With Windows 8, you can deploy custom builds
to computers through manual and automated processes. To deploy Windows
using manual processes, you need to create the required boot and
installation images and optionally create recovery images. To automate
the deployment process, you need to install Windows Deployment Services.
Whether you use a completely manual process, a completely automated
process, or some combination of the two, you’ll perform similar
administrative tasks. These tasks require you to understand and use the
Windows Assessment and Deployment Kit (Windows ADK) for Windows 8 and Windows Deployment Services.
The Windows Assessment and Deployment Kit for Windows 8 is available from the Microsoft Download Center (download.microsoft.com) and contains the tools for deploying Windows images, including
-
Application Compatibility Toolkit (ACT) -
The standard deployment and imaging tools -
User State Migration Tool (USMT) -
Volume Activation Management Tool (VAMT) -
Windows Assessment Services -
Windows Assessment Toolkit -
Windows Performance Toolkit (WPT) -
Windows Preinstallation Environment (Windows PE)
You can use Windows Deployment Services to
deploy Windows 8 over a network. You can add the Windows Deployment
Services role to any server running Windows Server 2012.
Windows 8 and Windows Server 2012 use Windows PE
4.0. Windows PE 4.0 is a bootable startup environment that provides
operating system features for the following:
-
Installation
When you install Windows 8, the graphical tools that collect system
information during the setup phase are running within Windows PE. -
Deployment When a new computer performs a network boot, the built-in Preboot
Execution Environment (PXE) client can connect to a Windows Deployment
Services server, download a Windows PE image across the network, and
then run deployment scripts within this environment. -
Recovery Windows PE enables you to access and run the Startup Repair tool if Windows 8 fails to start because of a corrupted system file. -
Troubleshooting
You can manually start Windows PE to perform troubleshooting or
diagnostics testing if Windows 8 is experiencing problems that can’t
otherwise be diagnosed.
Windows
PE is modular and extensible, and it provides full access to partitions
formatted using the FAT or NTFS file system. Because Windows PE is built from a subset of Windows
components, you can run many Windows applications, work with hardware
devices, and communicate across IP networks. Several command-line tools are available in Windows PE, including:
-
BCDBoot A tool
that initializes the boot configuration data (BCD) store and allows you
to copy boot environment files to the system partition. -
Bootsect A tool for creating and working with boot sectors on hard disks and flash drives. -
Copype
A tool for creating a directory structure for Windows PE files and then
copying the Windows PE media files. Running this tool is a prerequisite
for creating bootable Windows PE media. -
DiskPart A tool for creating and working with disks, partitions, and volumes. -
DISM An advanced tool for servicing and maintaining images. -
Drvload A support tool for adding device drivers and dynamically loading a driver after Windows PE has started. -
ImageX A tool for capturing and applying Windows images. -
Lpksetup A tool for adding and removing a language pack. -
Makewinpemedia A tool for creating bootable Windows PE media. -
Net A set of support commands that enables you to manage local users, start and stop services, and connect to shared folders. -
Netcfg A tool that configures network access. -
Oscdimg A tool for creating CD and DVD ISO image files. -
Wpeinit A tool that initializes Windows PE every time it boots.
Copype and Makewinpemedia
are new tools that allow you to more easily create bootable Windows PE
media. You use Copype to set up the Windows PE build environment. After
you optimize the build as necessary, you can use Makewinpemedia to
create the bootable media, which can be a CD, DVD, USB flash drive, or
external USB hard drive.
Deployment
Image Servicing and Management (DISM) is one of the most important
deployment tools. DISM is included with Windows 8 Pro and Windows 8
Enterprise.
Using DISM, you can manage online and
offline images of the Windows operating system, including images for
deployment and those for virtual machines. Windows Image (.wim)
files are used to deploy Windows 8. Virtual hard disk (.vhd) files are
used with virtual machines. The same commands work on WIM and VHD files.
You can use DISM to:
-
Add and remove packages. Packages can include language packs, patches, utilities, and so on. -
Enable and disable Windows features. -
Add and remove third-party device drivers.
You can run DISM at an elevated administrator command prompt by following these steps:
-
On the Apps screen, Command Prompt is listed under the Windows System category. Or, if you are working with Start, type cmd. -
Press and hold or right-click the Command Prompt shortcut on the Apps screen, and then tap or click Run As Administrator.
If you see the User Account Control
prompt, proceed as you normally would to allow the application to run
with administrator privileges. -
In the Command Prompt window, enter dism /? to view available options for DISM. -
To view commands available for working with online images, enter dism /online /?.
