[This is Part 1 of 3]
Check other parts:
If you viewed my blog posts about creating custom Windows 8.1 Image, you saw how we got a customized WIM file and (CopyProfileunattend.xml) file that does couple of customization. We have also generated an ISO file from the WMI file so we can boot a machine from a DVD or USB and manually install Windows and get all the customization and apps.
Now, i will be talking about taking those two files (WIM) and (CopyProfileunattend.xml) file and deliver Windows 8.1 over the network using Server 2012 Windows Deployment Services WDS. You can deliver the original Windows files over WDS by taking the default wim file located under sources\install.wim on the DVD media if you do not have built a customized image yet.
Reference Link > What’s New in Windows Deployment Services in Windows Server 2012 : http://technet.microsoft.com/library/hh974416
WDS can be integrated with Active Directory or standalone configuration. I will be talking about Active Directory integrated mode.
From Server Manager, go to Configure this local server > Add roles and features
Click Role-based or feature-based installation
Choose Windows Deployment Services.
Choose both check boxes. Transport Server is used usually to control unicast. It doesn’t harm to include it.
After the installation is done, open Server Manager, click Tools> Windows Deployment Services.
This will open the WDS console, right click the server name under Servers and click Configure Server.
In the Install Options window, choose Integrated with Active Directory.
In the Remote Installation Folder Location, enter a path. This is the place where all Windows images are stored. It is highly recommended to dedicate a volume to host WDS files and not the O.S drive. For simplicity, i will keep the default. WDS will create the folder C:\RemoteInstall.
As i said, you will get a warning if you are selecting a place on the C drive, just click Yes to continue.
In the PXE Initial Image Settings, choose Response to all client computers (known and unknown). This is the least relaxed setting, but for now in order to test things, keep it like this and do not check any other check boxes. This means that any client booting from the network can see images hosted in the WDS.
In the Operation Complete window, do not check the box, and just click Finish.
Now your WDS console will look like this:
Right click Boot Images and click Add Boot Image. Boot images are simply the small boot file that is so similar to WindPE. It is just a small O.S used to connect to WDS, get the image and install the actual windows.
In the Image File window, click Browse.
Browse to the Windows installation files (this can be the Original Windows installation file, or any Customized image directory), and go to Sources>Boot.wim.
In the Image Metadata, leave defaults unless you want to customize the image name or description. Click Next.
Now that you have finished adding a boot file, your WDS console will show that file added.
Now in the WDS console, right click the Install Images node and click Add Image Group. Install Image Group is like a folder to host multiple images inside it. Actually it has the following usage:
- Single Instance Storage (SIS). So if you have created an image group with both Windows 8 and Windows 8.1, then WDS will store any duplicate files once, thus saving space.
- Setting permissions : you can assign permissions on the image level and on the Image group level.
Name the Image group something like Windows 8 Images.
Once the Image group is created, right click it and click Add Install Image.
In the Image File window, click Browse.
Browse to your customized WIM file. If you do not have one, then go to the Windows media > sources >Install.wim.
In the Available Images, you can choose the accept the default image name and description, or uncheck the check box at the bottom to enter custom name and description of the image that others will see when choosing an image to install.
Now on your WDS console, you can see your image added successfully.
Now right click the image you have just added, click Properties.
On the Image Properties, and if you have an unattended XML file, you can add it here. In our case, since we created Custom Windows 8.1 image with CopyProfileunattend.xml, then we will check Allow image to install in unattended mode and click Select File, and browse to the CopyProfileunattend.xml file.
On the User Permissions tab, you can set the permission so that only authorized people can connect to that image and start install it. Anyone with Read permission can download the image from the WDS and install it. So i usually clean up things here and remove the Everyone permissions leaving only System, Administrators and WDSServer.
I also tend to create an AD security group like (Allow WDS Installation) and give it Read/Read & Execute permissions. Those are the people who can connect and install this image.
Now return to the WDS console, right click the server name and click Properties.
On the PXE Response tab, you will see:
- PXE Response Policy : with :
- Do not respond to any client computer: this basically disable WDS
- Response only to known client computers : you have to pre-stage or pre create computers in the WDS console with the computer GUID (ID) or MAC. I usually do not do this.
- Response to all client computers (known and unknown): if you want the easiest thing, then choose this.
- PXE Response Delay: if you have multiple WDS servers and you want this one to be secondary in case your main WDS is down, then set a delay so that the primary WDS with 0 delay will always respond first.
In the AD DS tab, this is where you set the name conversion and OU path if WDS is going to join the machine to domain after formatting. I usually do not want WDS to do this since i work in environment with complex naming standard and AD restrictions. So i will ignore this tab.
In the Boot tab, you can configure what is the user interaction when booting the network. For both known clients and unknown clients, i will choose Require the user to press the F12 key to continue the PXE boot. Again, known clients are those pre-created by you on the WDS console by providing the computer MAC or GUID. Unknown clients are those who you did not pre-create in WDS.
So now, when someone boot from the network, he will detect WDS, and then the user should press F12 to connect to WDS and boot from the network.
Under Default boot image (optional), i usually assign my boot image (boot.wim) i have created for Windows 8.1 as the default boot for X64. You can leave this option if you like.
Under Client tab, you can choose another type of xml unattended file. This is usually an XML containing how WDS may format the disk and create volume. In my case i do not want WDS to be that clever and format things.
Under Joining a Domain, i will check the box Do not join the client to a domain after an installation. This is only me, as i want to name the computer according my naming standard and as the AD team to pre-create the account in AD.
Under Client Logging, i always enable logging.
Under DHCP tab, if this server has also the DHCP role, then you have to click those check boxes. DHCP and WDS listen to the same ports, so you do not want WDS to screw your DHCP by using the same ports. In my case, i do not have WDS collocated with DHCP.
Under Multicast tab, i always check (Use addresses from the following range) to set the multicast range, and under Transfer Settings you have many options. Those options are to control how many download groups will the WDS use when multiple clients with multiple connection speeds download the same image at the same time. For example, if two clients are connecting at the same time to WDS and downloading same image, and one of those clients are connecting using slow network, then the WDS will send the image with slow multicast transmission. If you click Separate clients into three sessions (slow, medium,fast), then WDS will always divide all connected clients to three groups depending on their speed, and will send separate transmission to each group so that slow clients will not affect faster ones.
On the Advanced tab, i totally ignore all settings here. I always keep the defaults and i will not authorize it in AD. Authorization is same as DHCP authorization and needs Enterprise Admin rights, and it simply protect from unauthorized WDS servers.
On the Network tab, i usually choose a UDP port range to control the UDP ports to open when downloading the images from WDS.
On the TFTP tab, remember that the WDS simply acts as TFTP Server to offer the images to clients. You can control the block size and other settings. I usually leave the defaults.
That’s it for Part one. You have now installed WDS on Windows Server 2012, added Install and Boot image, and configured the WDS server and image properties. See you in Part 2.