows SIM, a Windows AIK tool, to help to automate the installation of Windows 7. By associating an answer file with a standard image (.WIM file in the \sources folder) Windows 7 could more easily be deployed. The answer file could be saved to a memory stick for use during an interactive installation. The degree of automation depends upon the options configured in the answer file. 3. How would you propose to handle the installation of custom applications? Answer. Assuming that you decide to perform an in-place upgrade, there would be no need to re-install applications; they would still be present on the system. If you opted to perform a wipe and load installation, it would be necessary to deploy the custom applications. Since not all workstations at Slough have these applications installed, it might be easiest to install them manually where necessary. However, existing GPO might be responsible for these custom application deployments. 4. How would you propose to deploy standard office productivity applications? Answer. Assuming that you decide to perform an in-place upgrade, there would be no need to re-install applications; they would still be present on the system. If you opted to perform a wipe and load installation, it would be necessary to deploy the standard office productivity applications. An existing GPO might be responsible for deploying standard office productivity applications.
L3-29
(continued)
Slough Production Plant: Windows 7 Upgrade Proposal 5. How would you propose to handle user state data and application settings? Answer. If an in-place upgrade is performed, then user data and application settings would be retained. If a wipe and load deployment is performed, then it will be necessary to migrate user data and settings by using either USMT or WET. The file server at Slough could be used to store the data and settings during the migration process. Proposals The infrastructure does not support the use of WDS. However, you could still choose to deploy an operating system image locally, perhaps by using imageX. Given that there are a small number of computers, and that each computer has a slightly different build, creating a single, standard image might prove challenging. The easiest approach would be to perform either an in-place upgrade in which all applications, user data, and settings are retained. Alternatively, a wipe and load deployment could be implemented; this would necessarily involve backing up user data and settings, re-installing the required applications, and then restoring the user data and settings. Either USMT or WET could be used to migrate these data and settings.
L3-30
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Hammersmith Production Plant: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal should include details about the specific services you would need to support your deployment method. Where appropriate, the proposal should also include details about answer files, images, and other related material.
Hammersmith Production Plant: Windows 7 Upgrade Proposal Document Reference Number: EM1008 Document Author Date Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the Hammersmith production plant. To ensure that user data is migrated as part of the upgrade process. To ensure that there is minimal downtime of the workstations at the Hammersmith plant; they are in constant use. Additional Information There are 25 computers running Windows Vista at the Hammersmith plant. Following research with the staff at Hammersmith, you have determined that their computers are in constant use. 1. Is deployment by using WDS suitable in this situation? Why or why not? Answer. No. Although DHCP and DNS are both present on the network, Server Core does not support the WDS Server role. Ed Meadows 10th August
L3-31
(continued)
Hammersmith Production Plant: Windows 7 Upgrade Proposal 2. How would you propose to handle the installation of custom applications? Answer. Application deployment is currently configured through GPO. There is no need to deploy the custom applications manually. 3. How would you propose to deploy standard office productivity applications? Answer. Application deployment is currently configured through GPO. There is no need to deploy the office productivity applications manually. 4. How would you propose to handle user state data and application settings? Answer. User data and settings must be migrated as these exist locally on each computer. The precise method depends upon which deployment method is selected. As Charlotte has suggested the computers are due to be replaced, it would be possible to perform a clean installation or apply a local image to each new computer. After applications are deployed by GPO, user data and settings could be migrated by using either USMT (using the local server for storage during migration), or else by using WETwith a direct cable connection between the computers. Proposals Either perform a local installation from DVD, perhaps using an answer file generated from Windows SIM, or else create a standard desktop image using a source computer, sysprep, and imageX. Essentially, you are creating a thin image as all applications are deployed by GPO. Once each computer has been deployed, migrate the user data from the old desktop computer to the new desktop computer.
L3-32
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Production Department: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal should include details about the specific services you would need to support your deployment method. Where appropriate, the proposal should also include details about answer files, images, and other related material.