Although DISM is designed to work primarily with offline images and images you’ve mounted, you can use some DISM commands to get important information about the live operating system running on a computer. Table 1
provides an overview of DISM Online subcommands you can use with live
operating systems. For example, if you want to display a list of Windows
editions to which a computer can be upgraded, you can enter the
following command:
dism /online /get-targeteditions
Table 1. DISM Online Commands for Live Operating Systems
SUBCOMMAND |
DESCRIPTION |
---|
/Disable-Feature /featurename:FeatureName |
Disables a specified feature. Feature names are case sensitive. |
/Enable-Feature /featurename:FeatureName |
Enables a specified feature. Feature names are case sensitive. |
/Get-CurrentEdition |
Displays the currently installed edition of Windows. |
/Get-DriverInfo /driver:DriverName.inf |
Displays information about a specified
third-party driver that is installed in the driver store. Driver names
are not case sensitive. |
/Get-Drivers |
Displays information about all third-party drivers that are installed in the driver store. |
/Get-FeatureInfo /featurename:FeatureName |
Displays information about a specified feature. Feature names are case sensitive. |
/Get-Features |
Displays information about Windows features that are installed. |
/Get-Intl |
Displays information about the default
system user interface language, system locale, default time zone,
keyboard language, and installed languages. |
/Get-PackageInfo /packagename:PackageName |
Displays information about a specified package. Package names are case sensitive. |
/Get-Packages |
Displays information about Windows packages that are installed. |
/Get-TargetEditions |
Lists the Windows editions that the operating system can be upgraded to. |
Understanding Windows Imaging
When you update Windows
8 by adding or removing features, applying hotfixes, or installing
service packs, you are simply modifying the set of modules available.
And because these modules are independent, you can make these changes
without affecting the system as a whole. Because language packs are
separate modules as well, you can easily implement different language
configurations without needing separate installations for each language.
Microsoft distributes Windows 8 on media with WIM disk images.
WIM uses compression and single-instance storage to dramatically reduce
the size of image files. Compression reduces the size of the image in
much the same way that zip compression reduces the size of files. Using
single-instance storage reduces the size of the image because only one
physical copy of a file is stored for each instance of that file in the
disk image. Because WIM is hardware independent, Microsoft can ship one
binary for 32-bit architectures and one binary for 64-bit architectures.
A separate binary is available for Windows 8 RT.
Windows 8 can be installed through
either automated or interactive setup. You can automate the installation
of Windows 8 in several ways. You can:
-
Create an unattended installation answer file
Windows 8 uses a standards-based single-format answer file. This file,
called Unattend.xml, is written in XML, making it easier to process
using standard tools. By creating a custom answer file and then running
Setup using this answer file, you can perform unattended installations
of Windows 8. The Setup program can then install the operating system
from a distribution share or from media. -
Use Sysprep image-based installation Requires running the System Preparation command-line tool (Sysprep.exe)
on a computer that you want to use as the master deployment computer,
and then creating a disk image of this computer’s configuration. Sysprep
is stored in the %SystemRoot%\System32\Sysprep folder. The Windows Automated Installation Kit (Windows AIK) includes Windows System Image Manager and ImageX
to help you use Sysprep for deployments. You use Windows System Image
Manager to create answer files for unattended installations. You use
ImageX to create and manage disk images.
By using WIM as its disk-imaging format and
taking advantage of the modular design of Windows 8, ImageX
significantly reduces the number of disk images that must be maintained.
You don’t need to maintain multiple hardware-dependent disk images or multiple language-dependent disk images. Instead, you typically need only a single disk image
for each chip architecture used in your organization. You can then use
different installation scripts to customize the operating system
installation as necessary.
WIM has other advantages over earlier disk
image formats as well. WIM enables you to modify and maintain disk
images offline, which means you can add or remove optional components
and drivers or perform updates without having to create a new disk
image. To do this, you mount the disk image as a folder and then use
File Explorer or other tools to update, manage, or remove files as
necessary.
Windows System Image Manager, ImageX, and Sysprep provide several different ways to automate deployment. Here are the basic steps:
-
Set up and configure Windows
8 on a computer not being used for normal operations, and then install
and configure any necessary components and applications. -
Run Sysprep to prepare the computer for
capture. Sysprep removes unique identifiers from the computer and
designates it as a master deployment computer. At the end of this
process, the computer no longer has identifying information that allows
it to be logged on to and used within a domain or workgroup. -
Use the ImageX /Capture option to capture the
disk image and store this image on media or in a distribution share.
The image can be maintained offline by using the ImageX /Mountrw option
to mount the image in read/write mode so that you can make any necessary
changes. Use the ImageX /Unmount command to unmount the image when you
are finished making changes.
You also can mount images using DISM
/Mount-WIM and unmount images using DISM /Unmount-WIM. DISM provides
functionality for manipulating images. You can set product keys, perform
upgrades, add or remove drivers, set language and locale information,
add or remove packages and features, and clean up images. -
Use Windows
System Image Manager to create your unattended installation answer
files. You can then create deployment scripts that configure the
computer, run Setup using the answer file, and apply the disk image
you’ve previously created. -
Run your deployment script to configure the computer and install the operating system.
