Windows Deployment Services Deployment and Management Guide

Microsoft Corporation Published: April 2008 Author: Trina Gorman

Abstract
This document contains detailed information that explains how to configure Windows Server® 2008 to deploy operating system images to computers.

Copyright Information
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2008 Microsoft Corporation. All rights reserved. Active Directory, Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

Contents
Windows Deployment Services Deployment and Management Guide...........................................1 Abstract....................................................................................................................................1 Copyright Information......................................................................................................................2 Contents..........................................................................................................................................3 Introduction to Windows Deployment Services.............................................................................12 About This Guide.......................................................................................................................12 In This Topic...............................................................................................................................12 What Is Windows Deployment Services?..................................................................................12 What’s New in Windows Deployment Services?........................................................................13 Benefits of Windows Deployment Services...............................................................................14 Management Tools....................................................................................................................14 Common Usage Scenarios........................................................................................................14 Scenario One: The Small Business........................................................................................14 Scenario Two: The Medium-Sized Business..........................................................................16 Scenario Three: The Large Enterprise...................................................................................17 Scenario Four: A Custom Deployment Using Transport Server..............................................18 Configuring Your Deployment.......................................................................................................18 Configuring Active Directory Settings............................................................................................19 In This Topic...............................................................................................................................19 Integration with Active Directory Domain Services....................................................................19 Supported Environments...........................................................................................................19 Configuring Static Domain Controllers and Global Catalog Servers..........................................20 Creating a Localized Setup Experience........................................................................................20 In This Topic...............................................................................................................................20 Localizing the Boot Menu..........................................................................................................21 Localizing the Installation...........................................................................................................21 Installing Language Packs.........................................................................................................23 Methods.................................................................................................................................23 Storing Language Packs in the Image Store..........................................................................24 Managing DHCP...........................................................................................................................25 In This Topic...............................................................................................................................25 Configuring DHCP Options........................................................................................................25 Enabling DHCP Authorization....................................................................................................26 Granting Permissions to Authorize the Server........................................................................26

Managing Network Boot Programs...............................................................................................27 In This Topic...............................................................................................................................27 Configuring the NBP..................................................................................................................28 List of NBPs...............................................................................................................................29 Directing a Client to the Appropriate NBP..................................................................................30 Updating the IP Helper Tables................................................................................................30 Using DHCP Options 60, 66, and 67......................................................................................31 Implementing PXE Referrals.....................................................................................................32 When to Implement PXE Referrals.........................................................................................32 Requirements.........................................................................................................................33 Referral Examples..................................................................................................................33 Enabling Architecture Detection.................................................................................................35 Avoiding a Boot Loop.................................................................................................................35 Managing the Boot Menu..............................................................................................................35 In This Topic...............................................................................................................................35 Overview....................................................................................................................................36 Boot Menu Limitations...............................................................................................................36 Specifying Boot Images for Prestaged Clients...........................................................................36 Configuring the Boot Menu for x64-Based Clients.....................................................................37 Prestaging Client Computers........................................................................................................37 In This Topic...............................................................................................................................37 Benefits......................................................................................................................................38 Creating an Auto-Add Policy......................................................................................................38 When the Policy Applies.........................................................................................................38 Auto-Add Policy Types...........................................................................................................39 Purging the Auto-Add Database................................................................................................40 Optimizing Your Deployment.........................................................................................................40 Extending Your Solution................................................................................................................40 In This Topic...............................................................................................................................41 Benefits of Building a Solution...................................................................................................41 Creating a Custom Solution.......................................................................................................41 Windows Deployment Services PXE Server.......................................................................42 Windows Deployment Services Client................................................................................42 Custom Solution Example.........................................................................................................43 Instructions for Using the Sample Code.................................................................................44 Sample Visual Basic Script.....................................................................................................44 Sample Image Unattend File..................................................................................................45 Sample WinPESHL.ini File.....................................................................................................46 Managing a Complex Environment...............................................................................................46 In This Topic...............................................................................................................................47 Managing a Server Remotely....................................................................................................47

.........60 To create a namespace..........................................................................................................................................................................................52 Unicasting.............72 Automating the Domain Join and Computer Naming.....................................................................................Avoiding IP Address Conflicts...............................................................................................................................................................66 Example Boot Loop..................................51 In This Topic..............48 Testing Technologies by Using Virtual Computers..............................................................................................................................56 In This Topic....................................51 Configuring the Server for Performance and Scalability.........................................................................................70 Automating the Remaining Setup Phases......................................................57 Comparison of Deployment Server and Transport Server..................49 Optimizing Performance..........................................67 Automating Setup..................................................54 Multicast Installation..............................................................................................65 Avoiding a Boot Loop.............................................................................................................65 Automating the PXE Boot..65 Overview............................68 In This Topic.....................................................................................68 Automating the User Interface Screens of the Windows Deployment Services client...................................................................................................................59 How to create a namespace with Transport Server................................................................................................................................................................65 In This Topic................................................................................................................................................................................................64 Performing Unattended Installations.....................................................................................................................................................54 Unicast Installation.............................................................................................................................................................................................56 Using Transport Server......................................................60 Namespace types.......................................52 Performance and Scalability Expectations...................................................................................................................................................................................................................52 Multicasting.......................................................................................................................................................................................................................................................58 Using a Transport Server to Boot from the Network.......................................55 Testing of Security Options with Multicast......................67 Automating the Selection of the Boot Image....................51 Best Practices for Avoiding Performance and Scalability Problems........69 Unattend File Settings......................................................................................63 Options.......................................................................................................48 Versions of the Management Tools to Use with RIS and Windows Deployment Services............................................72 ............................................................................................61 How to join a client computer to a namespace by using Wdsmcast..........................................................................exe.......................61 How to perform common tasks..............60 Prerequisites for creating a namespace........68 Overview..................................................59 Using a Transport Server for Multicasting....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................57 Configuring Transport Server........

...............................81 Precedence.........................................................................................................................................................................................95 Deploying Earlier Versions of Windows.............................83 Sample Unattend Files...........................................................................................................................................93 Creating Custom Install Images.........................................................................................................................................................................83 In This Topic..............................................................................................88 Working with Images..................................................90 Creating Custom Boot Images................................89 In This Topic.........................74 Automating the Image Capture Wizard...................inf Unattend File.........................inf Unattend File.......................................................................................................................................................81 Unattend File Precedence......................................95 ................................79 Advanced Unattended Installation Scenarios.........................................................................................................................................................................................................................................................85 Image Unattend Files (secure domain join)..........................................................90 Versions of Windows PE...............................................................................................................................................................................................83 Windows Deployment Services Client Unattend File................................................................................................................73 Ensuring Security.................79 In This Topic...............................................................................91 Discover Images......................................................................................................................................................................................................75 Sample WDSCapture...................................81 Embedding an Unattend File in an Image...................73 Ensuring Proper Rights.........In This Topic....................................................86 Image Unattend Files (using variables)............................89 Creating Images.............................................................................................................................................................................................80 Using Implicit Unattend Files.............................................................84 Image Unattend Files (unsecure domain join)...................92 Capture Image................80 Passing Unattend Files to Setup by Using the Command Line.........................................................................................inf file......................................................................................93 Converting RIPREP Images......................................................94 Default Conversion..................................................................................................................................94 In-Place Conversion.......................................91 Creating a Discover Images....81 Command-Line Precedence.................................................................................................................................................................................................................................................................................................................................82 Using Variables to Obtain Information from the Client.................................................................................................................................................73 Creating Unattend Files............75 Creating a WDSCapture...................................................................................................................87 Sysprep............................................................................................................................................................................................................................................................................................................................................................89 Boot Images........................................................................................................................................89 Overview..............................................................................................................................82 Example Scenario..................................

.........................................................................................112 To configure unknown clients to perform PXE boots without requiring F12................................................111 To authorize the server in DHCP......................................................................................................................................Filtering Images...............................................................................96 Filtering by Architecture.....................................................................109 To force the server to update files in the RemoteInstall folder.....................97 In This Topic..................................................99 Storing and Replicating Images Using DFS....................100 Replicating Images Using Distributed File System................110 To configure Windows Deployment Services to run on the same computer as Microsoft DHCP.............................................................................................................106 To start or stop the server.......................................................................................................106 To configure Windows Deployment Services..............................................................................................................................................................................................................103 General Tasks.......................................106 To enable the server..........................................112 To configure the server to answer clients......................................................................................110 To configure Windows Deployment Services to run on the same computer as non-Microsoft DHCP.............................................................................113 To configure the server to determine the architecture of booting clients.............................................................................................................112 To set a delay in the server’s answers to PXE requests.................................................................................................................................108 To configure how often the server refreshes its settings.........................................................................................97 Filtering Images Manually................107 To choose the port number for RPCs............................................................................................................................................................................................................................................................................................................................................................................96 Filtering by Using HALs........98 Reducing the Size of Images...........................................109 To back up the server data.......................................................................................................100 Storing Files on Another Server...107 To enable logging of Windows Deployment Services client actions........................................113 To configure clients who have booted without F12 to require a key press on subsequent boots......................98 Servicing an Image Offline.......................................................................................................................................102 In This Topic..............102 How to Manage Your Server...........................................................................................................101 How to Perform Common Tasks..................................................114 .........................................................................................................................................................................109 DHCP..............................109 To configure the network profile for the server.........................96 Automatic Filtering by Windows Deployment Services................................................107 To specify the network interfaces for the PXE provider to listen on.................................................................................................97 Servicing Images....................................................................................................................................................111 Client Requests..............................................................................................................................................113 Boot Program and Boot Image....110 To turn on the DHCP authorization requirement......................................................................................................................................................................................................................................................................................................................................................................

...............................................................123 To prestage a client computer to use a boot program other than the default.......................120 How to Manage Client Computers.......................117 To specify how to generate computer names..120 To specify whether an unattend file on the client computer will override a default unattend file ...............................................................................128 To set a default boot image for pending computers.................................................................123 To create a prestaged account for a client computer...........................................................................................114 To choose the default network boot program that does not require F12 for each architecture ..............................................................................................................................................................................................................................................................................................................................................................................................................127 To set a default boot program for pending computers.....125 Specify Settings for Prestaged Computers...........116 To specify a global catalog server for the PXE provider..........................................................................124 To prestage a client computer to use a boot image other than the default..............................................................................................................................................................................................................................127 To set a default network boot server for pending computers....................................................................................................................................................130 To enable Auto-Add functionality.....................................121 Prestage Computers................129 Configure Auto-Add Functionality......119 To choose whether to join client computers to the domain...............................................120 To choose a default unattend file for the Windows Deployment Services client..............................................................................126 To change the number of times pending computers will poll the server................................................130 To change the length of time approved computers are held in the Auto-Add database.................................................................................................................130 ......................................................................................115 Prestaging Clients........................................118 To specify the domain and OU in which to create computer accounts.........123 To prestage a client computer to boot from a different server..................................................................119 Unattend File.........................................127 To set a default unattend file for pending computers...117 To maintain a list of GUIDs that belong to multiple computers..127 To change the message displayed to pending computers..........115 To choose the default boot image for each architecture.......................To choose which boot images are displayed on x64-based computers................................................................................................................................................................................................................................................................................................................................................................116 To configure the server to prestage clients by using their MAC address instead of their GUID ..125 To change the rate at which pending computers will poll the server..............................116 To choose whether to search for computer accounts in the domain controller before searching the global catalog................114 To choose the default network boot program for each architecture..........................................128 To set domain join options for pending computers................................123 To prestage a client computer to use an unattend file other than the default for the Windows PE phase of unattended setup...................................................................116 To specify a domain controller for the PXE provider.........124 To prestage a client computer to join a domain..........................................................125 To view the attributes of a prestaged client................................

.............................147 To display information about all images in an image group...................................................................................................................132 To approve a pending computer....131 To approve a pending computer by using the default settings.....134 To reject a pending computer.......131 Approve and Reject Pending Computers......................148 Prerequisites for Creating a Multicast Transmission..146 To add an image group to the image store..................................................137 To remove an image..................................................... but change a setting....................................................150 To create a multicast transmission with Deployment Server..................................................................................................................................................................................................................146 To set the attributes on an image group.......149 Known Issues in Creating a Multicast Transmission........................................................................................ description.............................................................................To change the length of time rejected and pending computers are held in the Auto-Add database..............wim file. but change a setting................................................................143 Install Images.............................................. and online/offline status attributes on a boot image.....................147 How to Create Multicast Transmissions.........................................146 Image Groups.................................................................................................................................................................................................................................149 Transmission Types.........140 To create a capture image.............................................145 To make a copy of an install image...........................................................................................139 To display the attributes of a boot image.....................................................................................................................................................................................142 To create a discover image manually.....................................................................141 To create a discover image...............................................................................................................138 Boot Images...................................wim install image.....................................................................................................131 To view the list of computers that are pending approval................135 General Tasks.....................................................................150 To manage transmissions.......................134 How to Manage Images.........................................................................................................131 To approve all pending computers by using the default settings.............................136 To export an image from the server to a stand-alone ..................................................................................................................................................................................................130 To delete the approved or rejected computers table......144 To display the attributes for an install image...............................................................................................................................................................................136 To replace an image on the server with an updated version............................................................................................................................................................................................................................144 To convert a RIPREP image to a .....................................................143 To set the attributes for an install image........................................................................................................................................................................................................................................................148 Overview.............................................................138 To set the name.......................147 In This Topic...........151 ..............................................................138 To add a boot image to the server.....146 To remove an image group.....................................................................132 To approve all pending computers............................................................................140 To create a capture image manually.....................................................................................................143 To add an install image.............................................................................................

...................173 PXE Boot Phase.....................................................................................................................................................................175 Addressing Performance Problems in the Image Apply Phase..................... but it cannot access an install image......................................................................................................................................................................................167 To Turn On Emergency Management Services Settings..........................175 Diagnosing Performance Problems in the Image Apply Phase...................163 To Configure a Localized Boot Manager Experience.........................................................................................................................173 TFTP Download Phase.......154 Display Performance Information About Clients........................................................................................ I see a command prompt........................................................................................................................................................................................162 To View the Contents of the BCD Store......................................................................................182 The client computer obtains an IP address but then fails to download a NBP....................................................181 When I perform a PXE boot and select a boot image..............................................................................................................................................................169 Troubleshooting ............................................................................................153 To configure how the server will obtain IP addresses for multicasting..............................................................183 ................182 My computer loads the boot image..................................................182 The client computer fails to get an IP address when I try to boot into PXE......177 Common Problems...173 Diagnosing TFTP Download Performance Problems................................................................172 In This Topic...........................................................................................................159 How to Modify the BCD Store Using Bcdedit...............................................................................162 To Configure the Default Selection Time-out Value............183 Troubleshooting x64-Based Client Computers.............................154 Stop Transmissions Slower than 1 MB per Second...............................165 To Configure the TFTP Window Size.........................................................................174 Image Apply Phase....................................152 To configure the UDP port range for multicasting..........................................................182 I created an unattend file.....................................................................................................................................154 In This Topic.......................................................................................................................................................................181 I am unable to perform PXE boots on client computers................................................ my client computer is not joined to the domain..172 Analyzing Performance Problems......162 In This Topic.......................................................................153 Example Multicast Scripts............................................................................................176 Using Performance Monitoring...................164 To Configure the TFTP Block Size.........173 Addressing TFTP Download Performance Problems..........................................................................................................183 Install images do not appear on the image selection page.................................182 I don't see the hard drive of the client computer on the disk configuration page of Setup.........166 To Configure Windows Debugger Options...................................................................................................................................................... but when installation completes....................................179 Performing PXE Boots on Client Computers.........................................................................................................................................To manage clients in a transmission....172 Analyzing Blockages in Each Phase of Installation.........

.......................................................185 When using Image Capture Wizard to create a custom image................................................................ Now the server will not answer my client computer.........................183 My x64-based client computer is detected as x64........................................................................................ but it fails to boot to the default image.....................................................................................184 I received the error: "0x2: File not found" when trying to manage a remote Windows Deployment Services server..........................184 I approved a pending computer and then deleted the computer account that was created in AD DS during the process...........................................................................................................................................................................192 Permissions for Common Management Tasks...................................................................................186 Multicasting....................................................................................................190 Protocols........................................................................................................................................... but then I got a metadata error...........197 Permissions for Server Properties................................................................................190 Ports................................................................................................................................................192 In This Topic......................................................................................................................... the volume that contains my image is not selectable..187 Logging and Tracing....................................................................................193 Permissions for Client Installations.............................................................................................191 Required Permissions.....................................187 Network Ports Used ...........................................................................186 The capture started successfully..........................My x64-based client computer does not have any x64-based images on the boot image selection page.....................184 Creating Custom Install Images....................................................................................................................... there is excessive traffic on the network............................................184 Performing Management Operations......................................................................................................................................................................................................192 General Permissions..........185 The finish button is not enabled on the final page of the image capture wizard.................................. ......................................................................................................199 .............184 I can't approve a pending computer....186 After enabling multicasting..........186 My multicast transmissions are running very slowly....................

In This Topic • • • • • What Is Windows Deployment Services? What’s New in Windows Deployment Services? Benefits of Windows Deployment Services Management Tools Common Usage Scenarios What Is Windows Deployment Services? The Windows Deployment Services role in Windows Server 2008 is the updated and redesigned version of Remote Installation Services (RIS). About This Guide Note the following information about this documentation: • This guide applies only to the Windows Deployment Services server role for Windows Server 2008. This means that you do not have to be physically present at each computer. These components include a Pre-Boot Execution Environment (PXE) server and Trivial File Transfer Protocol (TFTP) server for network booting a client to 12 . It does not apply to the Windows Deployment Services update (which is included in the Windows AIK and Windows Server 2003 SP2). For more information about the Windows Deployment Services update.com. For information about configuring and using the Transport Server role service. Windows Deployment Services enables you to deploy Windows operating systems. • This guide focuses primarily on the functionality of the complete installation of Windows Deployment Services (Deployment Server role service). e-mail wdsdoc@microsoft. and you do not have to install each operating system directly from a CD or DVD. • To provide feedback on this documentation.microsoft. see http://go.com/fwlink/?LinkId=81031. see Step-by-Step Guide for Windows Deployment Services in Windows Server 2008. particularly Windows Vista® and Windows Server 2008. The components of Windows Deployment Services are organized into the following three categories: • Server components. • For information about installing and configuring this role. see Using Transport Server.Introduction to Windows Deployment Services This document contains detailed information about how to manage and deploy operating systems by using Microsoft® Windows® Deployment Services. You can use it to set up new computers by using a network-based installation.

• Management components. There are also modifications from Windows Deployment Services that you can install on computers that are running Windows Server 2003. and files that you need specifically for network booting. and client computer accounts. Changes from RIS Changes from Windows Deployment Services in Windows Server 2003 • The ability to deploy Windows Vista and Windows Server 2008 • Windows PE as the boot operating system • Image-based installation. and a diagnostics component. the client components communicate with the server components to install the image.wim) file • The ability to transmit data and images by using multicast functionality • The ability to transmit data and images by using multicast functionality on a standalone server (when you install Transport Server) • An extensible and higher-performing PXE server component • A new boot menu format for selecting boot operating systems • A new graphical user interface that you can use to select and deploy images and to manage Windows Deployment Services servers and clients • The ability to transmit data and images by using multicast functionality • The ability to transmit data and images by using multicast functionality on a standalone server (when you install Using Transport Server) • No support for RISETUP images or OSChooser screens • An enhanced TFTP server • Support for network boots of x64-based computers with Extensible Firmware Interface (EFI) • Metric reporting for installations (see Logging and Tracing) 13 . install images. using the Windows image (. Also included is a shared folder and image repository that contains boot images. These components include a graphical user interface (GUI) that runs within the Windows Pre-Installation Environment (Windows PE). When a user selects an operating system image. These components are a set of tools that you use to manage the server. operating system images. Both of these types of changes are described in the following table. • Client components. What’s New in Windows Deployment Services? Windows Deployment Services for Windows Server 2008 includes several modifications to RIS features.load and install an operating system. There is also a networking layer. a multicast component.

including Windows PE. is a manufacturer of towels with custom designs. Monica is given the task of moving all of the client computers to the Windows Vista operating system and upgrading the single server to Windows Server 2008. Management Tools • Windows Deployment Services MMC snap-in. Inc. The server functions as a file print server. . is responsible for maintaining the IT infrastructure for the company. Dynamic Host Configuration Protocol (DHCP) server. You can perform almost all tasks from the MMC snap-in (you cannot prestage client computers. Monica Brink. Fabrikam's resident IT professional. The computers are linked by a 100MBps Ethernet connection. A tool that enables you to manage the full functionality of the server. computers. and common server settings. and domain controller. • Enables you to perform network-based installation of Windows operating systems. including Windows Vista and Windows Server 2008. A console that provides an easy way to manage images. which consists of 25 client computers running Windows XP SP2 Professional and a single server running Windows Server 2003 with SP2. It is a small business with a single office. Exchange server.wim files. • WDSUTIL command-line tool. Web server. • Deploys Windows images to computers without operating systems. • Provides an end-to-end solution for the deployment of Windows operating systems to client computers and servers. Domain Name System (DNS). WDSUTIL also enables you to script common tasks. Note that the snap-in is not available when you are using the Transport Server role service. • Uses standard Windows Server 2008 setup technologies. Common Usage Scenarios The following are common scenarios for Windows Deployment Services. 14 . simple batch files can run the required commands because no command requires an interactive user session. and image-based setup. • Supports mixed environments that include Windows Vista. and Microsoft Windows Server 2003.Benefits of Windows Deployment Services Windows Deployment Services provides the following installation and deployment benefits: • Reduces the complexity of deployments and the costs associated with inefficient manual installation processes. Scenario One: The Small Business Fabrikam. but you can use it to set the Auto-Add policy and approve or reject pending computers). Because this takes all of those computers out of action (effectively disabling the office workers). Windows Server 2008. Microsoft Windows XP. it is important that she makes the switch as quickly as possible.

because all of the employees store their user data on a server (rather than on their hard disks). To accomplish this. which guides her through the installation process. Monica chooses to use Windows Deployment Services because she can: • • • Save time by running several installations simultaneously. which means that she also must help teach users about the new operating system. and supporting files). 3. Setup. To deploy on each of these computers a standardized image that contains the operating system and preinstalled applications. Create an image by using the Windows Deployment Services Image Capture Wizard. She does not need to migrate any user data. Monica does the following: 1. 2.wim from the Windows Server 2008 media (which contains a Windows PE image.In the past. the company's towel-design application. Monica boots another computer and starts the same process on that one. which contains the standard version of Windows Vista. she deployed a new operating system one computer at a time. Use a custom install image with preinstalled applications. Installs the Windows Deployment Services server role. Adds the Boot. Upgrades her server to Windows Server 2008. 4. Installs Microsoft Office. it is important that she minimizes the amount of time she spends on deployment. which was purchased from a single vendor.wim file. Uses the MMC snap-in to create a capture image from the boot image she added in step 3.wim from the Windows Vista media to the Windows Deployment Services server by using the MMC snap-in. This image contains Windows PE and a wizard that will capture her custom image into a . 15 .wim onto it. 2. She selects the disk partition and image she wants. Adds the Install. Monica is ready to install the new operating systems. Uses Sysprep to generalize the operating system. All users at Fabrikam have the same desktop hardware. Monica does the following: 1. Uses the Image Capture Wizard to recapture the operating system and upload it directly to the Windows Deployment Service server. and the latest drivers from the manufacturer’s site. She reboots a client computer and then presses F12 to perform a network boot.exe. Monica is the only IT professional at Fabrikam. and then the installation begins. 3.wim file. To begin. 4. 5. This took her around 45 minutes per computer (almost 19 hours to set up the operating system on all the client computers). Now. While waiting for the image to be applied to the first computer. 5. Reboots the computer into the capture image. Monica was unavailable to work on anything else. Boots a reference computer from the network and installs the Install. For almost three days. This boots her into the Boot. Therefore. Then she would spend almost as much time installing the applications on each computer.

which are administered remotely. He stores all the user data on one of the servers. He wants to use Windows Deployment Services to deploy Windows Vista remotely. Remotely deploying images to the 50 computers at the branch offices would cause immense congestion on the connection.Scenario Two: The Medium-Sized Business Northwind Traders is a shipping firm with three offices: a central office in Tooth City. They also automatically install Microsoft Office and the line-of-business application that the company uses for package tracking. There are 200 computers in the central office in Tooth City. Therefore. Next. Ron chooses to use Windows Deployment Services because with unattended setup. • Use his existing replication solution to deliver images to the branch site servers. which will supply the boot programs and subsequent images. Ron Gable is one of six IT staff members at Northwind Traders. Ron uses Windows System Image Manager (Windows SIM) to author two image unattend files — one for the desktop computers and one for the laptops. After the image is applied to each computer. Ron has three servers at the Tooth City office and one in each of the branch offices. the computer is automatically joined to the corporate domain 16 . Ron uses Active Directory® Domain Services (AD DS) to offer all computers a boot program. and 25 each in the Brushville and Flosston offices. but the sales force uses laptops for customer presentations. These files automate the installation. and it assigns the correct images to all of the desktops and laptops. and one with the laptop configuration (with no applications). however. The computer boots without requiring the users to press F12. These are mostly desktop computers. Ron’s supervisor has tasked him with deploying Windows Vista to the whole company. this would have involved many expensive trips to Brushville and Flosston. Each site has an internal network running at 100 MB per second (MBps). This minimizes the traffic on the line between the offices. • Use the PXE boot referral system to minimize network traffic between the branch sites and the central office. and this server is located at the Tooth City office. Ron configures the Windows Deployment Services server in the central office to pass on any network boot requests from the branch offices to the local servers. He has configured each computer so when it is restarted. Ron has two standard operating system configurations — one for the desktop computers and one for laptops that contains the sales presentations and drivers for projectors. and branch offices in the towns of Brushville and Flosston. company policy dictates that there can be only one DHCP server on the corporate network. His responsibility is maintaining the 250 client computers used by the company's employees. so he can deploy Windows Vista without preserving any existing data on the client computers. he can: • Deploy Windows Vista to computers at the branch sites without being physically present there. it will boot from the network automatically and deploy the appropriate image. he builds two images: one with the desktop configuration. so Ron does not need to be present at each computer during the installation. and it would have taken Ron several weeks to complete. Previously. He uses the Windows Deployment Services management tools to associate them with the images. and the branch sites are connected to the Tooth City office by a T1 line.

and there are 13 branch offices in other countries. Shu chooses to use Windows Deployment Services because it enables him to do the following: • • • Use appropriate language packs to reduce the required number of images. Of the accounting computers used by Wide World Importers. a large enterprise with 5. and applications will be downloaded by using Systems Management Server (SMS). He then uses File Replication Service (FRS) to copy the images. he creates the Windows Server 2008 image. Shu first uploads the images and language packs to the Windows Deployment Services server. office. Shu has five servers available to him in the U. Shu authors unattend files with Windows SIM. To preserve the state and data on the previous computers.S. deployments at Wide World Importers are done by using RIS.000 employees in offices all over the world. Then he starts creating his images. the computer is ready for the user to log on. 17 . Other languages will be installed by using external language packs. so he creates a Windows Vista image in each language. The servers at the hubs are connected to the corporate Ethernet on 1-GB-per-second (GBps) network interface cards (NICs). The hubs are connected by T3 lines. Next. the other computers are on 100-MBps NICs. it is important that each computer is deployed with an operating system in a language that is appropriate for the users in that country or region. and unattend files to the Windows Deployment Services servers around the world. hub. When the installation is completed. which gives him the ability to initialize and configure the Windows Deployment Services servers remotely. 150 are in the U. The major employee centers are in the United States and Germany. This time. Shu upgrades his servers to Windows Server 2008. Write scripts to automate common management tasks.S. In addition. language packs. 30 are in the German office. and Shu wants to ensure that the existing computer building processes are preserved with the move to Windows Deployment Services. Currently.S. All of the servers are hired on two-year leases. using the management tools. Then he sets up each computer to boot from its local Windows Deployment Services server and to start automated setup by using the unattend files. Manage all of his Windows Deployment Services servers from a single computer. Scenario Three: The Large Enterprise Shu Ito is the network architect for Wide World Importers. office. The vast majority of his deployments will be in English or German. This prevents a boot loop. and one in each of the branch offices. it is served a different boot program that requires pressing F12 (so that it boots to the hard disk drive and finishes the installation process). Wide World Importers is replacing the accounting department’s 200 computers with computers running Windows Vista. The servers in the German office and the branch sites are the responsibility of the local administrators. Shu runs a task with USMT to migrate the user data to each computer. two in the German hub.and restarted. and the other sites are connected by T1 lines. in which the computer would continue booting into Setup. and the remaining 20 are scattered around the world. Shu uses the User State Migration Tool (USMT) to save all of the data and user configurations to a shared folder on the primary Windows Deployment Services server. Shu would also like to deploy a Windows Server 2008 image to any newly leased servers in the U. When the installation is completed.

and he populates them with the required information.When the lease on a server expires and the server is replaced. he does not have AD DS running in this environment. John chooses to use Windows Deployment Services because he can: • Write a plug-in that reads configuration data for the computers from a data store other than AD DS (the data store is typically a database or a flat file). They boot into Windows PE by using the configuration stored in the database. He is responsible for maintaining the 300 servers used by A. Shu can use Windows Deployment Services to deploy his Windows Server 2008 image in the same way that he performed the RIS deployment. Datum Corporation's major customers. he stores the configuration information for his computers in a SQL Server database. and the scripts end by running ImageX to apply the operating system image on each computer. After the release of a popular film about circus life. Scenario Four: A Custom Deployment Using Transport Server John Woods is the server maintenance engineer at the A. Then he uses ImageX to capture one of his existing servers as an install image. However. John connects his servers to the network and boots them. One of these customers is Adventure Works. John creates 10 computer accounts in his database for his 10 new servers. Datum Corporation data center. some for Web servers) before the unattended setup begins. so he cannot use the standard Windows Deployment Services solution. They order 10 additional servers to handle the anticipated traffic. After performing these initial tasks. John wants to deploy operating systems to these servers by using Windows Deployment Services. He creates a custom boot image that contains Windows PE along with startup scripts to partition the disks and copy the data. He then writes a PXE provider (a plug-in that reads information from the database and passes it to Windows Deployment Services). • Write scripts (to run in Windows PE) that perform preinstallation tasks and then call Setup to install the operating system. Adventure Works expects an increase in the use of their Web site. Configuring Your Deployment • • • • • Configuring Active Directory Settings Creating a Localized Setup Experience Managing DHCP Managing Network Boot Programs Managing the Boot Menu 18 . he wants to partition the disks in a standard configuration and also copy data (some for database servers. Instead. In addition. Adventure Works uses 40 servers to run a career Web site (which is backed by a database) for circus performers. His scripts run to prepare each computer for deployment.

The computer account object for the Windows Deployment Services server contains a child object called an SCP object. whether the server should answer PXE boot requests). Supported Environments Windows Deployment Services supports AD DS environments that contain Windows Server 2000. A physical computer is linked to to a computer account object in AD DS. but in such cases the following caveats apply: • A trust relationship must be established between the forest that contains the Windows Deployment Services server and other forests in that environment. This object is created the first time Windows Deployment Services is started. Windows Deployment Services also works in multiforest environments.• Prestaging Client Computers Configuring Active Directory Settings In This Topic • • • Integration with Active Directory Domain Services Supported Environments Integration with Active Directory Domain Services Windows Deployment Services uses Active Directory Domain Services (AD DS) for a variety of reasons. AD DS is its data store. Windows Deployment Services also links physical booting computers to computer account objects in AD DS. or environments with any combination of these three operating systems. Windows Deployment Services works well in both single-domain and multidomain environments. Windows Server 2003. Windows Server 2008. and it indicates that the computer account object is acting as a Windows Deployment Services server. The SCP object also stores some configuration settings for Windows Deployment Services (for example. For example. You will not gain any more functionality or features in Windows Deployment Services features by switching to a higher forest functional level. The data used by Windows Deployment Services is stored in computer account objects and Service Control Points (SCPs) within AD DS: • Computer account objects. • Service Control Point objects. You can configure properties on the computer account object to control the installation. you can configure the network boot program and the unattend file that the client should receive. 19 . as well as the server from which the client should download the boot files. and it contains all of the necessary helper routines.

Configuring Static Domain Controllers and Global Catalog Servers In some circumstances. This problem will persist (even if you restart Windows Deployment Services) until the domain controller is back online. This configuration is not recommended. To change these settings. see the "Prestaging Clients" section in How to Manage Your Server. and that domain controller is subsequently taken offline. in this case you may want to control which domain controller and global catalog Windows Deployment Services will use rather than relying on the discovery algorithms. In This Topic • • • Localizing the Boot Menu Localizing the Installation Installing Language Packs 20 . if you modify netbootMachineFilePath to specify a different network boot program).• The server must be configured to answer all client requests. you can use this setting to try to isolate the problem to a specific domain controller or global catalog. you may want to configure (statically) which domain controller and global catalog server Windows Deployment Services will use. if you statically map Windows Deployment Services to use a domain controller. This also means that all computer account objects that are created by Windows Deployment Services will be created in the forest that contains the Windows Deployment Services server. The server cannot answer only known clients in this configuration. The one notable downside to mapping these servers statically occurs when a domain controller or global catalog fails. For example. Windows Deployment Services will lose access to the domain controller’s services and stop servicing incoming client requests. if Windows Deployment Services is having problems accessing AD DS. For example: • You want to control replication latency. You may want to make changes to a particular computer object and have Windows Deployment Services immediately pick up the change (for example. For example. Creating a Localized Setup Experience You can create a localized setup experience during any phase of an installation. • You need to troubleshoot an issue. This is because the AD DS search algorithm that is used by Windows Deployment Services will only be able to locate prestaged computer objects in the same AD DS forest as the Windows Deployment Services server. This problem does not occur if you use the normal domain controller and global catalog detection method. • You do not have a domain controller and global catalog in the same AD DS site as Windows Deployment Services. However.

you can change the display language. The keyboard layouts and input device drivers are included in Microsoft Windows Preinstallation Environment (Windows PE) by default (with the exception of Input Method Editor devices). Some information shown on the image selection page. will not be shown in localized strings. The data that is displayed on this page is provided by the multilingual user interface (MUI) application programming interface (API). you must change the names manually. note the following two limitations: • The language that is configured in the BCD store will apply to all clients of a particular architectural type. Therefore. if you want the image names to be localized.Localizing the Boot Menu Microsoft has completely reengineered the boot environment for Windows Vista to address the increasing complexity and diversity of modern hardware and firmware. To enable this functionality. see http://go. 21 . you must edit the boot image to include the necessary localized setup files. which can hold only a single string in a single language. In the Windows Deployment Services MMC snap-in. One aspect of this reengineering is a new firmware-independent data store that contains boot configuration data (BCD). You can configure the BCD store to display localized text in the boot menu by using a combination of BCD store settings and true-type fonts. The keyboard layout selection menu is also derived from the chosen language.wim) file. Selecting a language on this page loads the proper resources so that all text will be displayed in the selected language.microsoft. • Image names are displayed exactly as they appear in the metadata of the Windows image (. To enable the language-neutral page and language selection 1. the input settings.wim metadata. and the keyboard layout. For more information about BCD. For more information. There is no way to configure language settings at a more detailed level or to enable users to select the correct language. which influences the boot process. see Automating Setup. This is because the data displayed on this page is taken directly from the .ini file (in the boot image's \Sources folder). see How to Modify the BCD Store Using Bcdedit. The data is populated based in the UI languages section of the Lang. You can configure both the language and keyboard layout options in the Windows Deployment Services client unattend file. For example. right-click the desired boot image and then click Disable. However. The language of the user interface of the Windows Deployment Services client is controlled by the language settings that are specified on the language-neutral page of Setup (an optional page that is not shown by default). To customize the BCD store.com/fwlink/?LinkId=110353. Localizing the Installation You can configure Windows Deployment Services to support a localized installation experience to the same extent that you can configure Windows Vista Setup. such as image name and description.

