HOWTO: Deploy Windows XP via Windows Deployment Services on Windows Server 2003

1. Overview

The ability to deploy an OS via the network has been an important part of network administration for many years. Microsoft has provided tools to
facilitate network installation since Windows NT 4.0, and with each evolution of the Operating System the tools have gotten more sophisticated and
feature rich.

Remote Installation Services was introduced with Windows 2000 and it leveraged the new way of creating a Windows Network, Active Directory. It provided a
much easier method of deploying the Windows OS to client machines, and the addition of “Plug and Play” to the core Windows OS, made it much easier to
push the OS to disparate hardware.

With the release of Windows Vista a new way of deploying the Operating System is available. Windows Deployment Services, this can run within a Windows
Server 2003 box, or you can configure the WDS Role in Windows Server 2008. One of the coolest features is the new imaging format, .wim.

A windows image file can be mounted in the same fashion you might mount an ISO file. Once mounted you are able to browse the file and add/remove files
from it, the changes can then be committed when the image is unmounted. Not only are you able to “browse” the file the implication is that you could even
deploy a service pack to the OS by simply mounting the .wim file, or possibly even installing an application into the .wim file. Another exciting feature
is the ability for the file to contain more than one image within it.

An administrator can have one “image” and within that image can have images for each department, or function group within the organization. Like it’s
predecessor’s this is a free add-on to the OS, there is no additional licensing requirements for running WDS, there is no additional charge for
installing the role in Windows. It’s free to use to anyone who has the knowledge to leverage the technology.

2. Network Configuration

A minimum of two servers are required, one server will be the Domain Controller, DNS Server and DHCP Server. Technically the DHCP Server can reside on
the WDS server, in fact it’s much easier now to have WDS and DHCP on the same server than it was under RIS. I configure it separate from WDS strictly due
to habit out of using RIS.

Once your servers are installed, add the DNS, and DHCP services to the server that will become the Domain Controller. Configure DNS with the FQDN of your
AD Installation, don’t worry that you haven’t run DCPROMO yet. Again, out of habit I configure DNS first due to an issue with Windows 2000 AD that has
since been resolved.

Verify that DNS allows dynamic updates to both your forward and reverse lookup zones, then configure the DHCP service. Nothing special is needed for
either DNS or DHCP, although I have taken to using exclusion ranges for RIS so only the machines I want to RIS have the ability to do so. Verify that
your domain suffix is the FQDN of your AD Domain, verify that your Primary DNS is the IP Address of your soon-to-be Domain Controller, reboot the server.

Run DCPROMO and configure your AD Domain the same as the FQDN you configured in your DNS service. Reboot the server after the wizard is done and AD is
successfully installed on your server. There is very little left to do on the Domain Controller once the AD Service has been installed.

3. Server Configuration

Configuring RIS is very straightforward, simply install the service on the second server, the only real requirement is a second drive in this box. It
should be large enough to hold all the images you would like to make available, I will walk through configuring RIS as it is extremely simple.

Once the service is installed you are required to reboot the server, when it comes back up complete the setup by providing the first distribution image,
it may be a Windows Server 2003 image or a Windows XP image, you could probably get away with a Windows 2000 Professional image, but I’ve never tried
that. Then I usually run “adminpak.msi” to install the Windows Server 2003 Administrative Tools on the RIS Server. This allows you to open “Active
Directory Users and Computers” so that you may configure the RIS Server itself.

First things, authorize the DHCP Server, you will be able to do this via the DHCP MMC, under Administrative Tools. You should be able to authorize the
RIS server in the same fashion, if you have problems attaching to a PXE client to the RIS server then rebooting the RIS server usually resolves this
problem, your mileage may vary.

Configuring WDS is even simpler, install Service Pack 2 on the RIS server, reboot the server, open the Windows Deployment Services console from
“Administrative Tools” and add your server to the list. Once the server has been added to the list, select your server and then choose to “Configure the
server”, the most important part of this is specifying the location of the Remote Installation directory.

Your RIS server is now set to deploy regular RIPrep images as well as the new .wim format for Windows Vista and later Operating Systems.

4. RIS vs WDS

At a high level, both of these products do the exact same thing, take an “image” from the server and put it on the client. How this is accomplished by
both is a little different.

RIS copies all the files from the server to the client and setup runs and configures the client machine and if you have scripted it via an unattend file,
then it is totally hands-free. I’ve done some monitoring of a typical RIS session, network utilization goes up considerably but not the point to which it
overwhelms or floods the network. A complete installation of Windows XP SP 2 took 27 minutes to complete, from beginning to end on a 100mb switched
network.

I’ve not done the same monitoring of WDS as I did for RIS, but what I do notice is this install is more like a Windows Vista install than anything else.
The image is deployed directly to the hard-drive, there is no setup to walk through, and any configuration there is could be scripted as well.

During a RIS install the clients each connect to the distribution share and download each file separately, whereas with WDS, the image file is accessed
directly over the network. Fewer open files on the server, but the files are larger, overall I don’t see any appreciable difference performance-wise
between the two.

5. What to do with RipRep Images

It is possible to convert RipRep images to the .wim format using the wdsutil command, it’s very straightforward, and has a very rich help system
associated with it.

wdsutil /? gives help about the utility

wdsutil /Convert /? gives specific help about the convert option

wdsutil /Convert-Riprepimage /? gives help about converting RipRep images

wdsutil /Convert-Riprepimage /Filepath:”RemoteInstallSetupEnglishImagesXP-Base-WithUpdatesi386Templatesriprep.sif” /DestinationImage
/Filepath:”RemoteInstallImagesXP-Base-WithUpdates.wim”

This converts a RipRep image of Windows XP with updates from the default location to a .wim file in a different directory, there are several options that
go along with the process, I urge you to use the built-in help system to explore the commands available.

6. Capture vs Boot Images

Boot images allow a pxe client to boot and connect to a WDS server to deploy an image, or run some other utility. There are some interesting
possibilities with WinPE. There are a variety of boot images you can choose from, there is a boot image on the WAIK, you can use an OEM boot image, or
the boot image from a regular distribution DVD.

Capture images are created from boot images and allow the administrator to take a “snapshot” of a currently installed system and create a .wim file
locally on the reference machine and optionally on the WDS Server itself.

Regardless of which you choose creating a boot image is the same:

  1. Right click on boot images in the WDS Console
  2. Choose “Add Boot Image”
  3. Browse to the location of the .wim file you wish to use
  4. Provide an Image Name and Description
  5. Verify that everything is correct and click Finish

The winpe.wim from the WAIK lacks setup.exe and the supporting files that allow setup to function, but it does include everything needed to create a
capture image.

The boot.wim from an OEM DVD is locked to only deploy from DVD, the file you are interested in is pid.txt which is used for filtering.

7. Creating a Capture Image

 To create a capture image you must have a boot image first. The capture image is based on the boot image available to the server. Once you have a
working boot image, then creating a capture image is very straightforward:

  1. Right click on the boot image
  2. Choose “Create Capture Boot Image”
  3. Provide an Image Name and Description
  4. You must also provide a location to store the file

    1. The default location is RemoteInstallbootx86Images

  5. Clicking Next starts the capture image creation process

Converting RIS to WDS

Overview:

There are several methods of converting an existing RIS Server to WDS but the easiest seems to be upgrading to Windows Server 2003 SP 2. If SP 2 is already installed all you need do is choose WDS from the Add Windows Components section of Add/Remove Programs.

Scenario:

Existing RIS Server needs to be converted to WDS, Windows Server 2003 installed with no service packs. Active Directory is installed and configured, RIS is authorized in AD, a DNS and DHCP server are available on the network.

Steps:

  1. Download and install Windows Server 2003 SP 2
  2. After reboot open the “Windows Deployment Services” MMC
  3. Choose “Add Server” from the Action menu
  4. Select your server
  5. With your server selected choose, “Configure Server” from the Action menu
  6. Select your remote installation directory
  7. Choose the method to which WDS will respond to clients

Deploying XP Image via WIM

Steps:

  1. Install Windows XP via any means
  2. Install and configure applications
  3. Create a WDSCapture image
  4. PXE boot remote client
  5. Choose the Capture Image
  6. Specify a local drive/filename for the image
  7. Specify the WDS Server and Image Group

Create WDSCapture Image:

  1. Open WDS MMC on server
  2. Right click on a valid boot image

    1. Some discussion/confusion on newsgroups that a WAIK boot image won’t allow an install/capture

  3. Choose “Create a capture image”
  4. Specify a name/location

Additional Notes:

The boot image that you create can be from an OEM copy of Vista, but if so you must removed the pid.txt file from inside the image. Alternatively if you
have access to a regular distribution DVD, then you can use the boot.wim from there.

After Action Notes

Problems:

  • All computers need to be configured to PXE boot
  • Dell Precision 390 desktops need to have SATA configured for ATA operation in order for RIS to work
  • Updated RIS images need to be modified to have the Broadcom 57xx driver
  • RIS has a limitation on the master image machine, if the drive is larger than the drive on the destination computer the image won’t deploy even if there is enough room on the destination computer.

Thoughts:

  • Planning for the future, Vista can only be deployed via WDS
  • Convert RIS to WDS on Server 2003
  • Compare Windows Server 2003 WDS with the Windows Deployment Role in Windows Server 2008
  • Extract MAC addresses from all SOECS computers from ANSR
  • Create a script to manage DHCP
    • Bring DHCP online for deployment
    • Bring DHCP offline after deployment

Proof of Concept

Delay:

There was a delay of over two weeks while we waited for NTS to agree on a time to monitor the impact of a test deployment on the network at large.

Results:

I have no concrete numbers on how things went, but there were 13 machines in the test. The first machine started at 3:10pm and reached a logon prompt at 3:37pm. The image was a base install of Windows XP with Service Pack 2, the size of the image on the server is pretty small, but in the grand scheme the amount of overall data I don’t think is as important, as that will only impact the length of time.

Deployment Results

Results:

  • * Test computers both appear functional
  • * All Applications appear installed
  • * No errors reported in the System Log

Thoughts:

In my experience when a Windows DHCP Server is online clients will retrieve IP’s from it instead of ANSR. It was explained to me that ANSR takes a little
bit longer than the Windows DHCP Service, and since DHCP is “first-come, first-served” clients will almost always get their IP from the Windows DHCP
Service.

  • * Create a private network on the KU LAN
  • * Assign private IP addresses to DNS, DHCP, an AD Servers
  • * Create a private scope on DHCP
  • * Create reservations for each lab computer, to prevent regular client from getting a non-routable IP

Logging Routine

I created a routine, LogData,  that is pretty simple, it accepts
two parameters:

  • intCode
  • strMessage

I use this routine to log when the script starts and stops as well as a basic error handling routine. When I’m using it to handle errors, the strMessage
variable is usually a combination of Err.Number, Err.Description as well as text that might say what I wanted to have happen when the error occurred.

intCode

This is an integer between 0 and 4 that determines the icon that will appear in the Application log on a Windows based computer.

  • 0 = Success
  • 1 = Error
  • 2 = Warning
  • 3 = Information

strMessage

This is a string variable that holds the body of the message, usually in my scripts this is built in another function.