Managing Access and Prestaging Computers
You can manage images using DISM. To prevent unauthorized users from installing images, you can:
-
Prestage computers and allow only known computers to be deployed. -
Modify the security settings of image files so that only appropriate personnel can access them. -
Enable administrator approval for client installation.
Prestaging computers involves creating
computer accounts in Active Directory prior to their use. By prestaging a
computer, you control exactly which clients and servers can communicate
with each other. Before you prestage computers, you should be sure that
Windows Deployment Services is configured to accept requests only from
known computers. To do this, follow these steps:
-
In the Windows Deployment Services console,
expand the Servers node. Press and hold or right-click the server you
want to work with, and then select Properties. -
On the PXE Response Settings tab, tap or click Respond Only To Known Client Computers, and then tap or click OK.
To prestage a computer, you need to know the computer’s globally unique identifier (GUID). A computer’s GUID comes from the active network adapter on the computer and must be entered in the format {dddddddd-dddd-dddd-dddd-dddddddddddd}, where d is a hexadecimal digit, such as {AEFED345-BC13-22CD-ABCD-11BB11342112}.
You can obtain the required identifier in
several ways. In some cases, manufacturers print a label with the GUID
and attach the label to the computer. However, don’t forget that the
GUID is valid only for the network adapter that shipped with the
computer. If you replace the adapter, the new adapter will have a new
GUID.
To obtain the GUID for the installed network
adapter, you can check the computer’s firmware. If a remote computer is
started, you can enter the following command at a Windows PowerShell
prompt:
get-wmiobject win32_networkadapter | format-list guid
Write down or copy the GUID associated with the network adapter connected to the local area network.
To prestage computers, follow these steps:
-
In Active Directory Users And Computers, press
and hold or right-click the OU or container where the computer will be
staged, tap or click New, and then tap or click Computer. -
Type a name for the computer, and then tap or
click Next. Alternatively, tap or click Change to choose the user or
group with permission to join this computer to the domain, and then tap
or click Next. -
On the Managed
page, select This Is A Managed Computer, type the computer’s GUID, and
then tap or click Next. The GUID can be found in the system firmware or
it might be posted on the computer case. -
On the Host
Server page, choose the Windows Deployment Services server that will
service this client. Tap or click Next, and then tap or click Finish.
Modifying Image File Security
To modify the security settings on an image
file, open File Explorer. Press and hold or right-click the image file,
and then click Properties. In the Properties dialog box, use the options
on the Security tab to configure the security settings you want to use.
Alternatively, you can configure security settings on the Image Group
folder in which the image file is stored. These settings will then be
inherited by the images in the Image Group folder.
Requiring Administrator Approval
Instead of prestaging
computers or using image file security, you can require administrator
approval before allowing computers to be installed from images. To
require administrator approval rather than modify security settings on image files, you can do the following:
-
In the Windows
Deployment Services console, expand the Servers node. Press and hold or
right-click the server you want to work with, and then tap or click
Properties. -
On the PXE Response Settings tab, select Respond To All (Known And Unknown) Client Computers. -
Select For Unknown Clients, Notify Administrator And Respond After Approval, and then tap or click OK.
Now computers that are booted from the
network will enter a pending state. Before the installation can proceed,
an administrator can approve or reject the request.
To approve a request, complete the following steps:
-
In the Windows Deployment Services
console, select the server you want to work with. Next, tap or click the
server’s Pending Devices folder to select it and display a list of
computers waiting for approval. -
Press and hold or right-click the computer, and then tap or click Approve.
To reject a request, complete the following steps:
-
In the Windows Deployment Services
console, select the server you want to work with. Next, tap or click the
server’s Pending Devices folder to select it and display a list of
computers waiting for approval. -
Press and hold or right-click the computer, and then tap or click Reject.
Customizing Windows Images
You can customize a mounted boot or install an image using the DISM utility. Available options for DISM are summarized in Table 2. All components in an image are managed via the component store.
