JWCL089_ch01_001-045.indd Page 1 10/22/08 1:48:13 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments
LE S SON
1
O B J E C T I V E D O M A I N M AT R I X TECHNOLOGY SKILL
OBJECTIVE DOMAIN NUMBER
OBJECTIVE DOMAIN
Installing Microsoft Assessment and Planning Solution Accelerator
Plan server installations and upgrades
1.1
Understanding the deployment process
Plan for automated server deployment
1.2
KEY TERMS Microsoft Deployment Toolkit (MDT) 2008 preboot execution environment (PXE) Server Core single instance storage technician computer unattend file Windows Automated
answer file boot image image group imageX.exe install image master computer Microsoft Assessment and Planning Solution Accelerator (MAP)
Installation Kit (AIK) Windows Deployment Services (WDS) Windows PE (Preinstallation Environment) 2.1 Windows RE (Recovery Environment) Windows System Image Manager (Windows SIM)
The primary focus of the server administrator’s job includes the day-to-day operation of an organization’s servers. Before that task begins, however, the administrator might also be responsible for deploying those servers on the network. While it is possible to create Windows Server 2008 servers simply by performing a manual installation on each individual computer, this can be time-consuming and impractical for large-scale deployments. To support deployments of a large number of servers and workstations, Microsoft has created a number of specialized tools. In this lesson, you will study various elements of the Windows Server 2008 deployment process in an enterprise environment, including the following: • • • •
Selecting a Windows Server 2008 edition Performing a hardware inventory Creating and deploying answer files and image files Planning large-scale deployment projects
1
JWCL089_ch01_001-045.indd Page 2 10/22/08 1:48:14 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
2 | Lesson 1
■
Selecting a Windows Server 2008 Edition THE BOTTOM LINE
Microsoft now releases all of its operating systems in multiple editions, which provides consumers with varying price points and feature sets. When planning a server deployment for a large enterprise network, the operating system edition you choose for your servers must be based on multiple factors, including the following: • The hardware in the computers • The features and capabilities you require for your servers • The price of the operating system software Depending on how you care to count them, there are as many as 13 Windows Server 2008 products available. The four basic editions are as follows: • Windows Web Server 2008—Designed specifically for computers functioning as Internet or intranet Web servers, this edition includes all of the Internet Information Services 7.0 capabilities, but it cannot function as an Active Directory domain controller, and it lacks some of the other features found in the other editions as well. The licensing terms for this product forbid you to run client/server applications that are not Webbased. • Windows Server 2008 Standard—The Standard edition includes nearly the full set of Windows Server 2008 features, lacking only some high-end components, such as server clustering and Active Directory Federation Services. Standard edition is also limited to computers with up to 4 GB of RAM (in the x86 version) and up to four processors. • Windows Server 2008 Enterprise—The Enterprise edition includes the full set of Windows Server 2008 features, and supports computers with up to eight processors and up to 64 GB of RAM (in the x86 edition). Enterprise also supports up to four virtual images with Hyper-V (in the 64-bit version) and an unlimited number of network connections. • Windows Server 2008 Datacenter—The Datacenter edition is designed for large and powerful servers with up to 64 processors and fault tolerance features such as hot add processor support. As a result, this edition is available only from original equipment manufacturers (OEMs), bundled with a server. Each of these editions is available in two versions, supporting x86 and x64 processors. The x64 Standard, Enterprise, and Datacenter editions are also available in a version without the Hyper-V virtualization feature, at a slightly reduced price. Finally, there are two additional versions for specialized platforms: • Windows Server 2008 for Itanium-Based Systems—This edition, designed especially for computers with Itanium processors, is intended for enterprise-class servers with up to 64 processors, typically running large database or line of business applications. • Windows HPC Server 2008—A 64-bit version of Windows Server 2008 for high performance computing, capable of supporting thousands of processing cores, and designed with special tools to help administrators manage and monitor high-end server hardware platforms.
Introducing Windows Server 2008 Features and Capabilities The various editions of Windows Server 2008 differ primarily in their feature sets. The features and capabilities of the five main Windows Server 2008 editions are listed in Table 1-1.
JWCL089_ch01_001-045.indd Page 3 10/22/08 1:48:14 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 3 Table 1-1 Features and Capabilities of Windows Server 2008 Editions
F EATURE
W EB
S TANDARD
E NTERPRISE
D ATACENTER
I TANIUM
Number of processors supported
4
4
8
32 (x86) / 64 (x64)
64
Maximum RAM (x86)
4 GB
4 GB
64 GB
64 GB
N/A
Maximum RAM (x64)
32 GB
32 GB
2 TB
2 TB
N/A
Maximum RAM (IA64)
N/A
N/A
N/A
N/A
2 TB
Hot add/replace memory support
No
No
Yes (add only)
Yes
Yes
Hot add/replace processor support
No
No
No
Yes
Yes
Maximum failover cluster nodes
N/A
N/A
16
16
8
Fault tolerant memory sync
No
No
Yes
Yes
Yes
Cross-file replication
No
No
Yes
Yes
Yes
Network Policy and Access Services
No
Yes
Yes
Yes
No
Maximum Routing and Remote Access Services (RRAS) Connections
N/A
250
Unlimited
Unlimited
2
Maximum Internet Authentication Services (IAS) connections
N/A
50
Unlimited
Unlimited
N/A
Hyper-V support (64-bit only)
No
Yes
Yes
Yes
No
Virtual Image Use Rights
N/A
1
4
Unlimited
Unlimited
Terminal Services Gateway and RemoteApp
No
Yes
Yes
Yes
No
Maximum Terminal Services Gateway Connections
N/A
250
Unlimited
Unlimited
N/A
Network Access Protection
No
Yes
Yes
Yes
No
Windows Deployment Services
No
Yes
Yes
Yes
No
Server Core support
Yes
Yes
Yes
Yes
No
Terminal Services
No
Yes
Yes
Yes
No
Distributed File Services
No
Yes (one DFS root)
Yes
Yes
No
Active Directory Domain Services
No
Yes
Yes
Yes
No
Active Directory Lightweight Directory Services
No
Yes
Yes
Yes
No
Active Directory Federation Services
No
No
Yes
Yes
No
Active Directory Rights Management Services (RMS)
No
Yes
Yes
Yes
No
Active Directory Certificate Services
No
Yes (creates CAs only
Yes
Yes
No
(continued)
JWCL089_ch01_001-045.indd Page 4 10/22/08 1:48:14 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
4 | Lesson 1 Table 1-1 (continued)
F EATURE
W EB
S TANDARD
E NTERPRISE
D ATACENTER
I TANIUM
DHCP Server
No
Yes
Yes
Yes
No
DNS Server
No
Yes
Yes
Yes
No
Windows Internet Naming Service (WINS)
No
Yes
Yes
Yes
No
Fax Server
No
Yes
Yes
Yes
No
UDDI Services
No
Yes
Yes
Yes
No
Print Services
No
Yes
Yes
Yes
No
Application Server
No
Yes
Yes
Yes
Yes
Windows Clustering
No
No
Yes
Yes
Yes
Simple Mail Transfer Protocol
Yes
Yes
Yes
Yes
No
Subsystem for UNIX-Based Applications
No
Yes
Yes
Yes
Yes
Microsoft Message Queuing
No
Yes
Yes
Yes
Yes
BitLocker Drive Encryption
No
Yes
Yes
Yes
Yes
iSNS Server Service
Yes
Yes
Yes
Yes
No
Multipath I/O
No
Yes
Yes
Yes
Yes
BITS Server Extensions
No
Yes
Yes
Yes
Yes
Removable Storage Management
No
Yes
Yes
Yes
Yes
For most administrators planning a server deployment, the main operating system decision will be between Windows Server 2008 Standard or Windows Server 2008 Enterprise. In some cases, hardware is the deciding factor. If, for example, you plan to use computers with more than four x86 processors or more than 4 GB of memory, either now or in the future, then you will need Windows Server 2008 Enterprise. Hardware will also dictate whether you choose the x86 or x64 version, or Windows Server 2008 for Itanium-Based Systems. Features can be the deciding factor in the selection of an operating system edition once you have a fully developed network deployment plan. For example, you are not likely to know if you will need the server clustering or Active Directory Federation Services capabilities of Windows Server 2008 Enterprise until you have server deployment and directory services plans in hand. These plans can also affect the hardware you select for your servers, which in turn can affect your operating system selection. For example, if your organization decides to make a major commitment to Terminal Services, this could mean that your network will require more powerful servers and less powerful workstations. Servers with more processors can handle more simultaneous Terminal Services clients. Windows Server 2008 Enterprise supports more processors than Windows Server 2008 Standard, and it supports an unlimited number of Terminal Services Gateway connections. Network design decisions of this type are inevitably interlocked with hardware and software purchasing decisions, so selecting the correct Windows Server 2008 edition will be a crucial aspect of the planning phase.
JWCL089_ch01_001-045.indd Page 5 10/22/08 1:48:14 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 5
Using Server Core Many enterprise networks today use servers that are dedicated to a particular role. When a server is performing a single role, does it really make sense to have so many other processes running on the server that contribute little to that role? Computer users today have become so accustomed to graphical user interfaces (GUIs) that many are unaware that there was ever any other way to operate a computer. When the first version of Windows NT Server appeared in 1993, many network administrators complained about wasting server resources on graphical displays and other elements that they deemed unnecessary. Up until that time, server displays were usually minimal, character-based, monochrome affairs. In fact, many servers had no display hardware at all, relying instead on textbased remote administration tools, such as Telnet.
INTRODUCING SERVER CORE Windows Server 2008 includes an installation option that addresses those old complaints. When you select the Windows Server Core installation option in Windows Server 2008, you get a stripped-down version of the operating system. There is no Start menu, no desktop Explorer shell, no Microsoft Management Console, and virtually no graphical applications. All you see when you start the computer is a single window with a command prompt.
TAKE NOTE
*
Server Core is not a separate product or edition. It is an installation option included with the Windows Server 2008 Standard, Enterprise, and Datacenter Editions, in both the x86 and x64 versions. Note that Hyper-V is available only on x64 versions of Server Core. In addition to omitting most of the graphical interface, a Server Core installation omits some of the server roles and features found in a full installation. Tables 1-2 and 1-3 list the roles and features that are available and not available in a Server Core installation.
Table 1-2 Windows Server 2008 Server Core Roles
R OLES A VAILABLE I NSTALLATION
IN
S ERVER C ORE
R OLES N OT A VAILABLE I NSTALLATION
IN
S ERVER C ORE
Active Directory Domain Services
Active Directory Certificate Services
Active Directory Lightweight Directory Services
Active Directory Federation Services
DHCP Server
Active Directory Rights Management Services
DNS Server
Network Policy and Access Services
File Services
Windows Deployment Services
Print Services
Application Server
Web Server (IIS)
Fax Server
Streaming Media Services
Terminal Services
Hyper-V (Virtualization)
UDDI Services
JWCL089_ch01_001-045.indd Page 6 10/22/08 1:48:15 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
6 | Lesson 1 Table 1-3 Windows Server 2008 Server Core Features
F EATURES A VAILABLE I NSTALLATION
IN
S ERVER C ORE
F EATURES N OT A VAILABLE C ORE I NSTALLATION
IN
S ERVER
BitLocker Drive Encryption
.NET Framework 3.0
Failover Clustering
BITS Server Extensions
Multipath I/O
Connection Manager Administration Kit
Network Load Balancing
Desktop Experience
QoS (Quality of Service) (qWave)
Internet Printing Client
Removable Storage Manager
Internet Storage Name Server
SNMP Services
LPR Port Monitor
Subsystem for UNIX-based Applications
Message Queuing
Telnet Client
Peer Name Resolution Protocol
Windows Server Backup
Remote Assistance
Windows Internet Name Service (WINS) Server
Remote Server Administration Tools RPC Over HTTP Proxy Simple TCP/IP Services SMTP Server Storage Manager for SANs Telnet Server Trivial File Transfer Protocol Client Windows Internal Database Windows Process Activation Service Windows System Resource Manager Wireless LAN Service
ADMINISTERING SERVER CORE Obviously, with so much of the operating system scaled down, a computer running Server Core can devote more of its resources to its server functions. However, the missing elements provide most of the traditional Windows Server management and administration tools, such as MMC consoles. To work with a Server Core computer, you must rely primarily on either the extensive collection of command prompt tools Microsoft includes with Windows Server 2008 or use MMC consoles on another system to connect to the server. A few graphical applications can still run on Server Core. Notepad still works, so you can edit scripts and batch files. Registry Editor runs as well, enabling you to modify registry settings, because it has no command line equivalent. Task Manager runs, enabling you to load programs and monitor processes. Some elements of the Control Panel work as well, including the Date and Time application and the Regional and Language Options.
JUSTIFYING SERVER CORE The next logical question to ask about Server Core is whether it is worth the inconvenience of learning a completely new management paradigm and giving up so much server functionality to save some memory and processor clock cycles. The answer is that there are other benefits to using Server Core besides hardware resource conservation.
JWCL089_ch01_001-045.indd Page 7 10/22/08 1:48:15 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 7
As mentioned earlier, many Windows Server computers on enterprise networks are dedicated to a single role, but they still have a great many other applications, services, and processes running on them all the time. You can take it as an axiom that the more complex a system is, the more ways it can go wrong. Despite the fact that all of those extra software elements are performing no useful purpose, it is still necessary to maintain and update them, and that introduces the potential for failure. By removing many of these elements and leaving only the functions needed to perform the server’s role, you diminish the failure potential, reduce the number of updates you need to apply, and increase the computer’s reliability. Another drawback to having all of those unnecessary processes running on a server is that they provide increased attack avenues into the computer. The more processes a computer is running, the more exploits there are to attack. Removing the unneeded software elements makes the server more secure.
USING SERVER CORE FOR APPLICATION SERVERS It is clear from Tables 1-2 and 1-3, earlier in this section, that the Server Core installation option is limited when it comes to application services. In fact, Server Core is not intended as a platform for running server applications, only for running mission-critical server roles. The removal of the Application Server and Terminal Services roles means that you cannot use Server Core to deploy many applications or Terminal Services connections. However, the Server Core option does provide a viable alternative for file and print servers, DHCP and DNS servers, domain controllers at branch offices, and a few other roles.
■
Inventorying Hardware THE BOTTOM LINE
Deploying Windows Server 2008 on a large network can often mean evaluating a large number of existing servers, to determine whether they have the appropriate hardware for the operating system.
