Use SMS to distribute Vista
| Executive Summary: |
Follow this step-by-step explanation of a Zero Touch Installation (ZTI) using Business Desktop Deployment 2007 (BDD) and Systems Management Server 2003 (SMS) to distribute Windows Vista to your enterprise
This is the final article in a three-part series exploring the Microsoft Solution Accelerator for Business Desktop Deployment 2007 (BDD) tool. I began the series in October with the Required Reading article “Planning Your Vista Deployment with BDD” (Instant- Doc ID 96906), in which I showed you how to install and run the BDD tools to help you with your Windows Vista deployments. In the second article, “Using Deployment Workbench” (November 2007, InstantDoc ID 97170), I covered using the BDD Deployment Workbench wizards for a Lite Touch Installation (LTI). In this article, I’ll step you through the basics of a Zero Touch Installation (ZTI), which uses Systems Management Server 2003 (SMS) to distribute a Vista OS. ZTI is a BDD deployment option for larger organizations.
About Zero Touch Installation
Before you begin the installation process, you need to know that there are two types of ZTI. The first type requires no administrator intervention. It supports either an upgrade or refresh scenario in which a target machine’s OS is wiped clean and replaced with Vista, with user data intact. Target machines have the advanced SMS client agents installed. You use the SMS client agents to download and install SMS packages for deployment. The second type I call an almost ZTI. This installation is used for bare-metal machines with absolutely nothing installed, so you’ll need to find a way to boot the target machines. The bare-metal ZTI is similar to a Lite Touch Install except that it uses SMS to distribute the new OS. In this article I cover both types of ZTI.
Before You Begin
Before you get started, download and install BDD 2007 as “Planning Your Vista Deployment with BDD” describes. See the Learning Path for information on the additional installations in this paragraph. Be sure to install the Windows Automated Installation Kit (WAIK), and, if you’re going to save the user’s state in order to migrate, install the User State Migration Tool (USMT 3.0). As I mentioned, SMS is an essential component of the ZTI; you’ll need to install SMS 2003 SP2 or later with the SMS Operating System Deployment Feature Pack. SMS requires SQL Server (either Microsoft SQL Server 2005 SP2, Microsoft SQL Server 2000 SP3a or later, or Microsoft SQL Server 7.0 SP3 or later), so you must have a server running that as well. You’ll also need the Windows Preinstallation Environment 2004 (WinPE). (WinPE 2.0 isn’t supported by and won’t work with this version of BDD.) Because WinPE 2004 requires source files from Windows XP Professional Edition SP2 (XP Pro), you’ll need to have that as well.
You might also need a Windows Deployment Service (WDS) server if you have clients that don’t have the SMS advanced client agents and you want to take advantage of the network boot option (F12). The network boot option lets you PXE boot from the WDS server.
The amount of hard disk space necessary for deploying a ZTI can be quite significant, so be sure there’s enough before you get started. While BDD, SMS, and SQL Server can all be installed on a single server, you can also install each component on a separate server to distribute the workload. You’ll need sufficient storage on the BDD deployment server for the custom images (Windows Imaging Format- WIM-files) that you create before your ZTI. The SMS server must have enough space to store the various components (the packages, programs, advertisements, and distribution points that I discuss later). And if you implement the logging feature for troubleshooting, you’ll need to ensure that the target machines have enough hard disk space for the logs. Using the refresh scenario requires enough space on a server to store complete backups of the target machines.
Adding OSs and Accompanying Files
We’ll begin our ZTI by launching the New OS Wizard and adding three components as operating systems to the BDD-your custom .wim files, WinPE 2004, and XP Pro SP2 source files. If you haven’t already done so, download and install BDD 2007 as “Planning Your Vista Deployment with BDD” describes. Next, log on as an administrator, and open Deployment Workbench from Start, All Programs, BDD 2007, Deployment Workbench.
Expand the Distribution Share node in the Deployment Workbench console tree, right-click Operating Systems, and click New. The New OS Wizard appears. (For more details on the New OS Wizard, see “Using Deployment Workbench.”) From the wizard’s Choose the type of operating system to add page, select Custom image file and click Next. The Custom image file option requires you to enter the path of the .wim file you want to use. So, on the Select operating system image file page, locate the custom .wim you’ve previously created and stored on a UNC path (\\Servername\Sharename) or WDS server, select it, and click Next. Specify that Setup and Sysprep files are not needed, then click Next. You can either type the name of the destination directory for your OS or accept the default destination directory name, then click Copy to add your custom .wim files.
