Archive for February, 2010
This is for my pal Joe in this weeks 6294 class who was asking some great questions on Sysprep and using Win Sim!
First of, his new best friend How Sysprep Works
What kind of settings and properties can be set using Win Sim? TechNet tells us!
One of the most confusing parts of using WinSim is knowing which “Pass” to add a setting to if there’s more than one option. This detailed guide explaining the differences between the passes hopefully may shed some light on what the differences are in between the opportunities Config passes 101
As cool as this is, we may need some more info on the answer files itself.
Walkthrough: Build a simple Answer file (note this is for vista but should be almost identical)
The following here shows a (vista) deployment using wim sim step-by-step taken from The Windowsnetworking.com site
This present article continues our look at the Windows Deployment Services (Windows DS) server role by walking you through an unattended image deployment onto bare-metal hardware using Windows Deployment Services.
Readers interested in understanding the basics of deploying Vista using the Windows Automated Installation Kit (Windows AIK) are referred to the first 13 articles of this series, which are listed on the author’s home page on WindowsNetworking.com.
In the previous article of this series we looked at how to use Windows DS to manually deploy a captured image of a preconfigured reference computer onto a PXE-enabled bare-metal destination computer. This present article examines how to automate this image deployment process by using answer files.
Windows Deployment Services and Answer Files
To perform an unattended image-based deployment using Windows DS, you must create and configure two answer files:
Unattend.xml – This answer file is used to suppress the user interface screens of the Windows DS client that are normally displayed at the beginning of the install process. These screens include specifying a locale/language, providing credentials to connect to the Windows DS server, choosing the install image you want to install on the system, and selecting a disk/partition for installation purposes.
ImageUnattend.xml – This answer file is used to suppress the machine out-of-box-experience (OOBE) or Windows Welcome screens that are normally displayed at the end of the install process. These screens include specifying a local/language, accepting the EULA, specifying a product key if required, specifying a computer name or autogenerating one, configuring firewall protection level, specifying a time zone, and configuring the network location (Home, Work or Public).
To create these two answer files, you should use Windows System Image Manager (Windows SIM). The sections that follow will demonstrate how to create and configure each of these answer files and then we’ll walk through the steps of performing our unattended install.
Creating and Configuring Unattend.xml
I’ll assume you are already familiar with using Windows SIM. If not, please refer back to article 6 and article 7 from this series. The simplest way to demonstrate how to create the Unattend.xml file for automating the Windows DS client experience is to show screenshots from Windows SIM as follows. First, add the Microsoft-Windows-International-Core-WinPE component for your architecture (x86 in this walkthrough) to the windowsPE configuration pass section of your answer file (refer back to article 3 in this series if you need a refresher on configuration passes). Then configure the settings for this component in your answer file as shown in Figure 1 if you are installing the U.S. English version of Windows Vista Enterprise as we are in this walkthrough deployment.
Figure 1: Configuring locale/language settings for the windowsPE configuration pass.
You also need to specify the language for the Microsoft-Windows-International-Core-WinPESetupUILanguage component as shown in Figure 2:
Figure 2: Configuring locale/language settings for the windowsPE configuration pass (continued).
Next, add the Microsoft-Windows-SetupDiskConfigurationDiskCreatePartitionsCreatePartition and Microsoft-Windows-SetupDiskConfigurationDiskModifyPartitionsModifyPartition components to the windowsPE configuration pass section of your answer file. Specify 0 for the DiskID setting and true for the WillWipeDisk setting as shown in Figure 3 below. This will wipe (delete all partitions from) the first disk on your system and install Vista on this disk using the partition info you provide next.
Figure 3: Wiping all partitions from disk 0.
Select the Microsoft-Windows-SetupDiskConfigurationDiskCreatePartitionsCreatePartition node in your answer file and specify true for Extend, 1 for Order, and select Primary for Type as shown in Figure 4 below. This will create a new primary partition that fills disk 0.
Figure 4: Creating a primary partition that fills the disk.
Next, select the Microsoft-Windows-SetupDiskConfigurationDiskModifyPartitionsModifyPartition node in your answer file and specify true for Active, select NTFS for Format, specify a label and drive letter, type 1 for Order, and specify 1 for the PartitionID setting as shown in Figure 5 below.