Mount (read only) the second image in Boot. copy the \Sources\de-de directory and all of its contents to your mounted boot image at C:\Mount\Sources. 22 . Install the Windows Automated Installation Kit (AIK) on either a reference computer or the Windows Deployment Services server.ini file after editing: Contents of C:\mount\Sources\lang. For example.ini [Available UI Languages] en-US = 3 de-DE = 3 [Fallback Languages] en-US = en-us 7. and then click Replace Image. Use the Copype. adjust the Lang. Using ImageX. At the end of this process. Export the image. you should have two sets of setup resource files: English at \Sources\en-us. i. Copy the Boot. 4. unmount the image and then commit the changes. To enable the language-neutral page. The following is a sample Lang. perform the following additional steps. c. 3. d.wim image from the Windows Vista DVD to C:\Temp. create two subfolders: WindowsPE1 and WindowsPE2. If you are enabling a language that requires Asian fonts. b. Add the modified image to your Windows Deployment Services server. to add the German setup resource files to your English boot image. and German at \Sources\de-de. To do this.cmd script to create a Windows PE distribution share. Copy the entire \Sources folder from the mounted image at C:\Temp\WindowsPE2 into C:\Temp\WindowsPE1.wim file). Using ImageX.2.ini file in the mounted boot image to specify that additional setup resource files are available. and then commit the changes. 6. h. e. right-click the disabled boot image by using the MMC snap-in. j. f. At the root of the C:\ drive. Unmount the image mounted to C:\Temp\WindowsPE1. 8.wim into C:\Temp\WindowsPE2. mount (read/write) the image marked as RAMDISK bootable (usually the second image in the Boot. 5. Import the image. Copy the setup MUI resource files and their associated folder to the \Sources directory of the mounted boot image. In all other scenarios. go to Step 6: a. g. Mount (read/write) the boot image to C:\Temp\WindowsPE1. create a folder named Temp. In C:\Temp.

You can do this either online or offline. • If the selected image is Windows Vista but there are no language packs available on the server. Windows Vista is language neutral. Windows Deployment Services has independent localization controls for the client installation experience and the install image. • Pros: Install times are faster than with the other two methods because the language pack is already in the image. because even though you could change the underlying operating system language. see the Windows AIK documentation at http://go. With this functionality. Therefore. • Cons: The image size increases. have Setup install both the image and the language pack. A control on the image selection page enables you to select the language packs that are installed in the image and those that reside outside the image (but are still associated with the image).com/fwlink/?LinkId=96016). This functionality allows you to view the client installation screens in one language and keyboard combination. Method 2: Store language packs outside the image.Installing Language Packs In contrast to Windows Vista Setup. depending on the version of the operating system that you are using). This is because these images do not support installing language packs. you can maintain a single image with associated language packs — something that was not possible with previous Windows operating systems. the language selection control on the image selection page will be disabled. In this method. All of the language-specific binaries for a given language are bundled together in a single package known as a language pack. You can implement this method by using Windows Deployment Services. meaning that core system binaries and UI elements that contain strings (content that would need to be localized) are stored separately.microsoft. the drop-down list will display those languages that are currently installed in the image 23 . in which you needed to maintain a separate image for each language. Methods There are three language pack deployment models that work well in enterprise environments. For information about Package Manager. the languages in the applications would not change to match the operating system language.com/fwlink/? LinkId=111017) Note also that Windows Vista enables you to add or remove language packs to change languages in a current image (although licensing restrictions may apply. you use Package Manager to inject language packs into your base image. Method 1: Install the necessary language packs into the offline image. Expect the following behaviors: • If the selected image is from an earlier version of Windows. The localized elements are known as multilingual user interface (MUI) files. you may not be able to take full advantage of this scenario. and during installation. For more information. It also allows you to install an image that will have a completely different language and keyboard combination.microsoft. Also. see Installing Language Interface Packs (http://go. many applications are locked into a single language.

cab. The selection will default to the default language that is defined in the image’s metadata. The applicability rule is enforced at install time by ComponentBased Servicing (CBS). A language pack is applicable to all versions of Windows Vista (the exception to this is Windows PE 2. language packs are stored on a perimage basis. • Pros: This method does not require a change to the setup method that you are currently using.as defined in the image’s metadata.cab file. which has its own language packs separate from Windows Vista).cab file called Lp. only certain versions of Windows support language pack installation and removal. Also. If a language pack was created for Windows Vista. although it is possible to associate an incorrect language pack with a particular version of an image.S. You cannot distinguish one language pack from another just by examining the metadata of the Lp. and each language pack is associated with a particular image. However. and it controls the boot environment language.0. the installation of the language pack will fail when the installation starts. Method 3: Deploy language packs online (to a running operating system) after the installation. Thus. Storing Language Packs in the Image Store Each language pack is a . and each file is differentiated by the folder in which it resides (for example. Within the Windows Deployment Services image store. UI language. English and \de-DE for German). • Cons: The user’s first experience with Windows Vista is not necessarily in the expected language. Though this method of deployment falls out of the scope of the Windows Deployment Services solution. For example. • If the selected image is Windows Vista and there are language packs available on the server. and default settings for system locale and keyboard layout (if these are not defined in the unattend settings). you cannot apply the Windows Vista language pack. you can apply it only to Windows Vista. a language pack is applicable only to a specific version of the operating system — that is. the drop-down list will display all externally available language packs as well as those that are already installed in the image. The language pack that is selected will be the default language for the first boot of the install image. If you install a service pack on Windows Vista. You must manually create the \LangPacks folder (and the per-image subfolder if it does not already exist) and copy 24 . it is included here to cover all scenarios. The selection will default to the default language that is defined in the image’s metadata. To use this method. • Pros: There are fewer images to maintain • Cons: Install times are longer because external language packs must be copied and installed. you could run scripts at first logon or deploy the language packs to the client by using management software such as Group Policy or Systems Management Server (SMS). language packs are not backward-compatible. the boot and the initial logon might be shown in the language of the operating system because the language pack has not been applied yet. \en-US for U.

you will need to do one of the following: configure your IP Helper tables (recommended) or add DHCP options 66 and 67. In these circumstances. However. the default installation is that Windows Deployment Services and a DCHP server (Microsoft or non-Microsoft) are located on different physical computers. For more information. see Managing Network Boot Programs. For instructions on configuring these options. For more information about these settings.the language folder and pack. if you are running Windows Deployment Services and DHCP on the same computer. 25 . you will need to use your DHCP tools to add Option 60 to their DHCP scopes. see Using SO_REUSEADDR and SO_EXCLUSIVEADDRUSE (http://go. Also note that you cannot remove language packs during the installation by using Windows Deployment Services. no additional configuration steps are required for interoperability between Windows Deployment Services and the DHCP server. even if the server is not operational or has stopped. If DHCP is installed on a server that is located in a different subnet. in addition to configuring the server to not listen on port 67.microsoft. This allows booting clients to learn about the Windows Deployment Services Pre-Boot Execution Environment (PXE) server from the DHCP response that is generated by the DHCP server. Managing DHCP In This Topic • • Configuring DHCP Options Enabling DHCP Authorization • Granting Permissions to Authorize the Server Configuring DHCP Options The method of communication between the booting client and the server uses data fields (known as options) in Dynamic Host Control Protocol (DHCP) packets. it is possible to configure the server to bind to UDP Port 67 in nonexclusive mode by passing the SO_REUSEADDR option. The Windows Deployment Services solution for booting over the network works well in many configurations. It works well when Windows Deployment Services is located on the same physical computer or on a different physical computer from the DHCP server. In this scenario. Note There are some scenarios (particularly those that require running a DHCP server) that do not support adding custom DHCP option 60 on the same physical computer as the Windows Deployment Services server. Setting DHCP option tag 60 has one side-effect: clients booting from the network are always notified that the Windows Deployment Services PXE server is available.com/fwlink/?LinkId=82387). However. see the "DHCP section" in How to Manage Your Server.

point to Administrative Tools. and Create all child objects. 6. and then click Properties. To delegate permissions 1. 26 . Furthermore. the Windows Deployment Services PXE server does not need to be authorized to service client computers. if a corporation had a forest. Click Services. However. Right-click NetServices. Authorization checks for the Windows Deployment Services PXE server occur only if authorization checking is enabled and the PXE server is configured to listen on port 67. Alternatively. On the Security tab. 7. on the DHCP server. 4.Enabling DHCP Authorization By default. but it can help ensure that a PXE server that is not approved does not service clients. Open the Active Directory Sites and Services MMC snap-in. then the DHCP server is listening on port 67. This means that authorization checks for a Windows Deployment Services PXE server take place only in scenarios where Windows Deployment Services is running on a computer without DHCP. install Windows Server® 2008. Click Advanced. see How to Manage Your Server. • Your IT department has a policy that only authorized servers should be both Windows Deployment Services PXE servers and DHCP listeners. Write. click Start. You may want to enable this authorization for the following reasons: • To help prevent an improperly configured PXE server on the network. and then click Edit. For example. Granting Permissions to Authorize the Server You must be a domain administrator in the root domain of the forest or be an enterprise administrator to authorize the server. If Windows Deployment Services and DHCP are running on the same physical computer. 5. Note that the PXE server will not perform any additional checks. On the View menu. In the Apply to box. install Windows Deployment Services. You can do this by requiring that only those servers that you authorize can service clients. DHCP authorization applies only to computers that are joined to the Active Directory Domain Services (AD DS) structure of the corporate network. and it is responsible for making sure that it is authorized properly. • Using the DHCP MMC snap-in. This is not a security protection mechanism. a malicious user could plug a computer into the corporate network. assign the following permissions to the users or groups for which you want to authorize these servers: Read. click Show Services Node. click This object and all descendant objects. and then authorize it. you may delegate permissions by using the following procedure. 2. and then click DHCP. Click the user or group you just added. you can enable DHCP authorization (which is also known as rogue detection) by using either of the following methods: • Using the management tools. run Dcpromo. For instructions. 3. To do this. create a forest.

• Windows Small Business Server 2003. Managing Network Boot Programs A network boot program (NBP) is the first file that is downloaded and executed as part of the PreBoot Execution Environment (PXE) boot process. because both are capable of running this program. Note that NBPs are specific to both architecture and firmware (BIOS or EFI). no authorization is performed and the PXE server will service requests. • Workgroup. This mode is supported only if the PXE server is running with a custom non-Microsoft PXE provider. If the PXE server is part of a workgroup. If another DHCP server exists or comes online. and they control the first boot experience (EFI stands for Extensible Firmware Interface). • Windows Server 2000 or later domain. you can use the same NBP for both x86-based and x64-based operating systems that have BIOS.The environment that the Windows Deployment Services server is in influences the authorization behavior: • NT4 domain. If the PXE server is part of a Windows Server 2000 or later domain (meaning that AD DS is present). it queries AD DS to determine its authorization state. As such. it cannot operate if joined only to an NT4 domain. the PXE server stops servicing requests. the PXE server will stop servicing requests. To see a list of the NBPs and how they modify the boot process. therefore. If a DHCP server that is part of a domain comes online. see List of NBPs. real-mode application. On BIOS computers (per the PXE specification). If the PXE server is part of a Small Business Server 2003 domain. Windows Deployment Services requires AD DS. the NBP is a 16-bit. and 67 When to Implement PXE Referrals Requirements Referral Examples 27 • Implementing PXE Referrals • • • . 66. In This Topic • Configuring the NBP • • • • • Specifying a NBP For the Server Specifying a NBP For a Specific Client List of NBPs List of NBPs Directing a Client to the Appropriate NBP • • Updating the IP Helper Tables Using DHCP Options 60. it must be the only DHCP server on the network. it can service client requests as long as other DHCP servers on the same subnet are not part of a domain. If the PXE server is part of an NT4 domain.

person. <PathToNBP> and <NameOfNBP> are optional. However.com netbootMachineFilePath: machine. • Unknown clients receive an NBP that will cause them to perform a PXE boot automatically. 28 .DC=com 5> objectClass: top. using the netbootMachineFilePath attribute of a prestaged computer (that is. 0.DC=domain. ***Searching..com\boot\x86\pxeboot.• • Enabling Architecture Detection Avoiding a Boot Loop Note For information about avoiding a boot loop. <Server>###BOT_TEXT###lt;PathToNBP>###BOT_TEXT###lt;NameOfNBP> For example: netbootMachineFilePath: machine\OSChooser\i386\startrom. you can override the NBP for each server on a per-client basis. "DC=domain. Configuring the NBP There is an NBP specified for each architecture.DC=com". In the following netbootMachineFilePath attribute syntax. which you can use to view objects stored in AD DS.. but you want to ensure that existing computers are not sent through the imaging process by accidentally booting from the network. 2.CN=Computers. To do this. user. &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=Prestage1. you can override the per-server default by specifying the NBP that a client should receive. This configuration is particularly useful in a lab environment where you want to immediately image new computers. see Automating the PXE Boot.domain. 1> cn: Prestage1. "(&(objectClass=*)(netbootMachineFilePath=*))".domain. you may want to configure an NBP so that: • Known clients receive the per-server default (presumably an NBP that requires pressing the F12 key).com The following is example output of the netbootMachineFilePath attribute.n12 netbootMachineFilePath: machine netbootMachineFilePath: machine. computer. attrList. and you can specify <Server> to indicate the PXE server referral. organizationalPerson. ldap_search_s(ld. the computer account that represents the client computer in Active Directory Domain Services (AD DS). obtained by using the Ldp graphical user interface (GUI) tool. For example.

List of NBPs The following table lists the available NBPs in Windows Deployment Services.DC=com. Users can proceed with the boot process by pressing either key. 1> canonicalName: domain. or they can exit the boot process by not pressing either key.domain. Causes computers that support firmware console redirection will not display the prompt x86-based and x64based BIOS Hdlscom1.com and Hdlscom2.com/Computers/Prestage1. Does not require pressing F12 and immediately begins a PXE boot.CN=Computers.1> distinguishedName: CN=Prestage1.com Causes computers that x86-based and x64do not support based firmware console redirection to display "Press space or F12 for network boot.com (Default) Requires the user to press the F12 key for a PXE boot to continue.n12 and Hdlscom2. Boots the computer by using the next boot item in the BIOS without waiting for a time-out.DC=domain.n12. 1> name: Prestage1.com\boot\x86\pxeboot. 1> netbootMachineFilePath: machine. x86-based and x64based BIOS PXEboot. NBP Description Architecture Firmware PXEboot." using console redirection to serial port 1 or 2.n12 BIOS 29 .n12 x86-based and x64based BIOS AbortPXE.com x86-based and x64based BIOS Hdlscom1.

Pending computer scenarios 3. In EFI. all DHCP broadcasts from the client computer will be directed to both a valid DHCP server and a valid network boot server. An NBP developed for Windows Deployment Services that serves the following general purposes: 1. and not by the NBP. When configured correctly. PXE referral cases (including use of Dynamic Host Control Protocol (DHCP) options 66 and 67) x64-based and Itanium-based EFI Wdsnbp. the choice of whether or not to perform a PXE boot is handled within the EFI shell. 66.exe. (Note that the requirement is not to rebroadcast the packet onto other 30 . A DHCP server relays this information to the client. Bootmgfw.com x86-based and x64based BIOS Directing a Client to the Appropriate NBP There are two methods for directing a client computer to the correct NBP: • Updating the IP Helper Tables (recommended).NBP Description Architecture Firmware "Press space or F12 for network boot" and the computer will not wait for user input. The client contacts the server directly for this information. and 67.efi The EFI equivalent for Bootmgr. • Using DHCP Options 60. Architecture detection 2. Updating the IP Helper Tables Updating the IP Helper tables means updating the routing tables for your networking equipment to make sure that DHCP traffic is directed correctly.

specifying a specific network boot server may prevent load-balancing. After the client computer has obtained its IP address. The client’s DHCP broadcasts will reach both the DHCP server and the network boot server. if either the DHCP server or the network boot server is on a different network segment than the client. • All traffic on UDP port 4011 from the client computers to the Windows Deployment Services PXE server should be routed appropriately (these requests direct traffic. Because the client does not have to contact a network boot server directly to determine the NBP to download. you should not have to configure these tables. and 67 Although Microsoft does not recommend this method. and the network boot server are all located on the same network segment. it contacts the network boot server directly (again using DHCP packets) to obtain the name and path of the NBP to be downloaded. client computers receive an IP address lease. and information about the NBP directly from the DHCP server. • Clients may be directed to a network boot server that is not available. When using these DHCP options. but rather to perform a forward of the packet to only those recipients that are listed in the IP Helper table. or if they are on the same network segment but the network is controlled by a switch or router. you can use the following DHCP options to direct PXE clients to an appropriate NBP to download: • • • Option 60 = client identifier (set to the string PXEClient) Option 66 = boot server host name Option 67 = boot file name For instructions on configuring these options. Microsoft has observed some issues (mainly with older PXE ROM) related to clients incorrectly parsing the DHCP options returned from the DHCP server. to the server). but they download the NBP through Trivial File Transfer Protocol (TFTP).network segments. 66. The following are the specific changes that you need to make: • All DHCP broadcasts by client computers on User Data Protocol (UDP) port 67 should be forwarded directly to both the DHCP server and the Windows Deployment Services PXE server. information about the boot server. not broadcasts. we recommend that you update these tables. Microsoft does not recommend this method for the following reasons: • Using DHCP options is not as reliable as updating the IP Helper tables. the DHCP server may direct clients to download a NBP that does not exist or to a server that is not currently available. Clients will not contact the network boot server by using DHCP. the DHCP server. see the "DHCP" section in How to Manage Your Server. However. The result is that booting clients see a “TFTP Failed” error message. In testing. 31 .) If the booting client. • If there are multiple network boot servers available to service client requests. Generally. Using DHCP Options 60. this problem occurs when the PXE ROM ignores the boot server host name value and instead attempts to download the NBP directly from the DHCP server (which likely does not have the NBP).

• To enable load balancing. A back-end server is the server that the client will download the NBP from. Implementing PXE Referrals A PXE referral (also known as a network boot referral) occurs when a client is directed to download an NBP from a different server than the one it was in communication with through DHCP (as part of the process to discover the network boot server name and NBP). but you would like a local server to provide the boot image. Per the PXE standard. This referral may be initiated by either a network boot server or a DHCP server. you must configure the front-end and back-end servers.• Clients may bypass the network boot server’s answer settings. Second. using referrals will reduce the amount of overhead it takes to keep multiple images in sync. • To remove the need for image replication and duplicate image maintenance. 32 . This could be because incoming PXE requests are answered by a computer over a wide area network (WAN). ensure that your implementation meets the guidelines defined in Implementing PXE Referrals. Using DHCP options 66 and 67 can cause the client to bypass this communication with the network boot server and therefore ignore the settings of the network boot server for answering clients. Note that using DHCP options 66 and 67 is considered a PXE boot referral. Additionally. Using referrals can enable you to keep only one copy of an image. Many network boot servers have a mechanism that enables you to control which clients (if any) should be answered. because the client is typically answered directly by the DHCP server and is redirected to the network location that contains the NBP. Therefore. This may be especially helpful when using DHCP options 66 and 67. if you choose this method. It may be advantageous to direct a class of clients to a particular Windows Deployment Services server to limit network traffic to a server. Sometimes the networking and AD DS topology do not line up. prestage clients and direct them to a back-end server and. Configuring PXE boot referrals involves two steps. The following areas are covered in this section: • • • When to Implement PXE Referrals Requirements Referral Scope When to Implement PXE Referrals You might want to consider using PXE referrals in the following scenarios: • To direct a client to download a NBP that is located on a different computer or network location. A front-end server is the server that will answer the client’s PXE boot request and direct the client to the proper server and NBP. First. client computers should contact the network boot server directly to obtain the path and file name of the NBP. • To support complex network and AD DS topologies. therefore maintaining a single release point to update and service.

com (which will not exist on the backend Windows Deployment Services server if the server is in Native mode on Windows Server 2003. Additionally. This second step is required only if you are not using DHCP options 66 and 67 to redirect clients. Each of these examples supports the referral of x86-based or x64 BIOS-based clients. PXE Server1 refers the client to download \boot\wdsnbp. Note Having a RIS server act as a referral server for a back-end Windows Deployment Services server will work only if prestaged computers have both the referral server name and the NBP name defined in the netbootMachineFilePath attribute. only the Windows Deployment Services servers should act as referral servers. Failing to populate the NBP name will cause the RIS server to populate the value automatically with Startrom. Requirements: • The NBP that the client computer is directed to download from the TFTP server (Server2 in this example) must be 33 . the NBP to download. Requirements PXE boot referrals that don't involve using DHCP options 66 and 67 require that the referred client to be prestaged. see How to Manage Your Server. but does not support the referral of Itanium-based and x64 EFI-based clients Example Details First order referral from PXE server ComputerA sends a DHCP broadcast packet and receives an IP address lease from a DHCP server and a response from PXE Server1. This enables the Windows Deployment Services server to control the referral process. ComputerA contacts PXE Server1 directly on port 4011.com from Server2.com from Server2. or if you are running Windows Server 2008). the netbootMachineFilePath attribute of that computer account must be populated with (at a minimum) the server name that the client should use. The following table contains three examples of referrals. In environments that contain both Remote Installation Services (RIS) and Windows Deployment Services servers. To configure these settings.optionally. Referral Examples Referrals are classified based on the number of jumps the client must make before it downloads and executes an NBP. The client computer downloads Wdsnbp. correctly referring clients to new Windows Deployment Services servers and maintaining backward compatibility for RIS servers.

PXE Server1 refers the client to download the \boot\x86\wdsnbp.com contacts PXE Server1 on port 4011. • The network boot server performing the referral (PXE Server1 in this example) must be running Windows Deployment Services.com from Server1.com. The client computer downloads Wdsnbp.com from Server2. Second order referral using both DHCP options and PXE server ComputerA sends a DHCP broadcast packet and receives an IP address lease from a DHCP server. The lease also contains values for DHCP options 66 and 67. Requirement: • The NBP that the client computer is directed to download from the TFTP server (Server1 in this example) must be Wdsnbp. Requirements: • The NBP that the client computer is directed to download from the PXE server (PXE Server1 in this example) must be Wdsnbp. The client computer downloads Wdsnbp. • The network boot server performing the referral (PXE Server1 in this example) must be running Windows Deployment Services.com. • The NBP that the client computer is directed to download from the TFTP server (Server2 in this example) must be Wdsnbp. referring the client to download the file \boot\ x86\wdsnbp.com from PXE Server1.com.com from PXE Server1.com from Server2. Wdsnbp. referring the client to download the file \boot\ x86\wdsnbp.Example Details Wdsnbp.com. The client computer downloads Wdsnbp.com from Server1. 34 . The lease also contains values for DHCP options 66 and 67. First order referral using DHCP options ComputerA sends a DHCP broadcast packet and receives an IP address lease from a DHCP server.

When you configure the installation in this way. as one of the final actions performed by Windows Deployment Services. you can enable an architecture detection feature on your Windows Deployment Services server. Avoiding a Boot Loop When implementing an automated experience of booting from the network. This feature is turned off by default because the detection process adds time to boot. increases network traffic. Set the appropriate . Wdsnbp. After the server receives the information. the computer will receive the default server NBP (commonly the . Set the BIOS boot order on the computer such that the computer always boots from the network.com performs an architecture detection test on the client processor and then reports the value back to the server. This ensures that on the next boot. the client will automatically boot from the network without requiring user intervention. For instructions. using a DHCP packet. 2. You can enable architecture detection by running the command WDSUTIL /Set-Server /ArchitectureDiscovery:Yes. it is often necessary both to set the network as the first device in the client’s BIOS boot order and to send a specific client the . Turn on the computer. Therefore. architecture detection is performed on every x86-based computer in the environment. the client is sent a NBP (wdsnbp. After waiting for the user to press the F12 key. 4. When enabled. the computer will try to boot from the network (because the network is first in the BIOS boot order).com) before downloading the normal NBP for the client’s architecture. it sends the correct NBP to the client. 3.n12 NBP. If you combine these two configurations. this option will time out and the device will boot from the hard disk drive. and the computer will end up in a circular loop (always booting from the network and never from the hard disk drive). but the computer will be sent the . and increases the server's load. see How to Manage Your Server.com NBP. When enabled. Managing the Boot Menu In This Topic • • Overview Boot Menu Limitations 35 . you should perform the following steps: 1. and let it boot from the network. the path to the NBP will be reset after the image is applied.com version).n12 NBP for the computer's architecture. Prestage the device (see Prestaging Client Computers).Enabling Architecture Detection To work around client architecture reporting problems. To work around this scenario.

including the number of images that need to be displayed to the client and the number of characters in the image name. There is limited support for localization. For more information about BCDs. Physically. the existing BCD store for the client’s architecture (in RemoteInstall\Tmp) is copied and the default selection is modified to 36 . One aspect of this reengineering is a new firmware-independent data store that contains boot configuration data (BCD). which means that approximately 13 images can be displayed on the page simultaneously. There is limited support for accessibility. due to the BCD architecture may take several seconds). there are certain limitations placed on the user interface (UI). based on the file name of the . other than what the BIOS supports. The number of images that can be shown is dependent on several factors. Windows Deployment Services must dynamically create a BCD store for the booting client that has the assigned boot image selected as the default. If more than 13 images are available.microsoft. In these instances. see How to Modify the BCD Store Using Bcdedit. including the following: • The screen size is 80x25 pixels. To customize the BCD store. Rather than generating a unique BCD store that contains only that operating system entry for each booting client (which. If only one boot image is available. see http://go. Specifying Boot Images for Prestaged Clients You can assign a boot image to a prestaged computer in Active Directory Domain Services (AD DS). For instructions.com/fwlink/? LinkID=110353. Boot Menu Limitations Because the menu exists outside of an operating system. The BCD store defines how the boot menu is configured. • • • • There is no mouse or Input Method Editor (IME) functionality. a BCD store is a binary file in the registry hive format. There is no support for alternate keyboards. the computer will automatically boot into that image. The boot images are ordered alphabetically.• • Specifying Boot Images for Prestaged Clients Configuring the Boot Menu for x64-Based Clients Overview A boot menu is displayed on a client computer when the client performs a Pre-Boot Execution Environment (PXE) boots and more than one boot image is available to that client. the display will scroll to support the additional images. other than what the BIOS supports.wim file that contains the image. see the "Prestage Computers" section in How to Manage Client Computers. The store is a namespace container for BCD objects and elements that holds the information that is required to load Windows or run other boot applications. Microsoft has completely reengineered the boot environment for Windows Vista and Windows Server® 2008 to address the increasing complexity and diversity of modern hardware and firmware.

the default behavior is that x64-based users see a list of both x86-based and x64-based boot images when both are available on the server.bcd store. but you can set the Auto-Add policy and approve or reject pending computers. see the "List of NBPs" section in Managing Network Boot Programs. That is.reflect the new default. Ldp. Note You cannot prestage computers by using the Windows Deployment Services MMC snapin. the Wdsnbp. For instructions see How to Manage Client Computers. see the section "To enable Auto-Add functionality" in How to Manage Client Computers. Configuring the Boot Menu for x64-Based Clients Because x64-based computers are capable of booting both x86-based and x64-based images. when the computer is set to join a domain. • Using Windows Deployment Services during image deployment. For instructions on configuring the boot image policy that x64-based clients should see. These objects are mapped to the physical computers that will perform a network boot to install an image. • Using Active Directory tools. • Enabling Auto-Add functionality.com boot program will detect the architecture of the booting client and report that value back to the Windows Deployment Services server. Prestaging Client Computers Prestaged client computers are computer account objects that are created within Active Directory Domain Servers (AD DS) before the operating system is installed using Windows Deployment Services.{GUID}. In addition. For instructions. For more information. To work-around issues where the booting client may not be sending the correct architecture value in the initial PXE discovery packet. the LDIFDE utility. and Adsiedit. Csvde. other booting clients that have been assigned the same boot image can reuse this dynamically generated BCD store. see the "Boot Program and Boot Image" section in How to Manage Client Computers.exe. In This Topic • • Benefits Creating an Auto-Add Policy • • • When the Policy Applies Auto-Add Policy Types Purging the Auto-Add Database 37 .exe. This means that x64-based clients receive the x86x64.msc. These tools include the Active Directory Users and Computers snap-in. You can prestage computers by using the following methods: • Using WDSUTIL.

see the help at the command prompt for WDSUTIL /set-server /AutoAddSettings. -. • The ability for multiple PXE servers to service the same network segment. offers a more automated. then Auto-Add will fail. To change this value. Windows Deployment Services. If the account contains a nonstandard character (any character outside [A-Z. and so on]). see How to Manage Client Computers.Benefits Prestaging clients provides three main benefits: • An additional layer of security. simplified way to create prestaged computer account objects by enabling the Auto-Add policy. Which network boot program (NBP) the client should receive. and Windows Deployment Services does not find a prestaged computer for a booting computer. • Other advanced options — for example. \. such as German's "Domänen-Admins". For instructions on how to enable Auto-Add. • Additional flexibility. 38 . When the Policy Applies The Auto-Add policy applies only when the Windows Deployment Services server is set to answer all clients. Note The Auto-Add policy relies on NBPs that are available only for BIOS computers. You can configure Windows Deployment Services to answer only prestaged clients. therefore ensuring that clients that are not prestaged will not be able to boot from the network. and O means that the policy will be in effect. you must set the Auto-Add settings to use a different account that does not contain extended characters. You can do this by restricting the server to answering only a particular set of clients. Which Pre-Boot Execution Environment (PXE) server should service the client. In the following table. however. Note If you are creating computer accounts against a non-English domain controller and you are using the default user property. 0-9. X means that the policy will not be in effect. a-z. what boot image a client will receive or what Windows Deployment Services client unattend file the client should use. Creating an Auto-Add Policy In Remote Installation Services (RIS). creating prestaged computers was largely a manual effort. the Auto-Add policy will not be in effect. Computers that use Extensible Firmware Interface (EFI) will not use the Auto-Add policy. Prestaging clients increases flexibility by enabling you to control the following: • • • The computer account name and location within AD DS. Note that the prestaged client must be in the same forest as the Windows Deployment Services server (trusted forests do not work). In all other cases.

the computer will be put into a pending queue. It also enables you to avoid situations where the computer must be booted more than once. run the command WDSUTIL /SetServer /AutoAddPolicy /Policy:AdminApproval. 39 . With this option. To reduce the size of AD DS and keep old computer account objects out of the AD DS. Windows Deployment Services will not create a computer account for unknown clients.com) is sent to the client. If the administrator does not approve the computer immediately. The computer will remain in this queue until you approve or reject it. While the computer is in the pending queue. as appropriate. For example. All computers in the pending queue are represented as an entry in the Auto-Add database. This gives you time to review the computers in the pending queue and accept or reject them. • Reports back the client computer's architecture as part of architecture discovery. however. It will. still answer clients according to the settings on the server.Answer clients? Answer only known clients? Computer account found in AD DS? Is the Auto-Add policy in effect? No Yes Yes Yes Yes N/A No No Yes Yes N/A No Yes No Yes X O X X X Auto-Add Policy Types There are two options with Auto-Add: • Disabled Auto-Add policy. a special NBP (Wdsnbp. or the user cancels the attempt. This temporary storage location serves three purposes: • • • To provide the management utilities with a list of all pending computers on a server. A computer account is not created for a rejected computer. To enable Auto-Add. and a computer account object is created in AD DS to represent the physical computer. The Wdsnbp. it will move on and boot from the next item in the boot order (which may be a blank hard disk.com program serves two main purposes: • Pauses the PXE boot. To serve as an audit trail by recording what computers have been approved or rejected. • Enabled Auto-Add policy. when a client computer that is not prestaged attempts a network boot. suppose that a computer boots once and is added to a pending queue. the time-out is reached. (Default) If you do not turn on Auto-Add. Approving a computer enables the client computer to continue booting from the network. at which point the computer will be in a nonbooted state). Rejecting a computer causes the computer to abort and boot from the next item in the boot order.

By default. you must delete the computer's record in the Auto-Add database. and then boot the computer again. 2. Microsoft Windows Preinstallation Environment (Windows PE) provides an environment where you can use custom logic and processing. First. • Purge records from the pending table by running the command WDSUTIL /DeleteAutoAddDevices /DeviceType:<ApprovedDevices|RejectedDevices>. but a prestaged computer in AD DS will never be found (because the computer was deleted). the server will hold the client at Wdsnbp. This chapter discusses ways to extend your solution and provides useful examples. Optimizing Your Deployment • • • • Extending Your Solution Managing a Complex Environment Optimizing Performance Using Transport Server Extending Your Solution Windows® Deployment Services enables you to create a variety of custom deployment solutions. You can build an end-to-end deployment solution for Windows Vista and Windows Server® 2008. 4. computers with an approved status will be deleted every 30 days. Additionally. Move all existing files in the Mgmt folder to the Temporary folder.com until a prestaged computer appears in AD DS. In addition. Restart the WDSServer service. Second. This occurs because the record in the Auto-Add database shows the computer as approved. Failing to purge the database will cause the client to be stuck in Wdsnbp. Stop the WDSServer service. to delete a prestaged computer that was added to AD DS by using the approval process. 3.Purging the Auto-Add Database Records in the database are purged either manually or on a schedule. In this situation. you must delete the computer from AD DS. To reset the Auto-Add database completely 1. you can remove the computer by using one of the following methods: • Wait for the default cleanup to occur. The default schedule purges unapproved and rejected computers from the database every 24 hours.com and not proceed with booting from the network. If a computer was accidentally rejected. 40 . Create a Temporary folder in the \RemoteInstall\Mgmt folder. you must perform two steps.

In This Topic • • • Benefits of Building a Solution Creating a Custom Solution Custom Solution Example Benefits of Building a Solution Using the Windows Deployment Services platform as part of a custom deployment solution provides the following benefits: • Increased interoperability. Creating a Custom Solution You can use the Windows Deployment Services PXE server and the Windows Deployment Services client (which is essentially Setup. • A scalable PXE server infrastructure. • Network boot support. different languages. Windows Deployment Services does just this. you do not need to store images in multiple locations or in multiple formats because the management approach (which uses the Windows imaging format) provides a central repository for images. Many network installation scenarios face a common problem: getting a list of available install images from a central distribution point and returning that list to the client. Windows Deployment Services stores images in a central location. which is referenced by using Distributed File System (DFS). and different architecture versions).exe and supporting files for Windows Deployment 41 . It shows an authenticated client computer a list of available images that are stored on a server or in a remote storage location. Windows Deployment Services has built-in extensibility points that help you avoid these potential conflicts. The PXE server that is included in Windows Deployment Services enables you to implement custom logic that dictates which clients are answered. Also. • Image storage and management. You do not need to have a separate physical server for each deployment solution because of the unified PXE server architecture. • Enumeration of images. This control extends to the IP address and MAC address layers. Offering support for booting from the network becomes more complex when different variations of Windows PE need to be supported (for example. The PXE server handles advanced networking configurations by giving you control over which interfaces the server binds to. Windows Deployment Services accomplishes this by using the image storage structure and management tools provided in Windows PE. and the management tools enable you to perform all common tasks. having two Pre-Boot Execution Environment (PXE) servers on the same network segment). The PXE server can handle the throughput generated by more than 5. such as adding and removing images and configuring server settings.000 client PXE requests per second. Common barriers for new deployment solutions include the need for new hardware and the need for changes to network infrastructure to support advanced networking configurations (for example. different hosted applications.

an . the Windows Deployment Services client sends progress and status messages to the server while the image is being installed. enabling the next provider to service selected clients by passing some requests and filtering others. The PXE server contains the core networking capability: it binds to network interfaces.txt file.Services) to create a custom solution. Rather than having two PXE listeners on the network (each with its own application logic). you can have multiple providers.com/fwlink/?LinkId=81029. The PXE server logic in Windows Deployment Services has two main features: • A default provider that you can change.microsoft. You can remove this PXE provider from the server and replace it with a custom-written provider. Windows Deployment Services Client The Windows Deployment Services client is a graphical user interface (UI) that is built on Setup. which is an additional PXE provider that resides above BINLSVC (or any other PXE provider) in the ordered provider list. or a SQL database as its data store. One of the most powerful implementations available is writing a filter provider. With this PXE server implementation. The Windows Deployment Services client has the ability to establish a communication channel with a Windows Deployment Services server. • Enable a second. Windows Deployment Services PXE Server The PXE server implementation in Windows Deployment Services consists of a PXE server and a PXE provider. This filter provider acts as a gate before the next provider in the list. and formats the Dynamic Host Control Protocol (DHCP) response packets.exe in Windows Vista (it contains additional logic that is specific to Windows Deployment Services). The Windows Deployment Services extensibility points are documented in the Windows Vista software development kit (SDK) at http://go. The plug-in might use a . Binlsvc. which is implemented in the DLL. listens for incoming PXE requests. The provider installed by default with Windows Deployment Services is BINLSVC. This channel provides a mechanism for authentication and for retrieving a list of install images stored on the server. • Support for multiple providers on a single server. The library within the Windows Deployment Services client includes the following functionality: • The ability to authenticate and enumerate images that are stored on a Windows Deployment Services server 42 . and they provide the business logic. In addition. a server that is not joined to or communicating with an Active Directory Domain Services (AD DS) domain).xml file. Plug-ins are also known as PXE providers. This means that you can have only one PXE listener on a network that has two or more sets of application logic. registered provider to offer functionality without disrupting or reconfiguring Windows Deployment Services. The server and provider enable you to develop custom PXE solutions while taking advantage of the core PXE server networking code base. The PXE server supports a plug-in interface. you can perform either of the following tasks: • Create a PXE plug-in for a stand-alone PXE server (for example.dll.

and it also copies the unattend file that was acquired previously. but they generally involve prestaging the device. There are methods for achieving the Custom option. A computer boots into a boot image that contains the Windows Vista Setup files. Microsoft recommends using Business Desktop Deployment (BDD) to implement the Custom scenario. 2. Custom Solution Example Remote Installation Services (RIS) offered three options for naming a computer: • Automatic: The computer name is automatically generated. and the client computer account is created in a particular organizational unit (OU). DVD. 4. The application sends progress and status messages to the server by using the functionality provided by the Windows Deployment Services client library. A custom application (with a custom UI) is started. or over the network). you can also provide this functionality with a few changes to your boot image. At this point. 6. However. Runs the command setup. • Administrator. 43 .• The ability to send client installation events that can be used for reporting and monitoring purposes (for example. as illustrated in the sample scripts later in this topic. Starts running from within Windows PE and gathers a computer name and OU (in distinguished name form) from the user. Installations using the Windows Deployment Services client offer the Automatic and Administrator options. The application deploys the image that the user selects. 2. and Setup does not restart as normal after finishing the Windows PE phase. The client can boot in any of several ways (from a CD. • Custom: The person performing the installation specifies the computer name and OU. 5. The application uses the Windows Deployment Services client library to retrieve a list of available images stored on a Windows Deployment Services server and displays the list of choices to the client (by using the custom UI). These values override the dictated server policy.. sending notifications that the client installation has started or has finished) The following is a common scenario that uses this functionality. The person performing the installation specifies the computer name and OU after the installation is completed. either manually or by using Auto-Add functionality.exe /wds /noreboot. 3. The application detects the computer's MAC address and contacts a database to acquire the correct unattend file. the Windows Deployment Services installation proceeds. based on the policy that is implemented. The Microsoft Visual Basic® script at the end of this document does the following: 1. or hard disk drive. 1.