Table 2. Key Options for the DISM Utility
COMMAND TYPE/COMMAND |
DESCRIPTION |
---|
GENERAL COMMANDS | |
/Cleanup-Wim |
Deletes resources associated with mounted Windows images that are corrupt |
/Commit-Wim |
Saves changes to a mounted Windows image |
/Get-MountedWimInfo |
Displays information about mounted Windows images |
/Get-WimInfo |
Displays information about images in a Windows image file |
/Image |
Specifies the path to the root directory of an offline Windows image |
/Mount-Wim |
Mounts an image from a Windows image file |
/Online |
Targets the running operating system |
/Remount-Wim |
Recovers an orphaned Windows mount directory |
/Unmount-Wim |
Unmounts a mounted Windows image |
ADDITIONAL OPTIONS | |
/English |
Displays command-line output in English |
/Format |
Specifies the report output format |
/LogLevel |
Specifies the output level shown in the log (1–4) |
/LogPath |
Specifies the log file path |
/NoRestart |
Suppresses automatic reboots and reboot prompts |
/Quiet |
Suppresses all output except for error messages |
/ScratchDir |
Specifies the path to a scratch directory |
/SysDriveDir |
Specifies the path to the system loader file named BootMgr |
/WinDir |
Specifies the path to the Windows directory |
Once you mount an image, you are able to work with the mounted image using the Dism /Image subcommands listed in Table 3.
These subcommands allow you to upgrade the image to a higher edition,
add and remove device drivers, specify time zones and language user
interface (UI) options, display patches and installed message signaled
interrupt (MSI) applications, add and remove packages, and more.
Table 3. Important Subcommands for Mounted and Offline Images
SUBCOMMANDS |
DESCRIPTION |
---|
/Add-Driver |
Adds driver packages to an offline image |
/Add-Package |
Adds packages to the image |
/Apply-Unattend |
Applies an AnswerFile.xml file to an image |
/Check-AppPatch |
Displays information if the multiple customization patches (MSP files) are applicable to the mounted image |
/Cleanup-Image |
Performs cleanup and recovery operations on the image |
/Disable-Feature |
Disables a specific feature in the image |
/Enable-Feature |
Enables a specific feature in the image |
/Gen-LangIni |
Generates a new Lang.ini file |
/Get-AppInfo |
Displays information about a specific installed MSI application |
/Get-AppPatches |
Displays information about all applied MSP patches for all installed applications |
/Get-AppPatchInfo |
Displays information about installed MSP patches |
/Get-Apps |
Displays information about all installed MSI applications |
/Get-CurrentEdition |
Displays the edition of the specified image |
/Get-DriverInfo |
Displays information about a specific driver in an offline image or a running operating system |
/Get-Drivers |
Displays information about all drivers in an offline image or a running operating system |
/Get-FeatureInfo |
Displays information about a specific feature |
/Get-Features |
Displays information about all features in a package |
/Get-Intl |
Displays information about the international settings and languages |
/Get-PackageInfo |
Displays information about a specific package |
/Get-Packages |
Displays information about all packages in the image |
/Get-TargetEditions |
Displays a list of Windows editions that an image can be upgraded to |
/Remove-Driver |
Removes driver packages from an offline image |
/Remove-Package |
Removes packages from the image |
/Set-AllIntl |
Sets all international settings in the mounted offline image |
/Set-Edition |
Upgrades the Windows image to a higher edition |
/Set-InputLocale |
Sets the input locales and keyboard layouts to use in the mounted offline image |
/Set-LayeredDriver |
Sets the keyboard layered driver |
/Set-ProductKey |
Populates the product key into the offline image |
/Set-SetupUILang |
Defines the default language that will be used by Setup |
/Set-SKUIntlDefaults |
Sets all international settings to the default values for the specified SKU language in the mounted offline image |
/Set-SysLocale |
Sets the language for non-Unicode programs (also called system locale) and font settings in the mounted offline image |
/Set-TimeZone |
Sets the default time zone in the mounted offline image |
/Set-UILang |
Sets the default system UI language that is used in the mounted offline image |
/Set-UILangFallback |
Sets the fallback default language for the system UI in the mounted offline image |
/Set-UserLocale |
Sets the user locale in the mounted offline image |
The Deployment Image Servicing and Management tool provides commands for working with WIM images. The syntax for mounting images is
dism /mount-wim /wimfile:Path /index: Index /mountdir: MountPath
where Path is the full path to the WIM image, Index is the index position of the image number of the image within the .wim file to apply, and MountPath is the directory location where you’d like to mount the image, such as
dism /mount-wim /wimfile:c:\winpe_x86\iso\sources\boot.wim /index:1
/mountdir:C:\Win8
You can then modify the image as necessary.
To commit your changes at any time, you can use Dism /Commit-Wim, as
shown in the following example:
dism /commit-wim /mountdir:C:\Win8
where you commit changes to the WIM images mounted in the C:\Win8 directory.
To unmount a WIM file, you can use Dism /Unmount-Wim, as shown in the following example:
dism /unmount-wim /mountdir:C:\Win8
Here, you unmount
the WIM image that was mounted and committed in the C:\Win8 directory.
If there are uncommitted changes, you must commit or discard changes
when you unmount a WIM image. Add /Commit to commit changes or /Discard
to discard changes. This affects only the changes you haven’t previously
committed.
|