March 9, 2019 at 20:50Installing Windows through Windows Deployment Services and the Microsoft Deployment Toolkit
- Tutorial
As it was written in one clever book - if your IT department does not have an automated installation of the operating system, then its creation may be the most important task that you have ever performed.
For MDT to work:
On the server, enable the WDS role.
Download and install the Windows Assessment and Deployment Kit (ADK) from the official site :
1) Download the Windows ADK for Windows 10, version 1809 (possibly newer)
2) Download the Windows PE add-on for the ADK
Note for installation:
Also download and install the Microsoft Deployment Toolkit (MDT)
We open the WDS console
We start configuration.
In the setup wizard, select integration with the domain.
Set the WDS service folder.
In the next step, you can choose which computers the WDS server will respond to:
We complete the initial setup process. We have the following folder structure:
we need WDS only for connecting and transferring images, therefore, without a detailed explanation:
Install Images - installation images (we do not use);
Boot Images - boot images (add the ones created in MDT);
Pending Devices - devices appear requesting a connection if the option "administrator confirmation is required" is enabled.
To configure MDT, run its console. Microsoft Deployment Toolkit -> Deployment Workbench .
Add a new DeploymentShare . It will store all the files for installation.
The following options apply to the installation process and are subject to change later.
At the final stage, the creation process will start, which should be successful.
The shared folder E: \ DeploymentShare $ can be transferred to other servers by simple copying. Disconnecting and connecting is done in the MDT console.
Applications - applications that are installed on the operating system;
Operating Systems - operating systems available for the boot image;
Out-of-box drivers- drivers (.inf);
Packages - security update packages, service, language, etc. (.cab and .msu);
Task Sequences - sequence of installation tasks;
Selection Profiles - logical groups for combining content;
Linked Deployment Shares - other connected DeploymentShare from other servers;
Monitoring - when this option is enabled, the installation progress is displayed on clients.
Discover the properties of our MDT Deployment Share balls . On the General tab, you can choose for which platforms to create .wim files from which you can later download. Rules
tabMDT automation configuration files are configured. The text of the file . \ Control \ CustomSettings.ini is displayed in the window itself , and the file . \ Control \ Bootstrap.ini under the Edit Bootstrap.ini button . CustomSettings.ini - located on the server and hides the steps of the installation menu, and also defines some installation parameters. Bootstrap.ini - located in the boot image and defines the parameters for connecting to DeploymentShare. . \ Control \ CustomSettings.ini
List of time zones
. \ Control \ Bootstrap.ini
On the Windows PE tab , boot image creation is configured. You can disable the creation of the .wim file on the first tab, but select the .iso file on the third tab if we need it. Now I left only the x64 platform. The second item Generate a Lite Touch bootable ISO image will be needed if we need a bootable ISO file that we could write to a USB flash drive or disk and boot from it. Scratch space size - memory size in megabytes allocated for scripts and installer commands.
On the Features tab, we can add any components to the boot image. On the Drivers and Patches tab, it’s better to select the Selection profile created specifically for the boot imagewith network drivers.
On the next Monitoring tab, enable the option so that it starts accepting logs from clients during installation and displays the status in the Monitoring folder.
In accordance with our security policy, we add read permissions to the DeploymentShare $ directory and this completes the simple MDT setup.
In the context menu of the Applications folder, select New Application .
Add Google Chrome.
Download Standalone Enterprise 64 bit and save it in a separate temporary folder, for example, E: \ Soft . We indicate where the program is located and select the option so that all the contents are moved to a new folder.
Next, we compose a command for silent installation of this application and fill in the corresponding field.
By analogy, we add all the software we need.
When you go to the properties of the imported application on the General tab, you can edit previously completed parameters, hide it from the application selection list during installation (if you want to force the installation through a task, for example) and disable this application in MDT if you want to exclude its use in the installation, but do not want to delete (for example, testing or updating).
On the Details tab, you can change the settings made, require you to reboot after installation and allow launching only on selected platforms.
The last tab Dependencies indicates the dependencies. If the application needs any additional settings, then their order is indicated here. Only after installing the dependencies will the main application be installed. The software listed should be imported in advance.