Unmount the image. and it contains the Setup files).ini file. result. domainOU. 5. unattendFile. Mount the boot image as read/write. OU=MyOU. Instructions for Using the Sample Code To use these scripts. 8. Add the image back to your Windows Deployment Services server. 2. Export a copy of a boot image from your server.xml" ' end user defined settings '---------------------------------------------------------------------Set WshShell = WScript. Create an image unattend file similar to the sample file (Sample Image Unattend File). Remember that the OU must be entered in a distinguished name form — for example.DC=Domain. Note that the image that is selected needs an image unattend file that specifies the computer name and OU.Shell") dim answer 44 . a. OU. When the script is finished. Copy this script to the mounted image's \Sources folder. Create a custom Winpeshl. Boot a client into the updated boot image. (Remember. WshShell. and then copy it to the \Windows\System32 folder of the mounted image. strContents '---------------------------------------------------------------------unattendFile = "C:\Windows\Panther\unattend. b.vbs) by using the sample code in the section following this procedure. Create a custom script (for example. as well as replacing all occurrences of %OU% with the value specified in the message box. perform the following procedure to use these sample files. Sample Visual Basic Script Option Explicit Dim computerName.CreateObject("WScript. unattendFileObject. 6. 3. 4.3.DC=com. The script performs the install and then replaces all occurrences of %COMPUTERNAME% with the value specified in the message box. The script starts running when Windows PE boots.ini file.wim file is marked as RAMDISK bootable. 1. the second image in the Boot. Select the install image associated the unattend file. and then commit the changes. It shows a basic UI which enables the user to enter the computer name and the computer OU. Associate the unattend file with an install image. 7. Edits the unattend file to add the computer name and OU that were entered by the user. fso. the client will reboot if the script is the last (or only) executable file listed in the WinPEshl.

do while answer <> vbYes computerName = InputBox("Enter the desired computer name", "Computer Name") OU = InputBox("Enter the distinguished name of the desired OU", "Organization Unit") answer = MsgBox("Is this correct?" & vbCrLf & vbCrLF & "Name: " & computerName & vbCrLF & "OU: " & OU, vbYesNo, "Computer Account Details") loop

WshShell.Run "%SYSTEMDRIVE%\sources\setup.exe /wds /noreboot", 0, true

Set fso = CreateObject("Scripting.FileSystemObject")

if fso.FileExists(unattendFile) = false then wscript.echo "Couldn't find unattend file" else 'Read the unattend file in and replace apprpriate variables Set unattendFileObject = fso.OpenTextFile(unattendFile, 1) strContents = unattendFileObject.ReadAll

strContents = Replace(strContents, "%OU%", OU) strContents = Replace(strContents, "%COMPUTERNAME%", computerName) unattendFileObject.Close

'Write the updated contents back to the unattend file Set unattendFileObject = fso.OpenTextFile(unattendFile, 2) unattendFileObject.Write(strContents) unattendFileObject.Close

End If

Sample Image Unattend File
The following is a sample image unattend file.
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize">

45

<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <UnsecureJoin>false</UnsecureJoin> <MachineObjectOU>%OU%</MachineObjectOU> <Credentials> <Domain>MyDomain</Domain> <Username>MyUserName</Username> <Password>MyPassword</Password> </Credentials> <JoinDomain>%MACHINEDOMAIN%</JoinDomain> </Identification> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ComputerName>%COMPUTERNAME%</ComputerName> </component> </settings> </unattend>

Sample WinPESHL.ini File
[LaunchApps] "%SYSTEMROOT%\system32\cscript.exe","%SYSTEMDRIVE%\sources\domainOU.vbs"

Managing a Complex Environment
This topic addresses difficulties that may be arise in complex environments — for example, where Windows Deployment Services is used in an environment with many servers, Remote Installation Services (RIS) servers, network hops, and so on.

46

In This Topic
• • • • Managing a Server Remotely Avoiding IP Address Conflicts Testing Technologies by Using Virtual Computers Versions of the Management Tools to Use with RIS and Windows Deployment Services Note When performing Pre-Boot Execution Environment (PXE) referrals in an environment that includes Windows Deployment Services and RIS, the Windows Deployment Services server must answer PXE requests and perform referrals. If a RIS server attempts to refer a client computer to a Windows Deployment Services server that is running in Mixed mode or Native mode, the client computer will receive an incorrect network boot program, which may cause the client to fail to boot.

Managing a Server Remotely
In addition to running Windows Deployment Services locally, you can also manage Windows Deployment Services remotely using the following methods.
Method Explanation

Managing from another Windows Deployment Services server

To do this, you must specify which server you want to manage. You can do this in either of the following ways: • Using the Windows Deployment Services MMC snap-in. First you must add the server to the console. To do this, rightclick the Servers node and then click Add Server. Next, type the name of the server you want to add, or select it in the list. The server will be added to the left pane in the console, and you can perform any task by selecting it just as you would select the local server. • Using WDSUTIL. To specify a remote server to run a WDSUTIL command, append /Server:<name> to the command. For example: WDSUTIL /Add-Image /ImageFile:C:\images\capture.wim /Server:MY-WDS-02 /ImageType:Boot

Managing from a remote server that is running

To do this, you can install Remote Server 47

Method

Explanation

Windows Server 2008 (but not Windows Deployment Services)

Administration Tools, which will install WDSUTIL and the Windows Deployment Services MMC snap-in on the server. To install Remote Server Administration Tools, open Server Manager, right-click the Features node, click Add Features, and then click Remote Server Administration Tools. Next click Role Administration Tools, and then click Windows Deployment Services Tools. You can also manage the server by using PsExec. For example: psexec \<servername> \wdsutil /get-device /id:<GUID> For information about using PsExec, see http://go.microsoft.com/fwlink/?LinkId=110605.

Using PsExec

Avoiding IP Address Conflicts
When two servers select the same multicast IP address to send content to, content intended for clients of either server can be routed to all clients. This causes unnecessary network traffic. Note also that this is particularly harmful if the servers are connected by a low-bandwidth connection (such as a wide area network (WAN) link), because both sets of content will be sent over this connection. The following are preventive measures that you should take to avoid this situation: • Use a Multicast Address Dynamic Client Allocation Protocol (MADCAP) server to allocate multicast IP addresses. This will prevent addresses from being assigned twice. • Configure a static range for each server, making sure that this range does not overlap with the ranges defined for other servers. • Lower the multicast Time-To-Live (TTL) setting to prevent the routers from forwarding multicast traffic outside the site network. You can also configure your border router not to forward multicast traffic. To modify these options, right-click the server in the MMC snap-in, click Properties, and then click the Network Settings tab.

Testing Technologies by Using Virtual Computers
Before introducing a new technology to a production environment, you may want to test the technology on virtual computers. Windows Deployment Services should work on virtual computers, but note that the performance will often be degraded, particularly during the Trivial File Transfer Protocol (TFTP) download phase. This phase is very resource-intensive and may fail if insufficient resources are available on the host computer. Also, performing a PXE boot on a 48

that there are some restrictions regarding which versions of the tools will work on which server versions. you should use RISETUP (II). RIPREP (II). WDSUTIL (II).virtual computer or virtual server can take 20 minutes or longer when you are using Windows Deployment Services. Servers running RIS on Windows Server 2003 Servers running Windows Deployment Services on Windows Server 2003 Servers running Windows Deployment Services on Windows Server 2008 Tools that you should use X • RISETUP (I) 49 . and each of them has a different set of management tools. and WDSMMC (II) Note You cannot manage a Windows Deployment Services server running Windows Server 2008 from a Windows Deployment Services server running Windows Server 2003. For example. Note that I indicates version 1. and II indicates version 2. The following table lists the seven possible configurations and the versions of the tools that you should use with each environment. however. Note. see the sixth row in the table: if you have servers running the 2003 and 2008 versions of Windows Deployment Services. The following table lists these server configurations and the versions of the management tools that are included for each of them. we recommend that you use a discover image instead of PXE in the BIOS of the virtual computer. Essentially. you should use the latest available version of each tool. Versions of the Management Tools to Use with RIS and Windows Deployment Services There are three server configurations that you may need to manage in a production environment. Tool and operating system Management tools Remote Installation Services servers running Windows Server 2003 Windows Deployment Services servers running Windows Server 2003 • • • • • • • • RISETUP (I) RIPREP (I) RISETUP (II) RIPREP (II) WDSUTIL (I) MMC snap-in (I) WDSUTIL (II) MMC snap-in (II) Windows Deployment Services servers running Windows Server 2008 The Windows Deployment Services management tools enable you to manage a remote server. To resolve this.

RISETUP (II) RIPREP (II) WDSUTIL (I) WDSMMC (I) RISETUP (I) RIPREP (I) WDSUTIL (II) WDSMMC (II) RISETUP (II) RIPREP (II) WDSUTIL (II) WDSMMC (II) RISETUP (II) RIPREP (II) WDSUTIL (II) WDSMMC (II) X X X X X X X X X 50 .Servers running RIS on Windows Server 2003 Servers running Windows Deployment Services on Windows Server 2003 Servers running Windows Deployment Services on Windows Server 2008 Tools that you should use • X RIPREP (I) • RISETUP (II) and RIPREP (II) to manage any RIS functionality (Legacy/Mixed mode) • WDSUTIL (I) and WDSMMC (I) to manage any WDS functionality X • • • • • • • • • • • • • • • • • • WDSUTIL (II) WDSMMC (II).

techniques. this may mean getting multiple drives and configuring them using Redundant Array of Independent Drives (RAID) configuration. see Performance and Scalability Expectations). see Analyzing Performance Problems. such as issues with network and server performance. • Ensure that there is sufficient memory on the server to handle the demands. We recommend at least Cat 5 or Cat 5e is recommended throughout the physical network.Optimizing Performance This chapter includes guidelines. this may mean investing in a hardware RAID array.200 RPM or faster. (for details about how to evaluate whether this solution is worthwhile for you. 51 . this may mean getting a Serial Advanced Technology Attachment (SATA) drive that spins at 7. 1-GB back end to the server). On small-scale solutions. Among other useful information. Best Practices for Avoiding Performance and Scalability Problems The following are best practices that you can use: • Ensure that the network interface between the server and client has sufficient bandwidth. • Ensure that the disk that contains the RemoteInstall folder has enough throughput to meet the client demand. This may mean upgrading a server from 32-bit (x86) to 64-bit (x64). • Use high-quality Ethernet cabling. The disk volume that contains RemoteInstall should be separate from the system volume. and reliability. scalability. Consider gigabit network adapters on the physical server with Category 5e (Cat 5e) cabling to a switch that can handle a GB back-plane connection. On large-scale solutions. Keep network latency to a minimum to optimize TFTP transfers. • • • Use network switches. In This Topic • • • Best Practices for Avoiding Performance and Scalability Problems Configuring the Server for Performance and Scalability Performance and Scalability Expectations • • Unicasting Multicasting For information about analyzing blockages during an installation. you will find techniques to identify blockages in your deployment. and best practices to maximize performance. Partition network segments to distribute the load across multiple servers. On midscale solutions. Do not use a hub. with 100-MB ports on the front-plane (100 MB-clients.

disk speed. If the server has a lot of processes or services that are running. 52 . Typical installations using the standard Windows Vista image took around 20 minutes from first client boot to desktop. network speed. A key benefit of using Windows Deployment Services is the ability to deploy to several clients simultaneously. while keeping the installation time under an hour (regardless of the server RAM. in turn. or processor speed). and disk speed on the client affect the installation times. Configuring the Server for Performance and Scalability Performance is the speed of a single client installation. it is possible to cache an entire image into memory. A blockage in the client computer's disk may keep it from achieving the shortest possible installation times. you may need more RAM. • • Unicasting Multicasting Unicasting The following table outlines the hardware configurations of the servers that were used during these scalability tests. Windows Deployment Services performs best using a 1-GB-persecond network adapter. 3. a server with a 100-MB-per-second network adapter could perform a maximum of 10 simultaneous installations. As expected. The install image must be read from the disk at least once. RAM on the server. many factors influence the solution's ability to scale. and a faster disk speed can accelerate this process. 2. Disk speed on the client. Performance and Scalability Expectations This section outlines the approximate amounts of time that elapsed during the image apply and TFTP download phases. speeds up the process. but the most important ones are the following (in order from most to least influential): 1. Windows Deployment Services performs on par with a network-based installation from a file share. factors such as image size. This reduces the number of disk read/write operations and.• Ensure that there is enough processor bandwidth on the server to handle the demands. you may need to distribute the processes and services or upgrade the server’s processor. By contrast. In tests. a highend server with a 1-GB-per-second network adapter could install Windows images on 75 simultaneous clients in 45 minutes. If several different images are being deployed concurrently. Again. Network bandwidth. Disk speed on the server. 4. If the computer has enough available memory. In tests. Disk speed is another factor that can slow down deployments (even when you have the maximum amount of RAM).

400-RPM disk interface Middle 100-MB network adapter • • Single-processor x86 2 GB of RAM • 7. Time elapsed during the image apply phase This table shows the approximate time (in minutes) from start to finish that it took for all of the clients to apply an install image. Number of clients Low-end Mid-range High-end 1 10 25 50 75 25 61 125 235 355 25 55 117 220 330 25 25 25 35 45 Time elapsed during the TFTP download phase The following table shows the time (in seconds) it took to download Boot.200-RPM disk interface High-end 1-GB network adapter • • Dual-processor x64 4 GB of RAM • 10.wim using TFTP.Server type Network interface card Hardware configuration Low-end 100-MB network adapter • • Single-processor x86 1 GB of RAM • 5. Number of clients Low-end Mid-range High-end 1 10 25 70 210 450 55 145 360 40 75 120 53 . which was connected to 100-MB switches that supported a GB back-plane configuration.000-RPM disk interface Note Network configuration for the high-end server involved connecting the server’s GB network adapter to a GB switch.

000 16.140 85 125 Multicasting Microsoft performed tests to compare the installation times of multicast and unicast transmissions using the same hardware.000 32. The times are cumulative for the total number of clients simultaneously downloading the same boot image.410 180 267 118 171 92 126 1. The size of the boot image was approximately 128 MB. The following table outlines the configurations of the servers and clients that were used during these tests.000 GB GB 100 MB 50 75 75 270 422 1. and image set. and the size of the install image was approximately 1. Network adapter Number of clients Default 4.32 GB. software.67 Ghz 8 GB of RAM • 64-bit version of Windows Server 2008 Client 100 megabits network adapter • Varied but capable of installing the x86-based version of Windows Vista • Multicast Installation 54 .000 8.Number of clients Low-end Mid-range High-end 50 75 910 1515 805 1400 270 420 Time elapsed when the TFTP block was increased The following table shows the effect on time (in seconds) of changing the default TFTP block size. Network interface card Hardware configuration Operating system Server 1-Gbps network adapter • Dual Xenon processor 5150 • • 2. Note that the out-of-box experience (OOBE) and logon were automated by using an unattend file. The boot and install images were taken from an x86-based version of Windows Server 2008.

25 clients 100 clients 300 clients Restart computer and start clock. :22 Restart computer and start clock. :20 :58 2:40 7:13 3:14 4:38 8:29 55 . :23 1:02 2:40 7:16 3:04 3:55 8:18 6:06 7:54 12:30 19:47 22:40 27:40 Unicast Installation SMB 25 clients SMB 100 clients SMB 300 clients Restart computer and start clock. Time when the first client started download of boot image using TFTP Time when the last client finished download of boot image using TFTP Time when the first client started image transfer using unicast/SMB :21 Restart computer and start clock. Time when the first client started download of boot image using TFTP Time when the last client finishes download of boot image using TFTP Time when the first client started the multicast transfer Time when the last client finished the multicast transfer Total amount of time until the last client reached the desktop :23 Restart computer and start clock. :21 Restart computer and start clock.

You can install: • • Both the Deployment Server and Transport Server role services (default) Only the Transport Server role service The second configuration is for advanced scenarios. or Domain name system (DHCP). 56 . or both. Domain Name System (DNS). No Security Hashing (default) Signing Start of multicast transfer of the install image to the client End of multicast transfer of the install image to the client Percentage of CPU used during the multicast transfer Clock started Clock started Clock started 2:19 2:27 31:05 ~5% ~11% ~25% Using Transport Server You have two options when installing the Windows Deployment Services role in Windows Server 2008. and the percentage of the CPU used for the multicast transfer. Note that Transport Server does not contain or support the Windows Deployment Services image store. You can configure Transport Server to enable you to boot from the network using PreBoot Execution Environment (PXE) and Trivial File Transfer Protocol (TFTP). depending on the level of security that was enabled during the test. a multicast server. such as environments without Active Directory Domain Services (AD DS). This test involved 25 client computers.SMB 25 clients SMB 100 clients SMB 300 clients Time when the last client started image transfer using unicast/SMB Total amount of time until the last client reached the desktop 13:36 38:15 1:47:58 20:59 45:37 1:55:15 Testing of Security Options with Multicast The following table lists the times for the start and end of the multicast transfer of the install image.

In general. or if you have a custom PXE provider. Does not include the Windows Deployment Services image server. Deployment Server enables the end-to-end Windows Deployment Services deployment solution.exe How to perform common tasks Comparison of Deployment Server and Transport Server The following table compares these two installation options. and Dynamic Name Services (DNS) in the environment. Supports PXE boot with the default PXE provider. PXE Supports PXE boot using the default PXE provider. Image server Transmission method Management tools Is managed using either the Is managed only by the Windows Deployment Services WDSUTIL command-line tool. Uses the Windows Deployment Services client (which is basically Setup. Application on the client computer 57 . Transport Server is a platform that you can use to create a custom multicast deployment solution. Does not require other servers in the environment.exe and supporting files).In This Topic • • • • Comparison of Deployment Server and Transport Server Configuring Transport Server Using a Transport Server to Boot from the Network Using a Transport Server for Multicast • • • How to create a namespace with Transport Server How to join a client computer to a namespace using Wdsmcast. Dynamic Host Configuration Protocol (DHCP). Includes the Windows Deployment Services image server. Wdsmcast. MMC snap-in or the WDSUTIL command-line tool. Deployment Server Transport Server Server requirements Requires AD DS.exe or custom application. Allows both unicasting and multicasting.exe (which is Uses only Wdsmcast. Allows only multicasting.

The yellow parts are installed with the Deployment Server only. However. Note that each Windows Deployment Services server will have the same default range. specify static ranges that do not overlap to ensure that each server is using a unique IP address. the following configurations are optional. run WDSUTIL /Set-TransportServer /ObtainIPv4From:DHCP at an elevated command prompt. The grey parts are not installed with either. or another solution). Configuring Transport Server Transport Server does not require any configuration. 58 . and then run net start wdsserver. Otherwise. you may encounter excessive traffic when you enable multicasting. The server architectures are illustrated in the following diagram. To work around this issue. you must restart the WDSServer service to apply the changes (at an elevated command prompt. but can be written using guidelines in the Windows SDK. Deployment Server. or a custom multicast application. After configuring any of these settings.) • Configure how to obtain IP addresses. or configure each of the servers to obtain multicast addresses from a Multicast Address Dynamic Client Allocation Protocol (MADCAP) server.Deployment Server Transport Server included in the Windows AIK). • To use MADCAP for IP addresses. run net stop wdsserver. If multiple servers are using multicast functionality on a network (Transport Server. it is important that each server is configured so that the multicast IP addresses do not collide. The blue parts are installed with Transport Server and the Deployment Server.

run WDSUTIL /Set-TransportServer /ObtainIPv4From:Range /Start:<start Ipv4 Address> /End:<end Ipv4 Address> at an elevated command prompt. Using a Transport Server to Boot from the Network A PXE server consists of two parts: a PXE listener that accepts incoming traffic.vhd image).• To defined range for IP addresses. the transport cache size. You should use the custom profile even if you only want to change one setting. Caution To modify the registry settings that are described in this guide. run WDSUTIL /Set-TransportServer [/Server:<name>] /Profile:{10Mbps|100Mbps|1Gbps| Custom} at an elevated command prompt. The content provider (installed with both Transport Server and Deployment Server) can be used to transfer any file. In order to use Transport Server to boot a computer from the network.wim format. and register the provider with Windows Deployment Services. It also has specific knowledge of the . To do this. Specify Custom if you want to customize the settings yourself by editing the registry. which it uses to transfer images while other images are added to the image group. See the Windows Server 2008 SDK for guidelines and samples for authoring and registering the provider. You can create a custom content provider for cases where the default provider is not sufficient (for example when using Transport Server to deploy an operating system from inside a . run WDSUTIL /Set-TransportServer [/Server:<name>] /StartPort:x /EndPort:y at an elevated command prompt. and a PXE provider that determines how best to respond to it. The network profile specifies the network speed of the Transport Server. Using a Transport Server for Multicasting The multicast server in Windows Deployment Services also has two parts – the multicast provider (which transmits data over the network) and the content provider (which understands the data and passes it to the multicast provider). use only the Windows Deployment Services management tools—you should not directly edit these settings and attributes. you will need to write a custom PXE provider. You should not modify the other profiles that are provided. • Set the network profile. and the block size). You can view the profiles at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\ Multicast\Profiles. as documented in the Windows Server 2008 Software Development Kit (SDK). • Set the UDP port range. Transport Server contains only the PXE listener. To set the profile. 59 . Each profile contains settings to optimize performance for the specified speed (such as the maximum transport window size.

multicast packets are treated as broadcast packets. • Routers. configuration settings (for example.How to create a namespace with Transport Server Transport Server transmits data by using multicast functionality through an object called a namespace. Namespace types There are two types of multicast namespace: • Auto-Cast. The Windows Deployment Services content provider knows how to find any file within a folder. Without the IGMP. A namespace consists of content to transfer (determined by the content provider with a configuration string). In this section: • • • Prerequisites for creating a namespace Namespace types To create a namespace Prerequisites for creating a namespace To create a namespace with Transport Server. as other clients request the data. A namespace is analogous to a multicast transmission used by Deployment Server. • A way to boot clients. Scheduled-Cast or Auto-Cast). data files. new clients will not be able to join the namespace. • Data to transmit. or an MP3 archive). This option sets the start criteria for the namespace. based on the number of clients that are requesting the data and/or a specific day and time. you need the following: • A content provider. In particular. This option indicates that as soon as a client requests the data. You can transmit any data that your content provider knows how to find (for example operating system images. If it is imperative that clients be able to join a namespace that is already in progress. • Familiarity with WDSUTIL. they too are joined to the namespace that has already started. The only way to manage Transport Server is through the WDSUSTIL command-line tool. Then. The routers in your environment must support multicasting. This is because Transport Server does not include a PXE provider (such as BINLSVC). use an Auto-Cast namespace. 60 . and the names of connected clients. a multicast namespace begins. which can lead to network flooding. Or you can create your own content provider by using the tools in the Windows Server 2008 SDK. • Scheduled-Cast. You can use the Windows Deployment Services content provider (named WDS) that is included when you install Transport Server. your network infrastructure needs to support the Internet Group Management Protocol (IGMP) to properly forward multicast traffic. After a Schedule-Cast namespace has been started.

exe. Boot the client computer to the image (from a CD. Therefore. Mount the image by using Imagex. To join a namespace by using Wdsmcast. • To create a Scheduled-Cast namespace Syntax: WDSUTIL /New-Namespace [/Server:<server name>] /Namespace:<namespace name> /FriendlyName:<friendly name> [/Description:<description>] /ContentProvider:<name> /ConfigString:<config string> /NamespaceType:ScheduledCast [/Time:<YYYY/MM/DD:hh:mm>] [/Clients:<number of clients>] For example: WDSUTIL /New-Namespace /Server:MyWDSServer /FriendlyName:"Custom Scheduled Namespace" /Namespace:"Custom Scheduled 1" /ContentProvider:WDS /ConfigString:D:\Images /NamespaceType:ScheduledCast /Time:"2006/11/20:17:00" /Clients:20 • To create an Auto-Cast namespace Syntax: WDSUTIL /New-Namespace [/Server:<server>] /Namespace:<namespace name> /FriendlyName:<friendly name> [/Description:<description>] /ContentProvider:<name> /ConfigString:<config string> /NamespaceType:AutoCast For example: WDSUTIL /New-Namespace /FriendlyName:"Custom AutoCast Namespace" /Namespace:"Custom Auto 1" /ContentProvider:WDS /ConfigString:D:\Images /NamespaceType:AutoCast How to join a client computer to a namespace by using Wdsmcast. see the Windows Server 2008 SDK. see the following procedure. You can do this by using the APIs of the Windows Deployment Services transport client. see Options.exe The Windows Deployment Services client user interface will not work with Transport Server.exe 1. • Use a custom deployment client.exe into the System32 folder in the image. and then copy the Wdsmcast. For instructions on how to do this. or USB drive. 2.exe. to connect a client to a namespace. 61 . You can download the Windows AIK at http://go. This is a command-line utility you can use to connect to any namespace or multicast transmission that uses the Windows Deployment Services content provider.microsoft. DVD.com/fwlink/?LinkID=54863. you have two options: • Use Wdsmcast. or by using the PXE capability in Transport Server). For more information about each parameter.To create a namespace You can create Scheduled-Cast and Auto-Cast namespaces. which is included in the Windows Automated Installation Kit (AIK). You will need to create a custom client if you are using a custom content provider. For more information about this.

The name of the namespace. This is not the "friendly" name. /DestinationFile:<file path> 62 . relative to the root folder of the content provider (for example. These can be either in the format Domain\User or the format User@Domain. the path is relative to the ConfigString folder). 4. and it must be unique. run a command with the following syntax (the following table explains these options): WDSMCAST /Transfer-File /Server:<server name> /Namespace:<namespace name> /Username:<domain and user name> [/Password:<password>] /SourceFile:<file path> /DestinationFile:<file path> Syntax: Option Description /Server:<server name> The name of the Windows Deployment Services server. For example: WDS:ImageGroup1/install. Note When using this option with Deployment Server. if you are using the Windows Deployment Services content provider (named WDS). The password for the user. The path to the file to be transferred. If this is not specified. This can be either the NetBIOS name or the fully qualified domain name (FQDN). the name of the local server will be used.3. the syntax is as follows: /Namespace:WDS:<ImageGroup>/<ImageName>/<Index>.wim/1 Note To view all namespaces that currently exist on the server. you will be prompted to enter it. If the server name is not specified. The complete file path and name for the destination file. This value should match the name given when creating the namespace on the server. From the client computer. /Namespace:<namespace name> /Username:<domain and user name> [/Password:<password>] /SourceFile:<file path> The domain name and user name to connect to the server. Start Microsoft Windows Preinstallation Environment (Windows PE) networking by running WPEINIT on the client computer. run WDSUTIL /get-allnamespaces.

• To start the transmission. computer name. speed. and there must be at least one client that has requested the transmission of data. Syntax: WDSUTIL /Start-Namespace /Namespace:<name> • To display information for the clients that are connected to a namespace (for example. To start a transmission. Although the Windows Deployment Services client will fall back to SMB transfer. and percent complete) Syntax: WDSUTIL /Get-Namespace /Namespace:<name> /Show:Clients • To remove a namespace Syntax: WDSUTIL /Remove-Namespace [/Server:<server name>] /Namespace:<namespace name> [/Force] For example: • • To remove the namespace after current client downloads are complete. MAC address. Syntax: WDSUTIL /Disconnect-Client /ClientID:<id> • • To view the client <id> for each namespace To view all clients connected to all namespaces on the server Syntax: WDSUTIL /Get-Namespace /Namespace:<name> /show:clients Syntax: WDSUTIL /Get-AllNamespaces 63 . • To discontinue the download for a client but continue to transfer the image through another method (such as SMB copy).exe does not support any fallback mechanism. run: WDSUTIL /Remove-Namespace /Namespace:"Custom Auto 1" WDSUTIL /Remove-Namespace /Server:MyWDSServer /Namespace:"Custom Auto 1" /Force • To stop a client installation completely Syntax: WDSUTIL /Disconnect-Client /ClientID:<id> /Force Important You should use this option with caution because the installation will fail and the computer could be left in an unusable state. note that Wdsmcast. For more information about each parameter. see Options.How to perform common tasks The following are the most commonly used commands with Transport Server. run: To remove the namespace immediately and stop any current client downloads. the transmission must be a Scheduled-Cast namespace. The client will fall back to another method of transfer only if the client implementation supports this behavior. IP address.

The configuration string for the content provider. This can be either the NetBIOS name or the FQDN. and it must be unique. This path can be anywhere on the server. the name of the local server will be used. If the server name is not specified. If you are using the Windows Deployment Services content provider. Note that this name does not need to be unique.wim/1 Note To view all namespaces that currently exist on the server. A short description of the namespace. Option Description /Server:<server name> The name of the Windows Deployment Services server. Note When using this option with Deployment Server. If you are using the Windows Deployment Services content provider (WDS). The name of the namespace. The type of namespace to be created. Note that this is not the "friendly" name. run WDSUTIL /get-allnamespaces. /Namespace:<Namespace name> /FriendlyName:<friendly name> /Description:<description> /ContentProvider:<name> The friendly name of the namespace. For example: WDS:ImageGroup1/install. The time on the server when the namespace will start (note that you can set this option only for Scheduled-Cast transmissions). The name of the content provider that supplies data to the multicast server. specify WDS. specify the path to the folder where content is stored (for example.Options The options in the following table apply to the sections "Creating a namespace with Transport Server" and "Using common commands" earlier in this chapter. the syntax is as follows: /Namespace:WDS:<ImageGroup>/<ImageName>/<Index >. The number of clients to wait for before the namespace will start 64 /ConfigString:<config string> /NamespaceType: {AutoCast| ScheduledCast} / Time:<YYYY/MM/DD:hh:mm > /Clients:<Num of Clients> . This value should match the name given when creating the namespace on the server. D:\Photos\Landscapes).

Option

Description

(note that you can set this option only for Scheduled-Cast transmissions). /Force An option that deletes the transmission, even if there are current client installations. If you do not specify /Force, the transmission will be in the Delete Pending state, meaning that the transmission will be removed after clients' downloads are completed.

Performing Unattended Installations
You can configure the entire deployment process using Windows Deployment Services to be without user interaction. To do this, you will need to automate the PXE boot, the selection of a boot image, and Setup. • • • • • • Automating the PXE Boot Automating Setup Automating the Domain Join and Computer Naming Automating the Image Capture Wizard Advanced Unattended Installation Scenarios Sample Unattend Files

Automating the PXE Boot
In This Topic
• • • Overview Avoiding a Boot Loop Automating the Selection of the Boot Image

Overview
Settings for automating Pre-Boot Execution Environment (PXE) boots are contained both within and outside of Windows Deployment Services. First, you must configure the client computer to perform PXE boots automatically. You can do this by modifying the boot order in the computer’s firmware (BIOS or Extensible Firmware Interface (EFI)) or by disabling any active partitions before booting.

65

• If there are active partitions, the option to boot from the network must be higher in the boot sequence than the hard disk drive. Important This configuration is susceptible to a boot loop, a condition that causes a computer to always boot from the network, and never from the hard disk drive. For more details, see Avoiding a Boot Loop. • If there are no active partitions, the computer will be unable to boot from the hard disk drive, and it will proceed to the next boot item in the boot order. As such, we recommend that you include the option to boot from the hard disk drive before the option to boot from the network (to avoid a boot loop). Second, the network boot program (NBP) that is downloaded by the client computer must automatically continue the boot process without user interaction (for example, by pressing F12). You can configure this by doing one of the following: • Specifying the default NBP of the server (per architecture) so that all clients receive the *.N12 boot program. • Specifying the boot program for a particular client so that only that client receives the *.N12 boot program. • Setting the AllowN12ForNewClients option and then booting a computer that is not prestaged. Note There are not multiple NBPs for EFI computers; a single program handles all boot cases. Therefore, you must configure this setting within the EFI shell. For a list of the NBPs, see the "List of NBPs" section in Managing Network Boot Programs.

Avoiding a Boot Loop
When implementing a fully automated experience of booting from the network, it is often necessary to do the following: • • Set the network as the first item in the client’s BIOS boot order. Send a specific client an .N12 NBP.

If you combine these two configurations, the client will automatically boot from the network without requiring user intervention, and the computer will end up in a circular loop (always booting from the network and never booting from the hard disk drive). The following are best practices that you can use to avoid a boot loop: • Always configure the hard disk drive as a higher priority than the network. To enable a computer that already has an operating system installed to boot automatically from the network (for example, when reprovisioning a computer), disable any active partitions before rebooting the computer to initiate the PXE boot. • For prestaged computers that are configured to boot from the network before booting from the hard disk drive, toggle the BootProgram value between *.N12 and 66

*.COM to control the automatic PXE boot behavior. For example, set it to boot\x86\pxeboot.n12 when you want to boot the computer from the network, and set it to boot\x86\abortpxe.com when you want to boot from the hard disk drive. For instructions on how to do this, see How to Manage Client Computers. • For nonprestaged computers that are configured to boot from the network before booting from the hard disk drive, set the server default NBP to *.COM and configure the AllowN12ForNewClients option. This will prevent a boot loop if both of the following are true: the booting client will perform an operating system installation by using Windows Deployment Services, and the client computer is configured to join a domain, which is the default.

Example Boot Loop
Consider the following situation. Computer A has been configured with the following boot order: 1. CD-ROM 2. Network 3. Hard disk On the Windows Deployment Services server, the default NBP setting for x86-based computers is boot\x86\pxeboot.n12, which is an NBP that does not require pressing F12 to boot from the network. The following sequence of events will result in a boot loop: 1. The computer is turned on. 2. Assuming there is not a bootable CD, the computer boots from the network, downloads Windows PE from the Windows Deployment Services server, and proceeds through the user interface of the Windows Deployment Services client. 3. The image installation to the hard disk drive begins. 4. After the image is applied, the computer reboots. The boot order sequence still specifies the network as a higher priority than the hard disk drive. And, the NBP received by the client is still *.N12, which causes the computer to continue the process of booting from the network. As a result, the image that was just applied to the hard disk drive will never be booted.