Figure 5: Creating and formatting the destination volume for your installation.
Next, add the Microsoft-Windows-SetupWindowsDeploymentServicesImageSelectionInstallImage and Microsoft-Windows-SetupWindowsDeploymentServicesImageSelectionInstallTo components to the windowsPE configuration pass of your answer file. Then select the Microsoft-Windows-SetupWindowsDeploymentServicesImageSelectionInstallImage node in your answer file and specify the filename of the install image you want to install, the name of the Image Group to which it belongs, and the name of the install image as displayed in the Windows Deployment Services console (see Figure 6):
Figure 6: Specifying which install image to deploy to the destination computer.
Now select the Microsoft-Windows-SetupWindowsDeploymentServicesImageSelectionInstallTo of your answer file and specify that the install image you specified earlier should be installed onto partition 1 of disk 0 as shown in Figure 7:
Figure 7: The image will install to partition 1 of disk 0.
Finally, add the Microsoft-Windows-SetupWindowsDeploymentServicesLoginCredentials component to the windowsPE configuration pass of your answer file and specify domain user credentials for performing the install (Figure 8):
Figure 8: Specifying credentials for the destination computer to connect to the Windows DS server.
Validate your answer file and save it as Unattend.xml. Then copy your answer file to the RemoteInstallWdsClientUnattend folder on the image repository volume on your Windows DS server, which in this walkthrough is the W:RemoteInstallWdsClientUnattend folder on server SEA-WDS2. Then, using the Windows DS console, display the properties of the server, select the Client tab, select the Enable Unattended Installation checkbox, click the Browse button for your architecture, and browse to W:RemoteInstallWdsClientUnattendUnattend.xml and click OK. This configures your Windows DS server to use your answer file to automate the first portion of the deployment process (see Figure 9):
Figure 9: Associating the Unattend.xml file with the Windows DS client.
Creating and Configuring ImageUnattend.xml
Now let us create and configure our second answer file, which will automate the Windows Welcome process. Start with a new (blank) answer file and add the Microsoft-Windows-Shell-Setup component to the specialize configuration pass section. Then configure the TimeZone setting, type "*" (asterisk) for ComputerName to autogenerate the computer name of the destination system, and (optionally) other settings as desired as shown in Figure 10:
Figure 10: Specifying the time zone and computer name.
Now add the Microsoft-Windows-International-Core component to the oobeSystem configuration pass and configure local/language settings as shown in Figure 11:
Figure 11: Specifying the local/language.
Next add the Microsoft-Windows-Shell-SetupOOBE component to the oobeSystem configuration pass section of your answer file and configuring the settings for EULA, network location, and PC Protection as shown in Figure 12 below. (Note that the Network Location setting shown here doesn’t "take" when configured via an answer file and you’ll be prompted to select your network location when you first log on to your computer.)
Figure 12: Configuring OOBE settings for network location, EULA, and PC Protection.
Next, add the Microsoft-Windows-Shell-SetupUserAccountsLocalAccountsLocalAccountPassword component to the oobeSystem configuration pass section of your answer file. Then select the Microsoft-Windows-Shell-SetupUserAccountsLocalAccountsLocalAccount node and create a new local administrator account for the destination computer as shown in Figure 13:
Figure 13: Creating a local administrator account.
And do not forget to specify a password for your new account (Figure 14):
Figure 14: Specifying a password for the account.
Now validate and save your answer file as Unattend.xml and copy the file to your Windows DS server using removable media or some other method. In the Windows Deployment Services Console, right-click on the install image you want to deploy and select Properties, and on the General tab select the Allow Image To Install in Unattended Mode checkbox as shown in Figure 15:
Figure 15: Allowing an install image to install in unattended mode.
Click the Select File button and browse to the answer file you created above (Figure 16):
Figure 16: Select the answer file that will automate Windows Welcome.
Clicking OK creates a folder with the same name (cap3) as your install image file (cap3.wim) and a subfolder named Unattend beneath, and copies your Unattend.xml file to this Unattend folder, renaming the file as ImageUnattend.xml (Figure 17):
Figure 17: Copying the Windows Welcome answer file to the image repository.