In the Operating Systems folder, add the operating system. I have a .wim file with Windows 10 Pro x64.
Rename it to a more convenient view.
For example, we import drivers for Intel network cards. It is worth noting immediately that any archives must be unpacked because MDT automatically searches for .inf files in the specified directory.
It is advisable to create subfolders to separate manufacturers and models of computer equipment. Separately, it is worth highlighting drivers for network cards and disks for a boot image using Selection Profiles .
If there is WSUS , then you can point to the folder with its location and all packages will be found automatically (from those found, sort through Selection Profiles ). If not, you must manually download the packages and indicate their location.
Task Sequences is a sequence of tasks to install. You can add, remove or modify installation steps. On the first page, when adding, an ID and a name are specified.
The template is selected.
Selecting an operating system from those added previously.
Entering license keys. The key will be specified after or during installation, so it is not set.
Enter the username and organization name.
Password of the future local administrator.
After creation, you can similarly view its properties and make changes.
The Task Sequence tab describes the entire installation process. The sequence must be changed to fit your needs.
For example, I will add a script that includes the ability to connect via RDP because after installation, it is disabled by default.
In the folder . \ Scripts \ Custom , a script was created on PowerShell Enable_RDP.ps1 :
Next, select the desired location in this order and add a new item.
On the Options tab, we can disable the execution of this step and enable the continuation of the installation if an error occurs at this step. Additional necessary conditions are added there to complete this step.
I recommend a more detailed study of the possibilities of different types of tasks. After you finish editing the sequence, you can begin to create boot images.
To create images, select the second item. DeploymentShare must be
updated after:
Go to the WDS console and add the created boot image to the Boot Images folder . WDS will copy this image to its working directory.
We set up a network boot on a test computer. The WDS server is detected automatically. By default, the computer waits for F12 to continue booting. This setting is changed in the WDS server properties on the Boot tab.
Most of the settings were defined in the configuration files, it remains to fill in the missing. Select the available Task Sequences.
Set the computer name.
This setting allows you to save user profiles. We have a clean installation, so let's leave it as it is.
You can restore it from somewhere.
We select the necessary software.
Further installation is performed automatically.
When monitoring is enabled, the installation process can be monitored through the console.
Ultimately, spending a couple of minutes of our time (not counting the installation) to download over the network and enter the remaining settings, we get an operating system that is ready for work and meets our requirements. The complexity of the final result is determined in advance, so it makes no special sense.
The obvious advantages of automation:
Complete official MDT documentation
For MDT to work:
- Wds
- Windows ADK
- Powerhell
- .net framework
- DHCP
Plan
- Adding the Windows Deployment Services (WDS) role to the server;
- Download and install the necessary components on the server;
- Launch and configure WDS;
- Launch and configure MDT;
- Import applications
- Import installation images;
- Import drivers;
- Import packages;
- Task creation;
- Testing.
Adding the Windows Deployment Services (WDS) Role to the Server
On the server, enable the WDS role.
Download and install the necessary components on the server
Download and install the Windows Assessment and Deployment Kit (ADK) from the official site :
1) Download the Windows ADK for Windows 10, version 1809 (possibly newer)
2) Download the Windows PE add-on for the ADK
Note for installation:
- Deployment tools
- Imaging and configuration designer
- Configuration designer
- User State Migration Tools
Also download and install the Microsoft Deployment Toolkit (MDT)
Launch and configure WDS
We open the WDS console
We start configuration.
In the setup wizard, select integration with the domain.
Set the WDS service folder.
In the next step, you can choose which computers the WDS server will respond to:
- Do not answer anyone - you can turn off the server during configuration or testing, for example, so that users do not receive possible conflicts during installation.
- Answer only to known computers - the list is compiled in the console and if there is no record of the computer address, then it will not get the opportunity to work with the server.
- Answer all clients - all computers will receive a response. If you install the checkbox below, then when accessing unknown devices (not recorded earlier), a message will appear in the console that a certain computer with a specific address is requesting a connection. You can reject or accept and the process will continue. You can change these settings later in the WDS console.