Performing a hardware inventory can be a daunting task, especially when you have servers with many different hardware configurations, located at distant sites. Microsoft Assessment and Planning Solution Accelerator (MAP) is a new tool that adds to the capabilities of its predecessor, Windows Vista Hardware Assessment Solution Accelerator, so that you can evaluate the hardware on servers as well as workstations. Unlike some other products of its type, MAP is capable of performing a hardware inventory on computers with no agent software required on the client side. This means that you can install MAP on one system, and it will connect to any or all of the other computers on your network and add information about their hardware to a database. MAP can then evaluate the hardware information and create reports that perform tasks such as the following: • • • • •
Identify computers that are capable of running Windows Server 2008 Identify computers needing upgrade to Office 2007 Migrate specific roles and services to Windows Server 2008 Capture performance metrics for servers and workstations Prepare recommendations for server consolidation using Windows Server 2008 Hyper-V or Virtual Server 2005 R2 • Prepare recommendations for application virtualization using Microsoft Application Virtualization The following sections examine the process of installing and using MAP.
JWCL089_ch01_001-045.indd Page 8 10/22/08 1:48:15 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
8 | Lesson 1
Installing Microsoft Assessment and Planning Solution Accelerator MAP has several installation and licensing prerequisites that you must meet before you can successfully install the software.
CERTIFICATION READY? Plan server installations and upgrades 1.1
TAKE NOTE
*
Microsoft Assessment and Planning Solution Accelerator (MAP) is available as a free download from Microsoft’s Web site at http://www.microsoft. com/downloads
MAP is essentially a database application based on Microsoft SQL Server 2005 Express, a scaled-down, free version of SQL Server 2005. MAP can run on the 32-bit version of the following operating systems: • Windows Vista • Windows XP Professional with Service Pack 2 • Windows Server 2003 R2 MAP also requires that you install Microsoft Office 2007 or Microsoft Office 2003 SP2 on the computer, and that you install all available updates for both Windows and Office. The performance of MAP depends both on the number of computers you plan to inventory and the resources in the computer running MAP. Table 1-4 lists Microsoft’s hardware recommendations for the MAP computer, based on the number of computers on your network. Microsoft SQL Server 2005 Express is limited to using no more than 1 GB of RAM and can create databases up to 4 GB in size. To inventory an enterprise network consisting of 20,000 computers or more, you should run MAP on a server with SQL Server 2005 Standard installed.
Table 1-4 Hardware and Software Recommendations for Microsoft Assessment and Planning Solution Accelerator (MAP)
N UMBER OF C OMPUTERS I NVENTORY
TO
O PERATING S YSTEM
D ATABASE M ANAGER
P ROCESSOR
RAM
1 to 4,999
Windows Vista Windows XP Windows Server 2003 R2
SQL Server 2005 Express
1.5 GHz !
1.5 GB ! (2 GB ! for Vista)
5,000 to 9,999
Windows Vista Windows XP Windows Server 2003 R2
SQL Server 2005 Express
1.5 GHz !
2.5 GB !
10,000 to 19,999
Windows Vista Windows XP Windows Server 2003 R2
SQL Server 2005 Express
1.5 GHz !
4 GB !
20,000 to 49,999
Windows Server 2003 R2
SQL Server 2005 Standard
1.5 GHz !
4 GB !
50,000 plus
Windows Server 2003 R2
SQL Server 2005 Standard
2.0 GHz !
4 GB !
When you run the Microsoft_Assessment_and_Planning_Solution_Setup.exe file, the Microsoft Assessment and Planning Solution Accelerator Setup Wizard appears, as shown in Figure 1-1.
JWCL089_ch01_001-045.indd Page 9 10/22/08 1:48:15 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 9 Figure 1-1 The Microsoft Assessment and Planning Solution Accelerator Setup Wizard
In addition to installing the MAP program itself, the wizard also downloads and installs Microsoft SQL Server 2005 Express, if necessary, as well as other required components, such as Microsoft .NET Framework 2.0. Once the wizard has completed the installation process, you can start working with MAP, as discussed in the next section.
Using Microsoft Assessment and Planning Solution Accelerator MAP uses a console-based interface to configure its information gathering and report processing tasks. When you start MAP, the Microsoft Assessment and Planning Solution Accelerator console appears, as shown in Figure 1-2. Figure 1-2 The Microsoft Assessment and Planning Solution Accelerator console
JWCL089_ch01_001-045.indd Page 10 10/22/08 1:48:16 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
10 | Lesson 1
Before you do anything else, you must either create a new database or select an existing one. MAP requires a new database instance for its exclusive use, so unless you have already created a database during a previous MAP session, you should opt to create a new one. Once you have configured MAP with a database, you can select one of the pre-configured assessment reports in the details pane. This launches the Assessment Wizard, which performs the actual inventory of the network hardware, according to the parameters you select, and uses the information to compile a report on the subject you selected.
ASSESSING WINDOWS SERVER 2008 READINESS MAP is capable of producing a number of different assessment reports, but all of these reports are based on the inventory information the Assessment Wizard collects. To determine which of the computers on your network have the hardware needed to run Windows Server 2008, use the following procedure. ASSESS WINDOWS SERVER 2008 READINESS GET READY. Log on to the computer running MAP using an account with administrative privileges. 1. Click Start, and then click All Programs " Microsoft Assessment and Planning Solution Accelerator " Microsoft Assessment and Planning Solution Accelerator. The Microsoft Assessment and Planning Solution Accelerator console appears.
TAKE NOTE
*
The steps in this procedure assume that the MAP computer is running Windows Server 2003 R2. If the MAP computer is running Windows Vista or XP, some of the steps might be slightly different. 2. In the actions pane, click Select a Database. The Create or Select a Database To Use dialog box appears, as shown in Figure 1-3.
Figure 1-3 The Create or Select a Database To Use dialog box
3. Select one of the following options and click OK. • Create an inventory database—Enables you to create a new database by using the SQL Server 2005 Express or SQL Server 2005 Standard engine installed on the computer • Use an existing database—Enables you to select the existing SQL Server database that you want MAP to use 4. In the details pane, click Identify Servers That Are Capable Of Running Windows Server 2008. The Assessment Wizard appears, displaying the Select Reports and Proposals page, as shown in Figure 1-4.
JWCL089_ch01_001-045.indd Page 11 10/22/08 1:48:16 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 11 Figure 1-4 The Select Reports and Proposals page of the Assessment Wizard
5. Leave the Windows Server 2008 Readiness Role and Migration checkbox selected and click Next. The Choose Computer Discovery Methods page appears, as shown in Figure 1-5. Figure 1-5 The Choose Computer Discovery Methods page of the Assessment Wizard
TAKE NOTE
*
You can select additional reports and proposals on this page, if desired. The hardware inventory process remains essentially the same, but MAP creates additional reports, based on the information it collects and compiles.
JWCL089_ch01_001-045.indd Page 12 10/22/08 1:48:16 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
12 | Lesson 1 6. Select one or more of the following options and click Next. The wizard displays a configuration page (or pages) for each option you select. • Use Active Directory domain services—After supplying Active Directory credentials, you can select the domains, containers, and organizational units in which you want the wizard to search for computers, as shown in Figure 1-6. Figure 1-6 The Specify Active Directory Options page of the Assessment Wizard
• Use the Windows networking protocols—Enables you to specify the workgroups and Windows NT 4.0 domains in which you want the wizard to search for computers, as shown in Figure 1-7. Figure 1-7 The Use the Windows Networking Protocols page of the Assessment Wizard
JWCL089_ch01_001-045.indd Page 13 10/22/08 1:48:17 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 13 • Import computer names from a file—Enables you to specify the name of a text file containing a list of host names, NetBIOS names, or fully qualified domain names identifying the computers you want the wizard to inventory, as shown in Figure 1-8. Figure 1-8 The Import Computer Names From a File page of the Assessment Wizard
• Scan an IP address range—Enables you to specify one or more ranges of IP addresses that you want the wizard to search for computers, as shown in Figure 1-9. Figure 1-9 The Scan an IP Address Range page of the Assessment Wizard
• Manually enter computer names and credentials—Enables you to specify the names of the computers you want the wizard to inventory.