Automating the Selection of the Boot Image
Windows Deployment Services displays a menu that enables users to select a boot image. This menu is always automated, and when there are multiple boot images, one will be selected by default when the time-out value expires (which is configurable by using the Bcdedit tool). However, if there is only one boot image available to the client computer, it will be selected immediately. For more information about the boot menu, see Managing the Boot Menu. Because the boot menu selection does not require any user action, the only configuration task that you need to complete is to ensure that clients are directed to the correct default boot image. There are two methods for doing this:

67

• Configure the default boot image at the server level. This setting would apply to all clients (of a particular architecture) that connect to the server. This option works for both prestaged and unknown computers. • Configure the default boot image for a client by running the command WDSUTIL /SetDevice /Device:<name> /BootImagePath:<path>, where <path> is the relative path to the desired boot image from the RemoteInstall folder. This option works only for prestaged computers.

Automating Setup
For step-by-step instructions, see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008.

In This Topic
• • • Overview Automating the User Interface Screens of the Windows Deployment Services client Automating the Remaining Phases of Setup

Overview
Unattended installations can be complicated. This chapter presents key points that you should understand and remember when you are automating Setup for Windows Deployment Services. Specifically, you should keep the following in mind: • There are two unattend files used during Windows Deployment Services installations. One of the unattend files automates the Windows Deployment Services client user interface (UI) screens, and the other one automates the remaining phases of setup. • Windows Deployment Services client unattend file. This file uses the Unattend.xml format and is stored on the Windows Deployment Services server in the C:\RemoteInstall\WDSClientUnattend folder. It is used to automate the Windows Deployment Services client user interface screens (such as the screens for entering credentials, choosing an install image, and configuring the disk). For more information, see Automating the Windows Deployment Services client later in this topic. • Image unattend file. This file uses either the Unattend.xml or Sysprep.inf format, depending on the version of the operating system in the image. It is stored in a subfolder (either $OEM$ structure or \Unattend) in the per-image folder. It is used to automate the remaining phases of setup (for example, offline servicing, specialize pass with Sysprep, and Mini-Setup). For more information, see Automating the Remaining Phases of Setup later in this topic. Two unattend files are necessary because the Windows Deployment Services client can deploy two image types: Windows Vista and Windows Server 2008 images that support the 68

exe with the /unattend:<unattend file> option. which do not support the Unattend. Automating the User Interface Screens of the Windows Deployment Services client The Windows Deployment Services client (which is basically Windows Vista Setup. Unattend.exe is running in Windows Deployment Services mode. For precedence information. In addition. there is not always a 1:1 mapping relationship between a particular setting and a UI screen. see Advanced Unattended Installation Scenarios. unless at least one of the following is true: • You have configured command-line precedence and are using an unattend file that was passed to Setup through the command line. As a result. To completely automate the UI screens. this is not easy to figure out because of the Unattend. you must pass an unattend file to Setup. see Advanced Unattended Installation Scenarios. To do this.xml format.xml format.Unattend.xml format. and the client is not configured to join a domain. nor will it pass on the client unattend file for further processing after the image is applied.exe and supporting files) uses the Unattend. Some of the settings in Unattend. • Windows Deployment Services supports implicit unattend searching and can be used in conjunction with AutoUnattend. not all of the settings that are necessary to automate the UI screens for the Windows Deployment Services client are grouped within the file. For precedence information. 69 .xml that are processed by the Windows Deployment Services client are identical in syntax and form to other sections supported by Windows Vista Setup. Other settings are specific to Windows Deployment Services (these reside in the WindowsDeploymentServices section) and are processed only when Setup. For more information about implicit search paths. • You do not have an image unattend file. It will not process settings in any other sections of that file. For example. and Windows XP and Windows Server 2003 images. and you must configure the command-line unattend precedence appropriately. We recommend that you use Windows System Image Manager (Windows SIM) to author the Windows Deployment Services client unattend file because it abstracts the format of the unattend file and makes for a simplified authoring experience.com/fwlink/?LinkId=96016). see “Methods of Running Windows Setup” in the Windows AIK documentation (http://go. • The Windows Deployment Services client processes only settings in the Windows PE section of the unattend file. Unfortunately.xml is organized by the phases of unattend setting processing.xml.xml design. the DiskConfiguration setting used by the Windows Deployment Services client is identical to the DiskConfiguration section used by Setup. • It is possible to use a single unattend file throughout the entire installation process. you must specify settings that correspond to each screen.microsoft.

the welcome page will be displayed if the credentials page <WillShowUI> 70 Welcome and keyboard selection page Microsoft-WindowsInputLocale International-Core-Windows PE . For examples. a default will be chosen based on UILanguage. see the Step-byStep Guide for Windows Deployment Services in Windows Server 2008. Unattend File Settings The settings in the following table must be specified in the Windows Deployment Services client unattend file to completely automate the client experience. UI page Component Unattend setting Explanation Languageneutral page Microsoft-WindowsSetupUILanguage International-Core-Windows PE Specifies the language for the Windows Deployment Services client UI. You can give the file any name you want.xml file.com/fwlink/?LinkId=96016). Specifies the computer's input locale and the keyboard layout for the selected image.After authoring the unattend file by using Windows SIM. You can find the complete details of these settings in the Windows AIK documentation (http://go. For step-by-step instructions.microsoft. but it must be an . This setting is required only when the boot image has setup resources for multiple languages. If this setting is not specified. copy the file to the \WDSClientUnattend folder and then associate it with an image by using the management tools. see Sample Unattend Files. Even if <InputLocale> is properly configured not to display UI.

domain. Specifies the language for the selected image. If this setting is not specified or if the specified value does not match any of the available install languages.UI page Component Unattend setting Explanation value is set to Always. this setting does not apply and will cause an error (which causes the image selection page to appear). Credentials page Microsoft-Windows-Setup -> WindowsDeploymentServices -> Login Credentials Specifies the user name. Image selection page Microsoft-WindowsUILanguageFallback International-Core-Windows PE Specifies the language to be 71 Image selection page Image selection page Microsoft-Windows-Setup -> WindowsDeploymentServices InstallImage Microsoft-WindowsUILanguage International-Core-Windows PE . or Windows XP image. and password of an account with proper permissions to install the specified image. Specifies the image to be installed. the image selection page will be displayed. In those cases. Do not specify this value if InstallImage is a Windows Server 2003. Windows 2000.

You should author Sysprep. see Prestaging Client Computers. For examples of these setup tasks. • Unattend. You should author Unattend. For instructions 72 .xml for Windows Vista or by Sysprep.xml by using Windows SIM. see Sample Unattend Files.wim. all operating system installations using Windows Deployment Services result in a client computer that is joined to a domain. If a client computer is prestaged in Active Directly Domain Services (AD DS). Finally.xml file that you specify will be renamed ImageUnattend.xml.inf for earlier version of Windows.xml file would be copied to C:\RemoteInstall\Images\ImageGroup1\x86install\Unattend\ImageUnattend.UI page Component Unattend setting Explanation used if the computer's default UI language is only partially localized for the selected image. save it to a known location. associate the image unattend file by using the management tools. Automating the Domain Join and Computer Naming By default. For more information about prestaged computers.xml and copied to the <ImageName>\Unattend folder. Specifies the disk and partition to which the selected image is to be installed. The Unattend. the Unattend. if the image was named x86install. For example.xml. InstallTo Automating the Remaining Setup Phases The remaining phases of Setup are handled by Unattend.inf. the client will be joined to the domain as the prestaged computer.inf by using Setup Manager and then place it in the correct per-image unattend location. Disk configuration page Disk configuration page Microsoft-Windows-Setup -> DiskConfiguration Microsoft-Windows-Setup -> WindowsDeploymentServices -> ImageSelection Disk Specifies the disk configuration settings. and then associate the file with an image using the management tools. • Sysprep.

• For Windows XP and Windows Server 2003 images. a template unattend file will be used to pass domain join and computer naming information throughout the installation process. If a selected image does not have an associated image unattend file.exe. even if they are empty. and it must have (at a minimum) the [Networking] and [UserData] sections. If an image is associated with an image unattend file. the Microsoft-WindowsShell-Setup component for the <specialize> unattended pass must exist. • For Windows Vista or Windows Server 2008 images. even if it is empty. Specifically. for this to occur. this file exists within the image itself as \System32\WDSUnattendTemplate.on setting this option.inf into the offline image and then edit it as appropriate. This file is copied from the server into the offline image as C:\Sysprep\Sysprep. the domain join and computer name settings will be made directly to this file. If the image unattend file does not contain the proper formatting. the template file will be located offline on the disk.xml) must have the setting <UnsecureJoin>true</UnsecureJoin> in the Microsoft-Windows-UnattendedJoin component. this file exists in the \RemoteInstall\Templates\Sysprep. Windows Deployment Services will assume that you have chosen to override or avoid the domain join and computer name functionality and therefore will not edit the unattend file. After the image is applied. Therefore. after the image is applied. • For Windows XP and Windows Server 2003 images.inf.inf) must have the setting DoOldStyleDomainJoin=Yes.xml.inf folder on the server when the server is first initialized. Ensuring Proper Rights Domain join and computer naming require two sets of rights: 73 . you must properly the file correctly (see the Sample Unattend Files). this means as follows: • For Windows Vista or Windows Server 2008 images. Additionally. In This Topic • • • Creating Unattend Files Ensuring Proper Rights Ensuring Security Creating Unattend Files The domain join and computer naming processes use the image unattend file to pass data that is collected within Windows PE to the subsequent phases of Setup. see the "Prestage Computers" section in How to Manage Client Computers. The image unattend file in the $OEM$ structure (Sysprep. The image unattend file (ImageUnattend. However. Windows Deployment Services will copy the template Sysprep.

Specify the credentials for performing applied image). and the domain that you effectively mitigated with Windows Vista want to join the computer to. • Advantages: This method uses a simplified permissions model because a single account is used throughout the enterprise to perform all domain join operations. that enable a computer to join a domain: unsecure join and secure join. this shared computer password is a dynamically generated. However. The password is inserted into the ImageUnattend. Both of these methods are described in the following table. Shell-Setup component exists for the To implement an unsecure join. Ensuring Security For providing credentials in an unattend file. For images from an earlier version of Windows. shared computer password and enabling the computer to join a domain without credentials. set specialize phase. do the following to the time the computer account was reset the unattend file: (in Windows PE) and when the actual 1. • Disadvantages: Credentials are stored in plain text in the image unattend file. this shared computer password is the computer name. These rights can be further subdivided into two specific tasks: rights to reset the computer account. This particular attack is the domain join. Set UnsecureJoin = FALSE.xml file as the <ComputerPassword> setting. • Advantages: This method does not require placing unattend credentials in plain text in the unattend file.• Rights to create computer objects in AD DS (this is required if you are not using prestaged computer objects). For Windows Vista and Windows Server 2008 images. domain join occurs (on first boot of the 2.xml file in plain text. UnsecureJoin = TRUE and ensure that the Microsoft-Windows-Shell-Setup component exists for the specialize phase. in practice this method is actually less secure because the credentials reside in the ImageUnattend. Unsecure join Secure join This method involves resetting the computer account to a known. Ensure that the Microsoft-Windowsthe password is dynamically generated. Windows Deployment Services will retrieve the name of the prestaged account from 74 . During installation. Set the <ComputerName> value to %MACHINENAME%. 4. and rights to perform the domain join. strong password that is set by Windows Deployment Services. and password) before you can reset the account and perform the domain join. • Rights to perform the actual domain join. and Windows Server 2008 images because 3. All of this is covered in greater detail in Required Permissions. which is located on a shared folder on the Windows Deployment Services server. This method is secure in the sense that it requires credentials (user name. • Disadvantages: It is possible for a malicious user to join the domain between To implement a secure join. domain. there are two permissions methods.

If unattended mode is set to No but WDSCapture.Unsecure join Secure join AD DS and replace the %MACHINENAME % string with the actual computer name. 75 .inf Unattend File This section explains the format for WDSCapture. • [Capture]. Automating the Image Capture Wizard The Image Capture Wizard will run in unattended mode when the WDSCapture. Contains all of the capture settings for the Image Capture Wizard.inf files. as described in the following table.inf exists and has settings defined. those settings will be used to create the wizard's dialog boxes.exe file (that is. and Unattended=Yes is specified in the file. Creating a WDSCapture. X:\Windows\System32 within the image).inf file exists in the same folder as the WDSCapture.

If this setting is not specified. \Windows.wim file to which the image is to be captured. the version of the operating system and installed languages) that is added to the . • Yes. and uses values in the file to prepopulate the user interface.wim during the capture. and \i386 will be tried.) Specifies the value to be set as the description within the image metadata. This will be the image name as displayed in the Windows Deployment Services management tools and the user interface of the Windows Deployment Services client. For example: c:\ Specifies the value to be set as the image name within the image metadata. \Winnt. The Image Capture Wizard must locate the system root to extract the data needed to form the metadata (for example. The name of the system root folder. All unattend settings are read out of this file. and suppresses all popups and user interface elements.exe and supporting files. • No. This will be the image name as displayed in the Windows Deployment Services management tools and the user interface of the Windows Deployment Services client. Specifies the full path and name of the . (The Windows Deployment Services client is basically Setup. ImageName ImageDescription DestinationFile SystemRoot 76 . Specifies that the wizard is not in unattend mode. back slash. colon. VolumeToCapture Specifies the volume that is holding the Windows installation to be captured. Specifies that the wizard is in unattend mode.Setting Description Unattended=Yes|No Specifies whether the wizard should be in unattend mode. This setting must be in the following format: drive letter.

wim file (for example. If a . if file resources in another image already exist in the . you will receive an error. otherwise. By default. • Append. The image name specified must be unique within the . System Volume Information.wim file again. This setting often produces a much faster capture because when files from the current capture operation already reside in the . and %SYSTEMROOT%\CSC. The process will cause an error if a file with the same name already exists in the specified location.sys. hiberfil.Setting Description Overwrite=Yes|No|Append (Default=No) Designates whether the file specified in DestinationFile should be overwritten if a file with that name already exists in the specified location. pagefile. • Yes.wim file with the same name already exists. Defines the files and folders to be excluded from the capture.sys. RECYCLER.wim file). • [ExclusionList]. • [WDS]. Specifies to overwrite the existing file.wim file. winpepge.sys. the capture should be appended as a new image within the existing . 77 . the files are not copied into the .log.wim file. this section is populated with the following items: $ntfs. • No. Contains all of the Windows Deployment Services-specific unattend settings. Note that the %SYSTEMROOT% variable is replaced by the value specified in SystemRoot in the [Capture] section.

Setting Description UploadToWDSServer=Yes|No (Default=No) Specifies whether the resulting image should be added to a Windows Deployment Services server's image store.com. The name of the image group on the specified Windows Deployment Services server. Specifies the name of the Windows Deployment Services server. WDSServerName WDSImageGroup Username Password DeleteLocalWIMOnSuccess=Yes|No Specifies whether the local capture image (where the capture image was saved) will be deleted at the end of the process. all other settings under the [WDS] section will be ignored. Note We recommend that you enter credentials in the wizard user interface (UI). This name can take either of the following forms: domain\username or username@domain. If this value is set to No. Credentials specified in WDSCapture.wim that was appended to the existing image).inf are stored in plain text within the capture image. and there is no way to secure these credentials. This can be either a NetBIOS name or a fully qualified domain name (FQDN). 78 . You should be careful when using this option with the Overwrite=append option because the entire image will be deleted (not just the new . The user name to use when connecting to the specified Windows Deployment Services server. The password of the user account. assuming that the image is successfully uploaded to the Windows Deployment Services server.

sys "System Volume Information" RECYCLER winpepge.inf file: [Capture] Unattended=Yes VolumeToCapture=C:\ SystemRoot=Windows ImageName=”Windows Vista with Microsoft Office” ImageDescription=”Windows Vista image for the sales department. 79 .sys pagefile.Sample WDSCapture. Also contains Office 2007.inf Unattend File The following code is a sample WDSCapture.log hiberfil.sys %SYSTEMROOT%\CSC [WDS] UploadToWDSServer=Yes WDSServerName=MyWDSServer WDSImageGroup=ImageGroup1 Username=Contoso\WDSAdmin Password=Password1 DeleteLocalWimOnSuccess=No Advanced Unattended Installation Scenarios There are several advanced unattended installation scenarios that you can implement with Windows Deployment Services.” DestinationFile=C:\temp\VistaImageWIM Overwrite=No [ExclusionList] $ntfs.

exe in Windows Deployment Services mode.In This Topic • • • • Passing Unattend Files to Setup by Using the Command Line Using Implicit Unattend Files Embedding an Unattend File in an Image Precedence • • • Unattend File Precedence Command-Line Precedence Using Variables to Obtain Information from the Client Passing Unattend Files to Setup by Using the Command Line It is possible to pass an unattend file directly instead of obtaining the unattend file from the server. DVD. Settings corresponding to other unattended passes will be handled by the image unattend file.exe and supporting files) to retrieve a list of available images that are stored on a Windows Deployment Services server. or hard disk drive. The installation proceeds. A client computer boots into a version of Windows PE that contains the Windows Vista Setup files. For example: 1. The user selects an image. If you are booting Windows PE by using a CD. The application uses the Windows Deployment Services client (which is essentially Setup. The application detects the computer’s MAC address and contacts a database to get the correct unattend file. you can use the /unattend:<unattend file> option with the /wds option (for example. 80 .exe an unattend file. The application invokes Setup. 6. The client boot can be performed over the network. 5. which has a customized user interface (UI). and then it displays this list to the user. As is also the case when receiving the Windows Deployment Services client unattend file from the server. Setup. and then it passes Setup. or from the hard disk drive. 8. 4. the unattend file that you passed by using the command line will be used only for the Windows PE phase. you must also invoke the Windows Deployment Services client in discover mode by using the /WDSDiscover option. 3. 2. 7. A custom application is invoked. The application takes the selected image and inserts the relative data into the unattend file. from a CD or DVD.exe /WDS /Unattend:X:\WDSClientUnattend.xml). In scenarios such as the preceding one.

which means that if an unattend file is not specified (through the command line or from the Windows Deployment Services server). it is easier to modify an image that is sitting on a file share on the Windows Deployment Services server than it is to mark an image offline. There are two types of computers in your organization — laptops and desktops.xml file for desktop use (one that creates only a single partition).xml file for laptop use (one that creates two hard disk partitions). Be aware that you cannot change this precedence order. the script calls Setup.exe by using the /wds option and then passes an Unattend. and desktops should have a single partition and do not need BitLocker support. modify the unattend file.xml. the script calls Setup. The first action in the script is to use Windows Management Instrumentation (WMI) calls to determine whether a particular booted client computer is a laptop or a desktop. The most common scenario involves using a file called AutoUnattend. The main reason for this is flexibility. the client searches for an unattend file in several locations. • If the computer is a desktop. Your company policy states that all laptops should be configured with two partitions to support BitLocker Drive Encryption.com/fwlink/?LinkID=90643). setup.microsoft. The default order of precedence for Windows Deployment Services client unattend files is as follows: 1. However. which is at the root of removable media (such as a CD. export the image. DVD.xml) 81 . Unattend files that are passed explicitly from the command line (for example. Embedding an Unattend File in an Image In general.exe by using the /wds option and then explicitly passes an Unattend. Unattend files that are passed to the client by the Windows Deployment Services server 3. • If the computer is a laptop.Using Implicit Unattend Files You can use implicit unattend files. The following is an example of a scenario in which you may want to do this. For more information about implicit search paths.exe /wds /unattend:<unattend file>) 2. it is a best practice to store unattend files outside of the images with which they are associated. You create a custom boot image that is configured to run a simple script. mount it. Unattend File Precedence The following list outlines the precedence order of the available unattend files. and then reimport the image. see “Methods of Running Windows Setup” in the Windows AIK documentation (http://go. Precedence This section explains precedence for unattend files and the command line. there are some cases where you may want to include the unattend file in a boot or install image. or USB flash drive). An implicit unattend file (AutoUnattend.

Because the majority of the computers in your organization are desktops.xml file for automating the Windows Deployment Services client and subsequent phases of Setup when performing a custom deployment solution. To override an existing image unattend file associated with an image.Note This means that a Windows Deployment Services client unattend file that is defined always overrides an implicit unattend file. see How to Manage Your Server. The first action in the script is to use WMI calls to determine whether a booted client computer is a laptop or a desktop. 82 . The default order of precedence for image unattend files is as follows: 1. Explicitly assigned image unattend files (Windows Vista images only) 2. you can specify whether another unattend file (either an implicit unattend file such as AutoUnattend.xml file by using Windows System Image Manager (Windows SIM). or an unattend file passed by using the /Unattend option) will be used instead of the image unattend file when installing a client computer.xml. For details. first enable unattend installations by running the command wdsutil /set-server /wdsunattend /Policy: {Enabled | Disabled} and then running wdsutil /set-server /wdsunattend /CommandlinePrecedence:{Yes|No}. Your company policy states that all laptops should be configured with two partitions and should contain the proper Bluetooth drivers and software. This file performs all of the custom actions needed for laptop installations. • Create a single Unattend. • Create a custom boot image that is configured to run a script. It also states that desktops should have a single partition and do not need Bluetooth support. Template unattend files (used as part of a domain join) 4. you do the following: • Create a Windows Deployment Services client unattend file that creates a single disk partition. Client unattend files that have been carried over into additional phases of unattend processing Command-Line Precedence There are installation scenarios in which you may want to use the same Unattend. Example Scenario This section presents an example of a precedence scenario. Note that command-line precedence does not apply to Windows Deployment Services client unattend files that are obtained from the Windows Deployment Services server. By setting the command-line precedence value. Image unattend files in the $OEM$ structure 3. There are two types of computers in your organization — laptops and desktops. and a single Windows Vista image with an associated image unattend file that does not install the Bluetooth drivers and software.

The computer name of the computer account that represents the physical client computer.• If the computer is a laptop. The user's password. The client will insert the proper variable valuess into your unattend file automatically as long as your file is formatted correctly. The domain containing the computer account that represents the physical client computer. see Sample Unattend Files. enabling the typical installation to continue (the client will obtain both the Windows Deployment Services client unattend file and. the script calls Setup. • If the computer is a desktop. Using this variable may pose a security risk and is not recommended. The user's name. The time zone of the Windows Deployment Services server. This action causes the unattend file that is passed to the Windows Deployment Services client through the command line to override the existing image unattend file that is associated with the image on the Windows Deployment Services server. • %MACHINENAME%. To ensure that this single unattend is used throughout the process. later. which was specified either by credentials or in the Windows Deployment Services client unattend file. Sample Unattend Files In This Topic • • Windows Deployment Services Client Unattend File Image Unattend Files (unsecure domain join) 83 . The variables that the client can use for this purpose are: • %USERDOMAIN%. %ORGNAME%. • • %TIMEZONE%. which was specified either by credentials or in the Windows Deployment Services client unattend file. the image unattend file from the Windows Deployment Services server).exe by using the /wds option and then explicitly passes the custom Unattend. To see an example file that uses these variables. The organization name of the Windows Deployment Services server. you set the command-line precedence value of the server appropriately. which was specified either by credentials or in the Windows Deployment Services client unattend file. • %USERNAME%. • %USERPASSWORD%. • %MACHINEDOMAIN%. the script invokes the client normally.xml file for laptop use. The name of the user's domain. The password value will be written to the unattend file in plain text. Using Variables to Obtain Information from the Client The Windows Deployment Services client can obtain several pieces of information during an installation that you can use as part of your custom deployment scenario.

• • • Image Unattend Files (secure domain join) Image Unattend Files (using variables) Sysprep.0" ?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-Setup" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86"> <WindowsDeploymentServices> <Login> <WillShowUI>OnError</WillShowUI> <Credentials> <Username>username</Username> <Domain>wds-dom</Domain> <Password>my_password</Password> </Credentials> </Login> <ImageSelection> <WillShowUI>OnError</WillShowUI> <InstallImage> <ImageName>Windows Vista with Office</ImageName> <ImageGroup>ImageGroup1</ImageGroup> <Filename>Install.wim</Filename> </InstallImage> <InstallTo> <DiskID>0</DiskID> <PartitionID>1</PartitionID> </InstallTo> </ImageSelection> </WindowsDeploymentServices> <DiskConfiguration> <WillShowUI>OnError</WillShowUI> <Disk> 84 .inf file Windows Deployment Services Client Unattend File <?xml version="1.

<DiskID>0</DiskID> <WillWipeDisk>false</WillWipeDisk> <ModifyPartitions> <ModifyPartition> <Order>1</Order> <PartitionID>1</PartitionID> <Letter>C</Letter> <Label>TestOS</Label> <Format>NTFS</Format> <Active>true</Active> <Extend>false</Extend> </ModifyPartition> </ModifyPartitions> </Disk> </DiskConfiguration> </component> <component name="Microsoft-Windows-International-Core-WinPE" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86"> <SetupUILanguage> <WillShowUI>OnError</WillShowUI> <UILanguage>en-US</UILanguage> </SetupUILanguage> <UILanguage>en-US</UILanguage> </component> </settings> </unattend> Image Unattend Files (unsecure domain join) <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" 85 .

org/2001/XMLSchema-instance"> <Identification> <UnsecureJoin>false</UnsecureJoin> <Credentials> <Domain>fabrikam</Domain> <Password>MyPassword1</Password> <Username>MyUserName</Username> </Identification> </component> 86 .com/WMIConfig/2002/State" xmlns:xsi="http://www.com/WMIConfig/2002/State" xmlns:xsi="http://www.microsoft.org/2001/XMLSchema-instance"> <Identification> <UnsecureJoin>true</UnsecureJoin> </Identification> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.org/2001/XMLSchema-instance"> <ProductKey>XXXX-XXXX-XXXX-XXXX-XXXX</ProductKey> </component> </settings> </unattend> Image Unattend Files (secure domain join) <?xml version="1.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.w3.microsoft.language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.w3.

%USERNAME%.org/2001/XMLSchema-instance"> <Identification> <Credentials> <Domain>%USERDOMAIN%</Domain> <Password>%USERPASSWORD%</Password> <Username>%USERNAME%</Username> </Credentials> <JoinDomain>%MACHINEDOMAIN%</JoinDomain> </Identification> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas. Windows Deployment Services will replace the %USERDOMAIN%.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas. and %MACHINEDOMAIN% variables using the proper values.org/2001/XMLSchema-instance"> <ComputerName>%MACHINENAME%</ComputerName> </component> </settings> </unattend> Image Unattend Files (using variables) In the following example file.com/WMIConfig/2002/State" xmlns:xsi="http://www. %USERPASSWORD%.microsoft. For more information.microsoft. see "Using Variables to Obtain Information From the Client" in the Advanced Unattended Installation Scenarios topic <?xml version="1.w3.microsoft.com/WMIConfig/2002/State" 87 .0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.

org/2001/XMLSchema-instance"> <UserAccounts> <DomainAccounts> <DomainAccountList wcm:action="add"> <Domain>%USERDOMAIN%</Domain> <DomainAccount wcm:action="add"> <Group>Administrators</Group> <Name>%USERNAME%</Name> </DomainAccount> </DomainAccountList> </DomainAccounts> </UserAccounts> <TimeZone>%TIMEZONE%</TimeZone> <RegisteredOrganization>%ORGNAME%</RegisteredOrganization> </component> </settings> </unattend> Sysprep.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.microsoft.inf file [Identification] DoOldStyleDomainJoin=Yes [Networking] [UserData] 88 .org/2001/XMLSchema-instance"> <ComputerName>%MACHINENAME%</ComputerName> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.w3.xmlns:xsi="http://www.

these images contain Windows PE and the Windows Deployment Services client (which is essentially Windows Vista Setup. 89 . you will be presented with a user interface (UI) where you can select the install image you want to install. For Windows Deployment Services.wim) file format: • Install image: The operating system image that you deploy to the client computer. You can also create two additional types of boot images: • Capture image: A type of boot image that you boot a client computer into to capture the operating system as a .Working with Images • • • • • Creating Images Filtering Images Deploying Earlier Versions of Windows Storing and Replicating Images Using DFS Servicing Images Creating Images In This Topic • • Overview Boot Images • • • • • • • Versions of Windows PE Creating Custom Boot Images Creating Discover Images Discover Images Capture Images Creating Custom Install Images Converting RIPREP Images Overview Windows Deployment Services uses two basic image types. and then you select the install image to install. To install an operating system.wim file. you first boot the computer into the boot image. After you boot a computer into a boot image.exe and supporting files). • Boot image: Boot images are the images that you boot a client into before you install the install image. both of which use the Windows Image (. You must first create a capture image when you are creating custom install images.

and it also contains the Windows Deployment Services client (which is basically Windows Vista Setup. Windows PE 2005. or Windows PE 2.wim) without modification. as long as the following two conditions are met: • The image must be stored in .1 to deploy install images of all versions of Windows (including Windows Vista with SP1. If you use the first version of Windows Vista that does not contain SP1.• Discover image: A type of boot image that you can use to install an operating system on a computer that is not Pre-Boot Execution Environment (PXE) enabled. 90 .wim file must be marked as bootable from RAMDISK using the /boot option with ImageX. use Windows PE 2. Boot Images Microsoft Windows Preinstallation Environment (Windows PE) is the boot image format for Windows Deployment Services. the Windows Deployment Services client will locate a valid Windows Deployment Services server. • The image in the . see Managing the Boot Menu.wim image of Windows Server 2003 using ImageX. you can add the Windows Vista or Windows Server 2008 Setup binary files if you want the functionality of Windows Deployment Services client. however.1. although the following caveats apply: • If you are applying a . you should use the standard boot image that is included on the Windows Server 2008 media (located at \Sources\boot. You can use Windows PE 2004. Windows Server 2008. you can use Windows PE 2.0 to deploy Windows Vista with SP1 or Windows Server 2008. You can also create custom boot images as long as they meet the two conditions previously mentioned. The version of Windows PE must match or be newer than the install image. The Boot. Do not use the Boot. In most cases. and then you can choose the install image you want to install. if you are booting a Windows PE 2005 boot image into the command prompt instead of into the user interface screens of the Windows Deployment Services client). If you are deploying Windows Server 2003 and your boot image does not contain the Windows Deployment Services client (for example. For example. multicasting will not work correctly. When you boot a computer into a discover image.exe and supporting files). Windows PE 2. You cannot.wim from the Windows Vista media unless your version of Windows Vista has SP1 integrated into the DVD.wim file meets the two conditions just stated.wim format. Versions of Windows PE In general you should use the latest version of Windows PE in the boot image that you use to deploy images. you can use either the x86 or x64 version of Windows PE. For information about managing and modifying the boot menu. Windows Deployment Services can boot both standard and custom boot images.0. In addition. we recommend that you use the latest version of Windows PE. and all earlier versions of Windows).

if the server that is specified is unavailable. • If you are using Windows PE 2. Static discovery works well in data center environments or branch offices where DHCP may not be available. see the Windows AIK documentation (http://go. Another flaw is that static discovery does not allow for load balancing. you can just use the Boot. because all clients 91 . you might run into the issue documented at http://go.0. if you were running Winnt32. You can also use the tools in the Windows Automated Installation Kit (AIK) to create a custom boot image. Creating Custom Boot Images In most cases.exe in Windows Deployment Services mode. you could only use x64 versions of Windows PE. 3.microsoft. Discover Images A discover image is a boot image that has been modified to start Windows Deployment Services and discover a valid server (it is generally used in non-PXE boot scenarios). This is actually the same Windows PE image used by Setup. but that has changed. For more information about editing WinPESHL. Therefore. These images must be started with the /WDSDiscover option (see the table in the next section). For instructions. the Windows Deployment Services client will not work.wim file (this file contains two Windows PE images. The process for doing this is as follows: 1. Create a top-level folder named Sources in the custom boot image. and the bootable image is the second image). you must manually copy the required setup files into the custom image. see Knowledge Base article 931761 (http://go. The discovery functionality has two configuration options: • Static discovery.exe.wim file on the DVD for Windows Server 2008 in the \Sources folder. run the command Bootsect. Copy all of the setup files from the \Sources folder in the mounted image to the \Sources folder in the custom boot image. This means specifying the server that the computer should use. For details.exe /nt52 c: to set up the correct NTFS file system boot sector. Note As part of the custom image build process.microsoft. 2. you must ensure that the Windows Deployment Services client is started by Windows PE.microsoft.com/fwlink/?LinkID=110354). the image already contains the Setup. One major disadvantage of static discovery is that it introduces a single point of failure.com/fwlink/?LinkId=96016). Mount the boot image that is RAMDISK-bootable in the Boot.exe files and is properly configured to start Setup automatically.• In the past. To ensure that this occurs. As part of the image-building process.exe for Setup. create an entry in the WinPESHL. For example. and there is no way to have the client try a different server.com/fwlink/?LinkID=110354.ini file to start Setup. These images enable a computer that cannot perform a PXE boot from a Windows Deployment Services server to locate such a server and use it to install an image. In this scenario.ini. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008.

You must also specify /WDSDiscover. copy the appropriate setup files from the \Sources folder in the boot image located on the Windows Server 2008 DVD (it is the second image in the Boot. For instructions. For advanced scenarios if you want to create a custom deployment. right-click the image in the MMC snap-in. to start the Windows Deployment Services client in this static discover mode. Based on the responses to that PXE request. Creating a Discover Images In most cases.exe that control the discovery behavior of the Windows Deployment Services client.wim file). run the command \sources\setup. to start the Windows Deployment Services client in this dynamic discover mode. You can specify the server when you create the discover image. • Dynamic discovery.exe /wds /WDSDiscover. Option Description /WDSDiscover (Default) Specifies that the Windows Deployment Services client should be in discover mode. the image will use this method to locate a server. For example. Specifies the name of the Windows Deployment Services server that the client should connect to. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008. and then click Create discover boot image. Note that <ServerName> can be an IP address. run the command \sources\setup. To create a discover image. If you do not specify the server when you create the discover image.wim file included on the Windows Server 2008 DVD to create your image. These options are described in the following table. For example. a NetBIOS name. To do this. There are two optional command-line options for Setup. you can use the Boot.using a particular boot image would use the specified server. If you do not specify /WDSServer with this option. you can create a discover image by using the tools provided in the Windows AIK.exe /wds /WDSDiscover /WDSServer:MyWDSServer.exe and passes the appropriate discovery options. /WDSServer:<ServerName> 92 . or a fully qualified domain name (FQDN).ini file that invokes Setup. Windows Deployment Services will search for a server. the Windows Deployment Services client emulates a PXE request from within Windows PE. the client can locate a valid server and continue the installation process. With this option. Then create a WinPESHL.

