2. Deploying Windows XP

Thomas LeeChief Technologist – QA plc

Agenda

• Windows XP Setup Improvements• Three Types of Automated Setup

– Scripted Install– Sysprep– RIS

Windows XP Setup

• Improvements– Windows Welcome– Dynamic Update– Compatibility Checker– Uninstall– SysPrep - Factory

Setup Design Goals

• Enhance user experience• Enable OS serviceability• Improve system stability• Unblock deployments

Setup Agenda

• Unattended setup• WinPE• Imaging• RIS• Setup Tools

Why not use OEM Build?

• Breaks the license • SysPrep is different• Lots of “OEM Stuff”• Product Keys

Automated Installations

• Unattended setup– Scripted automated Windows Setup– Used to build “Master PC”

• Imaging– Uses SysPrep and 3rd Party Disk Imaging

products– Copies “Master PC” to many PCs

• Remote Installation Services– Unattended Setup from Server– Imaging from Server (without 3rd party

products)

Unattended Setup

• Most flexible deployment option• Starts and runs Windows XP Setup on each

computer individually• What you need:

– Winnt.exe, Winnt32.exe or CD (BIOS must support bootable CD)

– A distribution share with Setup files or Windows XP CD

– An answer file (text file) or winnt.sif if running unattended from CD

Unattended Installation

ManualSetup

Csacss;c;s

Ascjbs;cjb

sakcjbS;CBJ

;CV;qcs

Csacss;c;s

Ascjbs;cjb

sakcjbS;CBJ

;CV;qcs

Unattend.txt

Starting Unattended Install

• From DOS/Windows 3.x:winnt.exe /u:<answer file> /s: <source share>

• Make sure you have smartdrv.exe loaded

• From Windows 9x/NT/WinPE: winnt32.exe /unattend:<answer file> /s: <source share>

[ /tempdrive:<target drive> /syspart:<target drive> ]

• From CD (computer supports CD boot): Place winnt.sif file on a floppy disk, boot Setup from CD

and insert the floppy when Setup starts

Install Windows XP

WinPE

• Windows XP PreInstallation Environment– 32-bit Bootable environment– Replacement for DOS– Supports all Windows XP devices– Limited availability!

Prep the disk

• Script DiskPart• 2 partitions

– OS– Imaging

Show me…

• Building unattended text files• Diskpart.exe

\i386\i386\$OEM$\$OEM$

\Textmode\Textmode

\$$\$$\$1\$1

\<drive_letter>\<drive_letter>

\<drivers_dir>\<drivers_dir>

\<drive_letter>\<drive_letter>

Windows XP filesWindows XP files

Contains all OEM filesContains all OEM files

Maps to %systemdrive%. Maps to %systemdrive%.

Contains PnP drivers and infsContains PnP drivers and infs

Maps to a drive on the computer. E.g. E:\Maps to a drive on the computer. E.g. E:\

Contains Txtsetup.oem, SCSI and HAL filesContains Txtsetup.oem, SCSI and HAL files

Maps to %systemroot%Maps to %systemroot%

Distribution Share/Folder

• Directory that contains installation files - Windows XP, device drivers, any additional files

• Structure ($OEM$ can be moved in unattend.txt)

Installing Windows XP

• Windows XP– Copy i386 folder from XP CD ROM

• Windows XP SP1– Run XPSP1.EXE /S:d:\winxp

(see support\tools\spdeploy.htm)

• Let SUS/WU add the rest• SP2 due in Summer

Customising the Build

• $OEM$ copies files to local disk• Cmdlines.txt executes commands at the end of

setup– Cmdlines.txt is run synchronously– Commands in cmdlines.txt execute asynchronously

• Use start /wait to call a CMD file• Use start /wait for each command in the CMD file

– Cmdlines.txt has no user environment and no network access – useful only for $OEM$

– Cmdlines.txt cannot install MSI packages• Use GUIRunOnce

– Use GUIRunOnce for network app installs

Customising the Build

• Adding support for PnP hardware– Drivers must be available during GUI mode setup– Place files in $OEM$\$1\Drivers– Create sub-folders (audio, net, etc)– Unattend.txt

• [Unattend]• OEMPnPDriversPath=“drivers\audio;drivers\net;drivers\etc”

– Setup prepends %systemdrive% to each path

What’s new In XP Setup…

• Windows Welcome• Dynamic Update• Compatibility Checker• Uninstall

Setup User Experience

• Plain English• Batch questions• Estimate Setup

time• Hide Text mode

• Warm colors• Unified branding• Billboards• Windows

Welcome

Reduce Setup Anxiety

Windows Welcome (Out Of The Box Experience)

• “Engaging” new look at installation– Animations– Simplified language– Adopted new Windows XP Visual Design

• Smart Internet detection– Display pages appropriate to hardware– Use detected Internet to register

• Highlights key consumer features– User accounts– Auto-configure Home Network

• OOBEINFO.INF– Used to customize the setup routines– OOBE ASP pages can also be customized.

