WDS with unattended installation.

crcsupport
crcsupport used Ask the Experts™
on
I was wathcing WDS installation with unattended xml file. I wonderred if any of you guys had trouble with this setup. For example, a computer somehow had disk access trouble and when a user turns on a computer, WDS server wipes out the computer's harddisk and reinstall.
I can imagin this can be avoid by setting up the filter, but also it can be sure if the filter runs properly until the accident happens.

How d you guys use WDS in our environment and to what level?
Do you use WDS with unattended installation?
And how do you patch the install image and how often? Do you just recapture the most up-to-date pc?
When you run sysprep, does it delete all user files?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013
Commented:
I'm confused - you were "wathcing WDS installation with unattended xml file."?  What does this mean?  You were WANTING or you were WATCHING?  Why would you watch?  Please explain.

For example, a computer somehow had disk access trouble and when a user turns on a computer, WDS server wipes out the computer's harddisk and reinstall.
This would never happen.  The user would have to PXE boot and then have credentials allowing him to access the WDS server in order to deploy the image.  Unless you've done something non-standard and likely ill-advised like given all users domain admin rights or something...

What do you mean the hard drive has trouble?  When I setup an environment, nothing is stored on the C: drive and the users have been warned that their c: drives are not backed up.  That said, as a standard practice, we try to use DISK2VHD on all systems prior to re-imaging.  It creates a complete copy of the drive.  These are then stored on a 4TB volume with Data Deduplication enabled on a 2012 server - we squeeze as much as 12 TB of data onto a 4TB space because most of the VHDs have a LOT of identical files.

How d you guys use WDS in our environment and to what level?
We load boot WIMs for recovery as well as deployment - makes it easy to recover a failing system.  Only Technicians have the right to log in to the WDS server.  What else do you mean how is it used?  I don't see many other ways it could be used.

Do you use WDS with unattended installation?
Absolutely.  Though technically you should be more clear - do you mean LTI (Light Touch Installation) or ZTI (Zero Touch Installation).  A light touch requires someone to be initiate and maybe answer a question or two at the beginning of deployment.  ZTI is COMPLETELY automated and generally only possible in conjunction with SCCM.

And how do you patch the install image and how often? Do you just recapture the most up-to-date pc?
You cannot capture the most up to date PC - you would have an unsupported image.  Automating deployment can be done largely through WMI filters and MDT in conjunction with WDS (but you made no mention of MDT so I assume you're not using it).  I actually have a script configured to run on all new images.  It's an LTI deployment that, upon boot, prompts for a little information, such as who the computer is for, what its asset tag is and what time zone it will be in, then it sets up the PC for the end user based on their group membership, including installation of Office, installation of apps like Adobe Acrobat and Java via a scripted Ninite execution (always ensuring the deployed image has the latest updates as opposed to a static image that would require updates regularly).  The LAST thing it does is runs a VB script that patches, though in some environments I also have WSUS running so it's patched within hours automatically anyway.  I may update the image about once per year.

When you run sysprep, does it delete all user files?
If you're imaging you MUST run SYSPREP and it does not delete user files.  This is something you should know or if you're exploring the use of WDS, this is something you should definitely be testing.  NEVER RUN SYSPREP ON A DEPLOYED MACHINE.  It's only for running on machines you are building as images for deployment.  Microsoft does not support systems where they were in production and then you sysprep'd them.

Author

Commented:
I am studying WDS and had those questions.
What I meant is, I thought it's possible that after you deployed a new pc with WDS, you might have left it to boot to network on the pc  and if it's unattended WDS installation (ZTI), it could wipe out the pc and reinstall from WDS. Isn't it possible? Or some computers have network boot as default and it could be wiped for the same reasons.

Also, you mentioned 'You cannot capture the most up to date PC - you would have an unsupported image. ' Let's say I have windows 7 install.wim, I like to patch the image with service pack 1 and most recent updates. If then, using DISM or any image utility, patching the file will be not a good option? I understand patching deployed computers with WSUS after deployment is done, but I was wondering what option is available to keep the install.wim updated so that I can reduce time for deployment.

When you do unattended installation for multiple computers, for example like 20 or more, how do you handle parameters like Product Key, Computer name? Each computer should have different values of them or use temporary, but still different.

Author

Commented:
" then it sets up the PC for the end user based on their group membership, including installation of Office, installation of apps like Adobe Acrobat and Java via a scripted Ninite execution (always ensuring the deployed image has the latest updates as opposed to a static image that would require updates regularly). "

I also wonder you do this. Do you script with powershell to install applications based on user needs?

Also, how do you handle driver situation? Half of our computers are custom built and have various motherboard types. In this case, do you find correct drives and insert to a Drive Group under WDS before deployment ?
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013
Commented:
I am studying WDS and had those questions.
Please state this in the initial question - it will help us understand where you're coming from and give us a better idea of how to respond.

