Windows Vista Zero Touch Installations with BDD

This is the final article in a three-part series exploringthe Microsoft Solution Accelerator for BusinessDesktop Deployment 2007 (BDD) tool. I beganthe series in October with the Required Reading article“Planning Your Vista Deployment with BDD” (Instant-Doc ID 96906), in which I showed you how to install andrun the BDD tools to help you with your Windows Vistadeployments. In the second article, “Using DeploymentWorkbench” (November 2007, InstantDoc ID 97170), Icovered using the BDD Deployment Workbench wizardsfor a Lite Touch Installation (LTI). In this article, I’ll stepyou through the basics of a Zero Touch Installation (ZTI),which uses Systems Management Server 2003 (SMS) todistribute a Vista OS. ZTI is a BDD deployment option forlarger organizations.

About Zero Touch Installation

Before you begin the installation process, you need to knowthat there are two types of ZTI. The first type requires noadministrator intervention. It supports either an upgradeor refresh scenario in which a target machine’s OS is wipedclean and replaced with Vista, with user data intact. Targetmachines have the advanced SMS client agents installed.You use the SMS client agents to download and install SMSpackages for deployment. The second type I call an almostZTI. This installation is used for bare-metal machines withabsolutely nothing installed, so you’ll need to find a way toboot the target machines. The bare-metal ZTI is similar toa Lite Touch Install except that it uses SMS to distribute thenew OS. In this article I cover both types of ZTI.

Before You Begin

Before you get started, download and install BDD 2007 as“Planning Your Vista Deployment with BDD” describes. Seethe Learning Path for information on the additional installationsin this paragraph. Be sure to install the WindowsAutomated Installation Kit (WAIK), and, if you’re goingto save the user’s state in order to migrate, install the UserState Migration Tool (USMT 3.0). As I mentioned, SMS isan essential component of the ZTI; you’ll need to installSMS 2003 SP2 or later with the SMS Operating SystemDeployment Feature Pack. SMS requires SQL Server (eitherMicrosoft SQL Server 2005 SP2, Microsoft SQL Server 2000SP3a or later, or Microsoft SQL Server 7.0 SP3 or later), soyou must have a server running that as well. You’ll also needthe Windows Preinstallation Environment 2004 (WinPE).(WinPE 2.0 isn’t supported by and won’t work with this version of BDD.) Because WinPE 2004 requires source filesfrom Windows XP Professional Edition SP2 (XP Pro), you’llneed to have that as well.

You might also need a Windows Deployment Service(WDS) server if you have clients that don’t have the SMSadvanced client agents and you want to take advantage ofthe network boot option (F12). The network boot option letsyou PXE boot from the WDS server.

The amount of hard disk space necessary for deployinga ZTI can be quite significant, so be sure there’s enoughbefore you get started. While BDD, SMS, and SQL Server canall be installed on a single server, you can also install eachcomponent on a separate server to distribute the workload.You’ll need sufficient storage on the BDD deploymentserver for the custom images (Windows Imaging Format-WIM-files) that you create before your ZTI. The SMS servermust have enough space to store the various components(the packages, programs, advertisements, and distributionpoints that I discuss later). And if you implement the loggingfeature for troubleshooting, you’ll need to ensure thatthe target machines have enough hard disk space for thelogs. Using the refresh scenario requires enough space on aserver to store complete backups of the target machines.

Adding OSs andAccompanying Files

We’ll begin our ZTI by launching the New OS Wizard andadding three components as operating systems to theBDD-your custom .wim files, WinPE 2004, and XP Pro SP2source files. If you haven’t already done so, download andinstall BDD 2007 as “Planning Your Vista Deployment withBDD” describes. Next, log on as an administrator, and openDeployment Workbench from Start, All Programs, BDD2007, Deployment Workbench.

Expand the Distribution Share node in the DeploymentWorkbench console tree, right-click Operating Systems, andclick New. The New OS Wizard appears. (For more details onthe New OS Wizard, see “Using Deployment Workbench.”)From the wizard’s Choose the type of operating system to addpage, select Custom image file and click Next. The Customimage file option requires you to enter the path of the .wimfile you want to use. So, on the Select operating system imagefile page, locate the custom .wim you’ve previously createdand stored on a UNC path (\ServernameSharename)or WDS server, select it, and click Next. Specify thatSetup and Sysprep files are not needed, then click Next.You can either type the name of the destination directoryfor your OS or accept the default destination directory name, then click Copy to add yourcustom .wim files.