Dynamic Update

• Address top PSS/Consumer installation problems before setup starts– Deliver any emergency fixes– Deliver new device drivers– Update any Windows file (including setup)

after RTM

First experience only gets better!

Dynamic Update hint:

• See Windows XP Pro Resource Kit• See Dynamic Update link on

http://www.microsoft.com/windows/reskits/webresources

Built-in Compatibility Checker

• Scans system and program files• Compares results against a list of

known/potential problems • List view bubbles up ‘top’ issues

– Device Driver– Application warnings– Application Re-Install

• Details button provides further explanation• Builds list of system files used for uninstall

Compatibility Checker hint:

• Can run:WINNT32 -checkupgradeonly

Uninstall

• Enables Restoration to previous OS after upgrading to Windows XP– All hardware devices and applications

installed prior to upgrade will work – User data created with new OS will be

maintained

Uninstall

• Included as part of Professional or Personal upgrade– Win98, Win98SE or Millennium upgrades only– Automatically done as part of upgrade

• User can recover to old OS at any point in Setup process

• Uninstall Archive generally 150-300 M– User reminder to remove back up files after 30

days to save disk space

SysPrep

• Creates a deployable image• SysPrep creates the image• Use 3rd party tools to deploy/copy

images• Image contains OS, apps,

customisation

Sysprep Installation

SysPrep

SysPrep.inf

Mini Setup or Windows Welcome

ManualSetup

Unattend.txt

1.1. Install, Configure Windows XP on a computerInstall, Configure Windows XP on a computer

2.2. Install, Configure Applications, SPs, etcInstall, Configure Applications, SPs, etc Templates, File locationsTemplates, File locations

3.3. Run Sysprep.exeRun Sysprep.exe **Setupcl.exe must exist in same folder**Setupcl.exe must exist in same folder Provide an answer file, sysprep.inf (if desired)Provide an answer file, sysprep.inf (if desired) Shut down the computerShut down the computer

Using Sysprep (1 of 2)

5.5. Save master image on network, CD, etc., and Save master image on network, CD, etc., and download to target computersdownload to target computers

4.4. Run Image Copying tool to create master image Run Image Copying tool to create master image Xcopy, Norton Ghost, PowerQuest Xcopy, Norton Ghost, PowerQuest

DeployCentre, hard disk duplicator, etc.DeployCentre, hard disk duplicator, etc.

6.6. Boot up computer with duplicated imageBoot up computer with duplicated image Mini-Setup wizard is displayedMini-Setup wizard is displayed

Can be scripted using Sysprep.infCan be scripted using Sysprep.inf

Using Sysprep (2 of 2)

Sysprep - improvements

• Sysprep –Factory– Allows for updated / out of box drivers to be picked up by

image at install time– Per machine customizations applied– Enables audit capabilities– Takes ~1 minute to desktop for auditing vs. ~4 in Win2k

• Sysprep –Mini– Mini Setup (not Windows Welcome)

• Better cleanup – Pagefile– MRU / LRU

Sysprep – sysprep.inf

• Sysprep.inf– Same format as previous versions– Tweak file by hand– Comprehensive reference in deploy.cab help files

• BuildMassStorageSection=1– Allows multiple disk subsystems in one image.– Sysprep -BMSD

• Sysprep –clean– Cleans mass storage section– Runs automatically first time Sysprep is run after a

BuildMassStorageSection=1

SysPrep - Factory

• New mode of SysPrep• Allows more Windows configuration• Allows modification of images

– Install new drivers– Install or uninstall applications.

WinBOM.ini (Windows Bill Of Materials)

• Drives sysprep –factory• Scriptable audit / OS customization environment• Allows gathering of files (e.g. drivers, apps) from

network• Handles application install• Applies Per-Machine information:

– Identity information– Machine name– ISP information

Remote Installation Service

Remote Installation Service

• Remote Installation provides an easy way to install the base OS onto a PC

• Remote Installation provides a way to create an Image of a PC and store the image on a server

• Remote Installation can be used for machine replacement with other IntelliMirror features

• Remote Installation does not mirror the hard disk to the server (not a back-up tool)

Remote Installation Services

• Requirements– Ability for a user to wipe a Computer clean and install

selected OS or Image– Ability for non-technical staff to install OS without staging– Admins can control which Images the user has access to