Performing the Unattended Install
We’re now ready to perform our unattended install of Windows Vista Enterprise onto our bare-metal PXE-enabled destination computer. Configure your destination computer to boot from the network, turn it on, and press F12 when prompted (Figure 18):
Figure 18: Press F12 to begin the deployment process.
Then when the Windows Boot Manager menu is displayed, select server SEA-WDS2 as shown in Figure 19:
Figure 19: Select the Windows DS server you want to use for your deployment.
Go make some coffee now and have a piece of cake. When you come back, enter your user credentials at the Windows logon screen as shown in Figure 20 and enjoy your game of FreeCell.
Figure 20: The deployment is complete—log on and enjoy your game of FreeCell.
Phil from this week’s 6294 deploying windows 7 class had a great question!
"The data collection package that runs on the clients, how often does it run and can we scheudle it?"
Great question Phil! I thought I would barrage you all with reference information on this one. First off…
In direct response to his quesiton above I dug up this info…
In the When to monitor application usage area, define when your data-collection package will run and for how long, including:
- Starting: To set the date and the time that your data-collection package will begin collecting data, click one of the following options:
- As soon as possible after install
- At specified date and time
ACT uses Coordinated Universal Time (UTC) instead of local time. Therefore, if you set your data-collection package to start at 6:05 P.M. Eastern Standard Time and run for five minutes, the data-collection package will actually start at 3:05 P.M. Pacific Standard Time, 5:05 P.M. Central Standard Time, 6:05 P.M. Eastern Standard Time, and so on. Selecting a specific date and time means that your compatibility evaluators will not begin collecting data until your configured date and time. However, you must deploy your data-collection package prior to your specified time, so it can install your compatibility evaluators.
- Duration: In the box, type a numerical value that defines how long the data-collection package will run, and then select Days, Hours, or Minutes in the list.
Your data-collection package duration runs in chronological time. Therefore, if you shut down your computer and the specified duration elapses while the computer is off, when you turn the computer back on, the data is uploaded and the data-collection package exits.
- Upload data every: Select 2 hours, 4 hours, 8 hours, or 12 hours, depending on how long you set ACT to wait between each upload of your application-compatibility data.
If you are running a data-collection package based on the Applying Windows Updates option, we recommend that you select the 2-hour upload option.
This info was found here… Creating a Data Collection Package
When looking bigger picture here on how the tool is used to collect data, use this outline with links here… Phase 1: Collecting Your Compatibility Data
Or for a real tech deep dive… Microsoft Application Compatibility Toolkit Data Collector (ACT-DC) Technical Reference
Applies To: Windows 7
You can migrate files and settings while the operating system is offline, by using Windows® User State Migration Tool (USMT) 4.0. For an offline migration with USMT, you do not need to log onto the computer that you are deploying Windows on.
When the operating system is offline, hardware resources and files are more readily accessible by ScanState and other USMT tools. Migrating offline may increase performance on older computers that have limited hardware resources and numerous software applications. It also helps avoid conflicts where a file is in use by another application or service. You may also be able to use an offline migration to recover files and settings if a computer no longer starts properly.
|Some files and settings that you can migrate in an online migration do not apply in an offline scenario. For more information, see What Does USMT Migrate in the USMT User’s Guide.|
In the following example, you modify configuration files for an offline migration, disable Windows® BitLocker™ Drive Encryption if necessary, and then boot into the computer by using Windows PE. Next, you run ScanState to gather files and settings from the current installation of Windows, and then you install Windows® 7 and apply the data from the migration store. This scenario applies to computers running Windows XP or Windows Vista®.
- Step 1: Modify the USMT Config.xml File to Include User-Group Membership
- Step 2: (Optional) Create an Offline.xml File
- Step 3: Copy USMT Files and Tools to a USB Flash Drive or a Network Share
- Step 4: Suspend BitLocker
- Step 5: Boot to Windows PE
- Step 6: Run ScanState to Gather Files and Settings
- Step 7: Install Windows 7 and Applications
- Step 8: Run LoadState to Apply Files and Settings
- Next Steps
You can also migrate files and settings from a Windows.old folder from within Windows 7. In an offline migration scenario where you migrate files and settings from the Windows.old folder, you don’t need to run the ScanState tool before deploying the operating system, and you can run ScanState and LoadState successively. This scenario is discussed further in the Appendix.