JWCL089_ch01_001-045.indd Page 14 10/22/08 1:48:17 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
14 | Lesson 1 7. On the Enter WMI Credentials page, click New Account. The Inventory Account dialog box appears, as shown in Figure 1-10. Figure 1-10 The Inventory Account dialog box
8. Enter the credentials for a domain or local administrative account in the Domain Name, Account Name, Password, and Confirm Password text boxes. Then, specify whether you want the wizard to use the credentials on all of the computers it finds, or on a specific computer, and click Save. 9. Add as many sets of credentials, domain or local, that the wizard will need to access the computers it finds, and then click Next. The Review Settings page appears.
Click FINISH. A Status window appears, as shown in Figure 1-11, displaying the wizard’s progress as it performs the inventory and creates the reports you selected. Figure 1-11 The Assessment Wizard’s Status window
VIEWING ASSESSMENT RESULTS When the wizard completes the assessment process, the console’s details pane, shown in Figure 1-12, displays links to resources that enable you to do the following: • Determine why specific computers were not inventoried successfully • Access the reports and proposals created by the Assessment Wizard • Run the Assessment Wizard again to create additional reports and proposals
JWCL089_ch01_001-045.indd Page 15 10/22/08 1:48:18 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 15 Figure 1-12 The MAP console, after completion of the Assessment Wizard
To view the documents that the Assessment Wizard just created, click View Saved Reports and Proposals. An Explorer window appears, displaying the contents of a folder named for the MAP database. The folder includes the following: • WS2008 Proposal—A Microsoft Word document, as shown in Figure 1-13, which includes general information about deploying Windows Server 2008 on your network computers, with charts, tables, and other data compiled from the inventory added Figure 1-13 The WS2008 Proposal file
JWCL089_ch01_001-045.indd Page 16 10/22/08 1:48:18 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
16 | Lesson 1
• WS2008 Hardware Assessment—A Microsoft Excel spreadsheet, as shown in
Figure 1-14, which contains the detailed inventory of the computers found on the network, including system information, a device summary, device details, and discovered applications
Figure 1-14 The WS2008 Hardware Assessment file
• WS2008 Role Assessment—A Microsoft Excel spreadsheet, as shown in Figure 1-15, which lists the roles currently installed on each server
Figure 1-15 The WS2008 Role Assessment file
JWCL089_ch01_001-045.indd Page 17 10/22/08 1:48:19 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 17
In addition to comparing each computer to the basic system requirements for Windows Server 2008, to determine whether the computer has a sufficiently fast processor and an appropriate amount of RAM, the Assessment Wizard also inventories the various peripheral devices in the system, such as disk drive interfaces and network interface adapters. The WS2008 Hardware Assessment spreadsheet lists all of the devices in each computer and specifies whether Windows Server 2008 includes drivers for them.
■
Automating Server Deployments THE BOTTOM LINE
Microsoft provides a variety of tools that enable network administrators to deploy the Windows operating systems automatically, using file-based images.
After you have determined which of the servers on your network will run Windows Server 2008, it is time to begin thinking about the actual server deployment process. For small networks, manual server installations, in which you run the Windows Server 2008 DVD on each computer separately, might be the most practical solution. However, if you have many servers to install, you might benefit from automating the installation process, using tools such as the Windows Deployment Services role included with Windows Server 2008 or using the Windows Automated Installation Kit (AIK).
Using Windows Deployment Services Windows Deployment Services enables administrators to perform attended and unattended operating system installations on remote computers. Windows Deployment Services (WDS) is a role included with Windows Server 2008. This role enables you to perform unattended installations of Windows Server 2008 and other operating systems on remote computers, using network-based boot and installation media. This means that you can deploy a new computer with no operating system or local boot device on it by installing image files stored on a server running Windows Deployment Services. WDS is a client/server application in which the server supplies operating system image files to clients on the network. However, unlike most client/server applications, the WDS server is also responsible for providing the remote computer with the boot files it needs to start up and the client side of the application.
✚
MORE INFORMATION The image files that WDS uses are highly compressed archives with a .wim extension. Unlike most image file formats, WIM images are file-based, not bit-based, which means that you can modify the image by adding or removing files as needed. For example, you can add an application or an updated device driver to an operating system image without re-creating it from scratch.
For this to be possible, the client computer must have a network adapter that supports a preboot execution environment (PXE). In a PXE, the computer, instead of booting from a local drive, connects to a server on the network and downloads the boot files it needs to run. In the case of a WDS installation, the client downloads a boot image file that loads Windows PE (Preinstallation Environment) 2.1, after which it installs the operating system by using another image file.
INSTALLING WINDOWS DEPLOYMENT SERVICES To use WDS, you must install the Windows Deployment Services role, configure the service, and add the images you want to deploy. WDS is a standard role that you can install from the Initial Configuration Tasks window or the Server Manager console. The Windows Deployment Services role includes the following two role services: • Deployment Server • Transport Server
JWCL089_ch01_001-045.indd Page 18 10/22/08 1:48:19 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
18 | Lesson 1
The Deployment Server role service provides a full WDS installation and requires installation of the Transport Server role service as well. If you select Transport Server by itself, you install only the core networking elements of WDS, which you can use to create namespaces that enable you to transmit image files using multicast addresses. You must choose the Deployment Server role service to perform full remote operating system installations. The Add Roles Wizard enforces no other dependencies for the Windows Deployment Services role, but the role has several other prerequisites, as follows: • Active Directory—The Windows Deployment Services computer must be a member of, or a domain controller for, an Active Directory domain. • Dynamic Host Configuration Protocol (DHCP)—The network must have an operational DHCP server that is accessible by the WDS clients. • Domain Name Service (DNS)—A DNS server must be on the network for the WDS server to function. • NTFS—The WDS server must have an NTFS drive to store the image files. The process of installing the Windows Deployment Services role does not add configuration pages to the Add Roles Wizard, but you must configure the server before clients can use it, as discussed in the following sections.
CONFIGURING THE WDS SERVER After you install Windows Deployment Services, it remains inactive until you configure the service and add the images that the server will deploy to clients. To configure the server, use the following procedure. CONFIGURE A WDS SERVER GET READY. Log on to Windows Server 2008 using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Click Start, and then click Administrative Tools " Windows Deployment Services. The Windows Deployment Services console appears, as shown in Figure 1-16. Figure 1-16 The Windows Deployment Services console
JWCL089_ch01_001-045.indd Page 19 10/22/08 1:48:19 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 19 2. In the scope (left) pane, expand the Servers node. Right-click your server and, from the context menu, select Configure Server. The Windows Deployment Services Configuration Wizard appears. 3. Click Next to bypass the Welcome page. The Remote Installation Folder Location page appears, as shown in Figure 1-17. Figure 1-17 The Remote Installation Folder Location page
4. In the Path text box, key or browse to the folder where you want to locate the WDS image store. The folder you select must be on an NTFS drive and must have sufficient space to hold all of the images you want to deploy. Microsoft also recommends that you replace the default value with an image store location that is not on the system drive. 5. Click Next to continue. The DHCP Option 60 page appears, as shown in Figure 1-18. Figure 1-18 The DHCP Option 60 page
TAKE NOTE
*
For a client computer to obtain a boot image from a WDS server, it must be able to locate that server on the network. Because the clients have no stored configuration or boot files when they start, they must use DHCP to discover the name or address of the WDS server.
