Month: August 2009

Whitepaper: Using MDT 2010 To Deploy Windows 7

I’ve just published a guide on how to use the free Microsoft Deployment Toolkit 2010 to deploy Windows 7.  Using this document you’ll be able to capture customised sysprepped images and “upgrade” existing computers, e.g. migrate XP machines to Windows 7 using a light touch client.

MDT is very powerful, allowing you to manage client and server operating systems using customised task sequences, a set of steps processed in order.  I was a doubter (sorry, Rhonda, I should have believed you!) at first but I’m a believer now.

By the way, I used Word 2010 CTP to write this document.  I’m used to Word 2007 so this was a breeze with there being no big changes for basic usage.  The only trouble I had with the CTP (it is pre-beta) was that the footers kept getting new lines for some unknown reason so I had to keep deleting them.

“I’ve been doing operating system deployment of one form of another since 1998 when I first started using Ghost to clone NT 4.0 workstations. I’ve used a variety of tools since then including a custom routine to deploy NT 4.0 using Novadigm EDM, Windows 2000/2003 Remote Installation Services (RIS), ImageX from Windows Automated Installation Kit and Windows Deployment Services (WDS). As time has gone by there have been some changes.

Operating System (OS) deployment had always been a form of IT black magic. I can’t be certain why. I know that documentation used to be non-existent or incomprehensible. If you downloaded Microsoft Business Desktop Deployment accelerator you installed it, ran it, tried to use it, scratched your head wondering what you were doing wrong, followed a rats nest of hyperlinks and quickly gave up. Microsoft just seemed to be unable to clearly communicate how to efficiently deploy operating systems. Most organisations only create a new standard operating system build once every few years. There are plenty of organisations that deployed XP back in 2002-2003 and have no plans to change their standard soon. That means their engineers never develop OS deployment skills. If a change is needed then consultants or contractors are brought in and they do the engineering, leaving a set of operations guides behind. There’s a set of people out there who either don’t have time to learn the skills (I can sympathise!). But worse, I think there’s also a set of people who really don’t care; they’ll do the sneaker-net thing quite “happily” or continue to (probably) illegally use Ghost to deploy operating systems – Hey! You actually need to buy a Ghost license for each machine built with Ghost and an auditor really can detect a fingerprint on the hard disk of “ghosted” workstations.

Microsoft did attempt to simplify things. Documentation has improved but it’s still not there yet as can be seen in the MDT documentation where there are gaps and misleading instructions. The tools have gotten better too. Adding drivers to the pre-installation phase of RIS was a nightmare to figure out. It got better with the “Panther” based installation tools that were released with Vista and Server 2008. That involved using Microsoft’s WAIK to build a Windows PE image (your boot up media) and add drivers into that using command line tools. The current generation of tools allow you to build libraries of drivers and add them via a GUI.

This document is going to focus on Microsoft Deployment Toolkit (MDT) 2010. I’ll be looking at deploying Windows 7 seeing as that’s the new desktop operating system from Microsoft. Everything we look at here will be possible with Windows Vista, Windows Server 2008 and Windows Server 2008 R2. They all share the same basic installation functionality. MDT is going to be the tool you’ll be most often recommended to use for deploying Windows 7. Why? There are a lot of reasons:

  • It’s 100% free.
  • It allows you to do light-touch clean installations of and upgrades to Windows 7.
  • It uses task sequences to perform the installs. These are a sequence of instructions that can include other tasks.
  • Using task sequences you can add drivers, patches and applications to you Windows 7 PC’s, enable BitLocker, etc.
  • The task sequences are 100% customisable. You can do anything that you can do from command line or from a script. Many of the default actions are VBS scripts.
  • You cannot upgrade from XP to Windows 7. That’ll be a problem for those who have data on their PC’s. Using task sequences and the User Migration Toolkit you can capture the user state of the PC, put a clean install of Windows 7 on the machine and restore the user state, effectively performing an upgrade.
  • It’s very lightweight, e.g. my labs have been machines with 512MB of RAM. MDT is really a glorified file share/set of file shares. Consultants/contractors could create a virtual machine and transport their VHD/VMDK to customer sites to do their work. The great thing about VHD/VMDK is that it can be copied. Over time you’ll build up a library of drivers and task sequences that you can reuse again and again.

