Figure 7 shows the activities that occur during the Developing Phase. Most of these activities involve preparation of the servers used to install applications and migrate existing user data. These tasks may be repetitive depending on your deployment strategy. Some deployments may require that the following sequence of server installation, stabilization, and deployment be repeated several times, either serially or in parallel, to complete an organization-wide deployment. The following sections describe the steps necessary to prepare the deployment process: | • | Roles and Responsibilities | | • | Milestones in the Developing Phase | | • | Preparing the RIS Server | | • | Installing Solution Accelerator for BDD | | • | Configuring the Appropriate Resource Access | | • | Configuring the ZTI Operating System Image | | • | Creating the ZTI Operating System Image Installation CD | | • | Configuring the ZTI Processing Rules | | • | Preparing the Windows PE CDs and Images |
On This PageRoles and ResponsibilitiesIn addition to the tasks defined in the process description that follows, take note of the following responsibilities allocated to the role clusters. Table 17 defines these focus areas for the different role clusters during this phase. Table 17. Team Roles and Responsibilities in the Developing Phase Product management | Managing customer expectations | Program management | Managing the functional specification; project management; updating plans | Development | Code creation; infrastructure development; documentation; image creation | User experience | Training; usability testing | Test | Functional testing; issues identification; documentation review | Release management | Creating the deployment servers, deployment checklists, and updated pilot plans; site preparation checklists; operations plans |
Milestones in the Developing PhaseTable 18 lists the project milestones and deliverables that you need to complete during the Developing Phase. The project plan you create needs to include these milestones, the resources required for each milestone, and the length of time to complete each milestone. Table 18. Developing Phase Project Milestones and Deliverable Description RIS server prepared | The existing servers running RIS are configured and ready to deploy Windows PE images to workstations. | Development | Solution Accelerator for BDD installed | All the Solution Accelerator for BDD components are installed and ready for operating system image deployment. | Development | Appropriate resource access configured | Appropriate SMS client access accounts are created, and the corresponding shared folder permissions are assigned to the accounts. | Development | ZTI operating system image configured | Appropriate ZTI operating system images are configured for all SMS OSD Feature Pack phases (Validation, State Capture, Preinstall, Postinstall, and State Restore). | Development | ZTI operating system image installation CD created | CD used for deployment of the operating system image to workstations is created. The ZTI script and corresponding Customsettings.ini file are included in the image. | Development | ZTI processing rules configured | The processing rules, configured in Customsettings.ini, are created. When appropriate, additional settings are stored in a SQL Server database. | Development | Windows PE CDs and images prepared | Images and CDs used to deploy Windows PE on workstations—either through RIS or directly through CDs—are prepared. | Development |
Preparing the RIS ServerWhen deploying to workstations that are not managed by SMS, you can initiate the image installation process through RIS. In the ZTI deployment process, your RIS servers are responsible for installing Windows PE on the workstations. You boot Windows PE from RIS to prepare the workstation for operating system image deployment. Ensure that the RIS servers have the: | • | Appropriate flat file image structures. | | • | Copies of the Windows PE images when they become available from the development team that creates them. These images may not be ready until the end of the Developing Phase. |
Note For more information about setting up and configuring your RIS server, see Deploying the OS Deployment Package Using RIS in the Microsoft Systems Management Server 2003 Operating System Deployment Feature Pack Users Guide in the Additional Resources section of this guide. Note For more information about adding additional network drivers to your RIS image, see Preparing the RIS Server in the Computer Imaging System Feature Team Guide, Enterprise Edition. You need to perform additional RIS configuration that is specific to using Windows PE in the ZTI deployment process. To configure the RIS server to support Windows PE in the ZTI deployment process, perform the following steps: 1. | Disable the creation of the Windows PE computer account in Active Directory. | 2. | Disable Windows PE logging on the RIS server. | 3. | Automate the RIS Client Installation Wizard. |