JWCL089_ch01_001-045.indd Page 20 10/22/08 1:48:19 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
20 | Lesson 1 6. If the DHCP role is running on the same server as the Windows Deployment Services role, select the Do not listen on port 67 and Configure DHCP option 60 to ‘PXEClient’ checkboxes. Then click Next. The PXE Server Initial Settings page appears, as shown in Figure 1-19. Figure 1-19 The PXE Server Initial Settings page
7. Select one of the following options: Do not respond to any client computer—Prevents the WDS from providing boot access to any clients. Respond only to known client computers—Configures the WDS server to provide boot access only to clients that you have prestaged in Active Directory by creating computer objects for them. This requires knowing the globally unique identifiers (GUIDs) of the computers, which you can obtain using the Bcdedit.exe program. Respond to all (known and unknown) client computers—Configures the WDS server to provide access to all clients, whether you have prestaged them or not. Selecting the For unknown clients, notify administrator and respond after approval checkbox requires an administrator to approve each client connection attempt before the server provides it with boot access. 8. Click Next to complete the configuration process. The Configuration Complete page appears, as shown in Figure 1-20. Figure 1-20 The Configuration Complete page
JWCL089_ch01_001-045.indd Page 21 10/22/08 1:48:20 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 21 9. Select the Add images to the Windows Deployment Server now checkbox to launch the Add Image Wizard. Then click Finish to complete the Windows Deployment Services Configuration Wizard. CLOSE the Windows Deployment Services console.
X
REF
You can use any properly configured boot and install image files with WDS, not just the ones supplied in Windows Server 2008. Using the tools supplied in the Windows Automated Installation Kit (AIK), you can create your own image files that include fully installed and configured applications, as well as the operating system. For more information, see “Using the Windows Automated Installation Kit (AIK)” later in this lesson.
After the Windows Deployment Services Configuration Wizard has completed its tasks, the server has the proper environment to store image files and listen for incoming requests from clients. However, you still must populate the image store with image files, as described in the next section.
ADDING IMAGE FILES Windows Deployment Services requires two types of image files to perform remote client installations: a boot image and an install image. A boot image contains the files needed to boot the computer and initiate an operating system installation. The Windows Server 2008 installation DVD includes a boot image file called boot.wim, located in the \Sources folder, which loads Windows PE 2.1 on the client computer. You can use this boot image file for virtually any operating system deployment without modification. An install image contains the operating system that WDS will install on the client computer. Windows Server 2008 includes a file named install.wim in the \Sources folder on the installation DVD. This file contains install images for different operating system editions. You can apply these images to a new computer to perform a standard Windows Server 2008 setup, just as if you had used the DVD to perform a manual installation. To add boot and install images into the image store of your WDS server, use the following procedure. ADD IMAGE FILES GET READY. Log on to Windows Server 2008 using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Click Start, and then click Administrative Tools " Windows Deployment Services. The Windows Deployment Services console appears. 2. Expand the Server node and the node for your server. Then, right-click the Boot Images folder and, from the context menu, select Add Boot Image. The Windows Deployment Services—Add Image Wizard appears, showing the Image File page, as shown in Figure 1-21.
Figure 1-21 The Image File page in the Windows Deployment Services—Add Image Wizard
JWCL089_ch01_001-045.indd Page 22 10/22/08 1:48:20 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
22 | Lesson 1 3. Key or browse to the location of the boot image you want to add to the store and then click Next. The Image Metadata page appears, as shown in Figure 1-22. Figure 1-22 The Image Metadata page
4. Specify different Image Name and Image Description values for the image file you selected, if desired. Then click Next to continue. The Summary page appears. 5. Click Next to continue. The Task Progress page appears, as the wizard adds the image to the store. 6. When the operation is complete, click Finish. The image appears in the detail pane of the console. 7. Now right-click the Install Images folder and, from the context menu, select Add Install Image. The Windows Deployment Services—Add Image Wizard appears, showing the Image Group page, as shown in Figure 1-23. Figure 1-23 The Image Group page in the Windows Deployment Services —Add Image Wizard TAKE NOTE
*
An image group is a collection of images that use a single set of files and the same security settings. Using an image group, you can apply updates and service packs to all of the files in the group in one process. 8. With the default Create a New Image Group option selected, supply a name for the group, if desired, and then click Next. The Image File page appears. 9. Key or browse to the location of the install image you want to add to the store and then click Next. The List of Available Images page appears, as shown in Figure 1-24, containing a list of the images in the file you selected. A single image file can contain multiple operating system images, using single instance storage to save space.
JWCL089_ch01_001-045.indd Page 23 10/22/08 1:48:21 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 23
TAKE NOTE
*
Single instance storage is a Windows technology that enables a .wim file to maintain a single copy of a particular operating system file and yet use it in multiple operating system images. This eliminates the need to store multiple copies of the same file.
Figure 1-24 The List of Available Images page
10. Select the images you want to add to the store and then click Next. The Summary page appears. 11. Click Next to continue. The Task Progress page appears, as the wizard adds the image to the store. 12. When the operation is complete, click Finish. The image group you created and the images you selected appear in the detail pane of the console. CLOSE the Windows Deployment Services console.
At this point, the WDS server is ready to service clients.
✚ MORE INFORMATION If you want to deploy an operating system to a computer that is not PXE-enabled, you can add a boot image to the store, and then convert it to a discover boot image by right-clicking the image and selecting Create a Discover Image from the context menu. A discover image is an image file that you can burn to a CD-ROM, flash drive, or other boot medium. When you use the discover image disk to boot the client computer, the computer loads Windows PE, connects to the WDS server, and proceeds with the operating system installation process.
CONFIGURING A CUSTOM DHCP OPTION The WDS server configuration procedure discussed earlier in this lesson assumes that an administrator has installed DHCP on the same computer as Windows Deployment Services. In many instances, this is not the case. When you are using another computer as your DHCP server, you should clear the Do Not Listen on Port 67 and Configure DHCP Option 60 to ‘PXEClient’ checkboxes on the DHCP Option 60 page of the Windows Deployment Services Configuration Wizard. When you are using an external DHCP server, you must also configure it manually to include the custom option that provides WDS clients with the name of the WDS server. To configure this option on a Windows Server 2008 DHCP server, use the following procedure.
JWCL089_ch01_001-045.indd Page 24 10/22/08 1:48:21 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
24 | Lesson 1
CONFIGURE A CUSTOM DHCP OPTION GET READY. Log on to Windows Server 2008 using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Click Start, and then click Administrative Tools " DHCP. The DHCP console appears, as shown in Figure 1-25. Figure 1-25 The DHCP console
2. In the scope pane, expand the node for your server. Then, right-click the IPv4 node and, from the context menu, select Set Predefined Options. The Predefined Options and Values dialog box appears, as shown in Figure 1-26. Figure 1-26 The Predefined Options and Values dialog box
TAKE NOTE
*
For a DHCP server running Windows Server 2003, you must right-click the server node (instead of the IPv4 node) and select Set Predefined Options from the context menu. You can then continue with the rest of the procedure.