Now you’re ready to add either WinPE 2004 or WinPE 2005. Start the New OS Wizard again. From the wizard’s Choose the type of operating system to add page, select Full set of source files and click Next. On the next page, browse to the location where you stored WinPE 2004 or WinPE 2005 and choose Move the files to the distribution share instead of copying them.
Launch the New OS Wizard a third time to add XP Pro SP2. On the Choose the type of operating system to add page, select Full set of source files and click Next. On the following page, browse to the folder containing XP Pro SP2 source files and choose Move the files to the distribution share instead of copying them.
Creating a Build
After you’ve added your OSs, you’re ready to create a build. Expand the Distribution Share node, right-click Builds, and choose New. This launches the New Build Wizard. On the Specify general information about this build page, type in a Build ID such as “VistaZTI” (remember that no spaces are allowed), a descriptive build name such as “Vista Zero Touch Installs,” any comments documenting your build, then click Next. On the next page, choose the custom .wim file you added to the OSs earlier and click Next. Choose Do not specify a product key at this time, and click Next. On the Specify settings about this build page, fill in a Full name, an Organization name, and the Internet Explorer (IE) home page you’ll use for all installations performed from this build, then click Next. Finally, on the Specify the local Administrator password for this build page choose Do not specify an Administrator password at this time, and click Create.
Creating a Deployment Point
Next, you’ll use the New Deployment Point Wizard to create the deployment point, the location to which target machines connect to install a build. To launch the wizard, expand the Deploy node, right-click Deployment Points, and click New.
For the type of build, choose SMS 2003 OSD and click Next. (For a discussion of the other types of builds, see “Using Deployment Workbench.”) Type in a descriptive name, such as “Vista ZTI,” and click Next. On the Specify the location of the network share to hold the files and folders necessary for this deployment type page, supply the Server name, Share name, and Path for the share (I used Server1\OSD with a path of C:\ZTI), and click Next. Choose Do not save data and settings on the Specify user data defaults page, and click Create. The last page of the wizard prompts for the location of the SMS 2003 OSD path, so browse to where you put the SMS 2003 OSD, select it, and click Create (yes, you do click Create twice).
Continued on Page 2
Expect a message that tells you the OSD Deployment point has been successfully created but before it can be used or updated you must first configure the WindowsPE options.
Right-click your new OSD deployment point and click Properties. Verify that the correct build is selected on the Builds tab, that the Windows PE source is set to Windows PE 2005 on the Windows PE 2004/2005 tab, and that the Windows source is set to Windows XP Professional SP2. Then, right-click the new OSD deployment point and click Update. A new folder named ZTI will be created in the root of your C: drive that contains two additional folders: Boot and VistaOSD. The Boot folder contains your WinPE 2005, and the VistaOSD folder contains all other files needed for the build.
Configuring the SMS Components
In SMS you’ll create a package, a program, and an advertisement. In addition, you’ll define distribution points and user accounts with sufficient permissions to all components. The package contains the OS source files the target machine will download and install. The program defines how the package runs (i.e., minimized, maximized, hidden, or normal), whether to restart the machine after install, and whether to run when a user is logged on or not. The advertisement determines which machines will receive the package. The distribution point determines the servers to which you’ll distribute the package. Your target machines will connect to the distribution point to download and install the package.
Creating the SMS Package
Open the SMS Administrator console, expand the Site Database node, and right-click Image Packages. Choose All Tasks, then choose Update Windows PE to launch the Update Windows PE Wizard. On the Windows PE Settings page, for source folder, type in the path that was created earlier (e.g., C:\ZTI\Boot Source). Click Next, Finish.
Now you’ll need to create a package that contains your custom .wim image file for SMS. Right-click Image Packages again, choose New, Operating System Image Package. This launches the New Operating System Package Wizard. On the Operating System Package settings page, type in a package name (choose something descriptive, such as Vista Ultimate) as shown in Figure 1, page 68. Then open your custom image file (the .wim image you created earlier), and browse and choose the UNC path (I chose \\Server1\SMSPackages) where your SMS package will be stored. This is called the Package source. (Take note of the package ID that’s created automatically; you’ll need this later when you update your Bootstrap.ini file.) Click Next. You’ll see a message that SMS Distribution Points require updating due to changes to the Operating System Package, click OK, Finish.