We complete the initial setup process. We have the following folder structure:
we need WDS only for connecting and transferring images, therefore, without a detailed explanation:
Install Images - installation images (we do not use);
Boot Images - boot images (add the ones created in MDT);
Pending Devices - devices appear requesting a connection if the option "administrator confirmation is required" is enabled.
Launch and configure MDT
To configure MDT, run its console. Microsoft Deployment Toolkit -> Deployment Workbench .
Add a new DeploymentShare . It will store all the files for installation.
The following options apply to the installation process and are subject to change later.
At the final stage, the creation process will start, which should be successful.
The shared folder E: \ DeploymentShare $ can be transferred to other servers by simple copying. Disconnecting and connecting is done in the MDT console.
Applications - applications that are installed on the operating system;
Operating Systems - operating systems available for the boot image;
Out-of-box drivers- drivers (.inf);
Packages - security update packages, service, language, etc. (.cab and .msu);
Task Sequences - sequence of installation tasks;
Selection Profiles - logical groups for combining content;
Linked Deployment Shares - other connected DeploymentShare from other servers;
Monitoring - when this option is enabled, the installation progress is displayed on clients.
Discover the properties of our MDT Deployment Share balls . On the General tab, you can choose for which platforms to create .wim files from which you can later download. Rules
tabMDT automation configuration files are configured. The text of the file . \ Control \ CustomSettings.ini is displayed in the window itself , and the file . \ Control \ Bootstrap.ini under the Edit Bootstrap.ini button . CustomSettings.ini - located on the server and hides the steps of the installation menu, and also defines some installation parameters. Bootstrap.ini - located in the boot image and defines the parameters for connecting to DeploymentShare. . \ Control \ CustomSettings.ini
OSInstall=Y //установить операционную систему
JoinDomain=alx*.com //ввести в этот домен
DomainAdmin=alx - имя пользователя используемого для присоединения
DomainAdminDomain=alx*.com //домен пользователя
DomainAdminPassword= //пароль пользователя
AdminPassword= //пароль локального администратора на новой машине
HideShell=YES //скрыть Shell
SkipUserData=NO //пропустить шаг о решении сохранности пользовательских данных (если установка производится поверх существующей системы)
TimeZoneName=N. Central Asia Standard Time //временная зона
SkipTimeZone=YES //пропустить выбор временной зоны
UILanguage=ru-RU //выбор языка интерфейса
UserLocale=ru-RU //выбор местоположения
SkipLocaleSelection=YES //пропустить выбор месторасположения
SystemLocale=ru-RU //выбор языка для non-Unicode программ
SkipCapture=YES //пропустить захват установленной операционной системы
SkipComputerName=NO //пропустить ввод имени компьютера
SkipDomainMembership=YES //пропустить членство в домене
SkipAdminPassword=YES //пропустить пароль администратора
SkipProductKey=YES //пропустить ввод лицензионного ключа
SkipComputerBackup=YES //пропустить выполнение резервного копирования
SkipBitLocker=YES //пропустить настройку шифрования BitLocker
SkipSummary=YES //пропустить страницу с выводом результирующих настроек
EventService=http://SRV04:9800 //установить сервер назначения для логовList of time zones
. \ Control \ Bootstrap.ini
[Settings]
Priority=Default
[Default]
DeployRoot=\\SRV04\DeploymentShare$
UserID=alx //имя пользователя для доступа к папкам Deployment Share
UserDomain=alx*.com //домен пользователя
UserPassword= //пароль пользователя
KeyboardLocale=en-US //выбор языка
SkipBDDWelcome=YES //пропустить начальную страницу установщикаOn the Windows PE tab , boot image creation is configured. You can disable the creation of the .wim file on the first tab, but select the .iso file on the third tab if we need it. Now I left only the x64 platform. The second item Generate a Lite Touch bootable ISO image will be needed if we need a bootable ISO file that we could write to a USB flash drive or disk and boot from it. Scratch space size - memory size in megabytes allocated for scripts and installer commands.
On the Features tab, we can add any components to the boot image. On the Drivers and Patches tab, it’s better to select the Selection profile created specifically for the boot imagewith network drivers.
On the next Monitoring tab, enable the option so that it starts accepting logs from clients during installation and displays the status in the Monitoring folder.