JWCL089_ch01_001-045.indd Page 25 10/22/08 1:48:21 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 25 3. Click Add. The Option Type dialog box appears, as shown in Figure 1-27. Figure 1-27 The Option Type dialog box
4. 5. 6. 7. 8. 9.
In the Name text box, key PXEClient. From the Data Type dropdown list, select String. In the Code text box, key 060. Click OK. Click OK again to close the Predefined Options and Values dialog box. In the scope pane, right-click the Server Options node and, from the context menu, select Configure Options. The Server Options dialog box appears.
10. In the Available Options list box, scroll down and select the 060 PXEClient option you just created, as shown in Figure 1-28. Figure 1-28 The Server Options dialog box
11. In the String Value text box, key the name or IP address of your WDS server. Then, click OK. CLOSE the DHCP console.
This procedure adds the 060 custom option value you defined to all of the DHCPOFFER packets the DHCP server sends out to clients. When a client computer boots from a local device, such as a hard drive or CD-ROM, the 060 option has no effect. However, when a client performs a network boot, after receiving and accepting an offered IP address from the DHCP server, it connects to the WDS server specified in the 060 PXEClient option and uses it to obtain the boot image file it needs to start.
JWCL089_ch01_001-045.indd Page 26 10/22/08 1:48:22 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
26 | Lesson 1
PERFORMING A WDS CLIENT INSTALLATION After you have installed and configured your WDS server and added images to the store, it is ready to service clients. In a properly configured WDS installation, the client operating system deployment process proceeds as follows: 1. The client computer starts and, finding no local boot device, attempts to perform a network boot. 2. The client computer connects to a DHCP server on the network, from which it obtains a DHCPOFFER message containing an IP address and other TCP/IP configuration parameters, plus the 060 PXEClient option, containing the name of a WDS server. 3. The client connects to the WDS server and is supplied with a boot image file, which it downloads using the Trivial File Transfer Protocol (TFTP). 4. The client loads Windows PE and the Windows Deployment Services client from the boot image file onto a RAM disk (a virtual swap space created out of system memory) and displays a boot menu containing a list of the install images available from the WDS server. 5. The user on the client computer selects an install image from the boot menu, and the operating system installation process begins. 6. From this point, the setup process proceeds just like a manual installation.
Customizing WDS Client Installations WDS enables you to deploy customized image files and use unattend scripts to perform unattended installations.
As mentioned earlier, the install.wim image file that Microsoft supplies on the Windows Server 2008 DVD performs a basic operating system installation on the client. However, the real strength of WDS in an enterprise environment is its ability to create and deploy custom image files by using unattended procedures. To do this, you must create your own image files and unattend scripts, as discussed in the following sections.
CREATING IMAGE FILES WITH WDS An install image is basically a snapshot of a computer’s hard drive taken at a particular moment in time. The image file contains all of the operating system files on the computer, plus any updates and drivers you have installed, applications you have added, and configuration changes you have made. Creating your own image files is essentially a matter of setting up a computer the way you want it and then capturing an image of the computer to a file. You can use several tools to create image files, including the ImageX.exe command line utility Microsoft provides in the Windows AIK, which is available from the Microsoft Downloads Center at http://www.microsoft.com/downloads. To use ImageX.exe, you must boot the target computer to Windows PE and run the tool from the command line. However, the Windows Deployment Center console provides another method for creating image files, using the same WDS infrastructure you used to install images. WDS enables you to create your own image files by modifying an existing boot image, such as the boot.wim image Microsoft provides with Windows Server 2008, and turning it into a tool that boots the target computer and runs the Windows Deployment Service Capture Utility instead of an operating system’s Setup program. The utility then creates an image file and writes it out to the computer’s drive, after which you can copy it to the WDS server and deploy it to other computers in the usual manner.
JWCL089_ch01_001-045.indd Page 27 10/22/08 1:48:22 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 27
CREATING A CAPTURE BOOT IMAGE To modify a boot image to perform image file captures, use the following procedure. CREATE A CAPTURE BOOT IMAGE GET READY. Log on to Windows Server 2008 using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Click Start, and then click Administrative Tools > Windows Deployment Services. The Windows Deployment Services console appears. 2. Expand the Server node and the node for your server. Then, select the Boot Images folder. 3. If you have not done so already, add the Windows Server 2008 boot.wim image to the Boot Images store, using the procedure described earlier in this lesson. 4. In the detail pane, right-click the boot image and select Create Capture Boot Image from the context menu. The Windows Deployment Server—Create Capture Image Wizard appears, as shown in Figure 1-29. Figure 1-29 The Windows Deployment Server—Create Capture Image Wizard
5. On the Capture Image Metadata page, specify a name and description for the new image, and a location and filename for the new image file. 6. Click Next. The Task Progress page appears as the wizard creates the new image file. 7. Once the image has been created successfully, click Finish. CLOSE the Windows Deployment Services console.
You can now add the new capture image to the Boot Image store in the normal manner. To complete the imaging process, you must prepare the target computer with the Sysprep.exe utility and then reboot the system by using the capture image. A wizard then appears on the computer, guiding you through the process of capturing an image of the computer and uploading it to the WDS server.
JWCL089_ch01_001-045.indd Page 28 10/22/08 1:48:22 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
28 | Lesson 1
USING ANSWER FILES WDS by itself enables you to perform a standard operating system installation, but the setup process is still interactive, requiring someone at the workstation, like an installation from the DVD. To perform an unattended installation using WDS, you must use answer files, sometimes known as unattend files. An answer file is a script containing responses to all of the prompts that appear on the WDS client computer during the installation process. To create answer files, Microsoft recommends using the Windows System Image Manager (Windows SIM) tool in the Windows AIK. To install an operating system on a client using WDS with no interactivity, you must have two answer files, as follows: • WDS client answer file—This answer file automates the WDS client procedure that begins when the client computer loads the boot image file. • Operating system answer file—This is an answer file for a standard operating system installation, containing responses to all of the prompts that appear after the client computer loads the install image file. To use answer files during a WDS operating system deployment, use the following procedure. CONFIGURE WDS TO USE AN ANSWER FILE GET READY. Log on to Windows Server 2008 using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Copy your WDS client answer file to the \RemoteInstall\WDSClientUnattend folder on the WDS server. 2. Click Start, and then click Administrative Tools > Windows Deployment Services. The Windows Deployment Services console appears. 3. Expand the Servers node. Then, right-click the node for your server and, from the context menu, select Properties. The server’s Properties sheet appears. 4. Click the Client tab, as shown in Figure 1-30. Figure 1-30 The Client tab of a WDS server’s Properties sheet
JWCL089_ch01_001-045.indd Page 29 10/22/08 1:48:22 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 29 5. Select the Enable unattended installation checkbox. 6. Click the Browse button corresponding to the processor architecture of the client computer. 7. Browse to your answer file and then click Open. 8. Click OK to close the server’s Properties sheet. 9. Expand the node for your server and the Install Images node and locate the image you want to associate with an answer file. 10. Right-click the image file and, from the context menu, select Properties. The Image Properties sheet appears, as shown in Figure 1-31. Figure 1-31 The Image Properties sheet
11. Select the Allow image to install in unattended mode checkbox. 12. Click Select File. The Select Unattend File dialog box appears, as shown in Figure 1-32. Figure 1-32 The Select Unattend File dialog box
13. Key or browse to the answer file you want to use and then click OK. 14. Click OK to close the Image Properties sheet. CLOSE the Windows Deployment Services console.
At this point, if your answer files are properly configured, the entire operating system installation process on the client should require no interaction, except for turning on the computer.