Creating the SMS Program
Now we’ll create an SMS Program, which is a subcomponent of a package. To create the SMS program, expand Image Packages in the console tree, expand the node with your new package name (for our sample package, we’ll use Vista Ultimate, as shown in Figure 2), rightclick Programs, choose New, Operating System Program. The New Operating System Program Wizard starts. On the New Operating System Program options page, choose to Create a new OS Program with default settings and name it Windows Vista Ultimate ZTI, click Next. On the Licensing settings page, select Product key not required and click Next. On the Membership settings page, select Domain and input your NetBIOS domain name. Then set the domain account and password that has rights and permissions to add computers to the domain. Uncheck Create random password for the local administrator, click Next, then Finish. Once again expect a message about your SMS Distribution Points needing to be updated due to the changes you made, click OK, Finish.
Updating the SMS Distribution Point
The next step is to update the SMS distribution point with the servers to which the package will be distributed. To update the SMS distribution point, expand Image Packages, right-click the node with your new package (Vista Ultimate in our sample), then choose All Tasks, Distribute Software. The Distribute Package Wizard launches. On the Package page, click Select an existing package, in the Packages box select your Package name, then click Next. On the Distribution Points page, choose the servers you want to use as distribution points and click Next.
Advertising a Program
On the Advertise a Program page, choose Yes to advertise a program from this package, click Next. Choose your program name on the Select a Program to Advertise page, click Next. The Advertisement Target page defines which computers the program will be offered to. SMS has some default groups of computers called “collections” that you can use, or you can create your own collections. I recommend creating a collection of test machines to run the package on first. This way you can deal with any problems before you run the package on production machines. Give the advertisement a name on the Advertisement Name page, click Next. Choose whether you want to also advertise to subcollections (subcollections are collections created from another collection), click Next. Create an Advertisement Schedule for when you want it to be made available to your SMS clients. You can also schedule the program to be available for a limited time, then click Next. Finally, select if you want the program to be assigned or not. An assigned program is a mandatory program; you can set it to run at a predefined date and time and nobody could stop it (short of downing the computer, but when it comes up again it’ll still attempt to run the program).
Creating SMS Advanced Client Credentials
For an upgrade or refresh scenario, the SMS advanced client runs on each local machine. This client uses the SMS advanced client network access account and requires sufficient credentials to present when accessing the SMS distribution points, BDD 2007 deployment point, and shared folders. You’ll need to create and configure a domain user account that can be used for the SMS advanced client network access account. First, create a domain user account in Active Directory (AD). Then, in the SMS Administrator Console, expand Site Database, Site Hierarchy, Site Code (3-digit code), Site Settings, Connection Accounts. Right-click Client, choose New, Windows User Account. In the Connection Account Properties dialog box, click Set, then supply the User name, Password, and confirm password for the account you created in AD. Now return to the expanded Site Settings node and select Component Configuration. In the details pane, right-click Software Distribution and choose Properties. On the General tab under Advanced Client Network Access Account, set the domainname useraccount_name of the account you created in AD.
Editing Bootstrap.ini in Deployment Next, you’ll need to edit the Bootstrap.ini file in your deployment point to include the SMS package ID number that was generated when you created your SMS package. (Remember, you made a note of it earlier. You can also find it in the SMS Administrator console. Select Image Packages and in the details pane you’ll see your package name and package ID.) Go back to Deployment Workbench, expand the Deploy node, and choose Deployment Points. In the details pane, right-click the Vista ZTI deployment point and select Properties. On the Rules tab, click the Edit Bootstrap.ini button in the lower-right corner. Modify the OSDINSTALLPACKAGE= & OSDINSTALLPROGRAM= as follows: OSDINSTALLPACKAGE=C0100001 and OSDINSTALLPROGRAM=Vista Ultimate. After you’ve edited the Bootstrap.ini file, you’ll need to update your deployment point. In Deployment Workbench, expand Deploy, select Deployment Points; in the details pane right-click your Vista ZTI deployment point and choose Update.