To complete this scenario, you need the following:
- Windows 7 product DVD
Note Before installing Windows 7, check that your computer meets the minimum hardware requirements for the version of the operating system you want to install. Back up your data files, or save them to a safe location before upgrading. For more information about hardware requirements, see this Microsoft Web site.
- Windows Automated Installation Kit (Windows AIK) DVD
You can download the Windows AIK .iso file from this Microsoft Web site and then burn the .iso file onto a blank DVD.
- Source computer
A source computer is the computer that you are migrating files and settings from. This computer must have a DVD-ROM drive and a USB port or a network connection. This guide uses a source computer running Windows XP or Windows Vista.
- Destination computer
A destination computer is any computer on which you are installing Windows 7 and applying files and settings from the migration store. This computer must have a DVD-ROM drive and a USB port or network connection.
Note The destination computer for an offline migration scenario can be the same as your source computer.
- A technician computer
A technician computer can be any computer that you install the Windows AIK for Windows 7 on. This computer must have a DVD-ROM drive. After you install the Windows AIK, you can copy the USMT folder to other computers in your organization.
- Windows PE bootable DVD or Windows PE available through Windows Deployment Services on your network
For information about creating Windows PE media, see Windows PE Walkthroughs.
Important If you are running ScanState on a source computer that has an x86 version of the operating system installed, you must use an x86 Windows PE image. If you are running ScanState on a source computer with an x64 version of the operating system installed, you must use an x64 Windows PE image.
- A network connection or a portable media such as a USB flash drive
A portable media or network connection is required for the technician, source, and destination computers to copy the USMT tools and configuration files between computers. You can also use this media to host the migration store if you plan to reformat the computer. For more information about how much space you need for hosting a migration store, see Estimate Migration Store Size in the USMT.chm.
Install the Windows AIK
- Insert the Windows AIK DVD into the DVD-ROM drive on the technician computer.
- Follow the instructions in the setup wizard.
|If the Setup program does not start automatically, in Windows Explorer, browse to the DVD drive containing the Windows AIK DVD and then click StartCD.exe. Click Windows AIK Setup to begin the installation.|
Step 1: Modify the USMT Config.xml File to Include User-Group Membership
User-group membership is not preserved during offline migrations. You can add a <ProfileControl> element in the Config.xml file to specify that the migrated users should be made members of a user group. In this example, you create a Config.xml file to add all user accounts to the Users group after they are migrated.
- Copy the following code into a text editor such as Notepad.
<changeGroup from="*" to="Users" appliesTo="MigratedUsers">
- Save the file as Config.xml.
|If you are modifying an existing Config.xml file, add ProfileControl as a child of the parent Configuration element. The /genconfig command creates an example ProfileControl element that you can modify.|
Step 2: (Optional) Create an Offline.xml File
If there are multiple drives that have Windows folders on the destination computer, you can create an Offline.xml file that contains information about which path locations to use. You can use this file when you run the ScanState tool with the /offline option. If the computer does not have multiple Windows folders, you can specify the path of the single folder with the /offlineWindir option at the ScanState command prompt in Step 6.
In this example, you create an Offline.xml file that instructs the ScanState tool to check for a valid Windows directory on the C drive. If no valid Windows directory is found on the C drive, the file specifies to look on the D drive and then on the E drive.
- Copy the following into a text editor such as Notepad.
- Save the file as Offline.xml.
For more information about Offline.xml, see the Offline Migration topic in the USMT User’s Guide.
Step 3: Copy USMT Files and Tools to a USB Flash Drive or a Network Share
Copy the USMT tools, modified Config.xml, and Offline.xml files to each computer you are upgrading. In this example, you copy the files to a USB flash drive to transport them to each computer.