For information about automating the wizard. Creating Custom Install Images You can create custom install images by using either of the following: • ImageX. a wizard creates an install image of the computer and saves it as a . or no compression No Yes Yes No Yes No Yes 93 .com/fwlink/?LinkID=53552). When you boot a computer (that has been prepared with Sysprep) into a capture image. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008.Capture Image A capture image is a boot image (containing Windows PE) that has been modified to start the Windows Deployment Services Image Capture Wizard instead of starting Setup. For information about creating a custom install image by using ImageX. For instructions on creating a capture image and deploying an install image. USB drive. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008. see Automating the Image Capture Wizard.wim file from the installation media. • Capture images. Capture images provide an alternative to ImageX. which contain the Windows Deployment Services Image Capture Wizard. The Image Capture Wizard enables you to capture an operating system that has been prepared with Sysprep into a . which is included in the Windows AIK. You create capture images from existing boot images — most commonly. DVD. Then you can add the images back to the server for PXE boot deployment or copy them to bootable media (CD. Then you can upload the image to the Windows Deployment Services server. The following table compares these two tools. For instructions on creating a capture image and deploying an install image.wim file.wim file. the Boot. XPRESS.microsoft. Functionality Image Capture Wizard ImageX Captures a partial volume? No Yes Yes Captures an image that has not been prepared by No using Sysprep? Can I specify a compression type? Uploads directly to the Windows Deployment Services server? Can the process be automated? Has a GUI? Provides additional Yes: only LZX or XPRESS Yes Yes: LZX. and so on). The wizard provides a subset of the functionality included in the ImageX /capture command. see the Windows AIK documentation (http://go.

see the "Install Images" section in How to Manage Images. Note The data in the %TEMP% folder can be removed only after the new image has been captured. 94 . 6. a conversion process that is run for one . If an image is so configured. Upload the image to the Windows Deployment Services server’s image store.sif file would alter the backing files used by the other .wim file that was created by using the contents of the converted image in the %TEMP% folder. you must first upgrade your server to Windows Server 2008.sif file. Run the correct version of Sysprep for the reference computer's operating system. There were two main factors that influenced this design decision: • The original image remains unmodified. in case the conversion process fails or you want to continue to use the original RIPREP image after the conversion process is run. • In RIS. 2. This space is needed for a copy of the RIPREP image placed in the %TEMP% folder and the . the high-level process remains essentially the same: 1.sif) with a particular image. The conversion process requires at least twice as much free disk space as the size of the image. 3. Default Conversion The default conversion process copies the updated version of a file to another location. Perform customizations and install software.wim format. For instructions on how to convert RIPREP images. Capture the offline Sysprep image into . Install Windows on a reference computer. Converting RIPREP Images RIPREP images are essentially images that have been prepared with Sysprep that do not contain a fully populated critical device database. 5. To convert these images. Reboot into Windows PE. 4.Functionality Image Capture Wizard ImageX functionality beyond image capture? Enables me to specify a capture exclusion list? Captures directly to a network location without making a local image copy? Yes No Yes Yes Regardless of which tool you use. you could associate multiple unattended setup installation files (.

wim format. meaning that they can be applied only to computers that have a matching HAL type. if there are two images on the Windows Deployment Services server that the client has permissions to (one ACPI and the other APIC) and the client computer is ACPI. For instructions on how to convert RIPREP images. and then converting the remaining RIPREP images (for the other HAL types) by appending them to the . Although Windows Deployment Services provides full functionality for applying images for Windows Vista. the image's metadata specifies the exact version of the operating system. It is common for multiple variations of a single RIPREP image (differing only by HAL type) to exist on a server. you use Sysprep to prepare the operating system.wim file. You can do this by using the /InPlace option with the WDSUTIL /Convert-RiprepImage command. see the "Install Images" section in How to Manage Images.wim file will simply have their reference count incremented to indicate that the single file belongs to multiple images within the . The append operation is much faster than a traditional capture because it avoids the need to compress and insert files that already exist in the . • The HAL must match: Earlier operating system images are hardware abstraction layer (HAL)-specific.In-Place Conversion You can force an in-place conversion of a RIPREP image.wim) file format. For example. Therefore. When the image is selected. Applying these images to other partitions is not supported.wim file.wim file.wim file you created previously. which will save time and the amount of disk space that you use during the conversion process. and then store the image in the Windows image (. Note Windows Deployment Services does not recognize that the image contains an earlier operating system until the image is selected on the image selection page. This is true in both attended and unattended 95 . C:\). Files that are identical between images and that already exist within the . Deploying Earlier Versions of Windows You can use Windows Deployment Services to deploy Windows Vista as well as earlier Windows operating systems such as Windows XP and Windows Server 2003. To do this. The general conversion process entails first converting the first RIPREP image in the set by creating a new . You can save time during the conversion process by using the /Overwrite:Append option of the WDSUTIL /Convert-RiprepImage command to take advantage of single-instancing technology within the . note the following limitations when deploying the images of earlier Windows operating systems: • Sysprep must be applied to the first primary partition: Earlier operating system images that have been prepared with Sysprep must be applied to the first primary partition (for example. only the ACPI image will be available. Windows Deployment Services detects the local computer's HAL type and filters out images that are earlier than Windows Vista and that are not of that same HAL type.

Windows Deployment Services does not support modifications to offline images predating Windows Vista that would be necessary for this functionality. Capture the image of reference computer. The API set you use to perform offline driver injection is supported only for Windows Vista images. During image selection. and keyboard layout in the Windows Deployment Services client user interface — or if you use unattend — the settings you specified will not be used in the image that gets applied.wim image metadata: <HAL>acpiapic</HAL> • External language packs do not apply: When you are applying these images. the concept of external language packs does not apply. The language selection drop-down list on the image selection page will not let you select an additional language. When the image is applied. Deploy the image by using Windows Deployment Services. the Boot. locale. To ensure that the Boot. Windows Deployment Services performs HAL filtering. Deploy the image of the earlier operating system to a reference computer.ini must already exist in the image. 3. 4. Additionally. Use Sysprep to prepare the image. 2.ini file when deploying an operating system earlier than Windows Vista.ini file included in that image will be copied as well. if you specify a language. • • Automatic Filtering by Windows Deployment Services Filtering Images Manually Automatic Filtering by Windows Deployment Services Filtering by Using HALs To avoid situations where a user is allowed to install an image that contains an incompatible hardware abstraction layer (HAL) type. Boot. any nonmatching images are not shown to the user. This is currently the default behavior of most image-based deployments.ini file is included with the image 1. • The Boot. These restrictions can be policy-based or enforced by the computer. 96 .ini file. Filtering Images You can restrict which install images are shown to users. • You cannot apply a driver to an offline image (by using the F6 key or load driver functionality) to images earlier than Windows Vista. including those involving ImageX.installation scenarios. Note that the HAL type of an image is stored in the . including the Boot.ini file must exist in the image: Rather than Setup generating a Boot.

Filtering Images Manually You can specify permissions to allow only certain users rights to see a particular install image. you must have each image stored in a separate . you can boot only into x86-based boot images and install only x86based install images. When you boot into the Boot. In order to secure the Res.wim file (which contains only metadata). you must create an ACL for the file. but not the Res.wim file that is included on the x86 version of Windows Server 2008 media from an x64-based computer. If the HAL types do not match. however.wim file) to that of the destination computer.wim file. ImageA and ImageB. If the HAL types are identical. but not the Res. If the image is of an earlier operating system. Windows Deployment Services will compare the HAL type (as specified in the metadata for the . For example. There are two types of image servicing: • Offline. HAL filtering is not necessary because the image actually contains all of the possible HALs. In these cases.• Windows Vista or Windows Server 2008.wim file). there is new functionality that controls how images are filtered to users on x64-based computers. In the context of updating images. if you have two images. adding a Windows update to your existing image. However. To set permissions. For example. However we do not recommend this because if the permission sets differ for the files. HAL filtering will not take place.rwm. if you boot into an x64-based Boot. and you would like User1 to have access to ImageA and User2 to have access to ImageB.wim. • Earlier operating systems. and the correct HAL is detected and put in place automatically upon first boot.rwm file (which contains the file resources for the image). you might 97 . and therefore the installation would fail.wim file from the same computer. For newer images (as specified in the metadata for the . It is not possible to specify permissions for different users for images within the same image group.wim file. right-click the image (either in the MMC snap-in or in the RemoteInstall folder). Note that setting these permissions sets the permissions on the . Filtering by Architecture For x86-based computers. the image will be shown to the user. you will be able to choose from both x86-based and x64-based install images. The HAL information about the image is stored in the image metadata in the <HAL> section of the . The images that are applicable to that architecture will be filtered automatically. the image will not be displayed. and then click Properties.rwm. Servicing Images Servicing images means updating an image that is currently available to users — for example. a user could have permissions to view the . the term "offline" refers to updating or applying changes to an operating system image that is not currently running. In Windows Server 2008. only x64-based boot images will be displayed.

For install images. 3. this combines the metadata in the install. while it sits in a folder structure or another partition.msu files. Your ability to service an offline image is limited by: • The version of the operating system of the offline image. Combining the file resources and metadata into one file is a requirement of image manipulation tools such as ImageX. or modify registry keys. 1. and language packs). • The type of action you are performing. In the context of updating images. There are various command-line tools that you can use to install and uninstall packages. and then add the files and folders to the image.wim file with the resources in the Res.update a . Package Manager works only with operating system packages (hotfixes.wim file that is outside of the Windows Deployment Services server's image store. service packs. For example.com/fwlink/?LinkID=53552). In This Topic • • Servicing an Image Offline Reducing the Size of Images Servicing an Image Offline The following are the four high-level steps you will need to perform to service an image offline. OCSetup works only with Microsoft Windows Installer components (and hands off packages to Package Manager to install or remove). This enables currently connected clients to finish applying the image. whereas earlier versions of Windows do not. you 98 . the term "online" refers to updating or applying changes to an operating system that the computer is booted into. see the "Package Manager" technical reference in the Windows AIK documentation (http://go.microsoft. delete. but it prevents new clients from starting an installation. you can load the registry hive. For details on their use. • Online. Windows Vista supports offline servicing of images that have been prepared with Sysprep. installing an update by using Windows Update is an online operation. drivers. Package Manager.wim file and saves it to the destination location. The Windows Update Standalone installer installs service packs and other updates delivered as . You must use the servicing tools and technologies included in the Windows AIK to perform offline servicing on images that are located on a Windows Deployment Services server. you can mount the image to a folder by using ImageX. updates. If the image that is being serviced is a boot image. You can service a Windows Vista or Windows Server 2008 image offline by using Package Manager or online by using OCSetup. Disable the current image. Alternatively. 2. or the Windows Update Standalone installer. you update the image as you like using the tools in the Windows AIK. For example. Service the image.rwm file into a single . and then add.wim file with security updates by using ImageX. Export the image to a . In this step.

wim. 3. unattend files.rwm file. You must also copy or associate any external data such as language packs. rather than servicing the image offline. and then replace it with the new. you must perform the following steps: 1. you should use the command WDSUTIL /Export-Image to append the images to an existing . the replacement will fail. Create a new image group. rather.wim file. The following are the two components of an image group: • • Res. After all your changes are complete. Sometimes it may be more efficient to redeploy and recapture an image to add applications. We recommend this method because any associated external data such as language packs. unattend files. see How to Manage Images. Replace the current image with the updated version.wim file. Image. Export all images from the image group to an external . You can check to see whether the old image is still in use before attempting a replacement by using the Shared Folders in the MMC snap-in to view all currently open files. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008. you must manually copy and reassociate any external data (such as language packs and unattend files) to the new image group. or $OEM$ folder contents will remain associated with the image. you have two options: • Wait for existing installations to complete. 99 . 4. they are just dereferenced. Note When exporting images to an external . 2.can use PEimg. Add all exported images to the new group. delete the old copy.wim file. When performing this procedure.rwm file that no longer belong to an image are not actually converted to free space. If the previous image is still in use. For instructions. For instructions.rwm file: Contains the file resources for each image group. you add the updated image back to the Windows Deployment Services server. or $OEM$ folder contents.exe to add drivers to the image. Because the images are stored this way.wim file. use ImageX to commit the changes to the . Appending an image to an existing . removing an image from an image group does not reduce the size of the files.wim file is generally faster than exporting it to a new .wim files: Contains the metadata that describes the content of the install image. In this step. Reducing the Size of Images An image group is a collection of images that share common file resources and security. This is because files in the Res. separate image. • Add the updated image as a new. To reclaim free space within the Res. If the previous image is still in use.

create \MyServerOrDomain\MyNamespace\ImageGroup in DFS Namespaces.microsoft.microsoft. Create a file share on a secondary server.com/fwlink/?LinkId=111021) • Distributed File System (http://go. Add a new folder to the namespace and create an image group on the Windows Deployment Services server as a target folder for the new folder in the namespace.woodgrovebank. 4. Grant permissions to the Windows Deployment Services server’s computer account.com/fwlink/?LinkId=108012) 3. For example. see Distributed File System (http://go. \fileserver\MyNamespace for a stand-alone namespace or \corp. Install and configure Windows Deployment Services. When you use DFS replication technology. For more information about DFS. and specify \MyWDSServer\RemoteInstall\images\DFSImageGroupName as a target folder for that folder. Verify that the content appears when you connect to \MyServerOrDomain\MyNamespace\ImageGroup. Install the DFS role service from the File Services server role in Server Manager. updates to an AD DS schema. grant read/write permissions to MyWDSServer$. 2. 6. and AD DS maintenance and best practices are outside the scope of this document. 7. see: • Step-By-Step Guide for Distributed File Systems in Windows Server 2008 (http://go. you can modify images on a single server and propagate changes to other distribution points. Clients can be directed to computers other than the Windows Deployment Services server to download the image.com\MyNamespace for a domain-based namespace. Create a new namespace in DFS Management. For example. To configure DFS namespaces for install images: 1. You may have to update your AD DS schema to use DFS to manage multiple Windows Deployment Services servers. Using DFS for install images provides two main benefits: • Load balancing. 100 . 5.microsoft. Any issues pertaining to AD DS. • Simplified administration.Storing and Replicating Images Using DFS This section outlines the tools and topology configurations associated with the Distributed File System (DFS) role service in the File Services server role of Windows Server 2008. if the server is called MyWDSServer. Add images to the Windows Deployment Services server. For more information about DFS. For example.com/fwlink/?LinkId=108012) Storing Files on Another Server You can store install images on another server (not Windows Deployment Services server) using DFS and still install the images by using Windows Deployment Services.

master Windows Deployment Services server that clients do not connect to. Make all modifications to images on this server by using the Windows Deployment Services management tools and the image maintenance tools included in the Windows AIK. Create and configure a replication group for the RemoteInstall folder or its subfolders. If you do not make changes to boot images very often. For more information. To prevent replication conflicts. For more information. If you make changes to boot images often or if you want changes to propagate quickly. you must exclude the \Mgmt and \Tmp folders.com/fwlink/?LinkID=111021) 3. Replicating Images Using Distributed File System DFS Replication is a server technology that you can use to replicate images between Windows Deployment Services servers. If you are replicating RemoteInstall subfolders. Repeat this procedure for additional image groups. These folders contain server-specific information that cannot be used by remote Windows Deployment Services servers. Install the DFS role service from the File Services server role in Server Manager. Configure the BCD refresh policy by running the following command (see below for details about the options): WDSUTIL /set-server /BcdRefreshPolicy /Enabled:yes /RefreshPeriod:<time in minutes> Option Explanation /BcdRefreshPolicy /RefreshPeriod Causes the server to regenerate BCD stores in the \Tmp folder for all boot images.8. Determines how often the boot images are regenerated. avoid modifying or servicing the same image from multiple servers at the same time.com/fwlink/?LinkId=111023). set this to a 101 . A best practice is to create a single. This value is required so that any changes that you make to your boot images on the master server are reflected in the boot menus that clients receive from remote servers. 4. Next.microsoft. 2. replicate changes from this server to other servers in the topology. To configure DFS Replication for install images: 1. DFS Replication can decrease the total cost of ownership by making it possible for you to manage images from a single server in the environment.microsoft. Install and configure Windows Deployment Services. see Distributed File System Replication: Frequently Asked Questions (http://go. see Step-By-Step Guide for Distributed File Systems Windows Server 2008 (http://go. it is okay to have a larger value. Changes can then be propagated to other servers without requiring interaction.

Configuring a small value can cause performance problems on the server. However. You can specify/Verbose to show detailed information about a task. adding an image) is running and is not stalled. In This Topic The management tasks that you can perform with these tools fall into the following categories: Category Example tasks How to Manage Your Server • Initialize and uninitialize a server • View configuration information about servers • • • How to Manage Client Computers Start/stop or enable/disable a server Update the RemoteInstall folder Set advanced server settings • Create and delete prestaged accounts in AD DS • View information about prestaged computers • Set configuration attributes 102 . you can redirect the WDSUTIL output to a file.Option Explanation lower value. be careful when setting a low value. Note Other than displaying a message that indicates whether the operation succeeded or failed. A good default value is 30 minutes. BCD generation causes CPU and disk overhead on the Windows Deployment Services server. In the sample WDSUTIL command-lines in this section. Even when you use these options. WDSUTIL shows minimal screen output (by default). these options are used wherever they provide useful information. How to Perform Common Tasks This topic contains procedures for performing common tasks using Windows Deployment Services MMC snap-in. However you can specify two additional options to enable more output. and the WDSUTIL command line tool. and you can specify /Progress to use ellipses to indicate that a long-running process (for example.

remove. export. • • • • Convert RIPREP images Add and remove image groups Set attributes of an image group Set multicast server settings How to Create Multicast Transmissions • Create and manage multicast transmissions How to Modify the BCD Store Using Bcdedit • To view the contents of the BCD store • To configure the default selection timeout value • To configure a localized boot manager experience • To configure the TFTP block size and window size • To configure Windows debugger options How to Manage Your Server This section contains procedures for the tasks that are listed and described in the following table. Type Procedure General Tasks • To configure Windows Deployment Services • • To start or stop the server To enable the server • To enable logging of Windows Deployment Services client actions 103 . copy. update images from the image store • Set attributes and associate unattend files for install images.Category Example tasks • How to Manage Images Reject/approve pending computers • View information about images and image groups • Create capture and discover images • Add.

Type Procedure • To choose the port number for RPC • To specify the network interfaces for the PXE provider to listen on • To configure how often the server refreshes its settings • To force the server to update files in the RemoteInstall folder • To configure the network profile for the server • DHCP To back up the server data • To configure Windows Deployment Services to run on the same computer as Microsoft DHCP • To configure Windows Deployment Services to run on the same computer as non-Microsoft DHCP • To turn on the DHCP authorization requirement • To authorize the server in DHCP Client Requests • To configure the server to answer clients • To set a delay in the server’s answers to PXE requests • To configure unknown clients to perform PXE boots without requiring F12 • To configure clients who have booted without F12 to require a key press on subsequent boots • To configure the server to determine the architecture of booting clients Network Boot Program and Boot Image • To choose which boot images are displayed on x64-based computers • To choose the default network boot program for each architecture • To choose the default network boot program that does not require F12 for each architecture • To choose the default boot image for 104 .

Note You cannot manage a Windows Deployment Services server running Windows Server 2008 from a Windows Deployment Services server running Windows Server 2003. Note Help for WDSUTIL is available by typing WDSUTIL /? at a command prompt or online at http://go. 105 .microsoft.com/fwlink/?LinkId=112194.Type Procedure each architecture Prestaging Clients • To specify a domain controller for the PXE provider • To specify a global catalog server for the PXE provider • To choose whether to search for computer accounts in the domain controller before searching the global catalog • To configure the server to prestage clients by using their MAC address instead of their GUID • To maintain a list of GUIDs that belong to multiple computers • To specify how to generate client computer names • To specify the domain and OU in which to create client computer accounts • To choose whether to join client computers to the domain Unattend File • To choose a default unattend file for the Windows Deployment Services client • To specify whether an unattend file on the client computer overrides the default unattend file Caution To modify the registry settings that are described in this guide. use only the Windows Deployment Services management tools—you should not directly edit these settings and attributes.

5. Optionally authorizes the server in Dynamic Host Control Protocol (DHCP). and then run WDSUTIL /Verbose /Progress /Initialize-Server /RemInst:<path>. Creates the folder tree for RemoteInstall. 8. Run WDSUTIL /Start-Server or WDSUTIL /Stop-Server. For more information. and then click All Tasks. 2.General Tasks To configure Windows Deployment Services Using the MMC Using WDSUTIL 1. Sets the WDSServer service startup type to Auto. 4. Click Start. Install Windows Deployment Services. Open an elevated Command Prompt window. Administrators = Full Control. To start or stop the server Using the MMC Using WDSUTIL 1. Creates the RemoteInstall folder with the following default permissions: Authenticated Users = Read and Execute. right-click the server and then click Configure Server. Install Windows Deployment Services. 3. 106 . 4. Click Stop Server or Start Server. 6. System = Full Control. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008. Installs the server files (boot files) from the \system32\reminst folder (as placed during component installation) to the new folder structure. and WDSServer service = Full Control 3. 2. For more information. 1. Updates the service parameters. 7. where <path> is the path where you would like the RemoteInstall folder to be located. 2. and then click Windows Deployment Services. click Administrative Tools. In the left pane of the Windows Deployment Services snap-in. Follow the instructions in the wizard. Right-click the server. 2. Sets the Trivial File Transfer Protocol (TFTP) root to point to the RemoteInstall folder root. 2. Starts the services. Open an elevated Command Prompt window. see the Step-by-Step Guide for Windows Deployment Services in Windows Server 2008. 1. The preceding procedure does the following: 1.

To choose the port number for RPCs Using the MMC Using WDSUTIL N/A 1. To change which events are logged. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WdsI mgSrv\ClientLogging\Enabled to 1. 2. 2. Open an elevated Command Prompt window. To enable logging of Windows Deployment Services client actions Using the MMC Using WDSUTIL N/A 1. Run WDSUTIL /Enable-Server. and Information. The level is stored at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WdsI mgSrv\ClientLogging\LogLevel. run WDSUTIL /Set-Server /WDSClientLogging /Enabled:Yes. Open an elevated Command Prompt window.The preceding procedure starts or stops the WDSServer service. Warnings. Open an elevated Command Prompt 107 . To turn on client logging. The preceding procedure starts or stops the WDSServer service. and 3 is Errors. 3. 2 is Errors and Warnings. 1 is Errors only. To enable the server Using the MMC Using WDSUTIL N/A 1. run WDSUTIL /Set-Server /WDSClientLogging /LoggingLevel: {None|Errors|Warnings|Info} (each category includes all events from the previous categories). where 0 is None.

run WDSUTIL /Set-Server /BindPolicy /Policy:Include. The preceding procedure sets HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Providers\WDSP XE\BindPolicy to 0 to exclude the list. Run WDSUTIL /Set-Server /RPCPort:X.2) 108 . 2.2. run WDSUTIL /SetServer /BindPolicy /Policy:Exclude. • To bind to only the interfaces on the list. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Parameters\Rp cPort to the specified value. run WDSUTIL /Set-Server /BindPolicy /Add /Address:<IP or MAC address> /AddressType:{IP|MAC}. 2. where X is the RPC port number you want to use. you must add a firewall exception for the new RPC port. To specify the network interfaces for the PXE provider to listen on Using the MMC Using WDSUTIL N/A 1. Open an elevated Command Prompt window. and sets it to 1 to include the list (and excludes all other interfaces). Note If this remote procedure call (RPC) port is changed from the default value. The list is stored in the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Providers\WDSP XE\BindInterfaces (addresses are stored as MAC=XXXXXXXXXXXX or IP=10.Using the MMC Using WDSUTIL window. • To bind to all interfaces other than those on the list. Do one of the following: • To add an interface to the list.10.

select the option that specifies the network speed of your organization. Instead. On the Network Settings tab under Network Profile. 2. you should create a custom profile even if you want to change only one setting. 2. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Parameters\Up dateTime to the specified value. and then click Properties. Open an elevated Command Prompt window. Open an elevated Command Prompt window. you must back up the following two sets of data: 109 . Run WDSUTIL /Set-Server /RefreshPeriod:<time in seconds>. To configure the network profile for the server Using the MMC 1. Using WDSUTIL 1.To configure how often the server refreshes its settings Using the MMC Using WDSUTIL N/A 1. 2. Run WDSUTIL /Set-Server [/Server:<name>] /Transport /Profile: {10Mbps|100Mbps|1Gbps|Custom}. 2. Open an elevated Command Prompt window. To back up the server data To completely back up your server. Run WDSUTIL /Update-ServerFiles. Right-click the server. To force the server to update files in the RemoteInstall folder Using the MMC Using WDSUTIL N/A 1. Select Custom if you want to customize the settings yourself by editing the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\Multi cast\Profiles\Custom Important You should not modify the other profiles that are provided.

• Images stored in the \RemoteInstall folder.com/fwlink/?LinkId=105509). For more information about how to restore a volume that is managed by SIS. Run WDSUTIL /Set-Server /UseDHCPPorts:No. you must manually reconfigure the settings by using WDSUTIL. we recommend that you perform regular backups by using the Microsoft Volume Shadow Copy Service (http://go. You can restore the content from these backups without any special qualifications. However. 2. 110 . On the DHCP tab. • Settings generally stored in the server’s registry. To back up images. The exception to this is if your server contains Remote Installation Services (RIS) images that have been groveled by Single Instance Storage (SIS). Right-click the server. On the DHCP tab. if you must restore the settings. 2. • Sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Parameters \UseDhcpPorts to 0. Right-click the server. The preceding procedure does the following: 1. 1. you must perform regular backups of the \RemoteInstall folder. Run WDSUTIL /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes. To back up these settings. select Do not listen on port 67 and Configure DHCP Option #60 Tag to PXEClient. Open an elevated Command Prompt window. Open an elevated Command Prompt window. • Adds the option 60 PXEClient tag to all of your DHCP scopes. To configure Windows Deployment Services to run on the same computer as non-Microsoft DHCP Using the MMC Using WDSUTIL 1.com/fwlink/?LinkId=81026). and then click Properties. select Do not listen on port 67. and then click Properties. DHCP To configure Windows Deployment Services to run on the same computer as Microsoft DHCP Using the MMC Using WDSUTIL 1. you can regularly archive the server's configuration settings by running the command WDSUTIL /get-server /show:config. see article 263027 in the Microsoft Knowledge Base (http://go.microsoft. As an alternative.microsoft. 2. 2.

Use your DHCP server tools to set the option 60 tag to PXEClient. To turn on the DHCP authorization requirement Using the MMC Using WDSUTIL 1. 2. CN=Configuration. Right-click the server. Ensure that you have enterprise administrator permissions within the DHCP MMC snap-in. DC=com object in AD DS. Right-click the server. 3. On the Advanced tab. The preceding procedure creates an entry for DHCP authorization under the CN-NetServices. On the Advanced tab. To authorize the server in DHCP Using the MMC Using WDSUTIL 1. 1. 2. Open an elevated Command Prompt window.Using the MMC Using WDSUTIL 3. Use your DHCP server tools to set the option 60 tag to PXEClient. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Parameters\Us eDhcpPorts to 0. Run WDSUTIL /Set-Server /Authorize:Yes. 3. select Yes. Open an elevated Command Prompt window. and then click Properties. 111 . 2. Windows Deployment Server should be authorized in DHCP before servicing clients. 2. and then click Properties. select Authorize the Windows Deployment Server in DHCP. 1. The preceding procedure sets HKEY_LOCAL_MACHINE\System\CurrentControlSet\WDSServer\Providers\WDSPXE\Disab leRogueDetection to 0. Run WDSUTIL /Set-Server /RogueDetection:Yes. DC=Domain. CN=Services.

run WDSUTIL /Set-Server /AnswerClients:None. run WDSUTIL /Set-Server /AnswerClients:All. and then click Properties. Open an elevated Command Prompt window. both attributes are set to TRUE. On the PXE Response Settings tab. where X is the amount of time (in seconds) you want the server to wait before responding to clients. 2. set the PXE Response delay in the control. • To not answer any clients’ PXE requests. 2. the netbootAnswerRequests DS attribute is set to TRUE and the netbootAnswerOnlyValidClients DS attribute is set to FALSE. • To not answer any client PXE requests. • When the Respond to all (known and unknown) client computers check box is selected. Do one of the following: • To respond to all clients’ PXE requests. run WDSUTIL /Set-Server /AnswerClients:Known. • When the Do not respond to any client computer check box is selected. On the PXE Response Settings tab. • To respond only to prestaged client PXE requests. do one of the following: • To respond to all client PXE requests. Open an elevated Command Prompt window. Right-click the server. To set a delay in the server’s answers to PXE requests Using the MMC Using WDSUTIL 1. Run WDSUTIL /Set-Server /ResponseDelay:X. Right-click the server. select Do not respond to any client computer. 112 . 2. The preceding procedure does the following: 1. 2. select Respond only to the known client computers. 1. • To respond only to prestaged clients’ PXE requests. both attributes are set to FALSE. and then click Properties. • When the Respond only to the known client computers check box is selected. select Respond to all (known and unknown) client computers.Client Requests To configure the server to answer clients Using the MMC Using WDSUTIL 1.

2. Open an elevated Command Prompt window. To configure the server to determine the architecture of booting clients Using the MMC Using WDSUTIL N/A 1. Run WDSUTIL /Set-Server /AllowN12ForNewClients:Yes. Run WDSUTIL /Set-Server /ResetBootProgram:Yes. Run WDSUTIL /Set-Server /ArchitectureDiscovery:Yes. 2. To configure clients who have booted without F12 to require a key press on subsequent boots Using the MMC Using WDSUTIL N/A 1. Open an elevated Command Prompt window. The preceding procedure sets the value of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Providers\WDSP XE\Providers\BINLSVC\ResetBootProgram to 1.The preceding procedure sets the value of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Providers\WDSP XE\Providers\BINLSVC\ResponseDelay to the specified time. To configure unknown clients to perform PXE boots without requiring F12 Using the MMC Using WDSUTIL N/A 1. The preceding procedure sets the value of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Providers\WDSP XE\Providers\BINLSVC\AllowN12ForNewClients to 1. Open an elevated Command Prompt window. 113 . 2.

Run WDSUTIL /Set-Server /DefaultX86X64ImageType:<x86|x64| both>.wim) without modification. Open an elevated Command Prompt window. In most cases.The preceding procedure sets the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\DisableArchDisc to 0. 2. 2. insert the path to the boot file you want to use for each architecture. Do not use the Boot.wim from the Windows Vista media unless your version of Windows Vista has SP1 integrated into the DVD. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\x86x64DefaultImageType to 1 for x86-based computers only. 2 for x64-based computers only. 1. where <path> is relative to the RemoteInstall folder. Open an elevated Command Prompt window. and then click Properties. 2. and 0 for both types of computers. To choose the default network boot program for each architecture Using the MMC Using WDSUTIL 1. 114 . On the Boot tab. Right-click the server. Boot Program and Boot Image To choose which boot images are displayed on x64-based computers Using the MMC Using WDSUTIL N/A 1. Run WDSUTIL /Set-Server /BootProgram:<path>/Architecture:{x86|x64| ia64}. you should use the standard boot image that is included on the Windows Server 2008 media (located at \Sources\boot.

and then click Properties. you should use the standard boot image that is included on the Windows Server 2008 media (located at \Sources\boot. Open an elevated Command Prompt window. 115 . To choose the default boot image for each architecture Using the MMC Using WDSUTIL 1. 2. Run WDSUTIL /Set-Server /N12BootProgram:<path> /Architecture: {x86|x64|ia64}. where <path> is relative to the RemoteInstall folder. Run WDSUTIL /Set-Server /BootImage:<path> /Architecture:{x86| x64|ia64}. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\BootPrograms###BOT_TEXT###lt;arch>\N12 to the specified path. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\BootImages###BOT_TEXT###lt;arch>\BootImagePath to the specified path. insert the path to the boot image you want to use for each architecture. To choose the default network boot program that does not require F12 for each architecture Using the MMC Using WDSUTIL N/A 1.The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\BootPrograms###BOT_TEXT###lt;arch>\Default to the specified path. On the Boot tab.wim) without modification. where <path> is relative to the RemoteInstall folder. Open an elevated Command Prompt window. 2. Right-click the server. 2. In most cases. Do not use the Boot. 1.wim from the Windows Vista media unless your version of Windows Vista has SP1 integrated into the DVD.

2. Right-click the server. 2. click Let Windows Deployment Services use only the specified servers and then enter the Domain controller name.Prestaging Clients To specify a domain controller for the PXE provider Using the MMC Using WDSUTIL 1. To specify a global catalog server for the PXE provider Using the MMC Using WDSUTIL 1. 2. Open an elevated Command Prompt window. and then click Properties. 1. Do one of the following: • To search in the domain controller before searching the Global Catalog 116 . Open an elevated Command Prompt window. Open an elevated Command Prompt window. On the Advanced tab. and then click Properties. Run WDSUTIL /Set-Server /PreferredGC:<name>. and then enter the domain controller name. To choose whether to search for computer accounts in the domain controller before searching the global catalog Using the MMC Using WDSUTIL N/A 1. 1. Right-click the server. where <name> is a NetBIOS name or FQDN. click Let Windows Deployment Services use only the specified servers. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\DefaultServer to the specified name. Run WDSUTIL /Set-Server /PreferredDC:<name>. On the Advanced tab. 2. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\DefaultGCServer to the specified name. 2. where <name> is a NetBIOS name or fully qualified domain name (FQDN).

run WDSUTIL /SetServer /DomainSearchOrder:GCOnly In the preceding procedure: • DCFirst sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\ WDSPXE\Providers\BINLSVC\ADSearchOrder to 1 • GCOnly sets it to 0. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\ClientIdUse to 1. • To remove a GUID from the list. To configure the server to prestage clients by using their MAC address instead of their GUID Using the MMC Using WDSUTIL N/A 1. run WDSUTIL /Set-Server /DomainSearchOrder:DCFirst • To search only in the Global Catalog server. 2. Run WDSUTIL /Set-Server /PrestageUsingMAC:Yes. run WDSUTIL /Set-Server /BannedGUIDPolicy /Remove 117 . 2. To maintain a list of GUIDs that belong to multiple computers Using the MMC Using WDSUTIL N/A 1. run WDSUTIL /Set-Server /BannedGUIDPolicy /Add /GUID:<GUID>. Open an elevated Command Prompt window.Using the MMC Using WDSUTIL server. Do one of the following: • To add a GUID to the list. Open an elevated Command Prompt window.

with zeros added before the digit. A number before a tag string (such as %3First or %5Username) will crop the string to that length. %2# will add a number to the computer name in the following order: 1. 2.03. and then click Properties.02. These can be combined in any order. %MAC: the MAC address of the computer. 1. Open an elevated Command Prompt window.3. For example.Smith The preceding procedure sets the netbootNewMachineNamingPolicy DS attribute to the specified policy. Note The GUID string should be specified without brackets or dashes (as seen during a PXE boot). • %0n#: an incremental n-digit number. To specify how to generate computer names Using the MMC Using WDSUTIL 1.2. The policy string works as follows: • • • • %First: the first name of the user. %02# will add a number to the computer name in the following order: 01. For example: • • %61Username%# equals JohnSmi12 %2first. For example. 2. The list of banned GUIDs list will be stored at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE.%last equals Jo. Right-click the server. On the Directory Services tab. Run WDSUTIL /Set-Server /NewMachineNamingPolicy:<Policy> where <policy> is the naming policy string (see below for details).…99. • %n#: an incremental n-digit number. enter the naming policy string in the indicated field (see below for details).…99. 118 . %Username: the user name of the user.Using the MMC Using WDSUTIL /GUID:<GUID>. %Last: the last name of the user.

Right-click the server. • To create new accounts in a different OU.To specify the domain and OU in which to create computer accounts Using the MMC Using WDSUTIL 1. Open an elevated Command Prompt window. and then click Properties. and then click 1. Open an elevated Command Prompt 119 . Right-click the server. run WDSUTIL /Set-Server /NewMachineOU /Type:Custom /OU:<name of OU>. The preceding procedure does the following: • Sets the netbootNewMachineOU attribute on the Service Control Point (SCP) for the Windows Deployment Services server to the distinguished name of the server • • Sets the NewMachineOUType registry key to 1 Sets the NewMachineOUType registry key to 0 • Sets the netbootNewMachineOU attribute on the SCP for the Windows Deployment Services server to the specified distinguished name To choose whether to join client computers to the domain Using the MMC Using WDSUTIL 1. On the Directory Services tab. 2. run WDSUTIL /SetServer /NewMachineOU /Type:UserOU. • To create new accounts in the same OU as the specified user account. Do one of the following: • To create new accounts in the default computer OU in the domain the Windows Deployment Services server is in. 2. run WDSUTIL /Set-Server /NewMachineOU /Type:UserDomain. run WDSUTIL /Set-Server /NewMachineOU /Type:ServerDomain. • To create new accounts in the default computer OU in the domain the specified user account is in. click Default Directory Service location or specify the domain and organizational unit (OU) 1.

run WDSUTIL /Set-Server /WDSUnattend /Policy:Enabled /File:<path> /Architecture:{x86|x64|ia64}. Do one of the following: • To allow an unattend file on the 120 . 1. clear the Do not create account in Active Directory after running the WDS Client check box to join computers to the domain. 2. On the Client tab. To specify whether an unattend file on the client computer will override a default unattend file Using the MMC Using WDSUTIL N/A 1. and then click Properties. Open an elevated Command Prompt window. Unattend File To choose a default unattend file for the Windows Deployment Services client Using the MMC Using WDSUTIL 1. run WDSUTIL /Set-Server /NewMachineDomainJoin:Yes. 2. 2. To turn on unattended installation and specify the unattend file. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\NewMachineDomainJoin to 1. To join new computers to the domain. Right-click the server. 2. 2. Open an elevated Command Prompt window. select the Enable client unattend check box and then choose an unattend file for the relevant architecture.Using the MMC Using WDSUTIL Properties. On the Client tab. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WdsI mgSrv\Unattend\Enabled to 1 and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WdsI mgSrv\Unattend###BOT_TEXT###lt;arch>\FilePath to the specified path. window.