Now you’re ready to add either WinPE 2004or WinPE 2005. Start the New OS Wizard again.From the wizard’s Choose the type of operatingsystem to add page, select Full set of source filesand click Next. On the next page, browse tothe location where you stored WinPE 2004 orWinPE 2005 and choose Move the files to thedistribution share instead of copying them.

Launch the New OS Wizard a third timeto add XP Pro SP2. On the Choose the type ofoperating system to add page, select Full setof source files and click Next. On the followingpage, browse to the folder containing XP ProSP2 source files and choose Move the files tothe distribution share instead of copying them.

Creating a Build

After you’ve added your OSs, you’re ready tocreate a build. Expand the Distribution Sharenode, right-click Builds, and choose New. Thislaunches the New Build Wizard. On the Specifygeneral information about this build page, typein a Build ID such as “VistaZTI” (rememberthat no spaces are allowed), a descriptive buildname such as “Vista Zero Touch Installs,” anycomments documenting your build, then clickNext. On the next page, choose the custom.wim file you added to the OSs earlier and clickNext. Choose Do not specify a product key atthis time, and click Next. On the Specify settingsabout this build page, fill in a Full name, anOrganization name, and the Internet Explorer(IE) home page you’ll use for all installationsperformed from this build, then click Next.Finally, on the Specify the local Administratorpassword for this build page choose Do notspecify an Administrator password at this time,and click Create.

Creating a DeploymentPoint

Next, you’ll use the New Deployment PointWizard to create the deployment point, thelocation to which target machines connect toinstall a build. To launch the wizard, expandthe Deploy node, right-click DeploymentPoints, and click New.

For the type of build, choose SMS 2003OSD and click Next. (For a discussion of theother types of builds, see “Using DeploymentWorkbench.”) Type in a descriptive name,such as “Vista ZTI,” and click Next. On theSpecify the location of the network share to holdthe files and folders necessary for this deploymenttype page, supply the Server name,Share name, and Path for the share (I usedServer1OSD with a path of C:ZTI), and clickNext. Choose Do not save data and settings onthe Specify user data defaults page, and clickCreate. The last page of the wizard promptsfor the location of the SMS 2003 OSD path, sobrowse to where you put the SMS 2003 OSD,select it, and click Create (yes, you do clickCreate twice).

Continued on Page 2

Expect a message that tells you the OSDDeployment point has been successfully createdbut before it can be used or updated youmust first configure the WindowsPE options.

Right-click your new OSD deploymentpoint and click Properties. Verify that the correctbuild is selected on the Builds tab, that theWindows PE source is set to Windows PE 2005on the Windows PE 2004/2005 tab, and thatthe Windows source is set to Windows XP ProfessionalSP2. Then, right-click the new OSDdeployment point and click Update. A newfolder named ZTI will be created in the rootof your C: drive that contains two additionalfolders: Boot and VistaOSD. The Boot foldercontains your WinPE 2005, and the VistaOSDfolder contains all other files needed for thebuild.

Configuring the SMSComponents

In SMS you’ll create a package, a program, andan advertisement. In addition, you’ll definedistribution points and user accounts withsufficient permissions to all components. The package contains the OS source files the targetmachine will download and install. Theprogram defines how the package runs (i.e.,minimized, maximized, hidden, or normal),whether to restart the machine after install,and whether to run when a user is logged onor not. The advertisement determines whichmachines will receive the package. The distributionpoint determines the servers to whichyou’ll distribute the package. Your targetmachines will connect to the distribution pointto download and install the package.

Creating the SMS Package

Open the SMS Administrator console, expandthe Site Database node, and right-click ImagePackages. Choose All Tasks, then chooseUpdate Windows PE to launch the UpdateWindows PE Wizard. On the Windows PE Settingspage, for source folder, type in the paththat was created earlier (e.g., C:ZTIBoot Source). Click Next, Finish.

Now you’ll need to create a package thatcontains your custom .wim image file forSMS. Right-click Image Packages again, chooseNew, Operating System Image Package. Thislaunches the New Operating System PackageWizard. On the Operating System Packagesettings page, type in a package name (choosesomething descriptive, such as Vista Ultimate)as shown in Figure 1, page 68. Then open yourcustom image file (the .wim image you createdearlier), and browse and choose the UNCpath (I chose \Server1SMSPackages) whereyour SMS package will be stored. This is calledthe Package source. (Take note of the packageID that’s created automatically; you’ll needthis later when you update your Bootstrap.inifile.) Click Next. You’ll see a message that SMSDistribution Points require updating due tochanges to the Operating System Package, clickOK, Finish.