Production Department: Windows 7 Upgrade Proposal Document Reference Number: EM0109 Document Author Date Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the rest of the production department based at the Reading plant. Additional Information There are 150 computers running Windows Vista at the Reading plant. At any one time, around a third of all computers are not in use. The computers are all in one of three subnets, with core services on the backbone. Each subnet has its own file server that hosts shared data and applications. 1. Is deployment by using WDS suitable in this situation? Why or why not? Answer. Yes, the WDS role could be deployed onto one of the servers on the backbone network; Server Core does not support the WDS role, so they could not provide the WDS service. Ed Meadows 1st September
L3-33
(continued)
Production Department: Windows 7 Upgrade Proposal 2. How would you propose to handle the installation of custom applications? Answer. The desktop computers are using a standard configuration. This means that the applications could be included as part of the OS deployment. A custom image file could contain all the custom applications required by the workstations. 3. How would you propose to deploy standard office productivity applications? Answer. Standard office productivity applications can be included in the custom build. 4. How would you propose to handle user state data and application settings? Answer. Given the large number of users involved, and the fact that user data is stored locally, USMT would be the preferred method of migrating user data. The adjacent file server could store the settings during the migration process. Proposals Given the large number of standard workstations, creating a custom image that includes the required applications would seem the sensible deployment method. Implement WDS on one of the backbone servers, and then create a custom image for deployment. Add the image, and a relevant boot image, to the server. Configure the appropriate method of deployment on WDS; choose either scheduled-cast, or auto-cast. Visit the appropriate workstation, and connect it to the WDS server by using PXE-boot.
L3-34
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Contoso: Windows 7 Upgrade Proposal document with your planned course of action. Your proposal should include details about the specific services you would need to support your deployment method. Where appropriate, the proposal should also include details about answer files, images, and other related material.
Contoso: Windows 7 Upgrade Proposal Document Reference Number: EM1712 Document Author Date Ed Meadows 17th December
Requirement Overview To replace the Windows Vista operating system with Windows 7 for all computers in the Contoso organization. To deploy applications as part of the upgrade, and to ensure that all user data and settings are accessible after the upgrade. Additional Information There are 1,500 computers running Windows Vista at the Kensington head office. Staff at Kensington usually work only standard office hours9.00 am until 5.30pm. 1. Do you envisage using deployment images? Answer. Yesit enables the deployment to take place more quickly. Performing an interactive installation on 1,500 computers would not be efficient.
L3-35
(continued)
Contoso: Windows 7 Upgrade Proposal 2. If so, how many images would you propose using? Answer. There are three departments at Kensington. Assuming they all have different requirements, three images would be logical. It would be worth investigating how different the builds are, as GPO has been used for application deployment in the Production department; a single corporate image might be feasible. 3. What additional services would you need to support your proposal? Answer. Given the large number of workstations, and the possibility of multiple images, using MDT might be sensible. At the very least, WDS should be considered to help with image deployment. If ZTI is envisaged, either SCCM or SMS would be required. 4. How would you propose to deploy standard office productivity applications? Answer. MDT supports the deployment of applications. Alternatively, the image deployed could contain the necessary applications. 5. How would you propose to handle user state data and application settings? Answer. LTI deployments support Upgrade deployment methods, as well as Refresh computer methods. In the case of the Upgrade method, user data and settings are retained. However, most, if not all, user data and settings are stored in redirected folders configured through GPO. Proposals Use MDT to create either LTI or ZTI installations depending upon the degree of automation required. MDT supports the degree of customization and the diversification of the different computers installed throughout the head office. Features such as support for additional Out-of-box drivers, application deployment, and the management of user state data make it the logical choice for larger deployments.
L4-37
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Hammersmith Production Plant: Desktop Image document with your planned course of action.
Hammersmith Production Plant: Desktop Image Document Reference Number: CW1408 Document Author Date Charlotte Weiss 14th August
Requirement Overview Design a Windows 7 image strategy that supports the deployment of the new operating system to newly delivered computers at the Hammersmith plant. Conserve server storage as the server wont be getting a disk upgrade in the near future and has limited capacity. Minimize support staff effort during the rollout. There are 25 computers in total, all of which use Office 2007 Professional. All computers connect to a printer, the driver for which is not in the current driver store in Windows 7.