- Copy all of the contents of C:Program FilesWindows AIKToolsUSMT<architecture> from your technician computer to a network share or a USB flash drive. The <architecture> is either x86 or amd64. For example, at a command prompt, type the following:
xcopy C:Program FilesWindows AIKToolsUSMTx86 H:USMTx86
H is the assigned letter of your USB flash drive.
- Copy the modified Config.xml and Offline.xml files to the USB flash drive. For example, at a command prompt, type the following:
xcopy C:Config.xml H:USMTx86
xcopy C:Offline.xml H:USMTx86
Step 4: Suspend BitLocker
If the source computer has BitLocker enabled, you must suspend or disable encryption before you can use the ScanState tool on the drive. For more information about suspending BitLocker encryption, see this Microsoft Web site.
|When you suspend or disable BitLocker, the drive remains encrypted, but the encryption key in not protected until BitLocker is enabled again. If the computer is lost or stolen while in this state, the data on the computer is not protected by BitLocker encryption.|
Step 5: Boot to Windows PE
- Insert the Windows PE DVD and reboot the computer.
Note If you are using a network share to copy the USMT tools or for your migration store, you may need to configure Windows PE for network connectivity. For example, you can use the network shell tool (netsh) or the
Step 6: Run ScanState to Gather Files and Settings
- Copy USMT files to the computer from the USB flash drive or the network. For example, insert the USB flash drive and type the following at a command prompt:
xcopy H:USMTx86 C:USMTx86
H is the assigned letter of the USB flash drive.
- Set system environment variables for USMT to specify the working directory for the USMT tools and the system architecture. For example, at the Windows PE command prompt, type the following:
For AMD64 architecture computers, set MIG_OFFLINE_PLATFORM_ARCH to 64.
- Run ScanState with the /offline option and specify where to create the migration store. For example, at a command prompt, type the following:
scanstate c:mystore /offline:c:USMTx86offline.xml /i:migapp.xml /i:miguser.xml /o /config:config.xml /v:5 /encrypt /key:"mykey"
If you are reformatting the source computer, create the migration store on a network share or portable media.
Step 7: Install Windows 7 and Applications
After you have saved the migration store to a secure location such as a network share or portable media, you can install Windows 7. As a best practice, install applications before loading files and settings from your migration store.
- To start Windows 7 Setup, insert the Windows 7 DVD and then reboot the computer. If Windows 7 Setup does not launch automatically, navigate to the DVD drive of the computer and then click setup.exe.
- Follow the instructions on the screen to install Windows 7.
Warning You can use an unattended answer file to customize your Windows 7 deployment. For more information, see Step-by-Step: Basic Windows Deployment for IT Professionals or the Windows AIK User’s Guide.
- Install all user applications on the destination computer. The application version that you install on the destination computer must be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version, except for Microsoft® Office, which USMT can migrate from an older version to a newer version.
For more information about what applications and settings are supported in USMT 4.0, see What Does USMT Migrate?.
Step 8: Run LoadState to Apply Files and Settings
After you install Windows 7, copy the USMT files to the destination computer and then run the LoadState tool to apply files and settings to the new operating system.
- Copy the USMT files to the destination computer from the USB flash drive or a network share. For example, at a command prompt, type the following:
xcopy H:USMTx86 C:Program FilesWindows AIKToolsUSMTx86
- Run the LoadState tool and specify the location of the migration store. You do not need to use Offline.xml with LoadState. For example, at a command prompt, type the following:
loadstate c:mystore /config:config.xml /i:miguser.xml /i:migapp.xml /v:5 /l:loadstate.log /decrypt /key:"mykey"
- When LoadState has completed, restart the computer.
Files and settings from the previous operating system are now available on this installation of Windows 7.
For more information about deploying BitLocker for Windows 7, see this Microsoft Web site.
Appendix: Offline Migration from a Windows Folder
You can migrate data from an offline Windows folder from a different installation. You can migrate data from a Windows.old folder if you performed an in-place upgrade, or you can migrate data from any offline Windows folder on another computer or another partition.
The ScanState tool includes two parameters that you can use to gather files from an offline Windows folder:
- /offlineWinDir: WinDir. Specifies the path to the offline Windows folder that USMT uses to gather user-state information. You can use this parameter to point ScanState to an offline Windows folder.