Introducing ZTI Files and Scripts to the SMS OSD Phase
Now that you’ve edited Bootstrap.ini and updated your deployment point, you’ll need to configure your program to call the Zero- TouchInstallation.vbs script in each phase, then update your distribution points. In the SMS Administrator console, expand Image Packages, click the Vista Ultimate package, select Programs. Then right-click the Vista Ultimate program in the details pane, and choose Properties. On the Advanced tab, shown in Figure 3, configure each phase with a custom action. The first phase is Validation. Click the Add button, choose custom, OK. For Name, choose ZTI-Validation, and for the command line enter ZeroTouchInstallation.vbs (you’ll do this a few times, so select the .vbs script name and press Ctrl+C to copy it). For Files, click Add and enter the UNC path \\server1\ZTI$ VistaOSD folder created when you created your deployment point in BDD. Next, ensure that Files of type is set to All Files (*.*), then select all files (click one and press Ctrl+A), and click Open. Configure all of the subsequent phases with a ZTI-phase name and a command line of ZeroTouchInstallation.vbs. So, the State Capture phase should have a custom action ZTI-StateCapture with a command line of ZeroTouchInstallation.vbs. There’s no need to add files to the other phases; they can use the copy you’ve introduced to the Validation phase. Configure the Preinstall, Postinstall, and State Restore phases in the same manner as the State Capture phase. When you click OK, SMS updates the package contents, and you’ll see the message “SMS Distribution Points require updating.” In the SMS Administrator Console, under Image Packages, right-click Vista Ultimate, choose All Tasks, Update Distribution Points, and click Yes.
Booting a Bare-Metal Machine
If you’re performing a ZTI on a bare-metal machine, you’ll need to figure out a way to boot the target machine. You have a few options. The first is to create an OS image installation CD-ROM. The second is to perform a PXE boot on the client, press F12 for a Network Boot (this can be automated on the WDS server), and connect to a WDS server. Or, third party utilities can automate the PXE boot for you and connect to a WDS server.
Continued on Page 3
To create an OS image installation CDROM in the SMS Administrator console, rightclick Image Packages and choose All Tasks, Create Operating System Image Installation CD. The Operating System Image Installation CD Wizard launches. On the Installation settings page, ensure the only two options selected are Allow installation of Operating System Packages from SMS Distribution Points and Automatically choose the OS Package to install by running a custom program or a script, and click Next. On the Install from SMS distribution points page, choose Vista Ultimate, Next. On the Automatically select Operating System Package page, for File name, enter \\Server1\ZTI$\ZeroTouchInstallation.vbs, for Arguments enter /debug:true, then supply the User name and Password for the user account that has full control over all of the SMS and BDD files (domainname\username) and click Next. On the Windows PE settings page accept the defaults and click Next. Then, on the Create Image page, type in the name VistaOSDCD and the filename VistaOSDInstall. Click Finish to create a VistaOSDInstall.iso that can be burned to a CD-ROM that you can use to boot a bare-metal machine.
To perform a PXE boot and connect to a WDS server, you’ll add your ZeroTouchInstall. wim (this is created automatically when you create your BDD deployment point) to a WDS server. There is one caveat when it comes to ZTIs and WDS integration: The WDS server must be compatible with the older version of WDS called Remote Installation Services (RIS). To have a compatible WDS server, you must first install RIS (go to Control Panel, Add or Remove Programs, Windows Components, and scroll down to RIS), then upgrade using the WINDOWS-DEPLOYMENT-SERVICESUPDATE- X86.EXE hotfix found in the WDS folder of Windows Automated Installation Kit (WAIK). If you’ve already upgraded your server’s OS to XP Pro SP2, you no longer have the option to install RIS. So, if you want to exercise the PXE boot option for ZTIs on bare-metal machines, I suggest that before you upgrade all of your servers to XP Pro SP2, you retain one to install RIS on.
Upgrading or Refreshingthe Target Machines
What happens on the target machines? In an upgrade scenario, BDD runs a ZTIPrereq. wsf script. This script confirms that a target machine is running an upgradable OS (XP Pro SP2 or later, Windows 2000 Professional SP4). It also checks for the following installed software: SMS Advanced Client for SMS 2003 SP2, Windows Script Host 5.6 or later, Microsoft Core XML Services 3.0 (MSXML), and Microsoft Data Access Components 2.0 (MDAC). After the ZTIPrereq.wsf script determines that the minimum requirements are met, the ZTIValidate. wsf script runs to ensure there are enough resources available to deploy the new OS. These resources include 512MB of RAM and enough hard disk space for the image to be deployed. It also makes sure that the current OS isn’t a server OS. In a refresh scenario, the ZTIValidate.wsf script requires that the current OS has been installed on the C partition and that the C partition is the first partition on the first disk of the target computer.