Using the MMC Using WDSUTIL client computer to override the unattend file sent from the server for the Windows Deployment Services client. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WdsI mgSrv\Unattend\CommandLineUnattendPrecedence to 1 or 0. How to Manage Client Computers This topic contains procedures for the tasks that are listed and described in the following table. Type Procedure Prestage Computers • To create a prestaged account for a client computer • To prestage a client computer to boot from a different server • To prestage a client computer to use a boot program other than the default • To prestage a client computer to use an unattend file other than the default for the Windows PE phase of unattended setup • To prestage a client computer to use a boot image other than the default • To prestage a client computer to join a domain Specify Settings for Prestaged Computers • To view the attributes of a prestaged client • To change the rate at which pending 121 . run WDSUTIL /Set-Server /WDSUnattend /CommandLinePrecedence:Yes. • To force the unattend file sent from the server to be used for the Windows Deployment Services client. run WDSUTIL /Set-server /WDSUnattend /CommandLinePrecedence:No.

Type Procedure computers will poll the server • To change the number of times pending computers will poll the server • To change the message displayed to pending computers • To set a default network boot server for pending computers • To set a default boot program for pending computers • To set a default unattend file for pending computers • To set a default boot image for pending computers • To set domain join options for pending computers Configure Auto-Add Functionality • To enable Auto-Add functionality • To change the length of time approved computers are held in the Auto-Add database • To change the length of time rejected and pending computers are held in the Auto-Add database • To delete the rejected or approved computers table Approve and Reject Pending Computers • To view the table of computers that are pending approval • To approve a pending computer by using the default settings • To approve all pending computers by using the default settings • To approve a pending computer. but change a setting • To approve all pending computers. but change a setting • To reject a pending computer 122 .

To prestage a client computer to use a boot program other than the default 123 . Open an elevated Command Prompt window. Note Help for WDSUTIL is available by typing WDSUTIL /? at a command prompt or online at http://go. with the netbootGUID attribute set to the specified ID. where the ID is the GUID or MAC address of the computer you want to prestage. The preceding procedure sets the AD DS netbootMachineFilePath attribute to the specified referral server. To prestage a client computer to boot from a different server Using the MMC Using WDSUTIL N/A 1.microsoft. Prestage Computers To create a prestaged account for a client computer Using the MMC Using WDSUTIL N/A 1. Open an elevated Command Prompt window. Run WDSUTIL /Set-Device /Device:<name> /ReferralServer:<ServerName>. The command in the preceding procedure creates a computer account object in Active Directory Domain Services (AD DS) for the specified computer. 2. Run WDSUTIL /Add-Device /Device:<name> /ID:<ID>. use only the Windows Deployment Services management tools—you should not directly edit these settings and attributes.com/fwlink/?LinkId=112194. 2.Caution To modify the registry settings that are described in this guide.

2. Run WDSUTIL /Set-Device /Device:<name> /WDSClientUnattend:<path>. To prestage a client computer to use an unattend file other than the default for the Windows PE phase of unattended setup Using the MMC Using WDSUTIL N/A 1. The preceding procedure sets the WdsUnattendFilePath variable in the netbootMirrorDataFile AD DS attribute on the client’s computer account object to the specified path. 2. Open an elevated Command Prompt window. The preceding procedure appends the specified path to the referral server as part of the netbootMachineFilePath attribute on the computer. Open an elevated Command Prompt window. 2. Open an elevated Command Prompt window. To prestage a client computer to use a boot image other than the default Using the MMC Using WDSUTIL N/A 1. where <path> is the relative path to the boot program you want from the RemoteInstall folder. where <path> is the relative path to the boot image you want from the Remote Install shared folder. 124 . Run WDSUTIL /Set-Device /Device:<name> /BootImagePath:<path>. where <path> is the relative path to the unattend file you want from the Remote Install shared folder.Using the MMC Using WDSUTIL N/A 1. Run WDSUTIL /Set-Device /Device:<name> /BootProgram:<path>.

where: <user> is domain\user or user@domain <name> is the name of the computer <domain> is the name of the domain • To enable the specified user to join the client computer to the specified domain at any time. • To join the client computer to the specified domain without granting any user rights.This command sets the BootImagePath variable in the netbootMirrorDataFile AD DS attribute on the client’s computer account object to the specified path. It also grants the specified user rights on the computer object. Open an elevated Command Prompt window. The preceding procedure sets the JoinDomain variable in the netbootMirrorDataFile AD DS attribute on the client’s computer account object to 1. run WDSUTIL /SetDevice /Device:<name> /User:<user> /JoinRights:Full /JoinDomain:Yes /Domain:<domain>. run WDSUTIL /SetDevice /Device:<name> /JoinDomain:Yes /Domain:<domain>. Specify Settings for Prestaged Computers To view the attributes of a prestaged client 125 . run WDSUTIL /SetDevice /Device:<name> /User:<user> /JoinRights:JoinOnly /JoinDomain:Yes /Domain:<domain> /ResetAccount. To prestage a client computer to join a domain Using the MMC Using WDSUTIL N/A 1. Do one of the following: • To enable the specified user to join the client computer to the specified domain once. 2.

Using the MMC Using WDSUTIL N/A 1. Note To specify that the client is in a domain other than the local one. This command sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove\PollInterval to the specified time. Open an elevated Command Prompt window. 2. Note To search the entire AD DS forest. Open an elevated Command Prompt window. 126 . run WDSUTIL /Get-Device /Device:<name>. 2. run WDSUTIL /Set-Server /AutoAddPolicy /PollInterval:<time in seconds>. To set the time between polls. The preceding procedure displays the requested information from the folder. Do one of the following: • To view the prestaged client by name in the local domain. specify /Forest:Yes with either of these commands. To change the rate at which pending computers will poll the server Using the MMC Using WDSUTIL N/A 1. • To view a prestaged client by ID (GUID or MAC) in the local domain. run WDSUTIL /Get-Device /ID:<ID>. specify /Domain:<domain> with either of these commands.

To change the number of times pending computers will poll the server Using the MMC Using WDSUTIL N/A 1. Run WDSUTIL /Set-Server /AutoAddPolicy /MaxRetry:<retries>. To set a default boot program for pending computers 127 . This procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove\PollMessage to the specified message. Run WDSUTIL /Set-Server /AutoAddPolicy /Message:<message>. Open an elevated Command Prompt window. 2. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove\PollMaxRetry to the specified value. To change the message displayed to pending computers Using the MMC Using WDSUTIL N/A 1. 2. Open an elevated Command Prompt window. 2. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch>\ReferralServer to the specified server name. Run WDSUTIL /Set-Server /AutoAddSettings /Architecture:{x86|x64| ia64} /ReferralServer:<server name>. Open an elevated Command Prompt window. To set a default network boot server for pending computers Using the MMC Using WDSUTIL N/A 1.

2. 2.Using the MMC Using WDSUTIL N/A 1. 2. where <path> is relative to the Remote Install shared folder. Open an elevated Command Prompt window. Run WDSUTIL /Set-Server /AutoAddSettings /Architecture:{x86|x64| ia64} /WDSClientUnattend:<path>. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch>\BootProgramPath to the specified path. Open an elevated Command Prompt window. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch>\WdsUnattendFilePath to the specified path. where the path is relative to the Remote Install shared folder. Run WDSUTIL /Set-Server /AutoAddSettings /Architecture:{x86|x64| ia64} /BootImage:<path>. To set a default unattend file for pending computers Using the MMC Using WDSUTIL N/A 1. 128 . Open an elevated Command Prompt window. To set a default boot image for pending computers Using the MMC Using WDSUTIL N/A 1. Run WDSUTIL /Set-Server /AutoAddSettings /Architecture:{x86|x64| ia64} /BootProgram:<path>. where the path is relative to the RemoteInstall folder.

run WDSUTIL /SetServer /AutoAddSettings Architecture:{x86|x64|ia64} /User:<user> /JoinRights:Full /JoinDomain:Yes /Domain:<domain>. The preceding procedure sets: • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\ WDSPXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch>\JoinRights to 0 if Join Only and 1 if Full • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\ WDSPXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch>\JoinDomain to 1. To set domain join options for pending computers Using the MMC Using WDSUTIL N/A 1. • To enable the specified user to join the client computer to the specified domain at any time. 129 . run WDSUTIL /Set-Server /AutoAddSettings Architecture:{x86| x64|ia64} /User:<user> /JoinRights:JoinOnly /JoinDomain:Yes /Domain:<domain>. Open an elevated Command Prompt window. Do one of the following: • To enable the specified user (specified as domain\user or user@domain) to join the client computer to the specified domain once.The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch>\BootImagePath to the specified path. 2.

2. 2. 2. click Respond to all (known and unknown) client computers. Right-click the server. To change the length of time rejected and pending computers are held in the Auto-Add database Using the MMC Using WDSUTIL N/A 1. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove\Policy to 1. 1. To change the length of time approved computers are held in the Auto-Add database Using the MMC Using WDSUTIL N/A 1. Open an elevated Command Prompt window. Open an elevated Command Prompt window. Run WDSUTIL /Set-Server 130 . Run WDSUTIL /Set-Server /AutoAddPolicy /Policy:AdminApproval. Select the check box For unknown clients. 2. On the PXE Response settings tab. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove\ApprovedRetention to the specified number. 3. and then click Properties.Configure Auto-Add Functionality To enable Auto-Add functionality Using the MMC Using WDSUTIL 1. notify administrator and respond after approval. Run WDSUTIL /Set-Server /AutoAddPolicy /RetentionPeriod /Approved:<time in days>. Open an elevated Command Prompt window.

Select the Pending Devices node. 1. To delete the approved or rejected computers table Using the MMC Using WDSUTIL N/A 1. 2. Right-click the computer you want to approve. and then click Approve. The preceding procedure deletes the contents of the approved or rejected table in the Auto-Add database. To approve a pending computer by using the default settings Using the MMC Using WDSUTIL 1. Open an elevated Command Prompt window. 2. The preceding procedure sets HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDS PXE\Providers\BINLSVC\AutoApprove\OtherRetention to the specified number. Open an elevated Command Prompt window. Run WDSUTIL /Delete-AutoAddDevices /DeviceType:<ApprovedDevices| RejectedDevices>. Approve and Reject Pending Computers To view the list of computers that are pending approval Using the MMC Using WDSUTIL 1. Select the Pending Devices node. 2. 2.mdb file. Run WDSUTIL /GetAutoAddDevices /DeviceType:PendingDevices. Open an elevated Command Prompt window. The preceding procedure displays the Auto-Add devices table from the Binlsvcdb. Run WDSUTIL /Approve131 . Expand the server node. 2. 1.Using the MMC Using WDSUTIL /AutoAddPolicy /RetentionPeriod /Others:<time in days>.

see Prestaging Client Computers. see Prestaging Client Computers. but change a setting 132 . Click Approve All. Open an elevated Command Prompt window. For more information. Right-click the Pending Devices node.Using the MMC Using WDSUTIL AutoAddDevices /RequestID:<ID> with the ID obtained from the Auto-Add database. To approve a pending computer. 1. The preceding procedure approves the computers. 2. 2. Run WDSUTIL /ApproveAutoAddDevices /RequestID:All. The preceding procedure approves the computer. For more information. To approve all pending computers by using the default settings Using the MMC Using WDSUTIL 1.

Using the MMC (name change only) Using WDSUTIL 1. • To join this computer to the domain. Select the computer you want to approve. specify /OU:<name of OU>. see Prestaging Client Computers. • To direct the computer to install from a different Windows Deployment Services server. The preceding procedure approves the computer. you can append this command with the following options: • To change the name. For more information. Run WDSUTIL /ApproveAutoAddDevices /RequestID:<ID> with the ID obtained from the Auto-Add database In addition. On the Action menu. • To enable the user to join this computer to the domain at any time. specify /BootProgram:<path>. Open an elevated Command Prompt window. type the name you want to give the computer. specify /BootImagePath:<path>. specify /JoinDomain:Yes. 1. specify /MachineName:<name> • To change the organizational unit (OU) where the account will be created. specify /ReferralServer:<server name>. • To change the boot program used. 2. • To change the user account for the domain join. with the configured settings. 3. click Name and Approve. In the dialog box. 4. • To change the unattend file used for the Microsoft Windows Preinstallation Environment (Windows PE) phase of unattended setup. 2. • To enable the user to join this computer to the domain only once. specify /User:<name> where the <name> is domain\user or user@domain. 133 . specify /JoinRights:Full. specify /WDSClientUnattend:<path> • To change the boot image used. Select the Pending Devices node. specify /JoinRights:JoinOnly.

specify /JoinDomain:Yes. specify /BootImagePath:<path>. specify /ReferralServer:<server name>. • To change the boot image used. The preceding procedure approves the computers with the configured settings. specify /BootProgram:<path>. but change a setting Using the MMC Using WDSUTIL N/A 1. To reject a pending computer 134 .To approve all pending computers. • To change the user account used for domain join. see Prestaging Client Computers. specify /User:<name> where <name> is domain\user or user@domain. specify /WDSClientUnattend:<path>. Open an elevated Command Prompt window. • To allow the user to join these computers to the domain at any time. • To direct the computers to install from a different Windows Deployment Services server. • To change the boot program used. specify /JoinRights:Full. you can append this command with the following options: • To change the OU where the accounts will be created. specify /OU:<name of OU>. • To change the unattend file used for the Windows PE phase of unattended setup. 2. specify /JoinRights:JoinOnly. • To join these computers to the domain. For more information. Run WDSUTIL /ApproveAutoAddDevices /RequestID:All In addition. • To allow the user to join these computers to the domain once only.

run WDSUTIL /Reject-AutoAddDevices /RequestID:<ID> with the ID obtained from the Auto-Add database.wim file • To replace an image on the server with an updated version • To remove an image To add a boot image to the server Boot Images • • To set the name.com file to the computer. run WDSUTIL /Reject-AutoAddDevices /RequestID:All. description. The preceding procedure sets the Status field for the computer to 2 (rejected) in the table of pending computers. 1.Using the MMC Using WDSUTIL 1. How to Manage Images This topic contains procedures for the tasks that are listed and described in the following table. Do one of the following: • To reject a single computer. Type Procedure General Tasks • To export an image from the server to a stand-alone . and online/offline status attributes on a boot image • • • • • Install Images • • • To display the attributes of a boot image To create a capture image To create a capture image manually To create a discover image To create a discover image manually To add an install image To set the attributes on an install image To display the attributes on an install 135 . Right-click the computer. 2. • To reject all computers. Select the Pending Devices node. and it sends the Abortpxe. and then click Reject or Reject All. Open an elevated Command Prompt window. 2.

In the dialog box. General Tasks To export an image from the server to a stand-alone . Right-click a boot or install image. 136 .wim file Using the MMC Using WDSUTIL 1. Do one of the following: • For a boot image. 2. 1.microsoft.com/fwlink/?LinkId=112194. and then click Export Image. run WDSUTIL /Verbose /Progress /Export-Image /Image:<name> /ImageType:Install /ImageGroup:<image group name> /DestinationImage /Filepath:<path and file name>. run WDSUTIL /Verbose /Progress /Export-Image /Image:<name> /ImageType:Boot /Architecture:{x86|x64|ia64} /DestinationImage /Filepath:<path and file name>. 2. choose a file name to export the image to. Open an elevated Command Prompt window. • For an install image.Type Procedure image • To convert an RIPREP image to a .wim install image • To make a copy of an install image within an image group Image Groups • To remove an image group • To add an image group to the image store • To set the attributes on an image group • To display information about all images in an image group Note Help for WDSUTIL is available by typing WDSUTIL /? at a command prompt or online at http://go.

it combines the metadata in the Install. To replace an image on the server with an updated version Using the MMC Using WDSUTIL 1.wim file. The preceding procedure does the following: • For a boot image. run WDSUTIL /Verbose /Progress /Replace-Image /Image:<name> /ImageType:Install /ImageGroup:<image group name> /ReplacementImage /ImageFile:<path>. • To replace an install image. and Append will append the new image to the existing . No will cause an error. The preceding procedure adds the new image to the image store and removes the old one. Click through the rest of the wizard. Yes will overwrite the image.rwm file into a single . 1. append /Overwrite:{Yes| No|Append}. and then click Replace Image. 3.wim file at the specified destination. 2. Open an elevated Command Prompt window. 2. Browse to the updated version. Right-click a boot or install image. You can also set the following: • To set these metadata fields on the image. it copies the file to the specified destination.Using the MMC Using WDSUTIL 3. Do one of the following: • To replace a boot image. Note that Append is available only for install images. append /Name:<name> or /Description:<description> • To determine behavior when the image specified in /DestinationImage already exists. 137 . run WDSUTIL /Verbose /Progress /Replace-Image /Image:<name> /ImageType:Boot /Architecture:{x86| x64|ia64} /ReplacementImage /ImageFile:<path>. • For an install image.wim file with the resources in the Res.

138 . you should use the standard boot image that is included on the Windows Server 2008 media (located at \Sources\boot. If the source image file contains more than one install image. Click Delete.wim) without modification. Enter the path to the boot image or browse to the image file. Boot Images To add a boot image to the server Using the MMC Using WDSUTIL 1. Open an elevated Command Prompt window. and then click Next. run WDSUTIL /Remove-Image /Image:<name> /ImageType:Boot /Architecture:{x86| x64|ia64} • For install images. and then click Add Boot Image. Right-click a boot or install image. 1. Do not use the Boot. Note If you specify /SourceImage. 2. where the path is a full path to the image file. 2. run WDSUTIL /Remove-Image /Image:<name> /ImageType:Install /ImageGroup:<image group name>. data folders associated with the original image (for example. Do one of the following: • For boot images. Right-click the Boot Images node.wim image file from the image store. 2. 2. Run WDSUTIL /Verbose /Progress /Add-Image /ImageFile:<path> /ImageType:Boot.To remove an image Using the MMC Using WDSUTIL 1.wim from the 1. Open an elevated Command Prompt window. In most cases. folders that contains unattend files or language packs) will be kept intact and will be associated with the replacement image. The preceding procedure deletes the . append /SourceImage:<Source image name> to specify the image to use as a replacement.

If the files already exist on the server. and online/offline status attributes on a boot image Using the MMC Using WDSUTIL 1. and then click Next.Using the MMC Using WDSUTIL Windows Vista media unless your version of Windows Vista has SP1 integrated into the DVD. Right-click the image. a version check is performed so that the newest files are used. 139 . 1. run WDSUTIL /Set-Image /Image:<name> /ImageType:Boot /Architecture:<arch> /Enabled:No. Do one of the following: • To take the image offline. 4. 3. Enter the name and description. • Generates a Boot Configuration Data (BCD) store for the boot image in the folder \RemoteInstall\Boot###BOT_TEXT###lt;arch>\Images. The preceding procedure does the following: • Copies the boot image file to the folder \RemoteInstall\Boot###BOT_TEXT###lt;arch>\Images. Enter an image name and description. note the following: • Taking an image offline sets the hidden file attribute on the relevant . 2. • Generates a combined BCD store for the architecture in folder \RemoteInstall\Boot###BOT_TEXT###lt;arch>. and then click Disable to take the image offline. Review the choices. To set the name. and then click Properties. Open an elevated Command Prompt window. • Extracts the required files for Pre-Execution Environment (PXE) booting from \Windows\Boot\PXE in the image to the folder \RemoteInstall\Boot. • To change the name and description. 2. run WDSUTIL /SetImage /Image:<name> /ImageType:Boot /Architecture:<arch> /Name:<name> /Description:<description>.wim file. and then click Next. Right-click a boot image. In the preceding procedure. description. 3.

wim file. creation and modify dates. and online and offline status of the image. To display the attributes of a boot image Using the MMC Using WDSUTIL 1. image name. 2. Run WDSUTIL /Get-Image /Image:<name> /ImageType:Boot /Architecture:<arch>. Click Properties. Open an elevated Command Prompt window. default languages. size. 1. architecture.• Changing the name and description changes these attributes in the metadata header of the . description. The preceding procedure displays the file name. Right-click a boot image. operating system version. service pack level. To create a capture image 140 . 2. image type.

description. 6. Right-click the image to use it as a capture image (most commonly.Using the MMC Using WDSUTIL 1. 8. Run WDSUTIL /New-CaptureImage /Image:<source boot image name> /Architecture:{x86|ia64|x64} /DestinationImage /FilePath:<file path>. and then click Next. 3. the \Sources\boot. Click Add Boot Image.wim file from the installation media). Type a name. Browse and select the new capture image. Open an elevated Command Prompt window. 2. You must specify a location so that if there is a network issue when you deploy the capture image. where <filepath> is the path and name for the capture image. Click Create Capture Boot Image. In the Windows Deployment Services MMC snap-in. To create a capture image manually 141 . you have a local copy. and when it is completed. 9. click Finish. and the location where you want to save a local copy of the file. Right-click the boot image folder. 7. expand the Boot Images node. 1. 5. Follow the instructions in the Image Capture Wizard. Continue to follow the instructions in the wizard. 4. 2.

append /WDSServer:<server name or IP>. 7.Using the MMC Using WDSUTIL 1. 2. Click Create Discover Boot Image. 4. Browse and select the new discover image. 8. Follow the instructions in the wizard. This must be the Boot. 3. 142 . Right-click the image you want to use as a discover image.ini file in the Windows\System32 folder of the applied image with the following section: [LaunchApps] %SYSTEMROOT%\system32\wdscapture. Update the image metadata to reflect any changes to the image name or description. 6. Run WDSUTIL /New-DiscoverImage /Image:<name> /Architecture:{x86|x64| ia64} /DestinationImage /FilePath:<path and name to new file>. 2.exe N/A 4. Right-click the boot image folder. Apply the contents of the source boot image from the Windows Deployment Services server’s image store to the \Temp folder. click Finish. 5. To create a discover image Using the MMC Using WDSUTIL 1. In the Windows Deployment Services MMC snap-in. Click Add Boot Image. %TEMP%. Follow the instructions in the wizard. 2. 3. and then click Next. Create a Winpeshl. Capture the modified image into a new . Create a temporary folder in the path that is pointed to by the environment variable. To specify which server the discover image connects to.wim file from Windows Server 2008 media. 5.wim file. 1. Open an elevated Command Prompt window. and when it is completed. expand the Boot images node.

Proceed through the rest of the wizard. To create an image group. and then click Add Install Image. 2. run WDSUTIL /Add-ImageGroup /ImageGroup:<image group name>. Update the image metadata to reflect any changes to the image name or description.exe.wim file.To create a discover image manually Using the MMC Using WDSUTIL 1.wim 143 . 2.exe. Create a Winpeshl. 3.ini file in the Windows\System32 folder of the applied image with the following section: [LaunchApps] %SYSTEMROOT%\sources\setup. Run WDSUTIL /Verbose /Progress /Add-Image /ImageFile:<path to . 3. 2. Install Images To add an install image Using the MMC Using WDSUTIL 1. Open an elevated Command Prompt window. "/wds /wdsdiscover /wdsserver:<server>" N/A 4. Select the file to add. Create a temporary folder in the path pointed to by the environment variable. %TEMP%. Select an image group. 3. "/wds /wdsdiscover" Or [LaunchApps] %SYSTEMROOT%\sources\setup. 1. Apply the contents of the source boot image from the Windows Deployment Services server’s image store to the temporary folder. 4. Right-click the image group. Capture the modified image into a new . 5.

Use the Security tab to set access controls. access controls.wim (res. To skip the integrity check before adding the image. and associated unattend file for an image.Using the MMC Using WDSUTIL file> /ImageType:Install. Note that taking an image offline makes the file hidden. On the Action menu. description. 2. Right-click an install image. append /SkipVerify.wim file in the image group folder. 5. and then select a file to associate an unattend file with the install image. To display the attributes for an install image 144 . Enter the name and description in the appropriate text boxes. To set the attributes for an install image The following procedure sets the name. Check Allow image to install in unattended mode. Open an elevated Command Prompt window. creates a metadataonly . The preceding procedure runs an integrity check on the specified image file. 1.rwm) file for the image group. append /ImageGroup:<image group name> to specify which group the image should be added to. Using the MMC Using WDSUTIL 1. 4. and then either click Disable to take the image offline or click Enable to bring it back online. If you specify an unattend file. The preceding procedure changes image metadata or file access control lists (ACLs) on the image file to store the attributes. and adds the resources in the image file to the Resource . Run WDSUTIL /Set-Image Image:<name> /ImageType:Install /ImageGroup:<image group name> /Name:<name> /Description:<description> /UserFilter:<SDDL> /Enabled:{Yes|No} /UnattendFile:<path>. 2. 3. online and offline status. click Properties. this procedure also copies it into the image store. If more than one image group exists on the server.

wim file. Right-click the image. and the online or offline status of the image. image type. path. 145 . and file name. architecture. and then click Convert to WIM. 2. Run WDSUTIL /Get-Image /Image:<name> /ImageType:Install /ImageGroup:<image group name>. 2. Open an elevated Command Prompt window. description.Using the MMC Using WDSUTIL 1. HAL type. and Append will append the new image to the existing . Click the Legacy Images node. 3. creation and modification time. you can specify the following: • To give the new . Right-click the RIPREP image you want to convert.sif file> /DestinationImage /FilePath:<path and name of . To convert a RIPREP image to a . No will cause an error. size. Click Properties. • To convert the original RIPREP image.wim image a name in the metadata. append /Overwrite:{Yes|No|Append}. unattend file (if assigned). append /Name:<name>. operating system version. • To give the new .wim file. 1. In addition. The preceding procedure displays the file name. Using the MMC Using WDSUTIL 1. Open an elevated Command Prompt window. 2.wim image a description in the metadata.wim install image For more information. Enter the name. Run WDSUTIL /Verbose /Progress /Convert-RiPrepImage /FilePath:<path to RIPREP image . ACLs. Yes will overwrite the . languages. • To determine behavior when the image file specified in /DestinationImage already exists. rather than a copy. append /InPlace. description. 1. 2. image name.wim image>. append /Description:<description>. image group. and then click Next. see Creating Images.

1. This procedure deletes the image group folder and all of its contents from the image store.To make a copy of an install image Using the MMC Using WDSUTIL N/A 1. 1. Enter the name for the image group. and it sets the image name and file name (and description. Open an elevated Command Prompt window. 146 . To give the new image a description. append /Description:<description>. Run WDSUTIL /Copy-Image /Image:<name> /ImageType:Install /ImageGroup:<image group name> /DestinationImage /Name:<name> /Filename:<file name>. 2. if an associated data folder exists (the folder that contains unattend files or language packs). Click Delete. Run WDSUTIL /RemoveImageGroup /ImageGroup:<image group name>. Right-click image group. if specified) to the values you specify. To add an image group to the image store Using the MMC Using WDSUTIL 1. 2. The preceding procedure creates a copy of the metadata . 2.wim file that corresponds to the selected image. Image Groups To remove an image group Using the MMC Using WDSUTIL 1. Right-click the Install Images node. Run WDSUTIL /Add-ImageGroup /ImageGroup:<image group name>. and then click Add Image Group. it will be removed as well. 2. Open an elevated Command Prompt window. For install images. Open an elevated Command Prompt window. 2.

Open an elevated Command Prompt window. run WDSUTIL /SetImageGroup /ImageGroup:<image group name> /Security:<SDDL>. 2.The preceding procedure creates a folder in the image store with the specified name. Run WDSUTIL /Get-ImageGroup /ImageGroup:<image group name>. Select an image group. View the images in the right pane. Open an elevated Command Prompt window. To set the attributes on an image group Use the following procedure to set the name and access controls for an image group. To display information about all images in an image group Using the MMC Using WDSUTIL 1. in Security Descriptor Definition Language (SDDL) format. To change the name. How to Create Multicast Transmissions This topic explains how to use Windows Deployment Services to create multicast transmissions. Using the MMC Using WDSUTIL 1. 147 . 2. append /Detailed. 1. Note Changing the name renames the image group folder in the image store. 2. 1. To set the security. and then click Rename. and changing the security sets ACLs on the folder and its contents. Right-click image group. where <SDDL> is the security descriptor you want to use for the image group. To display the full image metadata on each image in the group. 2. and then click Security. Right-click image group. 3. run WDSUTIL /Set-ImageGroup /ImageGroup:<existing image group name> /Name:<new image group name>.

Consider implementing multicasting if your organization: Multicasting might not optimize your installations if your organization: • Has network routers that support multicasting. This is because with this feature. When you create a multicast transmission for an image. • Does not have bandwidth overload problems. to only use 10 percent of your bandwidth). see Using Transport Server. • Has network routers that do not support multicasting. • Has disk space limitations on the client computers. • Deploys images to only a small number of client computers simultaneously.) 148 . (This is because the image is downloaded to client computers instead of being installed from a server. • Has enough disk space on client computers for the image to be downloaded. • Is a large company that requires many concurrent client installations. which can drastically reduce the amount of network bandwidth that is used.microsoft. and you can specify limitations (for example.In This Topic • • • • • • • • • Overview Prerequisites for Creating a Multicast Transmission Known Issues in Creating a Multicast Transmission Transmission Types To create a multicast transmission with Deployment Server To manage transmissions To manage clients in a transmission To configure the UDP port range for multicast To configure how the server will obtain IP addresses for multicast transmissions Note Help for WDSUTIL is available by typing WDSUTIL /? at a command prompt or online at http://go. Overview Multicasting enables you to deploy an image to a large number of client computers without overburdening the network. the data is sent over the network only once. images are sent over the network only once. • Meets the requirements listed in the following section. For information about using Transport Server to create a namespace. • Wants to use network bandwidth efficiently.com/fwlink/?LinkId=112194.

you can do either of the following: right-click Windows Deployment Services in the MMC snap-in. multicast packets are treated as broadcast packets.wim file for multicast transmissions. and then click Restart. 149 . Do not use the Boot. • After you configure Windows Deployment Services server. specify static ranges that do not overlap to ensure that each server is using a unique IP address or Multicast Address Dynamic Client Allocation Protocol (MADCAP). To specify this option. If you do not restart the service. or the remote procedure call (RPC) port number (by running wdsutil /set-server /rpcport:<portnum>). To work around this issue. Otherwise. or run wdsutil /stop-server and then run wdsutil /start-server in an elevated Command Prompt window. which can lead to network flooding. Note that each Windows Deployment Services server will have the same default range. and then click the Network Settings tab. your network infrastructure needs to support the Internet Group Management Protocol (IGMP) to properly forward multicast traffic. and will be sent to every device in the subnet.Prerequisites for Creating a Multicast Transmission To implement this feature in your organization. you will be able to create the transmission. you must restart the service before the changes will take effect. but people who boot into it will not be able to join it. In particular. you must have all of the following: • Routers that support multicasting. if you modify the Multicast IP Address. multicast packets are treated as broadcast packets.wim file from the Windows Server 2008 media (located in the \Sources folder). click Properties. or another solution). • At least one install image that you want to transmit on the server • The Boot. Known Issues in Creating a Multicast Transmission You may encounter the following issues when implementing multicasting: • If you use the Windows Vista Boot. • Internet Group Membership Protocol (IGMP) snooping should be enabled on all devices. • If multiple servers are using multicast functionality on a network (Transport Server. you may encounter excessive traffic when you enable multicasting.wim from the Windows Vista media unless your version of Windows Vista has SP1 integrated into the DVD. Deployment Server. This will cause your network hardware to forward multicast packets only to those devices that are requesting data. If IGMP snooping is turned off. To restart the service. Without the IGMP. the User Data Protocol (UDP) port range. right-click the server in the MMC snapin. the server will use the old values and may not answer clients. it is important that each server is configured so that the multicast IP addresses do not collide.

This option sets the start criteria for the transmission based on the number of clients that are requesting an image and/or a specific day and time. Then. and the other clients' multicast performance should speed up. and then click 1. If they do not speed up. and then click Restart. the transmission is idle). If you do not select either of these check boxes. or run wdsutil /stop-server and then run wdsutil /start-server in an elevated Command Prompt window. there is a problem with the client's hardware (for example. Note that in addition to these criteria. disconnect the master client. This will force the master client to run the transmission by using the Server Message Block (SMB) protocol. or the RPC port number (by running wdsutil /setserver /rpcport:<portnum>). the UDP port range. they too are joined to the transmission that is already started. Note After you configure Windows Deployment Services server. Next. the transmission will not start until you manually start it. a multicast transmission of the selected image begins. first determine the client that is holding back the transmission (this is called the master client). If you do not restart the service. you can start a transmission manually at any time by right-clicking it and then clicking Start. • Scheduled-Cast. This option indicates that as soon as an applicable client requests an install image. To resolve this issue. Do one of the following: 150 . To do this.• Each transmission can be run only as fast as the slowest client. To create a multicast transmission with Deployment Server Using the MMC Using WDSUTIL Do one of the following: • Right-click the Multicast Transmission node. Open an elevated Command Prompt window. If no clients are connected (that is. the entire transmission will be slow if there is one slow client. a slow hard disk) or a network problem. you must restart the service before the changes will take effect. 2. Transmission Types There are two types of multicast transmissions: • Auto-Cast. view the output of the following command: WDSUTIL /Get-MulticastTransmission /Showclients. if you modify the Multicast IP Address. you can do either of the following: right-click Windows Deployment Services in the MMC snap-in. Note Content is transferred over the network only if clients request data. To restart the service. That is. as other clients request the same image. the server will use the old values and may not answer clients. data will not be sent over the network.

• Delete the transmission. If the transmission is the Scheduled-Cast type. but they will not use the multicast transmission to complete the installation. To create a Scheduled-Cast transmission Syntax: WDSUTIL /NewMulticastTransmission /Image:<image name> /FriendlyName:<friendly name> /ImageType:Install /ImageGroup:<Image group name> /TransmissionType:ScheduledCast [/Time:<yyyy/mm/dd:hh:mm>][/Clients:<no of clients>] To manage transmissions Using the MMC Using WDSUTIL • Start the transmission. • Right-click an image. and then click Create Multicast Transmission. there is at least one client.Using the MMC Using WDSUTIL Create Multicast Transmission. but no new clients • To start the transmission Syntax: WDSUTIL /StartMulticastTransmission /Image:<image name> /ImageType:Install /ImageGroup:<image group name> Note You can start the transmission only if it is the Scheduled-Cast type. each client that is currently installing will continue. • Deactivate the transmission. there is at least one client. a. • To delete the transmission Syntax: WDSUTIL /RemoveMulticastTransmission /Image:<image name> /ImageType:Install /ImageGroup:<image group name> /Force • To deactivate the transmission 151 Syntax: WDSUTIL /Remove- . If you right-click the transmission and then click Deactivate. and the transmission has not started yet. you can right-click the transmission and then click Start. To create an Auto-Cast transmission Syntax: WDSUTIL /NewMulticastTransmission /Image:<image name> /FriendlyName:<friendly name> /ImageType:Install /ImageGroup:<Image group name> /TransmissionType:AutoCast b. That is. the multicast transmission stops and each client installation will fall back to using unicast transmission. If you rightclick the transmission and click Delete. and the transmission is not already started. the client installations will not be deleted or stopped.

Using the MMC

Using WDSUTIL

will be joined to the transmission. After each current client installation is completed, the transmission will be deleted. If there are no clients when you click this option, the transmission will be deleted instantly. • View the transmission's properties. To view the properties, right-click the transmission and then click Properties. Note that you cannot edit the properties of a transmission after it is created. To make a change after you have created a transmission, you need to delete it and then recreate it. • Refresh the transmissions and data. To do this, right-click a transmission and then click Refresh. You can also refresh the data by pressing F5.

