3. Deploying Images to Target Computers
Whatever method you use to build and capture your reference computers, the result
should be the image files that you want to deploy to your target computers. The basic
steps of this final deployment process are almost the same as those for building the
reference computer. These steps are as
follows:
Add the captured image to the deployment share.
Create a task sequence for the target computer installation.
Start the target computer with an MDT 2010 boot image and initiate the
installation.
Although these steps might seem simple, especially when you have just used the
same basic procedure to build your reference computers, deploying images to large
numbers of target computers can complicate the process enormously. MDT 2010 and the
Windows operating systems provide many ways to customize the deployment process to
accommodate the specific needs of your network, your IT staff, and your users.
3.1. Adding Captured Images to the Deployment Share
The process of adding an image to an MDT 2010
deployment share is a simple one, but there are other factors to consider when
deploying images to target computers. The first consideration is access to the
production network itself. If you constructed your image creation lab on an
isolated network, you must see to it that your target computers can access the
deployment share containing your captured images.
Your two options in this respect are as follows:
Connect the build computer to the production
network
Move the build computer to the production network or add a connection
to the production network, using a second network interface adapter. If
you elect to move the build computer and your deployment share is hosted
by another system, you must move that computer as well.
Create a new build computer on the production
network
Install MDT 2010 on a computer connected to the production network and
use that system to host a deployment share containing your images and the
task sequences for your target computer deployments.
The need for additional components on the target deployment share depends on
the type of images you chose to create. If you created thick images, the
deployment share does not need any other software, but if you created thin or
hybrid images, you might have to add drivers, language packs, updates, or
applications to the share so that you can deploy them to the target
computers.
3.1.1. Replicating Deployment Shares
If you elect to create multiple build computers or multiple deployment
shares on a single build computer, you can configure Deployment Workbench to
replicate the contents of one share to another. This way, you can use a
deployment share on an isolated lab network to install and capture your
reference computers and create your target deployment task sequences, and then
replicate the data to another share on your production network for the target
computer deployment. To initiate the replication process, you use Deployment
Workbench to link the deployment shares and then create selection profiles to
specify the files on the share that you want to replicate.
3.1.2. Ensuring Network Bandwidth
The image files you will be deploying to the target computers are typically
several gigabytes in size, so the amount of bandwidth available between the
build server and the target computers is an important consideration. MDT 2010
is not designed to deploy target computers over wireless networks or relatively
slow wide area network (WAN) links. Attempts to perform deployments over slow
links would take an inordinately long time and likely flood those links,
preventing any other traffic from using them.
For deployments to target computers that
have no high-speed link to a build computer, consider the following
alternatives:
Move the build computer to the target computers’ network temporarily,
perform the deployment, and then move the build computer back. This
option might be complicated by the need to provide server resources on
the target computer network, including DHCP and WDS.
Move the target computers to the build computer’s network temporarily,
perform the deployment, and then move the target computers back.
Perform the deployment using removable media, such as DVDs or USB
flash drives.
Even on high-speed networks, a large-scale deployment can consume enough
bandwidth to interfere with regular traffic. Project administrators should be
conscious of every network’s current traffic situation, and they should use
that data to determine how many workstations they can deploy at one time
without interfering with other users. This is known as a staggered deployment.
Other strategies are to deploy workstations only during nonproduction hours or
to use multicasting, which reduces the amount of bandwidth consumed by the
deployment process.
3.2. Creating a Task Sequence for Target Deployment
To deploy Windows 7 to a target computer using MDT 2010, you must create a task
sequence using the New Task Sequence Wizard, just as you did for the reference
computer installation. However, the target computer deployment is often more
complicated than that for the reference computer. Depending on which of the
deployment scenarios you are using, you might have to create a task sequence that
saves the user state data from the target workstation before installing Windows 7
and restores the user state data to the target workstation afterward. You might
even have to create multiple task sequences that save the user state data from
existing workstations and then restore the data to new workstations after
installing Windows 7.
For a target deployment using the New Computer, Upgrade Computer, or Refresh
Computer scenarios, you create a task sequence using the Standard Client Task
Sequence template. The wizard then prompts you for the operating system you want
to install and some other optional information, such as the product key and
Administrator password you want to use on the workstation.
After you
have created the task sequence, you can view and modify its various settings by
opening its Properties sheet and selecting the Task Sequence tab, as shown in
Figure 1.
A task sequence consists of a succession of commands that perform various
actions on the target computer, on which it runs. Some of the commands execute
scripts, while others interact directly with the target computer. The template you
select when you create the task sequence inserts a default group of commands into
the task sequence; on the Task Sequence tab, you can modify the defaults and add
or remove commands as you need to.
Most of the task sequences for LTI deployments are based on the Standard Client
Task Sequence template because this template enables the installer to implement a
variety of features on the target computer. Because a Lite-Touch deployment
requires some interaction at the client site, as opposed to the Zero-Touch
deployment, which requires none, the task sequence can contain actions that the
target workstation does not always need.
For example, the Standard Client Task Sequence template includes the Capture
User State action, which can save the user state data on a target computer to a
remote location for later retrieval. In a deployment using the New Computer or
Upgrade Computer scenario, this action is not needed and the installer can disable
it at the target computer before the installation begins. When using the Refresh
Computer scenario, however, the installer must configure the Windows Deployment
Wizard to save the user state data before installing Windows 7. In a ZTI
deployment, the task sequence must be precisely configured to perform all of the
required actions on the target computer because there is no installer interaction.
Task sequences for LTI deployments are therefore easier to create.
The one LTI scenario that requires a different task
sequence template is the Replace Computer scenario. In this type of deployment,
you are saving the user state data from an existing workstation and then restoring
it to a new workstation after installing Windows 7. Because you are working with
two computers, you need two separate task sequences. The first one, based on the
Standard Client Replace Task Sequence template, contains the Capture User State
command and skips the process of installing Windows 7, as shown in Figure 2. In the second task
sequence, which runs on the new computer, the installer skips the Capture User
State command, installs Windows 7, and then performs the Restore User State
command to copy the user state data from the existing computer to the new
one.
Technical specialists who have special needs and who are familiar with the task
sequence format can also use the Custom Task Sequence template to create a
sequence from scratch.
3.3. Updating the Deployment Share
After you have created the task sequences that you need to deploy your captured
images to the target computers, you must update your deployment share, if you have
not done so already. Updating the deployment share creates the boot images that
enable the target workstations to connect to the deployment share on the build
computer.
Note:
UPDATING THE DEPLOYMENT SHARE
If you updated the deployment share when
you deployed your reference computers, you have no reason to do so again unless
you modified the boot image settings in Deployment Workbench since then.
Updating the deployment share creates boot images in the Boot folder of the
deployment share in both Windows Imaging (wim) and ISO formats, in 32-bit and
64-bit versions, using the following file names:
LiteTouchPE_x64.wim
LiteTouchPE_x64.iso
LiteTouchPE_x86.wim
LiteTouchPE_x86.iso
3.4. Choosing a Client Boot Method
The image files that Deployment Workbench creates when you update the
deployment share contain the Windows PE boot files and the Windows Deployment
Wizard. This wizard runs on the target computer and enables the installer to
control the individual deployment process for each workstation. The next decision
that the administrators must make is how they intend to boot each of the target
computers.
3.4.1. Using File-based
Images
The LiteTouchPE_x32.iso and LiteTouchPE_x64.iso files that Deployment
Workbench creates contain all the boot files the target computer requires in a
single, file-based image. You can burn these images to CDs, DVDs, or USB flash
drive and use them to boot the target workstations. The resulting boot disks
include all of the software necessary to start a computer, load the Windows
Deployment Wizard, and connect to the deployment share on the build
computer.
Note:
BURNING BOOT DISKS
The Windows operating systems do not include the software needed to burn
an ISO file to a CD, DVD, or flash drive. You must obtain a third-party
software product to do this.
The advantage to this boot method is that the target computers require no
special hardware other than a disk drive or a USB port from which the system
can boot. The disadvantage is that you must have a boot disk for each target
computer you want to install. However, you do not necessarily have to create a
separate boot disk for each workstation because the disks are not
system-specific.
After the Windows Deployment Wizard loads, remove the disk or drive and use
it to boot another computer. Because some interaction is required at each
target computer anyway in an LTI deployment to initiate the installation
process, using boot disks to start each workstation is not a terrible
inconvenience.
3.4.2. Using Windows Imaging Files
The other boot method for target workstations is to deploy the
LiteTouchPE_x86.wim and LiteTouchPE_x64.wim files over the network by using
Windows Deployment Services (WDS). This method is much faster and eliminates
the need to burn boot disks and carry them to the individual workstations. You
can also install large numbers of target computers simultaneously.
The disadvantages are that every target computer must be equipped with a
network interface adapter that supports the Preboot Execution Environment (PXE)
standard. The network must also have a WDS server and a DHCP server that is
configured to support WDS. You can run both of these services on your build
computer or on a separate server.
3.4.3. Using Visual Basic Scripting Edition
You can also launch the Windows Deployment Wizard from a computer that is
already running an operating system by connecting to the deployment share over
the network and running the Litetouch.vbs script, located in the Scripts
folder. One example of the commands used to do this appears as follows:
net use s: \\server\deploymentshare$
s:
cd scripts
cscript litetouch.vbs
This method of launching the wizard is required when your task sequence
needs access to the currently installed operating system on the target
computer. For example, in the Refresh Computer scenario, the wizard must
capture the target computer’s user state and save it to a remote location
before it installs Windows 7. If you use one of the Windows PE boot methods to
start the target computer, the wizard skips the Capture User State task because
it does not have access to the installed operating system. Starting the wizard
with the Litetouch.vbs script while the existing operating system is running
enables it to locate the required files and perform the Capture User State
task.
3.5. Starting the Target Computer
When you boot
the target computer using one of the LiteTouchPE image files, the MDT 2010
Solution Accelerators interface appears, as shown in Figure 3. When you boot the
computer using one of the ISO images, the initial interface is included on the
disk. When you deploy the Windows Imaging file using WDS, the target computer
obtains the address of the WDS server from the DHCP server on the network and then
downloads the boot files and the interface from the WDS server. Whichever method
the target computer uses, the interface is the same, as is the process of
deploying Windows 7.
After the interface appears, you can click Run The Deployment Wizard To Install
A New Operating System. The User Credentials window appears, in which you must
type domain or local credentials in the User Name, Password, and Domain text boxes
that provide access to the deployment share.
At this point,
the Windows Deployment Wizard appears displaying the Select A Task Sequence To
Execute On This Computer page, as shown in Figure 4. If you run the
Litetouch.vbs script from within a running operating system, the wizard loads
using the credentials with which you logged on to the target computer.
The installer can now proceed with the LTI deployment process as
follows:
In the Select A Task Sequence To Execute On This Computer page, select
the task sequence to run on the target computer and click Next.
Note:
SELECTING A TASK SEQUENCE
The Select A Task Sequence To Execute On This Computer page contains
all of the task sequences created in Deployment Workbench on the build
computer that are available to the target computer. If the target
computer is running a 64-bit operating system, for example, task
sequences configured to install 32-bit operating systems do not appear in
the list.
If you have launched the wizard from a
running operating system, the Choose A Migration Type page appears, as shown
in Figure 5. Specify what
scenario you want to use for the target computer deployment by selecting the
appropriate option.
Click Next. The Specify The Product Key Needed To Install This Operating
System page appears, as shown in Figure 6. To specify an
individual Windows 7 product key or a Multiple Activation Key (MAK) for the
installation, select the appropriate option and type the key in the text box
provided.
Click Next. The Configure The Computer Name page appears, as shown in
Figure 7.
In the
Computer Name text box, specify the name you want to assign to the new
workstation and click Next. The Join The Computer To A Domain Or Workgroup
page appears, as shown in Figure 8.
To join the target computer to a domain after the Windows 7 installation,
select the Join A Domain option and, in the Domain text box, type the name
of the domain you want the computer to join and click Next.
The credentials you supplied earlier appear by default in the User
Name, Password, and Domain text boxes. If these credentials do not
provide administrative access to the AD DS domain you specified, you
must change them.
If you want the wizard to create the computer object in a specific
organizational unit, rather than the Computers container, type its
name in the Organizational Unit text box.
To join the target computer to a workgroup, leave the Join A
Workgroup option selected and type the name of the workgroup you want
the computer to join in the Workgroup text box.
If you are using the Refresh Computer scenario, the Specify Where To Save
Your Data And Settings page appears, as shown in Figure 9. Select the Specify
A Location option, and in the Location text box, type a path to the folder
to which you want the wizard to copy the user state data from the target
computer. Then click Next.
If you are using the Replace Computer or Refresh Computer scenario, the
Specify Whether To Restore User Data page appears, as shown in Figure 10. Select the Specify
A Location option and, in the Location text box, type the path to the
location in which you saved the user state data you want to restore.
Click Next. The Language And Other Preferences page appears, as shown in
Figure 11.
Click Next to accept the default
language, country, and keyboard layout settings, or if you need to make
changes, choose the correct values from the three drop-down lists. Then
click Next. The Set The Time Zone page appears, as shown in Figure 12.
Select the time zone for the target computer’s ultimate location and
click Next. The Administrator Password page appears, as shown in Figure 13.
In the Administrator Password and Please Confirm Administrator Password
text boxes, type the password you want the target computer to use and click
Next. The Specify The BitLocker Configuration page appears, as shown in
Figure 14.
To
enable BitLocker Drive Encryption on the target computer, select the Enable
BitLocker option and choose one of the configuration options. Then click
Next. The Ready To Begin page appears.
If you select the option requiring a PIN, specify a value in the
provided text box. If you select an option requiring a startup key,
select the drive letter that the USB flash drive will be assigned or,
if there will be only one flash drive in the computer, leave the
default First Available option selected.
If you have configured the target computer to join a domain, you
can select the In Active Directory option to store the recovery key in
Active Directory.
Select the Wait For BitLocker Encryption To Complete On All Drives
Before Continuing check box to prevent the deployment process from
continuing until BitLocker finishes encrypting the computer’s
drives.
Note:
ENABLING BITLOCKER
At this time, the Windows Discovery Wizard presents all of the
available options for BitLocker configuration and does not perform a
hardware check on the target computer. It is up to the installer to know
whether the computer is equipped with a Trusted Platform Module (TPM)
chip and whether a startup key is present when the installer is selecting
options that call for those components.
Click the Details arrow to display a summary of the settings you
configured, as shown in Figure 15.
Click Begin. An Installation Progress window appears, tracking the
various procedures of the installation.
When the installation is completed, the Operating System Deployment
Completed Successfully page appears, as shown in Figure 16.