JWCL089_ch01_001-045.indd Page 30 10/22/08 1:48:23 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
30 | Lesson 1
Using the Windows Automated Installation Kit Windows AIK provides the tools needed to perform unattended Windows Server 2008 and Windows Vista installations on remote computers.
The Windows Automated Installation Kit (AIK) is a set of tools and documents that enable network administrators to plan, create, and deploy operating system image files to new computers on the network. Windows AIK is not included with Windows Server 2008; it is a separate, free download available from the Microsoft Downloads Center at http://www.microsoft.com/downloads. TAKE NOTE
*
Although this lesson is concerned with deploying Windows Server 2008 servers, you can also use the Windows AIK and Windows Deployment Services to install Windows Vista workstations, using essentially the same procedures.
TAKE NOTE
*
Windows AIK does not actually include Windows PE and Windows RE, but it does provide the tools you need to build them.
TAKE NOTE
*
Windows AIK is a highly flexible collection of tools that you can use to deploy operating systems on almost any scale, from small business networks to large enterprises. The primary tools included in the kit are as follows: • ImageX.exe—A command line program that can capture, transfer, modify, and deploy file-based images from the Windows PE environment. • Windows Preinstallation Environment (Windows PE)—A stripped-down, command line version of the Windows operating system that provides a boot environment from which you can perform a full operating system installation. Unlike DOS, which earlier versions of Windows used for a boot environment, Windows PE provides full internal support for 32- or 64-bit device drivers, TCP/IP networking, NTFS drives, and various scripting languages. • Windows Recovery Environment (Windows RE)—A command line operating system, similar to Windows PE, in which you can run diagnostic and recovery tools. • Windows System Image Manager (Windows SIM)—A graphical utility that creates and modifies the answer files you can use to perform unattended operating system installations on remote computers. Sysprep.exe, another tool that you need to build automated deployment solutions, is included with Windows Server 2008 itself.
UNDERSTANDING THE DEPLOYMENT PROCESS Windows AIK is designed primarily to facilitate new operating system installations. The basic deployment process that the AIK uses assumes that you will be installing Windows on a computer with a new, unformatted hard disk, or one with a disk that you will reformat during the installation. The process of upgrading or migrating existing computers to Windows Server 2008 or Windows Vista is more complex than a new installation, and is not covered in the Windows AIK documentation. However, Microsoft Deployment Toolkit (MDT) 2008 does document these subjects and uses the AIK tools to perform these types of operating system installations.
The basic image creation and deployment process, as defined by the Windows AIK, consists of the following steps: 1. Build a lab environment—The lab environment is where you have a technician computer, on which you install Windows AIK, and a master computer, which serves as the model from which you will create your answer files and images. 2. Create an answer file—On the technician computer, using Windows System Image Manager (Windows SIM), you create and configure a new answer file. The answer file contains all of the configuration settings and other information that an installer would normally supply during a manual operating system installation.
JWCL089_ch01_001-045.indd Page 31 10/22/08 1:48:23 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 31
CERTIFICATION READY? Plan for automated server deployment 1.2
3. Build a master installation—Using the Windows Server 2008 installation DVD and the answer file you created, you install the operating system on the master computer, and then use Sysprep.exe to generalize it. 4. Create an image—After creating a Windows PE boot disk, you start the master computer and use the ImageX.exe program to capture an image of the master installation and store it on a network share. 5. Deploy the image—To deploy the image on additional computers, you start them with a Windows PE boot disk, copy the image file you created from the network share to the local drive, and use ImageX.exe to apply the image to that computer. You can also use WDS to deploy the image file.
The following sections describe these steps more fully.
INSTALLING THE WINDOWS AIK The first step to deploying new computers with the Windows AIK is to download and install Windows AIK on the technician computer in your lab. The technician computer must have .NET Framework 2.0 and MSXML 6.0 installed and must also be running one of the following operating systems: • • • •
Windows Server 2008 Windows Vista Windows Server 2003 Service Pack 2 Windows XP Professional Service Pack 2 with KB926044
The Windows AIK is available as a free download, in the form of a DVD image file with a .iso extension. Before you can install the Windows AIK, you must download the image file from the Microsoft Downloads Center and burn the image file to a disk. You can then proceed with the installation, using the following procedure. INSTALL THE WINDOWS AIK GET READY. Log on to your technician computer using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Insert the Windows AIK disk you created intro the computer’s DVD drive. A Welcome to Windows Automated Installation Kit window appears, as shown in Figure 1-33. Figure 1-33 The Welcome to the Windows Automated Installation Kit Setup Wizard page
JWCL089_ch01_001-045.indd Page 32 10/22/08 1:48:23 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
32 | Lesson 1 2. Click Windows AIK Setup. The Windows Automated Installation Kit Setup Wizard appears. 3. Click Next to bypass the Welcome to the Windows Automated Installation Kit Setup Wizard page. The License Terms page appears. 4. Select the I Agree option and click Next. The Select Installation Folder page appears, as shown in Figure 1-34. Figure 1-34 The Select Installation Folder page of the Windows Automated Installation Kit Setup Wizard
5. Click Next to accept the default settings. The Confirm Installation page appears. 6. Click Next to begin the installation. The wizard installs the Windows AIK, and then the Installation Complete page appears.
Click CLOSE. The installation process adds a Microsoft Windows AIK program group to the start menu, which contains shortcuts to the Windows System Image Manager application, a Windows PE Tools command prompt, and the Windows AIK documentation. TAKE NOTE
*
If you plan to customize your master computer before creating an image of it, you might want to create another answer file after you have completed the customization and generalization processes.
CREATING AN ANSWER FILE Once you have installed Windows AIK, you can use Windows System Image Manager to create the answer file for your master computer installation. The master computer will be the template for the image file you capture later. You are essentially building the computer that you will clone to all of the other new computers you install later. Answer files can be simple or quite complex, depending on the operating environment you want to deploy to the new computers on your network. In addition to the basic settings you configure when performing a basic Windows Server 2008 installation, you can add many other settings to your answer file. Examples of some of these settings are shown in the following sample procedure. CREATE AN ANSWER FILE GET READY. Log on to your technician computer using an account with Administrative privileges. When the logon process is completed, close the Initial Configuration Tasks window and any other windows that appear. 1. Insert your Windows Server 2008 installation DVD into the computer’s drive. 2. Open Windows Explorer, browse to the \Sources folder on the DVD, and copy the Install.wim image file to a folder on the computer’s local drive.
JWCL089_ch01_001-045.indd Page 33 10/22/08 1:48:23 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 33 3. Click Start. Then click All Programs " Microsoft Windows AIK " Windows System Image Manager. The Windows System Image Manager window appears, as shown in Figure 1-35. Figure 1-35 The Windows System Image Manager window
4. Click File " Select Windows Image. The Select a Windows Image combo box appears. 5. Browse to the folder on your local drive where you copied the Install.wim image file, select the file, and click Open. The Select an Image dialog box appears, as shown in Figure 1-36. Figure 1-36 The Select an Image dialog box
6. Select the Windows Server 2008 edition you plan to install and click OK. A Windows System Image Manager message box appears, warning that the program could not find a catalog file for the edition you selected.