L4-38
(continued)
Hammersmith Production Plant: Desktop Image Requirement Overview (continued) 10 computers use a custom line-of-business application that runs within a virtual machine; currently, the guest operating system runs within Virtual PC 2007. The remaining group of 15 computers runs another LOB application that runs natively within Windows Vista. Additional Information 1. Will you use a standard image(s), or else create a custom image(s)? Answer. Standard images require no storage on the server as you can use the images in the sources folder on the product DVD. An answer file could be used to automate the installation process. However, following deployment of the image, two separate builds would need to be created to support the two distinct sets of users; those with the Linux application, and those with the Windows custom LOB application. In addition, the standard image would not include the printer driver or the Office 2007 application. A custom image would be a suitable choice. 2. How many images do you envisage needing? Answer. One hybrid image. This image would contain the operating system, the required drivers, and the Office 2007 application. 3. Do you envisage using thin, thick, or hybrid images? Answer. A hybrid image balances disk consumption on the server, and the need to deploy application with the OS. To support the two distinct sets of users with a thick image would require two images one with the DOS application, and the other with the Windows LOB application. These applications could be deployed postinstallation, possibly by using GPO. 4. How will you handle the printer driver and required updates and patches? Answer. These would be included as part of the hybrid image.
L4-39
(continued)
Hammersmith Production Plant: Desktop Image 5. How will you create the images that you plan to implement? Answer. A source computer is built, and relevant drivers, patches, updates, and common applications are installed. Sysprep.exe is run to remove identifying characteristics, and then imageX.exe is used to capture the image, possibly to the server. If storage is very scarce, then the image could be stored on removable media. 6. Will you deploy the applications as part of the image(s)? Answer. The common applications will be part of the hybrid image. The custom LOB applications will be deployed by using GPOs from the local file server. Proposals The server lacks sufficient storage to host multiple images. The line speed prohibits extensive use of GPOs to initially deploy larger applications. Two standard builds exist. To balance these requirements, a single hybrid image should be used that includes the necessary drivers, updates, patches, and the Office applications used on all computers. Once the deployment is complete, GPO settings will be used to deploy the custom LOB applications to the appropriate computers. GPOs will also be used to configure and maintain the computers after deployment.
L4-40
Task 2: Update the proposal document with your planned course of action
Answer the questions in the additional information section of the document. Update the Kensington Head Office: Desktop Image document with your planned course of action. Your proposal should include details about the specific services you would need to support your imaging method.
Kensington Head Office: Desktop Image Document Reference Number: RI0201 Document Author Date Ryan Ihrig 2nd January
Requirement Overview Design a Windows 7 image strategy that supports the deployment of the Windows 7 operating system to all computers at the Kensington head office. Storage space on the file servers is not restricted. There is spare network bandwidth to support the deployment process. It is desirable to use GPOs to perform as much centralized management of computers as possible. Additional Information 1. Will you use a standard image(s), or else create a custom image(s)? Answer. Some degree of customization might be desirable. 2. How many images do you envisage needing? Answer. A single thin image.
L4-41
(continued)
Kensington Head Office: Desktop Image 3. Do you envisage using thin, thick, or hybrid images? Answer. Thin images, using System Center Configuration Manager and supporting infrastructure to deploy applications, updates, drivers, and patches after the installation of the image. 4. How will you handle the various drivers, updates, and patches? Answer. By using Configuration Manager and supporting technologies. 5. How will you deploy the images that you plan to implement? Answer. ZTI by implementing MDT with Configuration Manager. 6. Will you deploy the applications as part of the image(s)? Answer. No. They will be deployed post-installation. Proposals Since Configuration Manager exists on the network, and GPOs are used to manage client computers, and given also that many builds exist within the Contoso head office, it is suggested that the use of thin client images is appropriate. Applications, updates, and drivers can be deployed after the images are deployed. In addition, MDT and SCCM can migrate the user state data and settings to complete the deployment process.
L5-43
L5-44
10. Close the Welcome to Windows Automated Installation Kit page. 11. Close the Explorer window.
L5-45
Exercise 2: Identifying Resources and Tools included with the Windows Automated Installation Kit
Task 1: Examine the Windows Automated Installation Kit Start Menu folder
1. Click Start, point to All Programs, click Microsoft Windows AIK. Question: Which applications are represented in the Start Menu? Answer: Deployment Tools Command Prompt, Windows System Image Manager and the Volume Activation Management Tool. 2. Right-click Deployment Tools Command Prompt select Run as Administrator. Question: Most of the WAIK Tools are command line based, what happened to the PATH when you opened the Deployment Tools Command Prompt? Answer: The path was updated to include the dism, oscdimg and imagex tools. 3. Close the Administrator: Deployment Tools Command Prompt.