• Benefits– Reduced cost of deploying new hardware– Basic disaster recovery ability– Reduce the size of Images on the server

• NB Requires Active Directory & PXE

RIS Installation

RiPrep

RiPrep.sif

Mini Setup or Windows Welcome

RISSetup

Ristndrd.sifRIS

RIS Server Set-up

1. Install RIS2. Run RISetup *

Configures serverInstalls W2K/WXP Professional imageInstalls Admin Property pages

3. Ensure DHCP server is accessible to clients

4. Authorise RIS servers in DHCP admin

* If RIS was installed at system install this is also accessible via “Configure your server”

RIS Server Services

• BINL (Boot Information Negotiation Layer)The boot server service; interacts with the ADand other boot servers to remote install a client

• TFTPD (Trivial File Transfer Protocol Daemon)Protocol used to transfer files needed to remote install, maintain and troubleshoot a client machine

• SIS (Single Instance Storage)Runs on NTFS partition to reduce disk space usage by removing duplicate files from RIS images

Creating RIS OS Install

• Configure RIS Server as mentioned– Creates a default CD-based image

• Configure client computer names and locations

• Configure client installation options• Modify installation using answer file• Set permissions on image - set ACLs

on .sif files (or templates folder)

Creating a RiPrep Image

1. Install and configure OS (Windows 2000/XP professional)

2. Configure components and settings3. Install and configure applications4. Remove all unnecessary data

User profiles, user data

5. Test the configuration of the operating system and all applications

6. Modify the Default User profile7. Run Riprep.exe

\\<risserver>\%systemroot%\system32\reminst

RIS Hints:

• Must have Windows 2000 SP2 on server• Must have new RISETUP.EXE

– See Q287546

• Must copy new files from .NET server– RIPREP.EXE– IMIRROR.DLL– SETUPCL.EXE– RIPREP.INF

Setup Tools

• Deploy.cab• Setup Manager

– Unattend.txt

• Sysprep– Factory– Sysprep.inf

• Winbom.ini

Windows XP SP2

• What is it?• What’s new and different• Why does it matter?

XP SP2 is. . .

• A LOT More than just a service pack• A new security baseline for our client

OS• The start of Springboard . . . • NOT XP reloaded

What is Springboard

• Get secure and stay secure with less cost, less stress and less effort

• Impacts many products:• XP SP2 (where it starts!)• Windows update V5, update.exe• Windows Installer 3 (.msp/.msi)• Windows Update Services• Windows Server Server SP1

• Big changes in functionality & baseline security level for Microsoft products

Memory

Network

Updates

Email/Web

Provide system-level protection for the base operating system

Help protect the system from directed attacks from the network

Ensure that when updates are necessary, they are easier to deploy quickly

Enable safer Internet experience for most common Internet tasks

SP2 Security Enhancements

Network Enhancements

• Windows Firewall – Enhanced and turned on by default– All ports are closed except when they are

in use– Enterprise administration of Windows

Firewall through Group Policy

• Reduce RPC attack surface• DCOM tightened up

Email and Web Services

• Safer web browsing• Internet Explorer will be enhanced to:

– Provide improved protection against harmful web downloads

• Significant changes to the IE engine• Locking down the Local Machine zone • Pop-up (Manager) blocker • Manage plug-ins

Memory

• Enhanced memory protection• Core Windows components recompiled

to reduce buffer overruns potential• Hardware-Enforced "no execute" (NX)

on CPU– 64bit and K8 & Intel Itanium

Other XP SP2 Features

• Automatic Update– Easier to download– Doenload and install critical updates

automaticaly

• WUS Client– Improved over SUS client– Downloads restartable

Still More XP SP2 Features

• Media Player 9– Security scrubbed– More robust security settings

• No execute of scripts by default

• DirectX 9.0b• Bluetooth Update• Improved wireless client

How do I get SP2?

XP SP2 “Technical preview program” http://www.microsoft.com/SP2Preview

• SP2 newsgroups– msnews.microsoft.com

• MSDN subscriber downloads• Technet• Etc

Well show me then…

3 types of install

Scripted Install

Scripted Upgrade

RIS Install/ Upgrade

RIS Image Image

Speed of deployment

Slowest Medium Medium Fast Fastest

Application deployment

Yes No No Yes - Included Yes - Included

Benefits Can be easily modified

Easy can be launched remotely

Easy, remote deployment

Easy, remote deployment

Easy

Issues Speed – application install, need to visit machine

Legacy issues Needs Active Directory & PXEHeavy on Network

Needs Active Directory & PXEHeavy on Network

Need to visit machines (or RIS start)

Questions