Here’s what I’m going to try cover in this document. We’ll install MDT 2010. We’ll get to the point where we can deploy a standard installation of Windows 7, capture a customised template image and be able to deploy an “upgrade” from Windows XP using a user state capture/restore. I’ll add in a few tricks to make things easier. I’ll show you how to create a light touch installation requiring minimal interaction and how to dispense with the need to create bootable USB/DVD media to boot up machines for the deployment process. My lab will be running on VMware Workstation so you’ll see how I added drivers for it. The process is pretty similar on Hyper-V (which I have also done previously).

Disclaimer: I won’t claim to be a deployment guru. There’s other people out there who know this stuff better than I do. But I can show you how to get started with MDT and how to deploy Windows 7 with it.

I’m using the current (at the time of writing) release candidate (RC) of MDT 2010 so some things may change by the time you read this.”

The document continues

Security On Your Terms

Microsoft published some security feature documentation for Windows 7:

  • Security on your terms overview: This article describes some of the new or changed security features in Windows 7. These features include the new Action Center and the updated UAC. This article also describes how Windows 7 extends BitLocker Drive Encryption to portable storage devices.
  • Security Frequently Asked Questions (FAQ): This topic answers questions about security in Windows 7, which includes features like Security Development Lifecycle, User Account Control, Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization, and Data Execution Prevention.
  • Security on your terms walkthrough: The step-by-step instructions in this walkthrough provide a brief tour of new security features in Windows 7.

Location Aware Printing

Microsoft published some documentation on a new feature in Windows 7 Professional (and higher) called Location Aware Printing.  This is a very cool feature.  Imagine you’re a laptop user working in multiple sites.  You use printers in each of those sites.  Location Aware Printing will detect your network location and set your default printer accordingly.  This saves time and helps Office out too – it sets up document layouts based on your default printer.

  1. Location Aware Printing: The Location Aware Printing Walkthrough provides a brief tour of the new Location Aware Printing feature in Windows 7 (available in Windows 7 Professional or higher). These instructions assume that your computer is connected to at least two networks. Location Aware Printing Frequently Asked Questions answers questions about using the Location Aware Printing feature in Windows 7.
  2. Location Aware Printing Walkthrough: The step-by-step instructions in this walkthrough provide a brief tour of the new Location Aware Printing feature in Windows 7 (available in Windows 7 Professional or higher).
  3. Location Aware Printing Frequently Asked Questions: This topic answers questions about using the Location Aware Printing feature in Windows 7.

Microsoft Hyper-V Server 2008 R2 RTM and RTW.

Hyper-V Server 2008 R2 is available to download now.  This free virtualisation platform from Microsoft is based on the Core installation.  It’s a stripped down version of Windows intended solely for virtualisation.  Given that it doesn’t have the free guest OS licenses, it seems like a solution to me for things like VDI (Remote Desktop Services) or small implementations like branch offices or certain SBS/EBS scenarios.

The big change (other than all the cool stuff like Core Parking, increased scalability, VMQ, SLAT, etc) is that this version of Hyper-V Server adds cluster support and Live Migration.  Yes, clusters and Live Migration in a free virtualisation platform.

My concern is the Core installation.  I’ve problems with that in terms of trouble shooting and hardware management applications.  I know I’m not alone as other adventurous types have tried Core installs like me and walked away.  I’d like to see a Core installation that still has a GUI so we can still use those apps from the OEM’s to do things like VLAN tagging, check hardware, etc.  But I’m not everyone and I guess there’s an audience out there for Hyper-V Server seeing as MS has updated it.

“Microsoft Hyper-V Server 2008 R2 is a stand-alone product that provides a reliable and optimized virtualization solution enabling organizations to improve server utilization and reduce costs. With the addition of new features such as live migration and expanded processor and memory support for host systems, it allows organizations to consolidate workloads onto a single physical server and is a good solution for organizations who are consolidating servers as well as for development and test environments.