What I meant is, I thought it's possible that after you deployed a new pc with WDS, you might have left it to boot to network on the pc  and if it's unattended WDS installation (ZTI), it could wipe out the pc and reinstall from WDS. Isn't it possible? Or some computers have network boot as default and it could be wiped for the same reasons.

It's possible IF you pre-configure the systems so that PXE boot is always the priority that they would boot back into the network, but you couldn't "accidentally redeploy" unless you "accidentally" entered a user name and password with rights to the WDS server and "accidently" selected the image you wanted to deploy and "Accidentally" told it which drive to install on and "Accidentally" hit continue.  Point being - it won't be an accident - negligence on the part of a tech, but not accident by an end user.

Also, you mentioned 'You cannot capture the most up to date PC - you would have an unsupported image. ' Let's say I have windows 7 install.wim, I like to patch the image with service pack 1 and most recent updates. If then, using DISM or any image utility, patching the file will be not a good option? I understand patching deployed computers with WSUS after deployment is done, but I was wondering what option is available to keep the install.wim updated so that I can reduce time for deployment.

Using DISM to patch in my opinion is cumbersome and I've never done it.   Instead, one thing I've done (though I don't do it regularly) is build my images in VMs.  Then, right before I sysprep, I take a snapshot.  Once the image is sealed with sysprep and captured, you can revert to the snapshot and when Patch Tuesday comes around, you can patch again and repeat.  It's faster than DISM in my opinion and easier.

When you do unattended installation for multiple computers, for example like 20 or more, how do you handle parameters like Product Key, Computer name? Each computer should have different values of them or use temporary, but still different.

WDS can auto-assign names and join the domain in conjunction with the unattend file - by default, my server names things IMG001 and increases from there.  Upon deployment, the script I mentioned prompts for the user name - then it uses a WMIC call to rename the PC based on the user name.

Product key is a non-issue unless you're an OEM.  All images must be built from Volume License media if you are not an OEM.  The VL Media then uses a SINGLE product key that allows multiple activations.  This key is encoded in the unattend file.
Technology and Business Process Advisor
Most Valuable Expert 2013
Commented:
" then it sets up the PC for the end user based on their group membership, including installation of Office, installation of apps like Adobe Acrobat and Java via a scripted Ninite execution (always ensuring the deployed image has the latest updates as opposed to a static image that would require updates regularly). "

I also wonder you do this. Do you script with powershell to install applications based on user needs?

I could do it in powershell - if I took the time to learn powershell.  I know batch and VB script so well, I find it easier to meld those two together.  There are 3 or 4 "support" VB scripts that do things like confirm the PC name is not in AD before renaming (and if it is, it adds a number until it finds a free name).  I check group membership and then reference config text files (a little like linux).  The batch file contains several blocks that ask if a user is a member of a group, if so, it runs the installers (MOST are silent with the appropriate switches) and appends additional NiNite installable apps to the NiNite execution line).  It's a long and complicated script and it does a LOT of things AND LOGS THEM!

Also, how do you handle driver situation? Half of our computers are custom built and have various motherboard types. In this case, do you find correct drives and insert to a Drive Group under WDS before deployment ?
That's just a poor company decision.  In general, companies should standardize on one system.  Maybe one system a year.  It's FAR more work to support multiple different sets of hardware.  It's one reason larger companies get 100 PCs every 4 years or so.  MUCH easier to have images and driver sets for 3-5 or even 10 sets of PCs in larger organizations than to deal with 100 different configs.  And then if the hardware wasn't designed for business, you may have trouble pre-configuring the drivers (though MOST can be).  It just means more work - either for the image or after imaging (my script also identifies the model of the computer - Dell systems mostly - and if Latitude, it installs laptop specific things, if Optiplex, then desktop specific things and things like VPN software is not installed.

Your GOAL should be to have a consistent user experience - each and every PC should be as identical as possible.  To do that, you MUST script and otherwise AUTOMATE the deployments as much as possible.  A checklist is not sufficient.  You get techs that start thinking they memorized the checklist and forget to do things and now you have different systems which increases support calls.  RESEARCH.  I auto-apply settings in the registry using the REG command and dynamically build some keys using the batch file I mentioned.  If you have 100s of PCs, taking the DAYS it may require to come up with the script and image and setup command lines that ensure things install silently can be worth it in the long run.  If you're managing 10 PCs, not so much.

Author

Commented:
Great. Thank you.
Top Expert 2016

Commented:
the simple answer for your question about when a computer has a disk problem and goes to network boot how to NOT overwite the existing installation is to require f12 to be pressed to continue the pxe boot

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial