?
Solved

WDS with unattended installation.

Posted on 2014-08-19
7
Medium Priority
?
546 Views
Last Modified: 2014-08-19
I was wathcing WDS installation with unattended xml file. I wonderred if any of you guys had trouble with this setup. For example, a computer somehow had disk access trouble and when a user turns on a computer, WDS server wipes out the computer's harddisk and reinstall.
I can imagin this can be avoid by setting up the filter, but also it can be sure if the filter runs properly until the accident happens.

How d you guys use WDS in our environment and to what level?
Do you use WDS with unattended installation?
And how do you patch the install image and how often? Do you just recapture the most up-to-date pc?
When you run sysprep, does it delete all user files?
0
Comment
Question by:crcsupport
  • 3
  • 3
7 Comments
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 2000 total points
ID: 40270990
I'm confused - you were "wathcing WDS installation with unattended xml file."?  What does this mean?  You were WANTING or you were WATCHING?  Why would you watch?  Please explain.

For example, a computer somehow had disk access trouble and when a user turns on a computer, WDS server wipes out the computer's harddisk and reinstall.
This would never happen.  The user would have to PXE boot and then have credentials allowing him to access the WDS server in order to deploy the image.  Unless you've done something non-standard and likely ill-advised like given all users domain admin rights or something...

What do you mean the hard drive has trouble?  When I setup an environment, nothing is stored on the C: drive and the users have been warned that their c: drives are not backed up.  That said, as a standard practice, we try to use DISK2VHD on all systems prior to re-imaging.  It creates a complete copy of the drive.  These are then stored on a 4TB volume with Data Deduplication enabled on a 2012 server - we squeeze as much as 12 TB of data onto a 4TB space because most of the VHDs have a LOT of identical files.

How d you guys use WDS in our environment and to what level?
We load boot WIMs for recovery as well as deployment - makes it easy to recover a failing system.  Only Technicians have the right to log in to the WDS server.  What else do you mean how is it used?  I don't see many other ways it could be used.

Do you use WDS with unattended installation?
Absolutely.  Though technically you should be more clear - do you mean LTI (Light Touch Installation) or ZTI (Zero Touch Installation).  A light touch requires someone to be initiate and maybe answer a question or two at the beginning of deployment.  ZTI is COMPLETELY automated and generally only possible in conjunction with SCCM.

And how do you patch the install image and how often? Do you just recapture the most up-to-date pc?
You cannot capture the most up to date PC - you would have an unsupported image.  Automating deployment can be done largely through WMI filters and MDT in conjunction with WDS (but you made no mention of MDT so I assume you're not using it).  I actually have a script configured to run on all new images.  It's an LTI deployment that, upon boot, prompts for a little information, such as who the computer is for, what its asset tag is and what time zone it will be in, then it sets up the PC for the end user based on their group membership, including installation of Office, installation of apps like Adobe Acrobat and Java via a scripted Ninite execution (always ensuring the deployed image has the latest updates as opposed to a static image that would require updates regularly).  The LAST thing it does is runs a VB script that patches, though in some environments I also have WSUS running so it's patched within hours automatically anyway.  I may update the image about once per year.

When you run sysprep, does it delete all user files?
If you're imaging you MUST run SYSPREP and it does not delete user files.  This is something you should know or if you're exploring the use of WDS, this is something you should definitely be testing.  NEVER RUN SYSPREP ON A DEPLOYED MACHINE.  It's only for running on machines you are building as images for deployment.  Microsoft does not support systems where they were in production and then you sysprep'd them.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40271072
I am studying WDS and had those questions.
What I meant is, I thought it's possible that after you deployed a new pc with WDS, you might have left it to boot to network on the pc  and if it's unattended WDS installation (ZTI), it could wipe out the pc and reinstall from WDS. Isn't it possible? Or some computers have network boot as default and it could be wiped for the same reasons.

Also, you mentioned 'You cannot capture the most up to date PC - you would have an unsupported image. ' Let's say I have windows 7 install.wim, I like to patch the image with service pack 1 and most recent updates. If then, using DISM or any image utility, patching the file will be not a good option? I understand patching deployed computers with WSUS after deployment is done, but I was wondering what option is available to keep the install.wim updated so that I can reduce time for deployment.

When you do unattended installation for multiple computers, for example like 20 or more, how do you handle parameters like Product Key, Computer name? Each computer should have different values of them or use temporary, but still different.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40271107
" then it sets up the PC for the end user based on their group membership, including installation of Office, installation of apps like Adobe Acrobat and Java via a scripted Ninite execution (always ensuring the deployed image has the latest updates as opposed to a static image that would require updates regularly). "

I also wonder you do this. Do you script with powershell to install applications based on user needs?