By having the ability to plug into existing IT infrastructures Microsoft Hyper-V Server 2008 R2 enables companies to reduce costs, improve utilization and provision new servers. It allows IT professionals to leverage existing patching, provisioning, management and support tools and processes. IT Professionals can continue to leverage their individual skills and the collective knowledge of Microsoft tools, minimizing the learning curve to manage Microsoft Hyper-V Server 2008 R2. In addition, with Microsoft providing comprehensive support for Microsoft applications and heterogeneous guest operating systems support, customers can virtualize with confidence and peace of mind.“

Considering An Alternative Way To Deploy VM’s

I run Windows Server 2008 Hyper-V managed by System Center Virtual Machine Machine Manager (VMM) 2008.  One of the perks of virtualisation is the ability to rapidly provision servers.  We can use the traditional methods associated with physical deployments or we can use templates stored in a library.  With VMM this means storing sysprep’ed VHD’s (virtual hard disks) in the library.  VMM makes this easy – you right click on the template VM, choose to convert it and VMM does the sysprep and moves the VM into the library.  You can then use that stored VHD as a template for future VM deployments.  The new VM boots up and goes through the mini setup wizard.

Here’s the problem.  If you use fixed sized VHD’s then a fixed sized VHD is stored in the library.  In the real world, storage is not cheap.  We don’t use laptops or PC’s in the data centre.  Server/SAN storage is not €100/terabyte.  A library of 40GB+ VHD’s to cover our varied builds is going to consume lots of space and someone has to pay for that.  Here’s my situation: the cost has to be passed on to the customer and we can’t be dong that.

What I do instead of using the power of VMM deployment is that I build my template VM’s with dynamic VHD’s.  I then store them in the library in their sysprep’ed form.  I deploy VM’s without a disk and then use the edit disk feature on the Hyper-V console on the host parent partition to edit the desired template disk and convert it to be a fixed sized VHD stored in the VM’s folder.  That’s a time consuming process but it’s worth it to save disk.  I wish VMM did that out of the box for library VHD operations but it doesn’t.

I’ve been working on deployment scenarios of Windows Server 2008 R2 and Windows 7 as part of a writing project, the upcoming launch events and as a member of Microsoft’s STEP program.  I had a realisation a few days ago that I need to consider an alternative way to deploying servers.

The free Microsoft Deployment Toolkit 2010 utility allows you to capture images of PC’s and servers as WIM files.  You can then deploy those images using either a USB media, a DVD, an ISO or via a PXE boot (using Windows Deployment Services to serve a WIM boot image).  What if I did this instead of using my above process for VMM?

  • Create a file share with scripts to do things like install IIS roles, install SQL 2008, etc.
  • Build my standard images for Web, Standard, Enterprise and DataCenter editions.
  • Make all my customisations, patch them, etc.
  • Use a capture task sequence to capture the builds (WIM’s) and store them on the MDT server.
  • Build task sequences that deploy my captured WIM’s.
  • Build alternative deploy task sequences, e.g. “Web Edition Web Server” will deploy the Web Edition WIM file and then run a script to configure IIS, “Enterprise SQL Server” will deploy the Enterprise edition WIM file and then run the script to install SQL.

To deploy a new VM I could do this:

  • Create a hardware template that has no hard disk and boots from PXE by default.  The network card will be configured to use the VLAN that I run currently WDS and would run MDT on.  Call it my factory network.
  • Deploy that VM to a host.
  • Fire up the VM and boot it up.  Hit <F12> to boot from the network
  • Lot into MDT and deploy the required task sequence, e.g. “Web Edition Web Server”.
  • Sit back and drink a nice beverage while a new and nearly completely configured web server is deployed.
  • Eventually log in, make a few customisations, patch it, change whatever passwords and change the NIC VLAN binding.

This accomplishes a few things. 