Creating the SMS Program

Now we’ll create an SMS Program, which isa subcomponent of a package. To create theSMS program, expand Image Packages in theconsole tree, expand the node with your newpackage name (for our sample package, we’lluse Vista Ultimate, as shown in Figure 2), rightclickPrograms, choose New, Operating SystemProgram. The New Operating System ProgramWizard starts. On the New Operating SystemProgram options page, choose to Create a newOS Program with default settings and name itWindows Vista Ultimate ZTI, click Next. On theLicensing settings page, select Product key notrequired and click Next. On the Membershipsettings page, select Domain and input yourNetBIOS domain name. Then set the domainaccount and password that has rights andpermissions to add computers to the domain.Uncheck Create random password for the localadministrator, click Next, then Finish. Onceagain expect a message aboutyour SMS Distribution Pointsneeding to be updated due tothe changes you made, clickOK, Finish.

Updating theSMS Distribution Point

The next step is to updatethe SMS distribution pointwith the servers to which thepackage will be distributed.To update the SMS distributionpoint, expand ImagePackages, right-click the nodewith your new package (VistaUltimate in our sample), then choose All Tasks, DistributeSoftware. The DistributePackage Wizard launches.On the Package page, click Select an existing package,in the Packages box selectyour Package name, thenclick Next. On the DistributionPoints page, choosethe servers you want to useas distribution points andclick Next.

Advertising aProgram

On the Advertise a Program page, choose Yesto advertise a program from this package,click Next. Choose your program name onthe Select a Program to Advertise page, clickNext. The Advertisement Target page defineswhich computers the program will be offeredto. SMS has some default groups of computerscalled “collections” that you can use, or youcan create your own collections. I recommendcreating a collection of test machines to run thepackage on first. This way you can deal withany problems before you run the package onproduction machines. Give the advertisementa name on the Advertisement Name page,click Next. Choose whether you want to alsoadvertise to subcollections (subcollections arecollections created from another collection),click Next. Create an Advertisement Schedulefor when you want it to be made available toyour SMS clients. You can also schedule theprogram to be available for a limited time, then click Next. Finally, select if you want theprogram to be assigned or not. An assignedprogram is a mandatory program; you canset it to run at a predefined date and time andnobody could stop it (short of downing thecomputer, but when it comes up again it’ll stillattempt to run the program).

Creating SMS AdvancedClient Credentials

For an upgrade or refresh scenario, the SMSadvanced client runs on each local machine.This client uses the SMS advanced client networkaccess account and requires sufficientcredentials to present when accessing the SMSdistribution points, BDD 2007 deploymentpoint, and shared folders. You’ll need to createand configure a domain user account that canbe used for the SMS advanced client networkaccess account. First, create a domain useraccount in Active Directory (AD). Then, in theSMS Administrator Console, expand Site Database,Site Hierarchy, Site Code (3-digit code),Site Settings, Connection Accounts. Right-clickClient, choose New, Windows User Account.In the Connection Account Properties dialogbox, click Set, then supply the User name, Password,and confirm password for the accountyou created in AD. Now return to the expandedSite Settings node and select ComponentConfiguration. In the details pane, right-clickSoftware Distribution and choose Properties.On the General tab under Advanced ClientNetwork Access Account, set the domainname useraccount_name of the account youcreated in AD.

EditingBootstrap.iniin Deployment
Workbench

Next, you’ll need to edit theBootstrap.ini file in yourdeployment point to includethe SMS package ID numberthat was generated when youcreated your SMS package.(Remember, you made a noteof it earlier. You can also findit in the SMS Administratorconsole. Select Image Packagesand in the details paneyou’ll see your package nameand package ID.) Go back to Deployment Workbench, expand the Deploynode, and choose Deployment Points. In thedetails pane, right-click the Vista ZTI deploymentpoint and select Properties. On the Rulestab, click the Edit Bootstrap.ini button in thelower-right corner. Modify the OSDINSTALLPACKAGE=& OSDINSTALLPROGRAM= asfollows: OSDINSTALLPACKAGE=C0100001and OSDINSTALLPROGRAM=Vista Ultimate.After you’ve edited the Bootstrap.ini file, you’llneed to update your deployment point. InDeployment Workbench, expand Deploy,select Deployment Points; in the details paneright-click your Vista ZTI deployment pointand choose Update.