- /offlineWinOld: WinDir. Specifies the path to the offline Windows.old folder. You can use this option to gather files from a previous Windows installation if you upgrade in-place. For example, you can gather data from a previous Windows Vista installation that is contained in the Windows.old directory.
The following steps show how to migrate files from a Windows.old directory. For more information about using /offlineWinDir:, see the command-line help for ScanState.exe.
You can migrate files and settings from a Windows.old directory from within Windows 7. In an offline migration scenario where you migrate files and settings from the Windows.old directory, you don’t need to run the ScanState tool before deploying the operating system, and you can run ScanState and LoadState successively.
To migrate offline from a Windows.old directory, follow the same steps as the previous scenario, but in the following order:
- Modify Config.xml to Include User-Group Membership
- Copy USMT Files and Tools to the UFD or Network Share
- (Optional) Suspend BitLocker
- Install Windows 7 and Applications
Install Windows 7, but choose the Custom (Advanced) option instead of the Upgrade option. For a hard-link migration, do not reformat the drive. For more information about hard-link migrations, see Hard-Link Migration store.
- Run ScanState to Gather Files and Settings
Use the /offlineWinOld option instead of the /offline option. For example, at a command prompt, type the following:
scanstate c:mystore /offlineWinOld:c:Windows.oldWindows /i:migapp.xml /i:miguser.xml /o /config:config.xml /v:5 /nocompress
Important If a Windows.old directory is already present on the destination computer before installing Windows 7, the new folder is named Windows.old.nnn, where nnn is a three-digit number such as 000 or 001.
You can also use a hard-link migration for this scenario. For example, at a command prompt, type the following:
scanstate c:mystore /offlineWinOld:c:Windows.oldWindows /hardlink /i:migapp.xml /i:miguser.xml /o /config:config.xml /v:5 /nocompress
Warning When using a hard-link migration, do not format the drive. For more information about hard-link migrations, see Hard-Link Migrations.
You can use the /offlinewindir option to point to an offline Windows folder. Use this option to migrate from a Windows directory on a different computer or a different partition. For example, type the following:
scanstate c:mystore /offlineWinDir:c:Windows /hardlink /i:migapp.xml /i:miguser.xml /o /config:config.xml /v:5 /nocompress
- Run LoadState to Apply Files and Settings
Include the /hardlink option in the LoadState syntax as well. For example, at a command prompt, type the following:
loadstate c:mystore /config:config.xml [/hardlink] /i:miguser.xml /i:migapp.xml /v:5 /l:loadstate.log /nocompress /lac
|Group Policy setting||Purpose|
Prevent users from sharing files within their profile
Determines whether users are allowed to share files within their profile to other users on their network. Sharing of any kind is enabled only when an administrator has turned on file sharing on that computer.
If you enable this policy, users will not be able to share files within their profile using the sharing wizard. Also, the sharing wizard will not create a share at %SystemRoot%users and can only be used to create SMB shares on folders.
If you disable or do not configure this policy, then users will be able to share files out of their user profile after an administrator has turned on file sharing on that computer.
- Has more issues than his surgically repaired knees. I’ve broken more bones than most people doing various sports (hockey, skiiing, basketball, etc..)
- I may pick on my wife and kids in jokes and stories in my classes, but i would stand in front of a train for them if they needed it. Family comes first.
- Is a very cautious driver most of the time. Due to a few semi-scary accidents on my motorcycles and cars
- HATES to be late. One of the biggest pet peeves i have. I would rather get somewhere 45 mins early before being 1 minute late. it’s just professional and curteous
- have almost flat feet, with almost no arch.
When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:
- Configuration of sites and subnets in Active Directory
- Replication of Active Directory, the file system, and SYSVOL shared folders
- Name resolution by the Domain Name System (DNS)
- Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
- Health of the domain controllers
- Configuration of the Network Time Protocol (NTP) for all domain controllers
If a problem is found, the tool describes the problem, indicates the severity, and links you to guidance at the Microsoft Web site (such as a Knowledge Base article) to help you resolve the problem. You can save or print a report for later review. The tool does not change anything on your computer or your network.