  • Firstly, I only use a few GB’s of space for each edition of Windows.  A WIM file is a compressed storage medium.  It’s a file based image with single instance storage.  So I’m not storing 40GB VHD’s.  Also, I don’t need to do my manual edit disk process to convert from the library dynamic VHD to VM fixed sized VHD.
  • I’ve saved a LOT of time.  With a MDT task sequence I can do some serious post boot customisations such as running SERVERMANAGERCMD.EXE with an answer file (Windows 2008) or PowerShell (Windows 2008 R2 – SERVERMANAGERCMD.EXE is being deprecated by MS, still there but PowerShell is better) to add roles and features.
  • I can have 4 WIM files, 1 for each Server edition, and deploy any number of custom images with little storage space being consumed.
  • Theoretically, with WIM files you could use the same WIM files and deployment process for both physical and virtual servers.  I’d want to look at a way to automate installing hardware specific software, e.g. HP PSP.

If you’re using Configuration Manager 2007 (SP2 for W2008 R2 support) then you’ll get the same functionality.  I’ve seen Mark Gibson of Microsoft Ireland give a Camtasia demo of this.  Odds are if you’re using Hyper-V and VMM then you’ve got OpsMgr too, all licensed by System Center Enterprise/Datacenter CAL’s/SAL’s.  Then you’re entitled to a ConfigMgr CAL/SAL too.  However, MDT is lightweight and free.  My lab MDT machine is running 512MB of RAM and doesn’t require a SQL instance.

Anyway, there’s an alternative way to tackle VM deployment.  This would also work in an ESX/vSphere architecture.  I’m leaning strongly towards doing this.  I use WDS already for deploying blade server operating systems.  Moving to MDT seems like a logical choice to me now.

I’d love to get your feedback on this and hear what alternative ways you’re using to deploy VM’s.

WSUS 3.0 SP2 Documentation

Microsoft released some documentation following the RTW of WSUS 3.0 SP2:

  • Release Notes WSUS 3.0 SP2: These release notes describe the Windows® Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2) release, including system requirements, upgrade requirements, and known issues.
  • Deployment Guide WSUS 3.0 SP2: This guide describes how to deploy Microsoft Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2), including server and client workstation setup.
  • Features and Fixes WSUS 3.0 SP2: This document highlights the feature improvements and important software updates provided in the Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2) release.
  • Operations Guide WSUS 3.0 SP2: This guide describes the major tasks involved in administering and troubleshooting Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2).
  • Step By Step Guide WSUS 3.0 SP2: This guide provides instructions for getting started with Microsoft Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2).

Hyper-V Linux Integration Components V2

Microsoft has released version 2 of the Linux Integration components.  There’s a detailed document on that page.  Here are some extracts:

“This version of the Linux Integration Components supports the following versions of Hyper-V:

  • Windows Server® 2008 Standard, Windows Server® 2008 Enterprise, and Windows Server® 2008 Datacenter (64-bit versions only)
  • Microsoft® Hyper-V Server 2008
  • Windows Server 2008 R2 Hyper-V RTM (Build 7600) Standard, Enterprise, and Datacenter
  • Microsoft Hyper-V Server 2008 R2 RTM (Build 7600)

This version of the Linux Integration Components supports the following guest operating systems:

  • SUSE Linux Enterprise Server 10 SP2 x86 and x64
  • SUSE Linux Enterprise Server 11 x86 and x64

Linux virtual machines that will be deployed in a highly-available scenario (utilizing failover clustering) should be configured with static MAC addresses for each virtual network adapter. Because of the way Linux configures the network adapter, in certain versions of Linux, there is a possibility that the networking configuration will be lost after failover because a new MAC address is assigned to the virtual network adapter. To work around this issue, ensure that each virtual network adapter has a static MAC address. This can be configured by editing the settings of the virtual machine in Hyper-V Manager.”

Windows Server 2008 R2 – No “Without Hyper-V” SKU

With Windows Server 2008 there were two types of SKU for each edition: the normal one and the “without Hyper-V” SKU.  Any “without Hyper-V” SKU could never run Hyper-V.  At the start it was said to be $28 cheaper than the normal SKU.  Later I heard it was the same price.  I know in the SPLA world there was a small price difference.

R2 does not have a “without Hyper-V” SKU.  It confused people and could lead them to buy a license and never be able to run Hyper-V with that license/install.  We in Ireland advised people to not buy it if they were in fact the same price.

The question remains now … can you upgrade from Windows Server 2008 x64 Without Hyper-V to Windows Server 2008 R2?  I’ve not tested it and not seen anything definitive yet.