Introducing ZTI Files andScripts to the SMS OSDPhase

Now that you’ve edited Bootstrap.ini andupdated your deployment point, you’ll needto configure your program to call the Zero-TouchInstallation.vbs script in each phase,then update your distribution points. In theSMS Administrator console, expand ImagePackages, click the Vista Ultimate package,select Programs. Then right-click the Vista Ultimateprogram in the details pane, and chooseProperties. On the Advanced tab, shown in Figure 3, configure each phase with a customaction. The first phase is Validation. Click theAdd button, choose custom, OK. For Name,choose ZTI-Validation, and for the commandline enter ZeroTouchInstallation.vbs (you’ll dothis a few times, so select the .vbs script nameand press Ctrl+C to copy it). For Files, click Add and enter the UNC path \server1ZTI$ VistaOSD folder created when you createdyour deployment point in BDD. Next, ensurethat Files of type is set to All Files (*.*), thenselect all files (click one and press Ctrl+A), andclick Open. Configure all of the subsequentphases with a ZTI-phase name and a commandline of ZeroTouchInstallation.vbs. So,the State Capture phase should have a customaction ZTI-StateCapture with a command lineof ZeroTouchInstallation.vbs. There’s no needto add files to the other phases; they can usethe copy you’ve introduced to the Validationphase. Configure the Preinstall, Postinstall, andState Restore phases in the same manner as theState Capture phase. When you click OK, SMSupdates the package contents, and you’ll seethe message “SMS Distribution Points requireupdating.” In the SMS Administrator Console,under Image Packages, right-click Vista Ultimate,choose All Tasks, Update DistributionPoints, and click Yes.

Booting a Bare-MetalMachine

If you’re performing a ZTI on a bare-metalmachine, you’ll need to figure out a way to bootthe target machine. You have a few options.The first is to create an OS image installationCD-ROM. The second is to perform a PXEboot on the client, press F12 for a Network Boot(this can be automated on the WDS server),and connect to a WDS server. Or, third partyutilities can automate the PXE boot for you andconnect to a WDS server.

Continued on Page 3

To create an OS image installation CDROMin the SMS Administrator console, rightclickImage Packages and choose All Tasks,Create Operating System Image InstallationCD. The Operating System Image InstallationCD Wizard launches. On the Installationsettings page, ensure the only two optionsselected are Allow installation of OperatingSystem Packages from SMS Distribution Pointsand Automatically choose the OS Packageto install by running a custom program or ascript, and click Next. On the Install from SMSdistribution points page, choose Vista Ultimate,Next. On the Automatically select OperatingSystem Package page, for File name, enter\Server1ZTI$ZeroTouchInstallation.vbs, forArguments enter /debug:true, then supply theUser name and Password for the user accountthat has full control over all of the SMS andBDD files (domainnameusername) and click Next. On the Windows PE settings page acceptthe defaults and click Next. Then, on the CreateImage page, type in the name VistaOSDCDand the filename VistaOSDInstall. Click Finishto create a VistaOSDInstall.iso that can beburned to a CD-ROM that you can use to boota bare-metal machine.

To perform a PXE boot and connect to aWDS server, you’ll add your ZeroTouchInstall.wim (this is created automatically when youcreate your BDD deployment point) to a WDSserver. There is one caveat when it comes toZTIs and WDS integration: The WDS servermust be compatible with the older versionof WDS called Remote Installation Services(RIS). To have a compatible WDS server, youmust first install RIS (go to Control Panel, Addor Remove Programs, Windows Components,and scroll down to RIS), then upgrade usingthe WINDOWS-DEPLOYMENT-SERVICESUPDATE-X86.EXE hotfix found in the WDSfolder of Windows Automated Installation Kit(WAIK). If you’ve already upgraded your server’sOS to XP Pro SP2, you no longer have theoption to install RIS. So, if you want to exercisethe PXE boot option for ZTIs on bare-metalmachines, I suggest that before you upgrade allof your servers to XP Pro SP2, you retain one toinstall RIS on.

Upgrading or Refreshing

the Target Machines
What happens on the target machines? Inan upgrade scenario, BDD runs a ZTIPrereq.wsf script. This script confirms that a targetmachine is running an upgradable OS (XP ProSP2 or later, Windows 2000 Professional SP4). Italso checks for the following installed software:SMS Advanced Client for SMS 2003 SP2, WindowsScript Host 5.6 or later, Microsoft CoreXML Services 3.0 (MSXML), and MicrosoftData Access Components 2.0 (MDAC). Afterthe ZTIPrereq.wsf script determines that theminimum requirements are met, the ZTIValidate.wsf script runs to ensure there are enoughresources available to deploy the new OS.These resources include 512MB of RAM andenough hard disk space for the image to bedeployed. It also makes sure that the currentOS isn’t a server OS. In a refresh scenario, theZTIValidate.wsf script requires that the currentOS has been installed on the C partition andthat the C partition is the first partition on thefirst disk of the target computer.