Friday, February 18, 2011

(image based) Windows 7 deployment a-z

As i promised to some folks, i’d publish my howto on how to deploy Windows 7. In this howto, i’m using image based distribution.

Essentials:

  • vm or physical machine
  • Windows 7 dvd
  • Windows® Automated Installation Kit (AIK) (download here and mind your language)

Here we go

  • Boot the machine from the Windows 7 dvd
  • Due to our fast deploy method, i’m not interested in the recovery partition. If a system fails, i’m simply going to deploy it again. Also i don’t need to encrypt the who diks with bitlocker. And last but not least, this keeps the partition structure easy. Therefore this is the time to create the partition structure manually before Windows does it for you and creates the first 100MB partition.
    So: on the screen where you can select your language and keyboard, press SHIFT+F10
  • A dos prompt opens, type
    • diskpart
    • list disk
    • select disk 0
    • create partition primary
    • select partition 1
    • format fs=ntfs quick
    • exit
    • exit
  • Now resume installation as normal, but choose “disk 0, partition 1” when selecting a destination
  • Rest of the installation goes automatically
  • At the point where you are prompted for a username, press CTRL+SHIFT+F3. This is called Audit mode. The system will reboot and log in automatically. It will continue to do this untill you sysprep the system. This gives you the chance to “Microsoft Update” your system and put other applications into the installation.
  • As said before, this is the chance to update your system with everything you want, like applications of your choice or Microsoft Updates. Reboot as many times as you want. Press cancel on the sysprep application after every logon. We’re not going to use the GUI anyway.
  • In the meanwhile, install de Windows® Automated Installation Kit (AIK) on another system.
  • Select an installation source (the dvd) and create a new answer file
  • As you can see, the sysprep stages consist of 7 stages now, but as we’re dealing with image based distribution and have allready processed the Audit stage manually, we’re only interested in 2 stages: Specialize and oobeSystem (Out Of Box Experience). This is important to know. More on these stages can be found at Microsoft’s website.
  • There are a lot of things you can do during all the stages, but i’m going to explain the essentials to make the installation after deployment run really unattended
  • Specialize:
    • Microsoft-Windows-Shell-Setup_neutral: Specify at least the Product Key and ComputerName. CopyProfile=True if you are doing weird things with your profile that needs to be inherited by the Default User profile.
    • Microsoft-Windows-UnattendedJoin_neutral: Specify the domain that needs to be joined, and one level deeper specify the credentials
  • oobeSystem:
    • Microsoft-Windows-International-Core_neutral: Specify the inputlocale, systemlocale and userlocale of your choice.
    • Microsoft-Windows-Shell-Setup_neutral: Specify Registered Owner, Registered Organization, TimeZone (F1 for explanation) and one level deeper:
      • Autologon: count 1, and supply the credentials (and domain if needed)
      • LogonCommands: this is one of the interesting things. I always try to keep the image itself as plain as possible. Instead i’m doing a “postinstallation” of some utilities. I’m calling these by the script i’m calling here. So “AsynchronousCommand(Order=1): CommandLine=C:\w7startup.bat, order=1, requires user input=False, Action=AddListItem
      • OOBE: HideEULAPage=True, HideWirelessSetupInOOBE=True, NetworkLocation=Work, ProtectYourPC=1
      • UserAccounts: Now this is the tricky one. You have to specify at least SOME action here or your unattended installation won’t be unattended and asks for some input in this stage. Create a local account or if that’s unacceptable do something irrelevant like add “Domain Admins” to your local “Administrators” group.
  • Now save your answer file and call it sysprep.xml
  • Place this file on the system you’ve installed in c:\Windows\system32\sysprep\
  • Open a dosprompt, go to the above directory and execute 
    Sysprep.exe /generalize /oobe /shutdown /unattend:c:\Windows\system32\sysprep\sysprep.xml
  • The system will shutdown, then capture an image (can be a ghost image, drivesnapshot (very nice tool) image, Microsoft’s own imagex, etc)
    from this installation
  • Your unattended installation is ready.

How to deploy?
There are very cool ways to automate all these steps but these are the basics:

  • Place the image back onto a different pc
  • Copy a simple batchfile called “w7startup.bat” to the harddisk/partition that has just been filled. Simple example: 
    @echo off
IF NOT EXIST C:\Install\vmtools\setup.exe GOTO SKIPVMTOOLS
echo - vmware tools detected
start /wait C:\Install\vmtools\setup.exe /s /v"REBOOT=R /qb"
:SKIPVMTOOLS
echo - default login domain
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "YOURDOMAIN" /f
echo - disable uac
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
echo - activate current license key
start /wait slmgr.vbs /ato //B
echo - disable hybernate
powercfg -h off
echo - set powerscheme
powercfg -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
echo - java
start /wait c:\install\java\jre-6u23-windows-i586-s.exe /s /v/qn
reg add "HKLM\Software\JavaSoft\Java Update\Policy" /v EnableJavaUpdate /t REG_DWORD /d 0x0 /f
echo all installs done
del /f c:\w7startup.bat
  • Don’t forget to delete w7startup.bat (”yourself”) at the end of the file, otherwise this file will run on every logon in the future. (or delete the HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Unattend* registry key)
  • Copy all the recent versions of the installation files to the right directories so that your w7startup.bat will pick them up.

That’s it. That wasn’t that hard was it?

Some more on the underlaying techniques:
You don’t want to create an answer file for every pc.
In Windows XP, if you used c:\sysprep\sysprep.inf while creating your sysprepped pc, after deployment you could change values like e.g. the COMPUTERNAME=”" to a different name and the unattended installation would pick that up.
That won’t work with Windows 7 anymore (considering you’ve used c:\windows\system32\sysprep\sysprep.xml).
What sysprep actually does is create a file called C:\Windows\Panther\Unattend.xml based on the sysprep you’ve created. So that’s pretty interesting.
After you’ve deployed your image and you copy the w7startup.bat file and the other installation files, why not edit the C:\Windows\Panther\Unattend.xml file and replace values like:

<ComputerName>SYSPREPMACHINE</ComputerName>

or change the license key

<ProductKey>AAAAA-THISC-OMPUT-ERSOW-NKEY1</ProductKey>

or if you want a different domain to join:

<Domain>DIFFERENTDOMAIN</Domain>
<Password>differentpass</Password>
<Username>differentjoinuser</Username>
fat32 to ntfs conversion memory requirements »
« Quick Sound Switch