JWCL089_ch01_001-045.indd Page 34 10/22/08 1:48:24 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
34 | Lesson 1
TAKE NOTE
*
The single Install.wim image file on the Windows Server 2008 installation DVD contains both full and Server Core installation options for the Standard, Enterprise, and Datacenter editions of the operating system, in both the regular and Server Core versions. This is one of the few places in the initial product release where Microsoft has neglected to replace the code name Longhorn with the final product name Windows Server 2008. When deploying Windows Server 2008 using the Windows AIK, you must select the operating system edition and version for which you have purchased licenses.
7. Click Yes to create a new catalog file. A catalog file is a binary file with a .clg extension that contains all of the settings for an image file and their values. The Windows Server 2008 edition you selected appears in the Windows Image pane with two subordinate folders, called Components and Packages, as shown in Figure 1-37. Figure 1-37 The Windows System Image Manager window, with a Windows image added
8. Click File > New Answer File. A new, untitled heading appears in the Answer File pane, as shown in Figure 1-38. The subheadings in the Components folder represent the phases of the installation process, called configuration passes.
JWCL089_ch01_001-045.indd Page 35 10/22/08 1:48:24 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 35 Figure 1-38 The Windows System Image Manager window, with a new answer file added
At this point, the answer file exists, but it contains no settings. To populate the answer file, you must select settings in the Windows Image pane and add them to the appropriate configuration pass in the Answer File pane. 9. In the Windows Image pane, expand the Components folder and browse to the component you want to add to the answer file. Then, right-click the component and, from the context menu, select one of the active configuration passes. The component appears in the Answer File pane, as shown in Figure 1-39. Figure 1-39 The Windows System Image Manager window, with a setting added to the answer file
JWCL089_ch01_001-045.indd Page 36 10/22/08 1:48:25 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
36 | Lesson 1
TAKE NOTE
*
Press the F1 key to open the Unattended Windows Setup Reference help file, which contains explanations and possible values for all of the answer file settings.
TAKE NOTE
*
10. In the Answer File pane, select the setting you added. A Properties pane appears, named for that setting. 11. In the Properties pane, select one of the listed settings, and key a value in the associated text box. 12. Repeat steps 9 to 11 to add all of the settings you need to the answer file. 13. Click Tools " Validate Answer File. The program checks the values of all the settings you added to the answer file and provides feedback in the Messages pane, either indicating the success of the validation or identifying the settings that are in error. Double-clicking an error message sends you to the appropriate setting, where you can correct the error and then revalidate. 14. Click File " Save Answer File As. A Save As combo box appears. 15. Save the answer file to a local drive using the name Autounattend.xml.
Both Unattend.ml and Autounattend.xml are valid answer file names. However, when you use the name Autounattend.xml, the system applies the settings in the file during the Windows PE configuration pass, before it copies files to the hard disk. Therefore, if your answer file includes disk actions, such as partitioning, you should use Autounattend.xml. 16. Copy the answer file to a floppy disk or flash drive. CLOSE the Windows System Image Manager window.
Selecting the settings and values you want to add to your answer file is one of the most complicated parts of the deployment process, as is using the correct configuration pass. The following sections examine these two subjects.
UNDERSTANDING CONFIGURATION PASSES As anyone who has performed a Windows installation knows, there are several phases to the Windows Setup process, and the configuration passes in an answer file enable you to specify during which phase of the installation the setup program should apply each of your selected settings. For many of the answer file settings, you have no choice, as the setting can only apply to one configuration pass. However, there are some settings from which you can select two or more configuration passes, and in some circumstances, you must select the correct pass for the installation to succeed. For example, if you are deploying computers that require a disk driver not supplied with Windows Server 2008, the configuration pass you use to install that driver should depend on when it is needed. If the disk driver is boot-critical, that is, if the computer needs the driver to access what will become the system disk, you must add the setting to the answer file’s windowsPE configuration pass so that the system loads the driver at boot time. If the computer does not need the driver until after the operating system is loaded, then you can add the setting to the offlineServicing configuration pass, which will add the driver to the Windows driver store, so it is available after Windows starts. The configuration passes you can specify in your answer files are as follows: • windowsPE—Configures options used during the Windows PE phase of the installation process, including the resolution of the Windows PE screen and the location of the installation log file; and Windows Setup options, including the selection, partitioning, and formatting of the system disk, the name and location of the image file to install, the product key, and administrator password values to apply. • offlineServicing—Applies unattended installation settings to an offline image, as well as enables you to add updates, hotfixes, language packs, and drivers to the image file. • specialize—Applies computer-specific information to the Windows installation such as network configuration settings, international settings, and the name of the domain the computer will join. The specialize configuration pass runs after the system runs the generalize pass and reboots.
JWCL089_ch01_001-045.indd Page 37 10/22/08 1:48:25 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
Planning Server Deployments | 37
• generalize—Specifies the settings that will persist after you run the Sysprep.exe program with the /generalize parameter. When you run the sysprep /generalize command, all machine-specific settings are removed from the computer configuration, such as the security ID (SID) and all hardware settings. This enables you to create an image file that does not include settings that will cause network conflicts when you apply it to multiple computers. The generalize configuration pass, and its accompanying specialize configuration pass, run only when you execute the sysprep /generalize command. • auditSystem—Applies unattended setup settings when the computer is running in the system context of an audit mode startup, before a user has logged on. The auditSystem configuration pass runs only when you configure Windows to start up in audit mode, by running Sysprep.exe with the /audit parameter or by adding the Reseal component to the answer file with the value Audit in the Mode setting. Audit mode is an additional installation phase that occurs with a separate system startup after the operating system installation and before Windows Welcome. OEMs and system builders typically use audit mode to install additional device drivers, applications, and other updates. • auditUser—Applies unattended setup settings when the computer is running in the user context of an audit mode startup, after a user has logged on. The auditUser configuration pass is typically used to run scripts, applications, or other executables. • oobeSystem—Applies settings during the first system boot after the Windows installation or the audit mode phase, also known as the Out-of-Box-Experience (OOBE) or Windows Welcome. The oobeSystem configuration pass runs only when you start the computer in OOBE mode, by running Sysprep.exe with the /oobe parameter or by adding the Reseal component to the answer file with the value OOBE in the Mode setting.
SELECTING ANSWER FILE SETTINGS Unattended operating system installations can be relatively simple or extremely complex. For a basic Windows Server 2008 installation, in which the computer requires no additional drivers or other software, you can create an answer file that contains only the settings needed to apply an image to a local disk drive. Some of the answer file settings that you might need for this part of an unattended Windows Setup process are listed in Table 1-5.
JWCL089_ch01_001-045.indd Page 38 10/22/08 1:48:25 AM user
/Volumes/102/JWCL089/work%0/indd%0/MOAC_Ch01
38 | Lesson 1 Table 1-5 Unattended Windows PE Phase Answer File Settings
C OMPONENT
V ALUE
F UNCTION
Microsoft-Windows-International-Core-WinPE
UILanguage =
[email protected] . You now have a password that is 33 characters long; uses uppercase, lowercase, and symbols; is easy to remember; and that, because of the length, is harder than the *&_I5y#".h password to crack. In the previous example, an email-type suffix was added to the end of the password to make it complex. You can also add phone numbers, addresses, and file path locations (like c:\winnt\ system32) to make a password complex. USING PASSWORD POLICIES When implementing and enforcing a password policy, consider the users’ inability to remember passwords that are too complex, change too often, and are too long. When passwords are too complex or too long, the eventuality that users will use other methods to remember their passwords, such as writing them down, is more likely. To help network administrators implement strong passwords, Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory. An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals. To implement password policies on an Active Directory network, you create or modify a group policy object (GPO) using the Group Policy Management Editor console, as shown in