L5-46
4.
Double-click one of the platform folders (such as the x86 folder). Question: Which executables are present in the platform folder? Answer: bcdboot.exe, imagex.exe, intlcfg.exe, oscdimg.exe, wdsmcast.exe, WimMountInstall.exe and wimserv.exe.
2. 3. 4. 5. 6. 7. 8.
L5-47
L5-48
windowsPE
L5-49
3.
All the settings you added must appear in the Answer File pane. Select and configure each setting as specified below.
Component x86_Microsoft-Windows-InternationalCore-WinPE Value InputLocale = en-US SystemLocale = en-US UILanguage = en-US UILanguageFallback = en-US UserLocale = en-US UILanguage = en-US
WillShowUI = OnError
DiskID = 0 WillWipeDisk = true Extend = true Order = 1 Type = Primary Active = true Format = NTFS Label = Windows Letter = C Order = 1 PartitionID = 1 WillShowUI = OnError
DiskID = 0 PartitionID = 1 AcceptEula = true FullName = Administrator Organization = Contoso WillShowUI = OnError
Microsoft-Windows-Setup \UserData\ProductKey
L5-50
(continued)
Component Microsoft-Windows-Shell-Setup \OEMInformation Value HelpCustomized = false Manufacturer = Contoso IT Group SupportHours = 9 - 5 SupportPhone = 555-9988 SupportURL = http://Technet.Microsoft.Com Enabled = true LogonCount = 5 Username = Administrator Password=Pa$$w0rd ForceShutdownNow = false Mode = Audit NetworkLocation = Work ProtectYourPC = 1
Microsoft-Windows-Shell-Setup\OOBE
L5-51
L5-52
Exercise 2: Installing a Reference Computer from a DVD Using a Custom Answer File
Task 1: Mount the external media on LON-IMG1
1. 2. 3. 4. 5. 6. On the host computer, in the Hyper-V Manager, right-click 6294A-LON-IMG1 and click Settings. In the Settings for 6294A-LON-IMG1 dialog box select DVD Drive. Select the Image File: radio button and specify the image file C:\Program Files\Microsoft Learning\6294\Drives\Windows7_32bit.ISO. In the Settings for 6294A-LON-IMG1 dialog box select Diskette Drive. Select the Virtual floppy disk (.vfd) file: radio button and specify the file: C:\Program Files\Microsoft Learning\6294\Drives\UnattendAnswer.vfd. In the Settings for 6294A-LON-IMG1 dialog box click OK.
In order to save time, you can revert 6294A-LON-IMG1 and then start 6294A-LONIMG2 which is a pre-staged virtual machine saved at the point where the installation has completed. You can either wait for LON-IMG1 to finish installing or continue on to Exercise 3 with LON-IMG2. The following exercise assumes that 6294A-LON-IMG2 is used.
L5-53
L5-54
5.
L5-55
2. 3.
L5-56
3.
Type the following: [ExclusionList] \temp In Notepad, click the File menu, and select Save As. In the Save as Type field, select All Files. Browse to the C:\winpe_x86\iso\ folder. In the File name: field type wimscript.ini and click Save. Close Notepad.
4. 5. 6. 7. 8.
L5-57
4.
L5-58
L5-59
Note: The capture process will take approximately 20 minutes. To save time, the remainder of the lab will use an image that has already been prepared.
6.
L5-60
L5-61
5. 6.
After the Image is applied, type Exit and then press ENTER to restart the computer. When LON-CL3 restarts, complete the Set Up Windows Wizard with the following options: Country or region: Default User Name: LocalAdmin Computer name: LON-CL3 Password: Pa$$w0rd I accept the license terms: Selected Updates: Use recommended settings Time and date: Default Location: Work network
7. 8. 9.
Open computer properties to verify the Manufacturer and IT support information match the values used in the UnattendAnswer script. Verify the custom applications are installed. Shutdown LON-CL3.