MulticastTransmission /Image:<image name> /ImageType:Install /ImageGroup:<image group name> • To view the transmission's properties Syntax: WDSUTIL /GetMulticastTransmission /Image:<image name> /ImageType:Install /ImageGroup:<image group name>

To manage clients in a transmission
Using the MMC Using WDSUTIL

• Viewclients and see progress. To view any connected clients, expand the Multicast Transmissions node and then click the image. The connected clients (including the current installation time and the percentage complete) are shown in the right pane. • Stop a client installation. To stop the installation completely, right-click a client and then click Disconnect. You should use this option with caution because the installation will fail and the computer could be left in an unusable state. • Disconnect a client from a multicast transmission. To discontinue the transmission for a particular client but continue to transfer the image through unicasting, right-click the client, and then

To view clients and see progress

Syntax: WDSUTIL /GetMulticastTransmission /Image:<image name> /ImageType:Install /ImageGroup:<image group name> /show:clients • To stop a client installation completely Syntax: WDSUTIL /Disconnect-Client /ClientID:<id> /Force. Note You should use this option with caution because the installation will fail and the computer could be left in an unusable state. • To disconnect a client from a multicast transmission but continue to 152

Using the MMC

Using WDSUTIL

click Bypass multicast.

transfer the image by using unicasting Syntax: WDSUTIL /Disconnect-Client /ClientID:<id> • To view the client <id> for each transmission Syntax: WDSUTIL /GetMulticastTransmission /Image:<image name> /ImageType:Install /ImageGroup:<image group name> /show:clients

To configure the UDP port range for multicasting
This setting specifies the range of UDP ports to use for multicasting and other components, such as the Trivial File Transfer Protocol (TFTP) provider. Before you change this range, you need to have at least as many ports as you have sessions and concurrent clients accessing the server. In terms of multicasting, a session is a network interface on your server. To calculate the number of sessions, multiply the number of network adapters on your server by the number of images that could be concurrently transferred using multicasting. For example, if you have two network adapters, and clients are connected on both interfaces, the content will be sent on the network twice (once from each interface). So in this case, you would need at least two ports. Because this range is also used by the TFTP provider, you will need as many available ports as you have concurrent clients accessing the server.
Using the MMC Using WDSUTIL

1. Right-click the server, and then click Properties. 2. On the Network Settings tab, specify the UDP port range.

1. Open an elevated Command Prompt window. 2. Run WDSUTIL /Set-Server [/Server:<name>] /Transport /StartPort:x /EndPort:y.

To configure how the server will obtain IP addresses for multicasting
The server allocates a multicast IP address to each multicast session, and all connected clients listen in on that address. It's important that all IP addresses be unique on the network to ensure that each client receives the correct data. If you have a complex network, you should consider using DHCP to select the addresses. In more basic environments, you can configure a range and have the Windows Deployment Services server select the address. 153

Using the MMC

Using WDSUTIL

3. 1. Right-click the server, and then click Properties. 2. On the Network Settings tab under Multicast IP Address, select one of the following: • Obtain IP address from DHCP. You can select this option only if your DHCP server supports it. The IP address for each namespace will be obtained by using MADCAP (RFC 2730, Multicast). • Use IP address from the following range. You will need to enter a range.

1. Open an elevated Command Prompt window. 2. Do one of the following: • To use MADCAP to obtain the IP address for each namespace, run WDSUTIL /Set-Server [/Server:<name>] /Transport /ObtainIPFrom:DHCP. • To configure a preset range of IP addresses, run WDSUTIL /Set-Server [/Server:<name>] /Transport /ObtainIPv4From:Range /Start:x.x.x.x /End:y.y.y.y.

Example Multicast Scripts
The following examples are sample scripts that you can use with your multicast transmissions. To use each script, copy the code to a file and then save, it using the .vbs file name extension. Then open an elevated Command Prompt window and run a command that uses the following syntax: cscript <nameoffile>.vbs <WDSServer>. For example: cscript mcinfo.vbs localhost.

In This Topic
• • Stop Transmissions Slower than 1 MB per Second Display Performance Information About Clients

Stop Transmissions Slower than 1 MB per Second
The following Microsoft Visual Basic script will stop the transmission of the master client for any multicast session that has been transmitting data at a rate slower then 1 MB per second for longer than 60 seconds. You can configure these values by using the parameters at the top of the script. The master client is the slowest client in a transmission — that is, the client that is not capable of installing any faster while the other clients may be able to install at a faster rate. To determine the master client, view the output of the following command: WDSUTIL /GetMulticastTransmission /Show-clients. Note that there may be as many master clients as the server has network adapters.
' -------------Times are in milliseconds

154

sleepTime = 5000 ' Minimum time to wait between each query to the server timeThreshold = 60000 ' slow session Minimum time to wait before kicking the master client out of a

' ------------- Speeds are in KB/sec speedThreshold = 1024 ' Minimum transfer rate for a session

' ------------- Display variables displayAllSessions = true ' Display all sessions on the server, not just the slow sessions printStatusDots = true ' Print a dot every time we contact the server. Useful to show that the script is doing something

' ------------------------------- End user defined settings ------------------------------Dim sessionDictionary, Manager, Server, hostname

' WDS Transport type definitions WdsTptDisconnectUnknown = 0 WdsTptDisconnectFallback = 1 WdsTptDisconnectAbort = 2

' Run main main()

' ---------------------------------- main sub main if WScript.Arguments.Count < 1 then wscript.echo "[WARN]: Hostname not specified on command line, trying to connect to localhost" hostname = "localhost" else hostname = WScript.Arguments.Item(0) end if

155

' We use a dictionary to keep track of sessions on the server Set sessionDictionary = CreateObject("Scripting.Dictionary")

' Create the Transport Manager Set Manager = CreateObject("WdsTptMgmt.WdsTransportManager")

' Connect to the server Set Server = Manager.GetWdsTransportServer(hostname)

' Echo out current settings if displayAllSessions = false then wscript.echo "[INFO]: Not displaying information for all sessions" end if

if printStatusDots then wscript.echo "[INFO]: Printing status dots" end if

wscript.echo "[INFO]: Speed Threshold: " + Cstr(speedThreshold) + " KB/sec, Time Threshold: " + Cstr(Int(timeThreshold/1000)) + "s, Sleep time: " + Cstr(Int(sleepTime/1000)) + "s" wscript.echo "[INFO]: Examining sessions on " + Server.name + "..." + vbCrLf

' Loop forever. User must control C out of the script to stop execution. Do while true if printStatusDots then Wscript.StdOut.Write(".") end if loopAndKick() wscript.sleep(sleepTime) loop end sub

156

' ---------------------------------- loopAndKick sub loopAndKick ' Get a list of the namespaces on the server Set NamespaceCollection = Server.NamespaceManager.RetrieveNamespaces("", "", False)

' Get all namespaces present on the server for i = 1 to CLng(NamespaceCollection.count) Set ns = NamespaceCollection.Item(i)

' Get all contents for this namespace Set ContentCollection = NamespaceCollection.Item(i).RetrieveContents() for j = 1 to CLng(ContentCollection.count) Set content = ContentCollection.item(j)

' Get all sessions for this content Set SessionCollection = content.RetrieveSessions() for k = 1 to CLng(SessionCollection.count) Set session = SessionCollection.item(k) Set ClientCollection = session.RetrieveClients()

'Calculate the transfer rate, in KB/sec, for this session tRate = CLng(session.TransferRate) tRate = Int(tRate / 1024)

' Echo this session out to the screen if displayAllSessions then wscript.echo ns.name + content.name + ", Num clients: " + CStr(ClientCollection.count) + ", " + CStr(tRate) + " kB/sec" end if

' If the session ID already exists in the dictionary, but no clients are connected, remove the entry from the dictionary if ( (CLng(ClientCollection.count) = 0) AND sessionDictionary.Exists( CLng(session.ID)) ) then

157

wscript.echo vbTab + "Remove: " +

Cstr(session.ID)

sessionDictionary.Remove(CLng(session.ID))

' If the session ID details, and kick the master client if needed

exists in the dictionary, update the session

elseif sessionDictionary.Exists( CLng(session.ID) ) then

' Retrieve and update timeSlow timeSlow = sessionDictionary.Item( CLng(session.ID) ) timeSlow = timeSlow + sleepTime

' If we've gone too slow for too long, kick the current master client if ( (tRate < speedThreshold) AND (timeSlow > timeThreshold) ) then

' Make sure we have a valid master client ID before we attempt to kick if Clng(session.MasterClientId) <> 0 then wscript.echo vbTab + "Kicking client: " + Cstr(session.MasterClientId) Server.DisconnectClient session.MasterClientId, WdsTptDisconnectFallback

' Reset time slow for this session timeSlow = 0 end if end if

' Remove the old entry from the dictionary sessionDictionary.Remove(CLng(session.ID))

' If the session is still too slow, add it back to the dictionary with the new time value if( tRate < speedThreshold) then

158

wscript.echo vbTab + "Update: " + Cstr(session.ID) + ", Time slow: " + Cstr(Int(timeSlow/1000)) + "s" sessionDictionary.Add CLng(session.ID), timeSlow

Otherwise, we've removed the session from the dictionary above else wscript.echo vbTab + "Remove: " + Cstr(session.ID) end if

' The session isn't in the dictionary. If the session is going too slow and has clients connected, add it to the dictionary else if( (tRate < speedThreshold) AND (CLng(ClientCollection.count) <> 0) ) then wscript.echo vbTab + "Add: " + Cstr(session.ID)

sessionDictionary.Add CLng(session.ID), 0 end if end if next next next end sub

Display Performance Information About Clients
The following Visual Basic script displays performance information for all clients in all transmissions that are connected to the same server.
' Create the Tranport Manager Set Manager = CreateObject("WdsTptMgmt.WdsTransportManager")

if WScript.Arguments.Count = 0 then wscript.echo "INFO: Specify a host name on the command line to connect to a remote host" & vbCrLf Set Server = Manager.GetWdsTransportServer("localhost") else

159

name ' Get a list of the namespaces on the server Set NamespaceCollection = Server.echo " Namespace ID: " + CStr(ns.NetworkInterfaceName &_ Session ID: " + CStr(session.Set Server = Manager.Arguments.echo " content.NamespaceManager.echo "Server: " + Server. "".RetrieveContents() for j = 1 to CLng(ContentCollection.name ' Get all contents for this namespace Set ContentCollection = NamespaceCollection.count) Set session = SessionCollection.id) + ".echo " NIC Name: " + session.RetrieveClients() wscript.Item(0)) end if ' Print Server name wscript.count) Set content = ContentCollection.RetrieveNamespaces("".RetrieveSessions() for k = 1 to CLng(SessionCollection.count) Set ns = NamespaceCollection. 160 .id) + ".item(k) tRate = CLng(session.TransferRate) tRate = Int(tRate / 1024) ' Get all clients for this session Set ClientCollection = session.Item(i) wscript.Item(i). False) ' Get all namespaces present on the server for i = 1 to CLng(NamespaceCollection.GetWdsTransportServer(WScript.id) + ". Name: " + ns.item(j) wscript. Name: " + ' Get all sessions for this content Set SessionCollection = content.name Content ID : " + CStr(content.

id) + ". tRate: " + CStr(tRate) + " kB/sec.vbs localhost Microsoft (R) Windows Script Host Version 5.JoinDuration) end if next next next next Client ID: " + * Client ID: " + The following code is example output from the preceding script: C:\Users\administrator>cscript MCInfo.MasterClientId) = Clng(client.IpAddress + ".id) then wscript.wim/1 Namespace ID: 2471217807.com Namespace ID: 2471217798. Name: " + client.id) + ".wim/1 Namespace ID: 2471217799.echo " CStr(client.fabrikam.echo " CStr(client. Name: WDS:Vista/amd64. Time connected: " + Cstr(client. Name: WDS:Server03/amd64.wim/1 Namespace ID: 2471217810. MAC: " + client.+ ". MAC: " + client.wim/1 161 .JoinDuration) else wscript. Time connected: " + Cstr(client. Name: WDS:Vista/x86. IP: " + client.count) set client = ClientCollection. Name: " + client.MacAddress + ".name &_ + ". clients: " + Cstr(ClientCollection.wim/1 Namespace ID: 2471217811. Server: wds-server.item(l) ' Determine if this client is the master client if Clng(session. Name: WDS:Server08/install. All rights reserved.MacAddress + ".wim/1 Namespace ID: 2471217808.name &_ + ".7 Copyright (C) Microsoft Corporation. Name: WDS:Server08/install-(2). IP: " + client.IpAddress + ".count) for l = 1 to Cint(ClientCollection. Name: WDS:Server03/x86.

NIC Name: Broadcom NetXtreme Gigabit Ethernet #2.wim/1 Content ID : 3263057331. IP: 172. Name: Res. Name: Res. tRate: 0 kB/sec. clients: 1 * Client ID: 3267943420.30. clients: 0 Namespace ID: 2471217813. Name: MININT-1U7QOTT. see "Boot Configuration Data Editor Frequently Asked Questions" (http://go.170.microsoft. Bcdedit.162.rwm Session ID: 3353296854. NIC Name: Broadcom NetXtreme Gigabit Ethernet #2. Name: WDS:XP_SP2/Install. MAC: 000E7F28D375. tRate: 883 kB/sec.wim/1 Content ID : 3263057330.{05FF3388-7D7146A1-AE8A704480979281}.bcd 162 .Namespace ID: 2471217812.exe /enum all /store c:\remoteinstall\tmp\X86.exe) to view and modify the contents of the Boot Configuration Data (BCD) store.com/fwlink/?LinkId=112156). run the following command at the command prompt: Syntax: bcdedit /enum all /store <path to BCD store> Example: C:\boot>bcdedit.exe is available on computers running Windows Vista and Windows Server 2008. Name: WDS:XP_SP2/install-(2). Time connected: 1111 How to Modify the BCD Store Using Bcdedit You can use the Boot Configuration Data Editor (Bcdedit. For more information.rwm Session ID: 3353296855. In This Topic • • • • • • • To View the Contents of the BCD Store To Configure the Default Selection Time-out Value To Configure a Localized Boot Manager Experience To Configure the TFTP Block Size To Configure the TFTP Window Size To Configure Windows Debugger Options To Turn On Emergency Management Services Settings To View the Contents of the BCD Store To view the contents of this store.

To Configure the Default Selection Time-out Value The default selection time-out value is set to 30 seconds.bcd Windows Boot Manager -------------------identifier inherit timeout {bootmgr} {dbgsettings} 30 Real-mode Application (10400009) -------------------------------identifier device path description pxesoftreboot {40fe5c41-285e-412b-b4cd-0ce498e470a2} boot OSChooser\i386\startrom.bcd store for your client’s architecture. You can configure this value by setting the appropriate option in the Default.bcd store by running the following command: Syntax: bcdedit /enum all /store <full path and file name of store> Example: C:###BOT_TEXT###gt;bcdedit /enum all /store c:\RemoteInstall\Boot\x86\default.SDI 163 . using the following steps: 1. View the existing configuration settings in the Default.n12 Remote Installation Services Yes Debugger Settings ----------------identifier debugtype debugport baudrate {dbgsettings} Serial 1 115200 Device options -------------identifier ramdisksdidevice ramdisksdipath {68d9e51c-a129-4ee1-9725-2ab00a957daf} boot \Boot\Boot.

Force regeneration of the BCD store in the \Tmp folder by sending a control signal to the WDSServer service.n12 Remote Installation Services Yes Debugger Settings ----------------identifier {dbgsettings} 164 .bcd Windows Boot Manager -------------------identifier inherit timeout {bootmgr} {dbgsettings} 30 Real-mode Application (10400009) -------------------------------identifier device path description pxesoftreboot {40fe5c41-285e-412b-b4cd-0ce498e470a2} boot OSChooser\i386\startrom. perform the following steps: 1.bcd /set {bootmgr} timeout 10 3. Set the appropriate time-out value by running the following command: Syntax: bcdedit /store <full path and file name of store> /set {bootmgr} timeout <value in seconds> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.2. using the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 To Configure a Localized Boot Manager Experience To configure the Boot Manager application to allow for a localized setup experience. View the existing settings in the default BCD store by running the following command: Syntax: bcdedit /enum all /store <full path and file name of store> Example: C:###BOT_TEXT###gt;bcdedit /enum all /store c:\RemoteInstall\Boot\x86\default.

bcd /set {bootmgr} path \boot###BOT_TEXT###lt;arch>\bootmgr. You can configure this value by setting the appropriate value in the default BCD store for the client architecture.exe 4. Set the appropriate locale value by running the following command: Syntax: bcdedit /store <full path and file name of store> /set {bootmgr} locale <lang> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default. Determine the GUID identifier of the boot manager application by running the following command: Syntax: bcdedit /enum all /store <full path and file name of store> Example: C:###BOT_TEXT###gt;bcdedit /enum all /store c:\RemoteInstall\Boot\x86\default.bcd /set {bootmgr} locale en-US 3.exe> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.SDI 2. using the following steps: 1. Force regeneration of the BCD store in the \Tmp folder by sending a control signal to the server service by specifying. using the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 To Configure the TFTP Block Size The default TFTP block size value is 1432 bytes.bcd Windows Boot Manager -------------------identifier inherit timeout {bootmgr} {dbgsettings} 30 165 .debugtype debugport baudrate Serial 1 115200 Device options -------------identifier ramdisksdidevice ramdisksdipath {68d9e51c-a129-4ee1-9725-2ab00a957daf} boot \Boot\Boot. Set the application path by running the following command: Syntax: bcdedit /store <full path and file name of store> /set {bootmgr} path <relative path to bootmgr.

and so on) and that you not set a value higher than 16384.n12 Remote Installation Services Yes Debugger Settings ----------------identifier debugtype debugport baudrate {dbgsettings} Serial 1 115200 Device options -------------identifier ramdisksdidevice ramdisksdipath {68d9e51c-a129-4ee1-9725-2ab00a957daf} boot \Boot\Boot. 16384. using the following steps: 166 . using the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 To Configure the TFTP Window Size The default TFTP window size is 8. You can configure this value by setting the appropriate value in the default BCD store for the client architecture.SDI 2.Real-mode Application (10400009) -------------------------------identifier device path description pxesoftreboot {40fe5c41-285e-412b-b4cd-0ce498e470a2} boot OSChooser\i386\startrom.bcd /set {68d9e51c-a1294ee1-9725-2ab00a957daf} ramdisktftpblocksize 4096 Note We recommend that you go up in multiples (4096. Force regeneration of the BCD store in the \Tmp folder by sending a control signal to the WDSServer service. Set the appropriate TFTP block size value by running the following command: Syntax: bcdedit /store <full path and file name of store> /set {<GUID identifier>} ramdisktftpblocksize <block size> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\boot\x86\default. 3. 8192.

View the existing settings in the Default. To turn on debugging for boot manager 1.exe. Sets the global debugger parameters.1. Force regeneration of the BCD store in the \Tmp folder by sending a control signal to the WDSServer service by running the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 To Configure Windows Debugger Options There are three debugging options that you can add by using BCDedit.bcd {68d9e51c-a1294ee1-9725-2ab00a957daf} ramdisktftpwindowsize 9 3. These options are described in the following table. determine the GUID identifier of the boot manager application by running the following command: Syntax: bcdedit /enum all /store <full path and file name of store> 2. At the command prompt. Enables or disables kernel debugging for an operating system entry.bcd Windows Boot Manager -------------------identifier inherit timeout {bootmgr} {dbgsettings} 30 Real-mode Application (10400009) 167 . Option Description /bootdebug /dbgsettings /debug Enables or disables boot debugging for a boot application. Set the appropriate TFTP window size by running the following command: Syntax: bcdedit /store <full path and file name of store> {<GUID>} ramdisktftpwindowsize <windowsize> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\boot\x86\default.bcd store by running the following command: Syntax: bcdedit /enum all /store <full path and file name of store> Example: C:###BOT_TEXT###gt;bcdedit /enum all /store c:\RemoteInstall\Boot\x86\default.

Force the regeneration of the BCD store in the \Tmp folder by sending a control signal to the server service. Determine the GUID of the operating system entry by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /enum all Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\Images\boot.bcd /set {bootmgr} bootdebug on 3.n12 Remote Installation Services Yes Debugger Settings ----------------identifier debugtype debugport baudrate {dbgsettings} Serial 1 115200 Device options -------------identifier ramdisksdidevice ramdisksdipath {68d9e51c-a129-4ee1-9725-2ab00a957daf} boot \Boot\Boot.SDI 2.-------------------------------identifier device path description pxesoftreboot {40fe5c41-285e-412b-b4cd-0ce498e470a2} boot OSChooser\i386\startrom. Set the appropriate debugging values by running the following command: Syntax: bcdedit /store <full path and file name of store> /set {bootmgr} bootdebug <value> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.bcd /enum all Windows Boot Loader 168 .wim. using the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 To turn on debugging for a particular operating system entry (for OSLoader) 1.

There are generally two types of devices that support remote administration: those whose BIOS and Extensible Firmware Interface (EFI) support UI redirection. Force regeneration of the BCD store in the \Tmp folder by sending a control signal to the server service. This includes starting your system and performing system-recovery tasks. and those whose BIOS does not 169 .{68d9e51c-a129-4ee1- 2. using the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 To Turn On Emergency Management Services Settings For servers equipped with the proper firmware.wim.bcd so that they apply to the operating system entry. This is useful for computers that do not support direct video output or do not have a keyboard and mouse attached.wim. Except for hardware maintenance and replacement. all administrative functions that you can accomplish locally should be available remotely.bcd /set {06689f95f69c-4937-8ded-09a966a6a319} debug on 3. Enable the inheritance of the debug options that are in Default.------------------identifier device 9725-2ab00a957da f} description osdevice 9725-2ab00a957da f} systemroot detecthal winpe \WINDOWS Yes Yes WinPE 5600 RC1 ramdisk=[boot]\Boot\x86\Images\boot.{68d9e51c-a129-4ee1{06689f95-f69c-4937-8ded-09a966a6a319} ramdisk=[boot]\Boot\x86\Images\boot.bcd /set {06689f95f69c-4937-8ded-09a966a6a319} inherit {dbgsettings} 4. using the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /set <GUID identifier> inherit {dbgsettings} Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default. Emergency Management Services (EMS) provides functionality that you can use to administer a server remotely. Enable debugging options by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /set <GUID identifier> debug <value> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default. This method is typically used for high-end servers in a data center.

n12. Support for remote administration is enabled by default for Itanium-based computers that are using configuration settings specified in the default BCD store that was created for Itanium-based clients. hdlscom1. and the goal is to redirect output by using a COM port.{68d9e51c-a129-4ee1{06689f95-f69c-4937-8ded-09a966a6a319} ramdisk=[boot]\Boot\x86\Images\boot. optionally. These EMS settings are enabled and set to use the BIOS default settings (as opposed to COM port redirection). For more information about boot programs and their use.{68d9e51c-a129-4ee1- 170 .wim. The second class of computers have had the video card removed (or the computer did not come with one). you must do the following: • Adjust the default NBP to one that supports remote administration (for example. see the "Network Boot Program" section in Managing Network Boot Programs.com.exe to set the appropriate EMS options in the default BCD store used for that architecture. or hdlscom2.com. You can do this by using BCDedit. hdlscom2. Determine the GUID of the operating system entry by running the following command: Syntax: BCDEDIT /store <full path and file name of per-image BCD store> /enum all Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\Images\boot. Each per-image BCD store that is generated for Itanium-based clients is set to inherit these settings from the default BCD configuration. you can specify the default port and baud rate. typically Itaniumbased servers.wim. • Signal the loader to support remote administration. You must enable EMS settings and. The first class of computers is generally EFI-based. To enable this support. hdlscom1.support UI redirection. To turn on EMS settings for a particular operating system entry (for OSLoader) 1.wim.n12).bcd /enum all Windows Boot Loader ------------------identifier device 9725-2ab00a957da f} description osdevice 9725-2ab00a957da f} systemroot detecthal \WINDOWS Yes WinPE 5600 RC1 ramdisk=[boot]\Boot\x86\Images\boot. Support for remote administration is not enabled by default for x86-based or x64-based computers that do not support BIOS redirection.

wim.bcd store by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /create {emssettings} /d <description> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.wim.bcd /set {emssettings} debugport 1 6.bcd /set {emssettings} baudrate 115200 4. Set the output port type by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /set {emssettings} debugtype <value> Example:C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.bcd /enum all Windows Boot Loader ------------------identifier device 9725-2ab00a957da f} description osdevice 9725-2ab00a957da WinPE 5600 RC1 ramdisk=[boot]\Boot\x86\Images\boot.{68d9e51c-a129-4ee1{06689f95-f69c-4937-8ded-09a966a6a319} ramdisk=[boot]\Boot\x86\Images\boot.{68d9e51c-a129-4ee1- 171 .bcd /create {emssettings} /d "EMS Settings” 3. Set the output port number (this should match the output port of the configured network boot program (NBP)) by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /set {emssettings} debugport <value> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.winpe Yes 2. Set the baud rate by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /set {emssettings} baudrate <value> Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default. Determine the GUID of the operating system entry by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /enum all Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\Images\boot.wim. Create the EMS settings option in the Default.bcd /set {emssettings} debugtype Serial 5.

Enable inheritance of EMS settings from Default. see Optimizing Performance. For more information.bcd values as configured above.bcd /set {06689f95f69c-4937-8ded-09a966a6a319} ems on 8. Force regeneration of the BCD store in the \Tmp folder by sending a control signal to the server service. In This Topic • Analyzing Blockages in Each Phase of Installation • PXE Boot Phase 172 . using the following command: C:###BOT_TEXT###gt;sc control wdsserver 129 Troubleshooting • • • • • Analyzing Performance Problems Common Problems Logging and Tracing Network Ports Used Required Permissions Analyzing Performance Problems This topic contains information about analyzing blockages during each phase of an image installation.bcd /set {06689f95f69c-4937-8ded-09a966a6a319} inherit {emssettings} 9. by running the following command: Syntax: bcdedit /store <full path and file name of per-image BCD store> /set <GUID identifier> inherit {emssettings} Example: C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default. Enable EMS settings in the per-image BCD by running the following command: Syntax: bcdedit /store <full path and file name of the per-image BCD store> /set <GUID identifier> ems <value> Example:C:###BOT_TEXT###gt;bcdedit /store c:\RemoteInstall\Boot\x86\default.f} systemroot detecthal winpe \WINDOWS Yes Yes 7.

In larger environments. open the Command Prompt window. Typically. • TFTP block size • Other network conditions (such as workload. Given the speed at which operations in this phase are completed. the more likely it is that something could go wrong. and downloading a network boot program (NBP) by using Trivial File Transfer Protocol (TFTP). TFTP Download Phase The TFTP download phase of the installation process is when the boot image is downloaded to the client computer. the longer it takes to download the boot image. The Windows Deployment Services PXE server can handle several hundred requests per second in sustained throughput. in Windows PE. you have a few options when it comes to performance tuning. 173 .• • • TFTP Download Phase Image Apply Phase Using Performance Monitoring Analyzing Blockages in Each Phase of Installation PXE Boot Phase The Pre-Boot Execution Environment (PXE) boot phase encompasses the initial boot performed by the client computer. the quality of the physical equipment that is installed. Slight performance decreases can occur if the domain controller is located across a latent network link or is overloaded. The amount of data transferred over the network during this phase is minimal. and electromagnetic noise considerations) Diagnosing TFTP Download Performance Problems The simplest way to diagnose long download times (observed from the client computer as a progress bar below an IP address) is to look at the average response time between the client and the server it is downloading from. Performance in this phase is tied directly to the following factors (in order of importance): • Latency between the client computer and the server (measured by the average response time between the server and the client) • Size of the boot image Note Increasing boot image size will cause the TFTP download times to increase and will reduce reliability. This includes obtaining an IP address lease. To do this. locating a valid Windows Deployment Services server. and the end-to-end operation typically succeeds in a matter of seconds. consider locating Dynamic Host Configuration Protocol (DHCP) and Windows Deployment Services roles on separate physical computers.

For instructions.160. and then boot the client computer from the network.197. the average latency is less than 1 millisecond. You may be able to decrease the impact of latency on TFTP download times by increasing the TFTP block size. and then note the average latency measured. For example. This means that more data will be sent each time. Average = 0ms High round-trip time values indicate latency on the network. Received = 4. Generally. consider doing one or more of the following: • • Use a Windows Deployment Services server that is closer to each client.93: Packets: Sent = 4. Lost = 0 (0% loss). where the average latency is less than 1 millisecond (which is good): C:\Windows\system32>ping 10.160. TFTP performance will be seriously degraded. Approximate round trip times in milli-seconds: Minimum = 0ms.197. To accomplish this. To improve this performance. if it takes X seconds to download the boot image when the average latency is 1 millisecond.93: bytes=32 time<1ms TTL=60 Ping statistics for 10.197.197.160.93: bytes=32 time<1ms TTL=60 Reply from 10. Reducing the size of the boot image can also speed up TFTP downloads. Remove stress and load from the network segment. see How to Modify the BCD Store Using Bcdedit.93 Pinging 10. which is good. and approximately eight seconds to download it when the average latency is 4 milliseconds. Maximum = 2ms.197.197. You can also diagnose TFTP download performance problems by examining a network trace of the download activity. use the output from the tracert command to identify the latent segment. • If the client connects to the server after multiple network hops. The output will look similar to the following.197.160.type ping [server’s IP address]. the best practice is to obtain this trace from the client and server simultaneously to assess exactly where the blockage is occurring (server.93: bytes=32 time=2ms TTL=60 Reply from 10. which cuts down on the number of round-trips. it will take approximately two seconds to download the image when the average latency is 2 milliseconds. start network traces from the server and the third computer. do the following: 174 . add a client and a third computer to a hub. If the average latency between the client and the server is longer than 5 milliseconds.93: bytes=32 time<1ms TTL=60 Reply from 10.160. To do this.93 with 32 bytes of data: Reply from 10. or network). Addressing TFTP Download Performance Problems In the preceding example. which is an indicator that TFTP download performance will be poor. and consider rerouting TFTP traffic to avoid that hop.160. client.160.

If there are substantial variances between the expected results and your results. A best practice is to use the ImageX /export command to export your boot image to a "clean" .com/fwlink/? LinkId=96016). • Check the condition of the switches between the client computer and the PXE server to ensure that packets are not being dropped. determine whether there is a network issue on that segment. Image Apply Phase The image apply phase of the installation process involves transferring an install image from the Windows Deployment Services server to the client.wim file that contains the boot image is using the maximum compression format. For more information. you probably have a performance blockage. To troubleshoot common blockages. run Imagex /info ImageFile [ImageNumber|ImageName]. ask yourself the following questions: • Do performance problems occur only at certain times of the day? This may indicate a scalability problem that is probably caused by an overused network or an overburdened server. Upgrade to better cabling (Cat 5e is recommended).exe /prep. Diagnosing Performance Problems in the Image Apply Phase To begin.wim file before adding the image to the Windows Deployment Services server. which has been prepared by using PEIMG. consider using PXE boot referrals to direct booting clients to different PXE servers for TFTP downloads.microsoft. consider altering your physical network topology by using one or more of the following steps: • • • • Add a PXE server closer to the client computer. 175 . Lastly. test several client computers on your network. • Ensure that the Windows image (. You can also enable logging to gather information. • Do performance problems occur only for clients on a particular subnet or network location? If so.• Use the tools in the Windows Automated Installation Kit (AIK) to create a custom boot image that contains the Windows Setup binary files and Microsoft Windows Preinstallation Environment (Windows PE). Move the client computer closer to the PXE server. see Managing Network Boot Programs and the Windows AIK documentation (http://go. In situations where a server is overburdened. Repair the existing network infrastructure (in the case of high-packet loss). see the "Windows Deployment Services Client Logs" section in Logging and Tracing. • Ensure that the . LZX. To do this. and compare the performance with the test results outlined in the "Performance and Scalability Expectations" section in Optimizing Performance.wim) file that contains the boot image does not contain extra space. For more information. This transfer occurs through either Server Message Block (SMB) or multicasting and is the most time-consuming part of the installation process.

Addressing Performance Problems in the Image Apply Phase Performance problems in this phase are generally caused by network congestion. or reducing the number of clients that can access a particular network segment simultaneously. see Storing and Replicating Images Using DFS. This means segmenting network infrastructure so that smaller groups of clients are answered by each server. Using Performance Monitoring. in Windows PE. For example. • Reducing image size. • Balancing the server load by adding dedicated image servers. replacing hubs with routers or switches. hardware type. For more information. Because larger images mean longer installation times and greater network strain. To identify the source of the blockage. use the steps in the Using Performance Monitoring section later in this chapter to identify the root cause of the blockage. If you suspect that the server is the blockage. drivers. or function. measure the amount of time it takes to download a file (of approximately the same size as the install image) from the server to the client. upgrading cabling. If the time it takes to download a large file exceeds the expectations. you should analyze the switch utilization and observe other network metrics to identify the network conditions that are impacting download times. To investigate. or consider creating specialized images for each department. see the "Reducing the Size of Images" section in the Servicing Images topic. use the information in the next section. Typical causes of performance problems on individual client computers include the following: • Problems with the physical network connection between the client computer and the network topology • • • Problems with the switching equipment A bad disk controller interface on the client computer A bad network adapter on the client computer 176 .• Do performance problems occur only for clients that access a particular server? If so. For more information. • Adding additional Windows Deployment Services servers to the network to handle the network demand. Performance problems that occur across a larger group of computers generally indicate either a concurrency problem (scalability) or a blockage in the network or server. it might mean moving from 100 MB to 1 GB. This may mean upgrading your network infrastructure to support greater bandwidth and higher throughput. Or try to download the install image after it has been placed in a shared folder on the server. or insufficient available physical memory. or inadequate resources on the server or client. and applications. If network congestion is the issue. you should consider creating images that contain minimum customization. consider doing the following: • Creating more bandwidth on the network. Most Windows Deployment Services server blockages occur because of inadequate bandwidth (at the network adapter). check the server’s performance statistics as well as the network segment that connects the clients to the server to see whether the server is overused. slow disk subsystems.

type Performance in the Start Search box. Disk sec/Write. On servers where there is not enough memory. and Current Disk Queue Length ). Windows Reliability and Performance Monitor can be a powerful and quick tool for identifying resource issues on services associated with Windows Deployment Services. Nevertheless. As you might expect. and the maximum should not exceed 50 milliseconds. You can tell from the % Processor Time counter whether there is enough processing power on the server to meet the demands being placed on it. Anything outside these thresholds indicates that there is too little available disk space to respond to the demands that are being placed on the server. you 177 . In Available Counters. Disk sec/Read. the server has to copy memory from the physical RAM to a swap file on the hard disk drive. Disk sec/Read and the Avg. The Avg. however. and then click Add. If you see that processor utilization is high. The Current Disk Queue Length counter indicates the backlog of pending input/output (I/O) requests. Note. and then click the green plus sign (+) in the right pane. The following are the most useful counters for diagnosing Windows Deployment Services performance. and then press ENTER. and the Distributed File System Replication (DFSR) service is consuming a significant portion of processor time. Page faults occur when there is not enough physical memory on the server to meet the server's demands. Disk sec/Write counter should generally take less than 10 milliseconds. that this is not a complete solution. and this process must be completed before the operation that caused the fault can resume. If the Windows Deployment Services server is configured to work with File Replication Service (FRS). • Processor (% Processor Time). click Performance Monitor. If there are significant time periods with a lot of page fault activity. To add these counters. if anything. which significantly reduces the amount of processor time that is available to complete any other operations. and then make room to enable the requested memory allocation to complete. When this occurs. These disk counters highlight the current disk activity. To open Reliability and Performance Monitor. network analysis tools may be of greater use. • Network Interface (Bytes Sent/sec) • PhysicalDisk (Avg. page faults can occur frequently. you do not want to see much here. expand Monitoring Tools . Avg. click Start.• Insufficient RAM on the client computer (512 MB of RAM is the minimum requirement for Windows Vista) • Poorly performing system drivers Using Performance Monitoring You can use Windows Reliability and Performance Monitor to diagnose performance problems with Windows Deployment Services. scroll to the counter you want to add. you should consider adding memory to the server. • Process (Page Faults/sec). use this counter for each individual process to determine the cause of the degraded performance. Review the following information to maximize your server's performance. This is a very expensive operation because this swap requires a series of reads and writes on the hard disk drive. Because most performance and scalability issues in Windows Deployment Services are network related.