Also, how do you handle driver situation? Half of our computers are custom built and have various motherboard types. In this case, do you find correct drives and insert to a Drive Group under WDS before deployment ?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 2000 total points
ID: 40271173
I am studying WDS and had those questions.
Please state this in the initial question - it will help us understand where you're coming from and give us a better idea of how to respond.

What I meant is, I thought it's possible that after you deployed a new pc with WDS, you might have left it to boot to network on the pc  and if it's unattended WDS installation (ZTI), it could wipe out the pc and reinstall from WDS. Isn't it possible? Or some computers have network boot as default and it could be wiped for the same reasons.

It's possible IF you pre-configure the systems so that PXE boot is always the priority that they would boot back into the network, but you couldn't "accidentally redeploy" unless you "accidentally" entered a user name and password with rights to the WDS server and "accidently" selected the image you wanted to deploy and "Accidentally" told it which drive to install on and "Accidentally" hit continue.  Point being - it won't be an accident - negligence on the part of a tech, but not accident by an end user.

Also, you mentioned 'You cannot capture the most up to date PC - you would have an unsupported image. ' Let's say I have windows 7 install.wim, I like to patch the image with service pack 1 and most recent updates. If then, using DISM or any image utility, patching the file will be not a good option? I understand patching deployed computers with WSUS after deployment is done, but I was wondering what option is available to keep the install.wim updated so that I can reduce time for deployment.

Using DISM to patch in my opinion is cumbersome and I've never done it.   Instead, one thing I've done (though I don't do it regularly) is build my images in VMs.  Then, right before I sysprep, I take a snapshot.  Once the image is sealed with sysprep and captured, you can revert to the snapshot and when Patch Tuesday comes around, you can patch again and repeat.  It's faster than DISM in my opinion and easier.

When you do unattended installation for multiple computers, for example like 20 or more, how do you handle parameters like Product Key, Computer name? Each computer should have different values of them or use temporary, but still different.

WDS can auto-assign names and join the domain in conjunction with the unattend file - by default, my server names things IMG001 and increases from there.  Upon deployment, the script I mentioned prompts for the user name - then it uses a WMIC call to rename the PC based on the user name.

Product key is a non-issue unless you're an OEM.  All images must be built from Volume License media if you are not an OEM.  The VL Media then uses a SINGLE product key that allows multiple activations.  This key is encoded in the unattend file.
0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 40271187
" then it sets up the PC for the end user based on their group membership, including installation of Office, installation of apps like Adobe Acrobat and Java via a scripted Ninite execution (always ensuring the deployed image has the latest updates as opposed to a static image that would require updates regularly). "

I also wonder you do this. Do you script with powershell to install applications based on user needs?

I could do it in powershell - if I took the time to learn powershell.  I know batch and VB script so well, I find it easier to meld those two together.  There are 3 or 4 "support" VB scripts that do things like confirm the PC name is not in AD before renaming (and if it is, it adds a number until it finds a free name).  I check group membership and then reference config text files (a little like linux).  The batch file contains several blocks that ask if a user is a member of a group, if so, it runs the installers (MOST are silent with the appropriate switches) and appends additional NiNite installable apps to the NiNite execution line).  It's a long and complicated script and it does a LOT of things AND LOGS THEM!

Also, how do you handle driver situation? Half of our computers are custom built and have various motherboard types. In this case, do you find correct drives and insert to a Drive Group under WDS before deployment ?
That's just a poor company decision.  In general, companies should standardize on one system.  Maybe one system a year.  It's FAR more work to support multiple different sets of hardware.  It's one reason larger companies get 100 PCs every 4 years or so.  MUCH easier to have images and driver sets for 3-5 or even 10 sets of PCs in larger organizations than to deal with 100 different configs.  And then if the hardware wasn't designed for business, you may have trouble pre-configuring the drivers (though MOST can be).  It just means more work - either for the image or after imaging (my script also identifies the model of the computer - Dell systems mostly - and if Latitude, it installs laptop specific things, if Optiplex, then desktop specific things and things like VPN software is not installed.

Your GOAL should be to have a consistent user experience - each and every PC should be as identical as possible.  To do that, you MUST script and otherwise AUTOMATE the deployments as much as possible.  A checklist is not sufficient.  You get techs that start thinking they memorized the checklist and forget to do things and now you have different systems which increases support calls.  RESEARCH.  I auto-apply settings in the registry using the REG command and dynamically build some keys using the batch file I mentioned.  If you have 100s of PCs, taking the DAYS it may require to come up with the script and image and setup command lines that ensure things install silently can be worth it in the long run.  If you're managing 10 PCs, not so much.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40271205
Great. Thank you.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40271596
the simple answer for your question about when a computer has a disk problem and goes to network boot how to NOT overwite the existing installation is to require f12 to be pressed to continue the pxe boot
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question