L5-62
Setup
Before starting this lab, copy the LON-REF.wim file from the \\LON-DC1\Labfiles\Mod5\Image folder to the C:\Images folder on LON-CL2.
2. 3. 4. 5. 6. 7.
L5-63
L6-65
L6-66
Task 2: Update the Windows Deployment Services Design and Configuration sheet
Answer the questions in the additional information section of the document.
Windows Deployment Services Design and Configuration Document Reference Number: WDS2009 Document Author Date Ed Meadows 2nd August
Requirement Overview To install and configure Windows Deployment Services server role. To deploy Windows 7 to the new Marketing department computers. Additional Information You have purchased 10 new computers for the Marketing department. The Marketing department has a single server name LON-DC1. 1. Since LON-DC1 also hosts the DHCP server role, how does this affect the Windows Deployment Services server role. Answer. During the WDS configuration you will need to select the Do not listen on port 67 check box and configure DHCP option 60. 2. Where should you configure the Remote Installation Folder Location? Answer. Since Drive C is 80% full, the Remote Installation Folder Location will be placed at E:\RemoteInstall.
L6-67
(continued)
Windows Deployment Services Design and Configuration 3. What types of images are required for your deployment? How can you organize the install images for future deployment with other departments? Answer. For this deployment you will need the default boot image and the default install image from the Windows 7 media. The install image will be placed within a Marketing Image Group specifically for the Marketing department. 4. How will you configure WDS to ensure security? Answer. You will configure WDS to respond to all known and unknown computers. However to increase security, you will require administrator approval for all unknown computers. 5. What specific platform considerations do you have for your deployment? Answer. All 64-bit laptops will have the VX 6000 Lifecam Drivers installed. Desktop computers do not require this driver. 6. What are some ways that you can provide availability and minimize network congestion? Answer. Install the Transport Server role service to provide multitasking capabilities. This will help minimize network congestion. To provide availability you can use Distributed File System to help replicate and provide availability for the Remote Installation Folder. Multiple WDS servers may also help in providing a distributed WDS environment.
L6-68
Exercise 2: Installing and Configuring the Windows Deployment Services Server Role
Task 1: Install the Windows Deployment Services server role
1. 2. 3. 4. 5. 6. 7. 8. 9. Log on to LON-DC1 as Contoso\Administrator using the password Pa$$w0rd. In the Task Bar, click the Server Manager button. In the Server Manager console, in the left-hand console pane, click Roles. In the details pane, in the Roles Summary section, click Add Roles. The Add Roles Wizard starts. On the Before You Begin page, click Next. On the Select Server Roles page, select the check box next to Windows Deployment Services and then click Next. On the Overview of Windows Deployment Services page, click Next. On the Select Role Services page, ensure that both Deployment Server and Transport Server are selected and then click Next. On the Confirm Installation Selections page, click Install.
10. On the Installation Results page, click Close. 11. Close the Server Manager console.
3. 4.
L6-69
5. 6.
On the Remote Installation Folder Location page, under Path type E:\RemoteInstall and then click Next. On the DHCP Option 60 page, select the following options and then click Next: Do not listen on port 67 Configure DHCP option 60 to PXEClient
7.
On the PXE Server Initial Settings page, select Respond to all client computers (Known and unknown). Also select the check box next to Require administrator approval for unknown computers. Click Next. On the Operation Complete page, remove the check mark next to Add images to the server now and then click Finish.
8.
L6-70
L6-71
4. 5. 6. 7. 8.
On the Image File page, under File location, type D:\sources\install.wim and then click Next. On the Available Images page, under Name, ensure that Windows 7 ENTERPRISE is selected. Ensure that the check box is selected next to Use the default name and description for each of the selected images. Click Next. On the Summary page, click Next. The install image is added to Windows Deployment Services. Click Finish.
L6-72
L6-73
5.
In the Add Filter box, configure the following and then click Add: Filter Type: Chassis Type Operator: Equal to Value: Laptop
6. 7.
In the Add Filter box, click OK. In the VX 6000 Lifecam Properties box, click OK.
L6-74
In the Select the Operating system you want to install page, click Next.
10. In the Where do you want to install Windows? page, click Next. The Windows 7 installation begins. It will take approximately 20 minutes to complete the installation.
L7-75
L7-76
Task 2: Complete the Microsoft Deployment Toolkit Job Aid to help plan the deployment
1. 2. 3. 4. Fill out the attached Microsoft Deployment Toolkit Job Aid. Use the check boxes to indicate your decision. In the Rationale for the Decision section list your supporting reason for this decision. Be prepared to discuss your answers with the class.
Question
What System is going to be deployed as the Technicians system? Are you going to be deploying Applications?
Microsoft Deployment Toolkit PlanningJob Aid Information Rationale for the Decision We are going to be deploying the 32 bit Windows 7 32 bit version of Windows 7 64 bit Windows 7 Enterprise Edition. 32 Windows Server 2008 R2 64 bit Windows Server 2008 R2 LON-CL2 since we are deploying Windows 7 client the 32 bit version of Windows 7 Windows 2008 R2 Enterprise Edition. server Per Jonass E-mail application Yes deployment is not required. No MAP WAIK
USMT
Since you are evaluating automated installations you need to install the WAIK. Per Jonass E-mail user state will not be migrated. Since we are deploying new systems we do not need to use the Assessment and Planning toolkit.
L7-77
(continued) Question
Where will you store your distribution files? Will you be deploying any drivers not included with Windows 7? Will you deploy across the network, with removable media, or both?
Microsoft Deployment Toolkit PlanningJob Aid Information Rationale for the Decision For this evaluation you will Local Deployment create the deployment share on Share the LON-CL2 system. Remote Deployment Share Per Jonass e-mail the Microsoft Yes IntelliPoint drivers will be preNo installed. Both, removable media will be Network used to start the evaluation systems and the files will be deployed across the network. Removable Media
New Computer
Refresh Computer
Replace Computer Will you deploy a full set of operating system files or a custom Windows Imaging Format (WIM)? Full OS File Set Custom WIM
A new installation of a Windows operating system is deployed to a new computer. User state is not migrated. The current Windows operating system on the target computer is upgraded to the deployed operating system. A computer is refreshed, including computers that must be re-imaged. User state may be migrated. One computer replaces another computer. User state is migrated. Full OS deployment for the reference computer and a custom WIM file for the client (target) computers.
L7-78
(continued) Question
Microsoft Deployment Toolkit PlanningJob Aid Information Rationale for the Decision Professional Ultimate Business Enterprise Multiple Activation A license key will not be Key (MAK} provided in the Answer file. KMS would be used to activate any Key Management systems required longer than 3 Service(KMS) days.
L7-79
7. 8. 9.
L7-80
L7-81
10. In the New Deployment Share Wizard, on the Allow Image Capture page click Next. 11. In the New Deployment Share Wizard, on the Allow Admin Password page click Next. 12. In the New Deployment Share Wizard, on the Allow Product Key page click Next. 13. In the New Deployment Share Wizard, review the Summary page and then click Next. 14. In the New Deployment Share Wizard, review the Confirmation page and then click Finish.
L7-82
L7-83
7. 8. 9.
In the Actions pane, click Import Operating System. In the Import Operating System Wizard, on the OS Type page select the Full set of source files radio button and then click Next. In the Import Operating System Wizard, on the Source page type D:\ and then click Next.
10. In the Import Operating System Wizard, on the Destination page, click Next. 11. In the Import Operating System Wizard, on the Summary page, click Next.
Note: The import takes approximately 3 minutes.
12. In the Import Operating System Wizard, review the Confirmation page, and then click Finish.
2. 3. 4. 5.
2.
L7-84
3.
In the New Task Sequence Wizard, on the General Settings page set the following: Task sequence ID: WIN7_REFERENCE Task sequence name: Deploy Windows 7 to LON-IMG1 and then click Next. In the New Task Sequence Wizard, on the Select Template page, specify the Standard Client Task Sequence, and then click Next. In the New Task Sequence Wizard, on the Select OS page, specify the Windows 7 Enterprise in Windows 7 x86 install.wim, and then click Next. In the New Task Sequence Wizard, on the Specify Product Key page, click Next. In the New Task Sequence Wizard, on the OS Settings page set the following: Full Name: Admin Organization: Contoso LTD. and then click Next. In the New Task Sequence Wizard, on the Admin Password page, select the Do not specify an Administrator password at this time radio button, and then click Next. In the New Task Sequence Wizard, on the Summary page, click Next.
4. 5. 6. 7.
8.
9.
10. In the New Task Sequence Wizard, on the Confirmation page, click Finish.
2. 3. 4. 5.
L7-85
Note: For the Lab the LiteTouchPE_x86.iso file has already been copied to the host machine.
Task 2: Start the reference computer with the LTI bootable media
1. 2. 3. 4. 5. 6. 7. 8. On the host computer, in the Hyper-V Manager, right-click 6294A-LON-IMG1, and then click Settings. In the Settings for 6294A-LON-IMG1 dialog box, click DVD Drive. Select the Image File: radio button and specify the image file C:\Program Files\Microsoft Learning\6294\drives\LiteTouchPE_x86.iso. In the Settings for 6294A-LON-IMG1 dialog box, click OK. On the host computer, in the Hyper-V Manager, right-click 6294A-LON-IMG1 and then click Connect. In the 6294A-LON-IMG1 - Virtual Machine Connection window, click the Start button. In the Welcome Windows Deployment page, click Run the Deployment Wizard to install a new Operating System. On the User Credentials page, specify the following: Username: Administrator Password: Pa$$w0rd Domain: Contoso Click OK. On the Windows Deployment Wizard Select a task sequence to execute on this computer page, select Deploy Windows 7 to LON-IMG1, and then click Next.
9.
L7-86
10. On the Windows Deployment Wizard Configure the computer name page, type LON-IMG1, and then click Next. 11. On the Windows Deployment Wizard Join the computer to a domain or workgroup page, click Next. 12. On the Windows Deployment Wizard Specify whether to restore user data page, click Next. 13. On the Windows Deployment Wizard, Language and other preferences page click Next. 14. On the Windows Deployment Wizard Set the Time Zone page, click Next. 15. On the Windows Deployment Wizard Specify whether to capture an image page, select Capture an image of this reference computer, and then click Next. 16. On the Windows Deployment Wizard Ready to begin page, click Begin.
Note: The entire process takes approximately 1 hour to complete.
17. Review the Deployment Summary page for any errors, click Finish, and then turn off LON-IMG1.
L7-87
2. 3. 4.
5. 6. 7.
8.
In the Import Operating System Wizard, review the Confirmation page, and then click Finish.
2. 3.
L7-88
4. 5.
In the New Task Sequence Wizard, on the Select Template page, specify the Standard Client Task Sequence, and then click Next. In the New Task Sequence Wizard, on the Select OS page, specify the WIN7_REFERENCEDDRIVE in WIN7_REFERENCE WIN7_REFERENCE.wim, and then click Next. In the New Task Sequence Wizard, on the Specify Product Key page, click Next. In the New Task Sequence Wizard, on the OS Settings page set the following: Full Name: Admin Organization: Contoso LTD. and then click Next. In the New Task Sequence Wizard, on the Admin Password page, specify Pa$$w0rd as the Administrator Password and Please confirm Administrator Password, and then click Next. In the New Task Sequence Wizard, on the Summary page, click Next.
6. 7.
8.
9.
10. In the New Task Sequence Wizard, on the Confirmation page, click Finish.
L7-89
9.
10. On the Windows Deployment Wizard Configure the computer name page, type LON-CL3, and then click Next. 11. On the Windows Deployment Wizard Join the computer to a domain or workgroup page, select the Join a domain radio button. In the Domain: field, type Contoso, and then click Next. 12. On the Windows Deployment Wizard Specify whether to restore user data page, click Next. 13. On the Windows Deployment Wizard Language and other preferences page, click Next.
L7-90
14. On the Windows Deployment Wizard Set the Time Zone page, click Next. 15. On the Windows Deployment Wizard Specify the BitLocker configuration page, click Next. 16. On the Windows Deployment Wizard Ready to begin page, click Begin.
Note: The entire process takes approximately 20 minutes to complete.
17. Review the Deployment Summary page for any errors, and then click Finish and turn off LON-CL3.