In accordance with our security policy, we add read permissions to the DeploymentShare $ directory and this completes the simple MDT setup.
Import applications
In the context menu of the Applications folder, select New Application .
Add Google Chrome.
Download Standalone Enterprise 64 bit and save it in a separate temporary folder, for example, E: \ Soft . We indicate where the program is located and select the option so that all the contents are moved to a new folder.
Next, we compose a command for silent installation of this application and fill in the corresponding field.
By analogy, we add all the software we need.
When you go to the properties of the imported application on the General tab, you can edit previously completed parameters, hide it from the application selection list during installation (if you want to force the installation through a task, for example) and disable this application in MDT if you want to exclude its use in the installation, but do not want to delete (for example, testing or updating).
On the Details tab, you can change the settings made, require you to reboot after installation and allow launching only on selected platforms.
The last tab Dependencies indicates the dependencies. If the application needs any additional settings, then their order is indicated here. Only after installing the dependencies will the main application be installed. The software listed should be imported in advance.
Import installation images
In the Operating Systems folder, add the operating system. I have a .wim file with Windows 10 Pro x64.
Why .wim?
No LTSC licenses, only Pro. Therefore, with the release of the new version, you have to download the current Windows 10 and use the MSMG ToolKit to clean out the pre-installed ... programs. The output is .iso with an embedded .wim.
Rename it to a more convenient view.
Import driver
For example, we import drivers for Intel network cards. It is worth noting immediately that any archives must be unpacked because MDT automatically searches for .inf files in the specified directory.
It is advisable to create subfolders to separate manufacturers and models of computer equipment. Separately, it is worth highlighting drivers for network cards and disks for a boot image using Selection Profiles .
Import packages
If there is WSUS , then you can point to the folder with its location and all packages will be found automatically (from those found, sort through Selection Profiles ). If not, you must manually download the packages and indicate their location.
Task creation
Task Sequences is a sequence of tasks to install. You can add, remove or modify installation steps. On the first page, when adding, an ID and a name are specified.
The template is selected.
Selecting an operating system from those added previously.
Entering license keys. The key will be specified after or during installation, so it is not set.
Enter the username and organization name.
Password of the future local administrator.
After creation, you can similarly view its properties and make changes.
The Task Sequence tab describes the entire installation process. The sequence must be changed to fit your needs.
For example, I will add a script that includes the ability to connect via RDP because after installation, it is disabled by default.
In the folder . \ Scripts \ Custom , a script was created on PowerShell Enable_RDP.ps1 :
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1)
(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"Next, select the desired location in this order and add a new item.
On the Options tab, we can disable the execution of this step and enable the continuation of the installation if an error occurs at this step. Additional necessary conditions are added there to complete this step.
I recommend a more detailed study of the possibilities of different types of tasks. After you finish editing the sequence, you can begin to create boot images.
To create images, select the second item. DeploymentShare must be
updated after:
- updating boot drivers (network cards and disk drives);
- Add components to the boot image
- Changing boot image settings
- Windows ADK version updates;
- Bootrstrap.ini changes
- changes to the files of "extra" directories.
Go to the WDS console and add the created boot image to the Boot Images folder . WDS will copy this image to its working directory.
Testing
We set up a network boot on a test computer. The WDS server is detected automatically. By default, the computer waits for F12 to continue booting. This setting is changed in the WDS server properties on the Boot tab.
Most of the settings were defined in the configuration files, it remains to fill in the missing. Select the available Task Sequences.
Set the computer name.
This setting allows you to save user profiles. We have a clean installation, so let's leave it as it is.
You can restore it from somewhere.
We select the necessary software.
Further installation is performed automatically.
When monitoring is enabled, the installation process can be monitored through the console.
Ultimately, spending a couple of minutes of our time (not counting the installation) to download over the network and enter the remaining settings, we get an operating system that is ready for work and meets our requirements. The complexity of the final result is determined in advance, so it makes no special sense.
The obvious advantages of automation:
- Saving your time. During installation, we can do interesting things.
- Uniformity of installed systems.
- Less waiting time than would be done manually.
- The ability to change individual elements when changing, rather than rebuilding the entire image.
Complete official MDT documentation