MDT is often used in conjunction with WDS, Windows Deployment Service, for Windows deployment. Using WDS, we can boot a machine from on board NIC, choose a deployment sequence and kick start the process. Note: WDS needs to be installed on an Active Directory Domain Controller, and the DHCP must be configured, too.
However, if you somehow cannot have WDS, e.g. you are in a Samba domain without AD domain controllers, or you do not have much access right to your AD Domain Controller in your small branch, or even, you are not comfortable installing WDS on the AD domain controller and change DHCP settings, you can perfectly live without it. A few bootable USB pen drives will do the job equally well.
We are going to see how to use MDT 2012 and a few USB pen drives to do Windows deployment.
However, if you somehow cannot have WDS, e.g. you are in a Samba domain without AD domain controllers, or you do not have much access right to your AD Domain Controller in your small branch, or even, you are not comfortable installing WDS on the AD domain controller and change DHCP settings, you can perfectly live without it. A few bootable USB pen drives will do the job equally well.
We are going to see how to use MDT 2012 and a few USB pen drives to do Windows deployment.
Now start Microsoft Deployment Toolkit -> Deployment Workbench.
Create a new deployment share as shown below.
Click Next until you hit the Options page. What you choose depends on your need. Normally we will be imaging a new machine, so we un-tick all of them.
Click through, and hit the Finish button.
Now, the real job begin.
Add WIM image.
Expand MDT Deployment Share, right click on Operating Systems -> Import Operation System. Some organization can go with the Windows 7 ISO image. In my case, I am going to use a customised WIM image as captured in part 02 using ImageX, so I need to select the 2nd option, Custom image file. Browse to your WIM file, e.g. image.wim, click through the pages.
Add Applications
I am going to use 7-zip as example.
Right click on Applications on the left pane -> New Application -> Next -> enter the information as desired,
Next page, browse to where the .MSI resides. Click through the pages until you see the command details page. Enter the command line as shown below. Check references for different software packages. Some comes with instructions for its own silent install switches. Some does not, but complies with the standard conventions.
Click through pages, and you are done.
Add Device Drivers
You can see Out-of-box Drivers on the left pane. This option provides the most convenient way of 'injecting' device drivers. However, the drawback is that this options is 'global'. You cannot pick and choose during deployment. If you only need to support 1 computer model, this is fine. But most likely you have different hardware to support, then this approach is not very suitable (unless you create multiple deployment shares, each for 1 model, or a few closely related models).
Now extract the drivers under c:\drivers.
Right click Out-of-box Drivers -> Import drivers -> browse to the driver folder, click through the pages, and finish.
Create Task Sequence
You should be pretty familiar with the layout by now to create a new task sequence - start from right click on Task Sequence to create one. Put in a name and ID as desired.
Use the default - Standard Client Replace Task Sequence.
In a real case, you might have a list of WIM files to use. You need to select the one you want for the current task sequence. In this example, I only have one.
Choose the right key option. In my case, I leave it out.
Provide the PC owner's name and organisation name.
Now, the admin password.
You can provide local admin password at this stage. The drawback is that this information will be in plain text in unattend.xml, the answer file for image deployment, in a shared folder (the deployment share). If you don't want the risk of leaking out local admin password, choose not, like I do here. If you choose not, your new machine will have Administrator account enabled with NO PASSWORD SET after the deployment. You will need to remember to set its password for each machine afterwards. However, MDT is powerful enough to let you run command line or powershell scripts during deployment. You can use custom tasks to do various things, e.g. disable the administrator account. I will share this in a later article.
Click through to finish.
Now we have a deployment share and a basic task sequence. Further configuration is required to make things work. See next a few pages.
Choose the right key option. In my case, I leave it out.
Provide the PC owner's name and organisation name.
Now, the admin password.
You can provide local admin password at this stage. The drawback is that this information will be in plain text in unattend.xml, the answer file for image deployment, in a shared folder (the deployment share). If you don't want the risk of leaking out local admin password, choose not, like I do here. If you choose not, your new machine will have Administrator account enabled with NO PASSWORD SET after the deployment. You will need to remember to set its password for each machine afterwards. However, MDT is powerful enough to let you run command line or powershell scripts during deployment. You can use custom tasks to do various things, e.g. disable the administrator account. I will share this in a later article.
Click through to finish.
Now we have a deployment share and a basic task sequence. Further configuration is required to make things work. See next a few pages.
No comments:
Post a Comment