This counter shows the clients that are currently connected to a multicast session. A namespace is the underlying object that gets created when you create a multicast transmission. This counter shows the total number of times that the master client has been changed in a transmission. When a client connects to a namespace. The content is then removed if clients are not active in the content for 5 minutes or longer. and so on). You can have multiple contents for a single namespace if there are multiple network cards on the server. you may want to configure the roles so that they are better distributed across multiple servers. Contents refers to the data that is being transmitted. This counter shows the total number of repair packets sent by the server. Note that the master client is the slowest client in a transmission — that is.should consider increasing the boot configuration data (BCD) refresh interval to reduce the number of changes that FRS has to propagate between servers. A strong correlation between network utilization and disk reads (and disk throughput) indicates that the network card may be the cause of a reduction in image deployment times. This counter shows the total number of NACK packets received from client computers. This is usually caused by slow disk performance on the clients. the client that is not capable of installing any faster. A NACK packet is a negative acknowledgement. high CPU utilization. Note that the server sends repair packets in response to NACK packets. • Active Contents. This counter shows the total number of data packets sent by the multicast server. The following list describes all of counters for multicasting. 178 . relative to the Total Data Packets counter. if you are not concerned with disk throughput. the ratio of total data packets to total repair packets should be greater than 100:1. this indicates that packet loss is occurring between the clients and the server. or refactoring the Windows Deployment Services server infrastructure so that it is spread across multiple servers. Clients send slowdown requests when the server is sending data faster than the client can handle it. a “content” is created. This counter is essentially equivalent to a multicast transmission. Ideally. This counter shows the sum of all incoming data packets (per second) from all multicast sessions. • WDS Multicast Server (all counters). or by other resource pressure (such as insufficient memory. • Total Data Packets. • Total Master Client Switches. • Outgoing Packets/Second (in Bytes): This counter shows the sum of all outgoing data packets (per second) from all multicast sessions. • Total Repair Packets. • Active Namespaces. consider upgrading the network infrastructure to support GB Ethernet. If the server has multiple server roles. • Total NACK Packets. whereas the other clients may be able to install at a faster rate. • Incoming Packets/Second (in Bytes). If the number in this counter is high. • Total Slowdown Request. In this case. • Active Clients.

I see a command prompt. This counter shows the number of active TFTP transfers on the server. This counter shows the number of currently active requests on the Windows Deployment Services server.• WDS TFTP Server (all counters). This counter shows the total amount of data that the TFTP server is sending out per second.microsoft.com/fwlink/?LinkId=105531) Creating Data Collector Sets (http://go. For more information about Reliability and Performance Monitor. • Active Requests. • WDS Server (all counters). see http://go. • Processed/Second. This counter shows the number of requests received in the last second. For information about how to view these counters. including remote procedure calls (RPCs) to the server and multicast requests. • Requests/Second. The following list describes the counters for the Windows Deployment Services server. This counter shows the number of requests processed in the last second. • The client computer fails to get an IP address when I try to boot into PXE. see the following Microsoft TechNet articles: • • Add Counters Dialog Box (http://go. • I don't see the hard drive of the client computer on the disk configuration page of Setup.com/fwlink/?LinkID=55157) Common Problems This chapter highlights some common issues that you may encounter when using Windows Deployment Services including the following: Type Issues Performing PXE Boots on Client Computers • I am unable to perform PXE boots on client computers. • My computer loads the boot image. The following list describes the two counters for TFTP.com/fwlink/?LinkID=110854.microsoft. but 179 . • The client computer obtains an IP address but then fails to download a boot program.microsoft. • Active Requests. • Transfer Rate/Second (in Bytes). • When I perform a PXE boot and select a boot image.

Now the server will not answer my client computer. Performing Management Operations • I can't approve a pending computer. my client computer is not joined to the domain. but it fails to boot to the default image. • The finish button is not enabled on the final page of the image capture wizard. • I received the error: "0x2: File not found" when trying to use the management tools to manage a remote Windows Deployment Services server. but when installation completes. • My x64-based client computer is detected as x64.Type Issues it cannot access an install image. the volume that contains my image is not selectable. Troubleshooting x64-Based Client Computers • My x64-based client computer does not have any x64-based images on the boot image selection page. • The capture started successfully. • I approved a pending computer and then deleted the computer account that was created in AD DS during the process. • I created an unattend file. but then I got a metadata error. 180 . Multicasting • My multicast transmissions are running very slowly. • After enabling multicasting. Creating Custom Images • When using the Image Capture Wizard to create a custom image. there is excessive traffic on the network. • Install images do not appear on the image selection page.

Performing PXE Boots on Client Computers I am unable to perform PXE boots on client computers. If it does not exist. Use the management tools to add the Boot. For instructions. • The answer policy is not configured correctly. the server is not configured to answer clients. see Managing DHCP. • A boot image has not been added to the server. see the Stepby-Step Guide for Windows Deployment Services in Windows Server 2008. see the Auto-Add Database section of How to Manage Client Computers. see the very end of Prestaging Client Computers. To fix this. or it is configured to answer only known clients and the client is not prestaged. see the DHCP section of How to Manage Your Server. Ensure that the proper ports are open to enable the client to connect to the Windows Deployment Services server. however. For more information.wim from the Windows Server 2008 media to the server. For example. For instructions. Examine the output from WDSUTIL /getdevice /Device:<device name> to determine the name and path of the NBP. but the settings associated with this configuration have not been defined. Then check that location on the Windows Deployment Services server to ensure that the file exists. the computer will not be able to PXE boot. run WDSUTIL /Set-device to direct the client to a different NBP. For example. For more information. • DHCP and Windows Deployment Services are running on the same physical computer. run WDSUTIL /set-server /answerRequests:all. the NBP does not exist on the server. 181 . For instructions. but a computer account representing the computer does not exist in Active Directory Domain Services (AD DS). see "Methods of Directing a Client to the Appropriate NBP" in Managing Network Boot Programs. How to Manage Client Computers. • Client boot requests are not getting routed correctly to the Windows Deployment Services server. • The necessary firewall ports are not open on the server. To ensure that the IP Helper router is updated and that the Dynamic Host Control Protocol (DHCP) option configuration has been completed correctly. To fix this. • The computer is marked as rejected in the Auto-Add database. • The computer is marked as approved in the Auto-Add database. To configure this. To fix this. run WDSUTIL /start-server to start all services. see Network Ports Used . • The client has been prestaged and a network boot program (NBP) has been defined. reconfigure the policy. You can clear the entry in the Auto-Add database by deleting all pending computer records (by running WDSUTIL /delete-AutoAddDevices /DeviceType:RejectedDevices) or enabling the record to be purged automatically (according to the default cleanup interval). Examine the output of the command and the Windows Application event log for error messages indicating service start-up failures. The most common causes for this issue are: • The Windows Deployment Services server services have not been started. After a computer has been marked as rejected.

To fix this.com/fwlink/? LinkId=108013). see the "Updating the IP Helper Tables" section in Managing Network Boot Programs. There is a problem with DHCP. If you do not see the wizard when you boot into a boot image. upload the Boot.microsoft.wim file located in the Sources directory of Windows Server 2008 DVD. If an IP address and subnet mask are not reported in the output. the boot image probably does not contain the Windows Deployment Services client (which is basically Setup.com/fwlink/?LinkId=108014) for steps you can use to resolve the problem. this indicates that networking has not 182 . If you are using a non-Microsoft DHCP server. To fix this. contact the manufacturer for troubleshooting information. see (http://go. The client computer fails to get an IP address when I try to boot into PXE. but it cannot access an install image. One common cause of this is if you created an image of Windows PE by using the Windows AIK instead of using the Boot. A common cause is if a client is on a different subnet from the Windows Deployment Services server and you have not configured the server to get the PXE signal through the router. To resolve this. press SHIFT+F10 to open a command prompt and run IPConfig.exe and supporting files for Windows Deployment Services). The most common cause of this problem is that the client computer does not have the correct storage driver from the hardware manufacturer. check Event Viewer for events and errors. do one of the following: • Add the driver to the image by using the tools in the Windows AIK. The client computer obtains an IP address but then fails to download a NBP. To resolve these issues. The most common causes of this problem are: • • There is a problem with the network. see "Modify a Boot or Install Image" (http://go. You may have a problem with the network or the configuration of the Windows Deployment Services server.When I perform a PXE boot and select a boot image. This image contains the Windows Deployment Services client and Windows PE. For general instructions. I see a command prompt.To download the Windows AIK. The boot image may not contain the correct network driver for the client computer.com/fwlink/? LinkID=54863). • Click Add Driver on the disk configuration page. on the client computer.microsoft. I don't see the hard drive of the client computer on the disk configuration page of Setup. and then specify the driver. To fix this. My computer loads the boot image.microsoft. and then refer to the DHCP Infrastructure troubleshooting documentation (http://go.wim file from the Windows Vista or Windows Server 2008 DVDs.

For example. see Required Permissions. an image that was captured from a computer that has the same HAL type as this computer. If Windows Deployment Services does not recognize the computer as x64.microsoft. see "Modify a Boot or Install Image" (http://go. To fix this.microsoft. Install images do not appear on the image selection page. Run WDSUTIL /set-server /architecturediscovery:yes to force the Windows Deployment Services server to recognize x64 computers. check for an error in \Windows\panther\setupact. These images are located at \<WDSServer>\RemoteInstall\Images###BOT_TEXT###lt;Image Group>. see http://go. There are two common causes for this issue: • The image unattend file is not formatted properly. my client computer is not joined to the domain.log under domainjoininformation. see Required Permissions. Troubleshooting x64-Based Client Computers My x64-based client computer does not have any x64-based images on the boot image selection page. To resolve this. For more information. To deploy an image to this computer.com/fwlink/? LinkID=54863. and grant the appropriate permissions. you will need an image that has the correct HAL type — that is.wim file.been started and it is likely that a network driver is not present. Many x64-based system BIOS do not accurately identify the computer as x64 during the boot process. see Automating the Domain Join and Computer Naming and Sample Unattend Files. x64) does not match the architecture type of the install image. but when installation completes. • You may have an incompatible hardware abstraction layer (HAL) type. add the driver from the hardware manufacturer to the image by using the tools in the Windows AIK.To download the Windows AIK. • The client computer does not have permissions to join a domain. only x86 images will be shown. For general instructions. I created an unattend file. • The architecture of the client computer (x86. 183 . a client booting into an x86-based boot image will only be able to view x86-based install images on the image selection page. For more information. The most common causes of this problem are: • The account whose credentials were entered on the credential screen of Windows Deployment Services client does not have permissions to read the install . To verify that your file is correctly formatted.com/fwlink/? LinkId=108013). Itanium.

My x64-based client computer is detected as x64. you can force all x64 clients to only receive x86 boot files by configuring the default boot program—for example. For example. Each computer requires a computer certificate. but a prestaged computer in AD DS will not be found (because the computer was deleted). • The computer name is not valid. Ensure that your Windows Deployment Services server has the x64-based version of Boot.com. For more information. For more information. This scenario is identical to a case where there is AD DS replication latency. Deleting a prestaged computer that was added to AD DS by using the approval process for pending computer involves two steps: • • Remove the computer account from AD DS. Failing to remove the record in the database will cause the client to remain in wdsnbp. Alternatively. configure Pxeboot. Now the server will not answer my client computer. Performing Management Operations I can't approve a pending computer. I received the error: "0x2: File not found" when trying to manage a remote Windows Deployment Services server. I approved a pending computer and then deleted the computer account that was created in AD DS during the process. Remove the record in the Auto-Add database. the name might be too long. If an x64-based computer performs a PXE boot but does not find an x64-based image.com from \RemoteInstall\boot\x86. see Prestaging Client Computers. The two most common causes of this issue are the following: • You do not have the correct permissions in AD DS for the computer. You may have received this error if you are trying to manage a Windows Deployment Services server running Windows Server 2008 from a Windows Deployment Services server running Windows Server 2003. You can only manage Windows Deployment Services servers running Windows Server 2008 from a Windows Deployment 184 .com until a prestaged computer appears in AD DS. For more information. the server will not permit the client to proceed past Wdsnbp.This scenario is not supported. For example. see Managing Network Boot Programs. and it will not proceed with booting from the network. or it might contain characters that are not valid. it will be unable to complete the boot process. This occurs because the record in the Auto-Add database shows the computer as approved. but it fails to boot to the default image.wim. see Required Permissions.

and use the boot image to create a capture image: 1. Import the offline system hive from C:\windows\system32\config\system (assuming the offline operating system is located on C:\) into the empty Test key. Mark the image as offline (disabled). Press ALT+TAB to return to the capture wizard and continue the process. when the Image Capture Wizard first starts. sel dis 0 and sel dis 1). 5. create a new key called Test. you need to add the driver for your mass-storage controller to Windows PE so that it can detect the local disk that contains the offline Sysprep image. Creating Custom Install Images When using Image Capture Wizard to create a custom image. 2. 2. Press SHIFT+F10 to access a command prompt. 4. 4. 6. Examine the two registry keys in the imported system hive that are checked by 185 . see Managing a Complex Environment. Create the capture image using this boot image. 3.Services server running Windows Server 2008. If it is not. and then type lis vol to list each volume. Add a boot image to your server. Use Drvload. Mount the image by using ImageX and Mountrw (included in the Windows AIK). 3. Mark the image as online (enabled). To load the driver yourself in Windows PE: 1. 5. 4. To troubleshoot this.exe to load the driver. use one of the following procedures: To inject drivers into a boot image. To determine whether the offline image has been prepared using Sysprep: 1.exe into the boot image. There are two common reasons for this problem: • Cause 1: The boot image does not contain the proper drivers for the computer’s hard disk drive controller. Run regedit to load the offline system hive. In HKEY_LOCAL_MACHINE\System. To do this. Ensure that the volume that contains the offline Sysprep image is viewable. Boot into the capture image. 2. press SHIFT+F10 to open a command prompt. Confirm that you have access to the local disk that contains the offline image. For more information. • Cause 2: The volume does not contain an image that was prepared using Sysprep. 3. Select each disk (for example. Insert all of the drivers that use PEIMG. Run Diskpart. and then run lis disk. the volume that contains my image is not selectable.

run Sysprep again. to ensure that transient networking conditions will not interfere with the image capture process. One typical cause of this issue occurs in environments that contain computers with different hardware configurations and architectures. In this scenario. but then I got a metadata error.wim. For more information. You must specify this information even if you are uploading the resulting image to a Windows Deployment Services server. see Automating the Image Capture Wizard. To 186 . and signaled the PXE boot. You realized your mistake. first determine the client that is holding back the transmission (this is called the master client). To resolve this issue. Then you booted into Windows PE and start the image capture wizard. ran Sysprep. restarted the computer. This can happen if you installed Windows Vista. the computer was specialized before the Image Capture Wizard was started. boot into the image. the wizard will not show the volume because the offline image is no longer generalized. The most common cause of this is if you do not use the . To resolve either of these. the entire transmission will be slow if there is one slow client. and then perform the capture process again. some clients can run multicast transmissions faster than others. You can specify a location for the . By default. This occurs when a name and location for the . • After Sysprep completed. and then failed to signal the PXE boot in time so that the computer starts to boot and the specialization process runs. To resolve this. rebooted the computer. retry the capture and specify <path>###BOT_TEXT###lt;imagename>. Because each transmission can be run only as fast as the slowest client. specify the appropriate unattended installation setting.wim file extension when specifying where to save the file locally in the image capture wizard.the wizard: • Ensure that HKEY_LOCAL_MACHINE\System\Setup\CloneTag exists • Ensure that HKEY_LOCAL_MACHINE\System\Setup\SystemSetupInProgress is set to 1. The Image Capture Wizard creates a local copy of the image first. The finish button is not enabled on the final page of the image capture wizard. In this case. The capture started successfully.wim file that is on the same volume that is being captured (this will not interfere with the capture process). Multicasting My multicast transmissions are running very slowly. To delete the file. this local image is not deleted at the conclusion of the image capture process. there are two likely causes: • The Generalize check box was not selected when Sysprep was run.wim file is not specified. If either of the registry keys are not set correctly.

see Example Multicast Scripts for an example script that will automatically disconnect slow master clients. Before making changes to the registry. This chapter outlines the various logs and output that you can generate. and will be sent to every device in the subnet. you should back up any valued data. you can use this setting to somewhat mitigate that.log. there is excessive traffic on the network. view the output of the following command: WDSUTIL /GetAllMulticastTransmissions /Show:Clients. If IGMP snooping is turned off. Logging and Tracing You can enable tracing and logging for all Windows Deployment Services components for troubleshooting purposes. One common cause of this is if Internet Group Membership Protocol (IGMP) snooping is not enabled on all devices. multicast packets are treated as broadcast packets. but if your environment does not support snooping. In cases where you cannot enable IGMP snooping. there is a problem with the client's hardware (for example. where ID is the client ID (which you can get using the /get-transmission option). which is 32 by default. After enabling multicasting. Also. Disconnecting the master client will force it to run the transmission by using the Server Message Block (SMB) protocol. You can change this by modifying the registry key of the network profile at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\Multi cast\Profiles\ 32 is sufficient for most network topologies. you can adjust the multicast packet time-to-live (TTL). Component Obtain and review this output: General status of the Windows Deployment Services server Server • • • • WDSUTIL /get-server /show:all /detailed Windows Application log in Event Viewer Windows System log in Event Viewer WDSUTIL /get-server /show:all /detailed 187 . IGMP snooping enables your network hardware to forward multicast packets only to those devices that are requesting data.do this. If they do not speed up. and the other clients' multicast performance should speed up. disconnect the master client using WDSUTIL /disconnect-client /ID:<ID>. Next. The installation logs are stored at %windir%\logs\cbs\cbs. Caution Incorrectly editing the registry might severely damage your system. a slow hard drive) or a network problem.

/verbose. To obtain these logs. WDSUTIL will provide more detailed error output without enabling tracing. 188 . and /progress options for extra information. in some cases the MMC adds additional processing and functionality. First. Often. Set the following registry key to enable tracing in the management console: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSMMC Name: EnableFileTracing Value:1 Then you can obtain the trace logs at %windir%\tracing\wdsmgmt. In instances where an error occurs. Set the following registry key to enable tracing in the management components: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSMGMT Name: EnableFileTracing Value:1 b.log and %windir%\tracing\wdsmmc. you must first enable tracing in the server and management components by setting the following: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSServer Name: EnableFileTracing Value:1 Then you can obtain the trace log at %windir%\tracing\wdsserver. Client component Logging in the Windows Deployment Services client serves two purposes. Where applicable.Component Obtain and review this output: components • • Windows Application log in Event Viewer Windows System log in Event Viewer • Trace logs.log Management components • Enable tracing in the management and MMC snap-in components by setting the following: a. use the /detailed.log. • • • WDSUTIL /get-server /show:all /detailed Windows Application log in Event Viewer Windows System log in Event Viewer Note Although the Windows Deployment Services MMC snap-in and WDSUTIL share the same API layer. it allows you to determine if a particular client failed during installation. it is often worthwhile to attempt to reproduce the failure using WDSUTIL to determine if the error is localized to the MMC or if it is a general management API failure.

and then navigate to the location. and then navigate to the location. you can find the logs on the local disk volume (usually C:\) at $Windows. • If the failure occurred in Windows PE after the disk configuration page of the Windows Deployment Services client has been completed. To obtain these logs. some or all of these events are logged: Client started. Use Shift+F10 to open a command prompt. There are four logging levels: • • • NONE: No logging (default) ERRORS: Errors only WARNINGS: Warnings and errors • INFO: The highest level of logging. • If the failure occurred on first boot after the image was applied. and informational events To turn on client logging. Image selected. This information is especially useful when diagnosing performance problems or doing performance benchmarking. Second. Based on the configured logging level. Boot into the capture image. Image apply finished. run WDSUTIL /Set-Server /WDSClientLogging /Enabled:Yes. it allows you to collect information regarding client installations including how many clients installed a particular image. and the success rate for client installs. The setup logs appear in different places depending on when the failure occurred: • If the failure occurred in Windows PE before the disk configuration page of the Windows Deployment Services client has been completed. run WDSUTIL /SetServer /WDSClientLogging /LoggingLevel:{None|Errors|Warnings|Info} (each category includes all events from the previous categories). You can view the logs in the Application event log in Event Viewer. Trace log from the Image Capture Wizard.Component Obtain and review this output: and it provides details regarding the failure. and Client error. warnings. obtain the following: Setup logs from the client computer. Regardless of the logging level. Client finished. MAC address. Use Shift+F10 to open a command prompt. To change which events are logged. you can use this information to determine how long particular phases of the client installation process took to complete. you can find the logs in the \Windows\Panther folder of the local disk volume (usually C:\). Because a time stamp is logged with each event. and computer GUID. you can find the logs at X:\Windows\Panther. Image apply started. the following information is always logged: Architecture type. Client IP address.~BT\Sources\Panther. Time. 189 . and Transaction ID. which includes errors. do the following: 1. To view the logs.

Place a client and a third computer (laptop or desktop) on a hub. If you configure a bufferf size too small for the capture. 3. PXE boot components • Enable tracing in the server and management components and obtain the trace logs (as outlined previously). The process is: a. Note If you are using Network Monitor to obtain the traces. Open a second instance of the Image Capture Wizard. b. Do not close the original wizard or the computer will restart.Component Obtain and review this output: 2. Boot the client from the network.log. Obtain the trace log from X:\Windows\Tracing\WDSCapture. To do this. 5. first run Regedit.exe. Enable tracing for the wizard. c. press Shift+F10 to access the command prompt. Reproduce the failure using the wizard that you just opened. ensure that the buffer size is at least 20 MB. Then set the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSCapture Name: EnableFileTracing Value:1 4. then packets will be lost (not appear) in the capture output. Network Ports Used Protocols Windows Deployment Services uses the following protocols for installing images: • • Dynamic Host Configuration Protocol (DHCP) Pre-Boot Execution Environment (PXE) 190 . When the wizard starts. 6. • Obtain a network trace that shows the failed boot attempt. Start network traces from the server and third computer. Note Note: you can use Alt+Tab to move between windows. It is a best practice to obtain this trace from the client and server simultaneously to accurately assess whether the failure is occurring at the sending server or the receiving client.

The following steps explain the UDP and TCP ports that are used during image deployment: 1. For instructions on modifying these ranges. In addition. see How to Manage Your Server. 5. This download also uses the same TFTP ports as mentioned previously. 69. PXE uses DHCP ports and TFTP to download the binary files. TFTP endpoints are used. For UDP and DHCP. the client chooses random UDP ports to establish the session with the server. You should use an application exception for TFTP if you have the Windows firewall enabled on the Windows Deployment Services server. 3.com/fwlink/?LinkId=81027). by default. to establish a session with the server for TFTP and multicasting (in accordance with RFC 1783 at http://go.microsoft. The client performs a PXE boot.You can also use the Network Address Translation (NAT) with the Routing and Remote Access network service to control these ports. UDP TCP • 67 • • • 135 for RPC 5040* for RPC 137–139* • 68 if DHCP authorization is required on the server • • 69 4011 • Random ports from 64001 through 65000*. and 4011. In accordance with RFC 1783 (http://go. 2. 4. The client downloads Windows PE and boots to the Windows Deployment Services client. these endpoints range from 64001 through 65000.• • • • Trivial File Transfer Protocol (TFTP) Remote procedure call (RPC) Server Message Block (SMB) Multicasting Ports The following table outlines the User Data Protocol (UDP) and Transmission Control Protocol (TCP) network ports that are used during image deployment. You can modify the values that have an asterisk (*) by using the instructions in How to Manage Your Server.microsoft. The Windows Deployment Services client communicates with the Windows 191 . you need to enable ports 67.com/fwlink/? LinkId=81027).

6. if DHCP authorization is required on the server. 192 . Note that DHCP authorization is not required by default. General Permissions To fully administer a Windows Deployment Services server. where appropriate. Note In addition. and you need appropriate permissions to these locations to change them. You need to allow the port for the Endpoint Mapper (TCP 135) and the port for the RPC listener for the Windows Deployment Services server (which is TCP 5040 by default). This gives you the following rights: • File permissions and permissions to the RemoteInstall folder (the management tools interact with the image store using UNC paths). you need DHCP client port 68 to be open on the server. TCP 137 through 139 — for installing the image. In This Topic • • • • General Permissions Permissions for Common Management Tasks Permissions for Client Installations Permissions for Server Properties Caution To modify the registry settings that are described in this guide. This conversation occurs over RPC because RPC has built-in authentication (it is one of the few completely available protocols in Windows PE). Image transfer occurs through SMB. you need the following permissions: • Local administrator of the Windows Deployment Services server. how to grant them. Required Permissions This chapter outlines the following permissions and. but you can turn it on manually. The Windows Deployment Services client installs the selected image. You need all the file-sharing and printer-sharing ports — for example. use only the Windows Deployment Services management tools—you should not directly edit these settings and attributes. • Registry hive permissions.Deployment Services server to authenticate and obtain the list of available images. Many settings for the Windows Deployment Services server are stored in HKEY_LOCAL_MACHINE\System.

This gives you permissions on the Service Control Point (SCP) in Active Directory Domain Services (AD DS) for the Windows Deployment Services server. 193 . If DHCP authorization is enabled. remove an image Disable Permission to read and write attributes for the associated image file.• Domain administrator of the domain that contains the Windows Deployment Services server. The delegated administrator account should be a local and domain administrator as specified above. • Enterprise administrator (optional). the Windows Deployment Services server must be authorized in AD DS before it will be allowed to answer incoming client PXE requests.wim) file associated with the image. Permissions for Common Management Tasks The following table contains common tasks and the permissions that are required for each. Some configuration settings for the server are stored here. image Add a boot image Read and write access to the following: • C:RemoteInstall\Boot • C:RemoteInstall\Admin (This folder is only present if you upgrade from Windows Server 2003). remove an image group Add or Full control over C:RemoteInstall\Images\ImageGroup. DHCP authorization is stored in the Configuration container in AD DS. Task Permissions Needed Add or Full control over C:RemoteInstall\Images\ImageGroup. • Remov ea boot image %TEMP% Read and write access to C:RemoteInstall\Boot. It is often useful to delegate the management of a Windows Deployment Services server to an account other than the domain administrator or enterprise administrator (and grant these general permissions to the delegated account). This gives you Dynamic Host Configuration Protocol (DHCP) authorization permissions. Disabling an image an means hiding the Windows image (.

and click Finish. 6. 3. 6. and then select Delegate Control. 3. The actual account of an approved pending computer is created by using the server’s authentication token. 2. Change the object type to include computers. Select Create a Custom task to delegate. as well as write to the properties of a ge a computer object. in AD DS.Task Permissions Needed Set propert ies on an image Read and write permissions to the . Add the user or group you wish to delegate control to. and click Next. Presta Permissions to create accounts in the domain. select Create selected objects in this folder. click Next. and click Finish.wim metadata file that represents the image. 7. Right-click the organizational unit (OU) where you are creating prestaged computer accounts. and then select Delegate Control. Open Active Directory Users and Computers. Therefore. select Create selected objects in this folder. and then click Next. click Next. comput To grant permissions to prestage a computer er 1. 8. This file is located within the image group at: C:RemoteInstall\Images\ImageGroup. 2. 5. not the token of the administrator who is performing the approval. To grant permissions to approve a pending computer 1. 5. On the first screen of the wizard. 7. Approv ea pendin g comput er Read and write permissions for the folder that contains the database file Binlsvcdb. Open Active DirectoryUsers and Computers. Select Only the following objects in the folder. C:RemoteInstall\MGMT). On the first screen of the wizard. Select Create a Custom task to delegate. In the Permissions box. 194 . Right-click the OU where you are creating prestaged computer accounts. 4. select the Write all Properties check box. Select Only the following objects in the folder. 4. and click Next. you must grant rights to the Windows Deployment Services server’s account (WDSSERVER$) to create computer account objects for the containers and OUs where the approved pending computers will be created. Then select the Computer Objects check box.mdb in the RemoteInstall share (for example. Add the computer object of the Windows Deployment Services server. and then click Next. In the Permissions box. Then select the Computer Objects check box. select the Write all Properties check box.

• (recommended) You can associate a primary user to the account at the time the computer is approved. The JoinRights registry setting determines the set of security privileges.. \. To change the per server (per architecture) defaults. • The User setting is stored at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Pr oviders\WDSPXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch> Name: User Type: REG_SZ Value: Name of group or user. If the account contains a non-standard character (any character outside [A-Z. see 195 . • The JoinRights setting is located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Pr oviders\WDSPXE\Providers\BINLSVC\AutoApprove###BOT_TEXT###lt;arch> Name: JoinRights Type: DWORD Value: 0 = JoinOnly. such as German's "Domänen-Admins". then Auto-Add will fail.A user that has Full rights can reset the account and join the domain without administrator assistance.Task Permissions Needed Presta ge a comput er to join a domain The user account must have permissions to join the domain. these default values will take effect. Note If you are creating computer accounts against a non-English domain controller and you are using the default user property. A user that has Join only rights cannot join the domain without administrator assistance (an administrator with proper permissions on the computer account object must reset the computer account before the client installation and domain join). and the User registry setting determines which users have the right to join the domain. there are two administration models that you can use. a-z. and so on]). and 2) reset and change password rights on the computer object (JoinRights = Full). When the computer is approved. you need read and write permissions to these registry keys. the computer account will grant the primary user 1) read and write permissions on all properties on the computer object (JoinRights = JoinOnly or JoinRights = Full). If you do not assign a primary user to the computer account at the time of approval. 1 = Full. • You can specify server defaults for the user and JoinRights that apply to all approved clients of a given architecture. To change this value. The default values grant domain administrators the Full join right. you must set the Auto-Add settings to use a different account that does not contain extended characters. 0-9. -. For this setting.

Task Permissions Needed the help at the command prompt for WDSUTIL /set-server /AutoAddSettings. start. Conver ta RIPRE P image Create a discov er or capture image Create a multica st transmi ssion • • Read and write permissions to the %TEMP% directory and destination location Read permissions on the original RIPREP image • • Read and write permission to the %TEMP% directory and destination location Read permissions on the original boot image • Full control over the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Pr oviders\Multicast • Read permissions to RemoteInstall\Images\ImageGroup. discon nect. deactiv ate. Modify Full control over the following registry key: a HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Provid multica ers\Multicast st transmi ssion (for exampl e. and so on) 196 . stop. delete.

Task Permissions Needed PXE boot a client computer No permissions are required to PXE boot a client. additional permissions may be required depending on the scenario. The credentials provided in the user interface of the Windows Deployment Services client must be those of a domain account. If the computer is prestaged. For more information about these settings. However. see the Prestaged a computer to join a domain section in the previous table. authenticated users have permissions to do so. The JoinRights registry setting determines the set of security privileges. and the User registry setting control which users have the right to join the domain. This section outlines the minimal set of permissions that are required to perform common installation tasks. the authenticated user must be able to read the install . then the user performing the installation (or the credentials in the Unattend file for the domain join) needs the appropriate JoinDomain rights.rwm file from the RemoteInstall folder. the user performing the installation (or the credentials as specified in the Unattend file for 197 Select a boot image Select an install image Join a domain . No permissions are required to select a boot image and no mechanism exists to secure entries that are displayed in the list. and no mechanism exists to secure the process of booting from the network.Permissions for Client Installations In general. we recommend that you use physical media (for example. After a client has been authenticated to the Windows Deployment Services server.wim file and Res. that contains a discover image) to boot each computer. By default. If security is the primary concern for you. The first authentication mechanism occurs using the Windows Deployment Services client running within Windows PE. If the computer is not prestaged (meaning Windows Deployment Services will create a computer account in AD DS). performing a client installation requires domain user rights.

users can gain access to a command prompt during Windows Deployment Services installations by: • Pressing Shift+F10 when Setup is running in Windows PE. • Pressing Shift+F10 when the Out of Box Experience (OOBE) is running (OOBE is the wizard that usually runs after Setup). system rights. Using /ResetBootProgram If the ResetBootProgram functionality is enabled. You can disable this functionality by adding a DisableCmdRequest.tag to the image.n12. Important A Command Prompt window that is opened during OOBE will be running in the system context. For more information. forcing the computer into an infinite reboot loop. see Managing Network Boot Programs. If this window is not closed at the conclusion of Setup. the user needs read and write permissions to the netbootMachineFilePath property on the prestaged computer object. By default.Task Permissions Needed the domain join) need rights to add a prestaged computer and the appropriate JoinRights. the user may have access to it and therefore. Windows Deployment Services will not be able to reset the NBP to pxeboot. To disable access for boot images 1. even though the user is not a local administrator on the client computer. • Pressing Shift+F10 when the Image Capture Wizard is running in Windows PE. If this permission is not granted and the user's boot program is set to pxeboot. right-click the desired boot 198 Disabling access to the command prompt during installations . In the Windows Deployment Services MMC snap-in.com. • Holding down the CTRL key when Microsoft Windows Preinstallation Environment (Windows PE) is booting.

tag in the mounted image. Permissions for Server Properties The following section outlines the minimal set of permissions that are necessary to perform common management tasks using the server properties pages. Follow the instructions in the wizard to re-import the modified install image. 5. To disable access for install images 1. 4. right-click the desired boot image and choose Disable. 4. . In the Windows Deployment Services MMC snap-in. right click the server. To access these settings. Create the file %windir %\Setup\Scripts\DisableCmdRequest. right-click the desired boot image and select Enable. 5. In the Windows Deployment Services MMC snap-in. 3. Mount the image for read and write access using the tools provided in the Windows Automated Installation Kit (AIK). Create the file %windir %\Setup\Scripts\DisableCmdRequest. open the Windows Deployment Services MMC snap-in. and click Properties. Commit the changes and unmount the image. .Task Permissions Needed image and select Disable. 6.wim file. 7. Mount the image for read and write access using the tools provided in the Windows AIK. 199 . Export the image to an external . In the Windows Deployment Services MMC snap-in. right-click the disabled install image and choose Replace Image. 2. 2. 3.tag in the mounted image. Commit the changes and unmount the image.

Configuring this setting requires read and write permissions to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSSERVER\Pro viders\WDSPXE\Providers\BINLSVC Name: ResponseDelay Type: REG_DWORD Value: Number of seconds to wait before answering PXE client requests Direct ory Servi ces Boot • New client naming policy. and click Properties. This setting is stored in the SCP object on the server. For example: boot\x86\pxeboot. Configuring these settings requires read and write permissions to the SCP object.com • • Per computer: The computer account attribute is: netbootMachineFilePath Server-wide: This option is controlled by the following registry key: Default boot image HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Prov iders\WDSPXE\Providers\BINLSVC\BootImages###BOT_TEXT###lt;arch> Name: BootImagePath 200 . Click View. Right click the computer account for you Windows Deployment Services server. To grant permissions to the SCP object a. select Advanced Settings… e. and then select Full Control on this object. The property is called: netbootNewMachineOU Default boot program • Server-wide: This option is controlled by the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Prov iders\WDSPXE\Providers\BINLSVC\BootPrograms###BOT_TEXT###lt;arch> Name: Default Type: REG_SZ Value: Path to server-wide client default boot program for this architecture. responding only to known clients. Open Active Directory Users and Computers. Select the user. On the Remote Install tab. b. This setting is stored in the SCP object on the server.Tab Settings that Require Permissions PXE Resp onse Settin gs • PXE response policy. c. and click Add… f. • PXE response delay. The PXE response policy (for example. and then click Advanced Features (if it is not already enabled). The property is called: netbootNewMachineNamingPolicy • Client account location. or responding to all clients) is stored on the server’s SCP. Select the Security tab. d.

These settings are stored at the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Prov iders\WDSPXE\Providers\BINLSVC The keys for these settings are as follows: • Default domain controller: Name: DefaultServer.Tab Settings that Require Permissions Type: REG_SZ Value: Path to server-wide client default boot image for this architecture. 1 to enable it. For example: WdsClientUnattend\WdsUnattend. Type: REG_SZ.xml • • Per computer: The computer account attribute is netbootMirrorDataFile This option is controlled by the following registry key: Client account creation HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Prov iders\WDSPXE\Providers\BINLSVC Name: NewMachineDomainJoin Type: DWORD Value: 0 to prevent domain joining by clients. This option is controlled by the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSSERVER\Pro viders\WDSPXE Name: UseDhcpPorts Type: DWORD Value: 0 disabled. Adva nced • DC/GC used by the Windows Deployment Services server (this server). DHC P • Do not listen on Port 67. Type: REG_SZ. For example: boot\x86\images\boot. Value: FQDN for default domain controller.This requires that the user is able to configure the Microsoft DHCP server running on the local computer. 1 enabled • Configure DHCP option 60 to "PXEClient". 201 . • Default global catalog server: Name: DefaultGCServer.wim • • Per computer: The computer account attribute is: netbootMirrorDataFile Client Unattend file Server-wide: This option is controlled by the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Prov iders\WdsImgSrv\Unattend\x86 Name: FilePath Type: REG_SZ Value: Path to server-wide client Unattend file relative to the RemoteInstall folder.

202 . • DHCP authorization.Tab Settings that Require Permissions Value: FQDN for default global catalog server. Performed using DHCP APIs—you need permissions to authorize the Microsoft DHCP server.