Disabling Creation of the Windows PE Computer Account in Active DirectoryDuring the ZTI deployment process, Windows PE will create a computer account in Active Directory by default. The computer name that Windows PE uses is temporary and unnecessary after Windows PE has prepared the workstation for Windows XP deployment. To modify the Ristnrd.sif file to disable the creation of computer accounts in Active Directory, perform the following steps: 1. | On the RIS server, start Notepad. | 2. | In Notepad, open RISTemplatePath\Ristndrd.sif (where RISTemplatePath is the path to the Template folder of the Windows PE image that you want to modify (for example, \RemoteInstall\Setup\English\Images\RIS\I386\Templates). | 3. | Modify the ImageType entry in the [OSChooser] section to ImageType=WinPE, as illustrated in Listing 13. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. [OSChooser]
Description ="Build 3608"
Help ="SMS 2003 SP1 Build 3174.1017, OSD Build 3608,
WinPE Source"
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates
\startrom.com"
ImageType =Flat
Version="5.1 (0)" Listing 13. Ristndrd.sif before the modification of ImageType to use Windows PE | 4. | After modification, the [OSChooser] section should resemble Listing 14. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. [OSChooser]
Description ="WinPE 1.5"
Help ="Windows PE 1.5 Source"
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%
\templates\startrom.com"
ImageType =WinPE
Version="5.1 (0)" Listing 14. Ristndrd.sif after the modification of ImageType to use Windows PE | 5. | Save the file, and then close Notepad. Note In addition to completing these steps, you also need to enable only Tools in the Choice Option Dialog. For more information, see Enabling Only Tools in the Choice Options Dialog Box later in this guide. |
Disabling Windows PE Logging on the RIS ServerBy default, Windows PE writes startup information to the Setupapi.log log file. When several workstations simultaneously boot the same Windows PE image, those workstations attempt to write to the same Setupapi.log file, which can cause slow performance because each workstation must wait to gain write access to the file. In the ZTI deployment process, RIS status logging is not required for Windows PE. Note The file Setupapi.log is not generated until a client boots into Windows PE. To disable Windows PE logging on the RIS server, perform the following steps: 1. | Modify the registry settings in the Windows PE image on the RIS server. | 2. | Set read-only access on the Setupapi.log file in the Windows PE image on the RIS server. |
Modifying the Registry Settings in the Windows PE ImageTo modify the registry settings in the Windows PE image on the RIS server, perform the following steps: 1. | On the RIS server, click Start, click Run, and then type RegEdt32.exe in the Open text box. | 2. | Click the HKEY_LOCAL_MACHINE registry subtree. | 3. | On the File menu, click Load Hive. | 4. | Navigate to WinPEConfigPath (where WinPEConfigPath is the path to the i386\System32\Config folder of the Windows PE image on the RIS server), click Software, and then click Open. | 5. | In the Key Name text box, type TemporaryHiveName (where TemporaryHiveName is a temporary name you assign to the hive), and then click OK. | 6. | In the Registry Editor, navigate to TemporaryHiveName\Microsoft\Windows\Currentversion\Setup (where TemporaryHiveName is a temporary name you assign to the hive). | 7. | On the Edit menu, click New, and then click DWORD Value. | 8. | For the name of the new value, type LogLevel, and then press ENTER. | 9. | Double-click LogLevel, select Hexadecimal in Value data type 101, and then click OK. Verify that the LogLevel entry now has a value of 0x00000101. | 10. | Click TemporaryHiveName (where TemporaryHiveName is the temporary name you assigned to the hive). | 11. | On the File menu, click Unload Hive. | 12. | In the Unload Hive dialog box, click Yes. | 13. | Close the Registry Editor. |
Set the Setupapi.log File to Read-onlyTo set the Setupapi.log file to read-only, perform the following steps: 1. | On the RIS server, open Windows Explorer, navigate to RISImageI386Path (where RISImageI386Path is the path to the I386 folder of the Windows PE image that you want to modify)—for example, D:\RemoteInstall\Setup\English\Images\winpe\i386). | 2. | In the details pane, right-click Setupapi.log, and then click Properties. Note The Setupapi.log file is not present until after you successfully start from the Windows PE image for the first time. | 3. | In the Setupapi.log Properties dialog box, select Read-only, and then click OK. | 4. | Close Windows Explorer. |
Automating the RIS Client Installation WizardAlthough you have enabled the Windows PE Tools option, the process still requires manual intervention to complete the installation of Windows PE. If you are installing a single image of Windows PE, you can automate the Client Installation Wizard screens in RIS. To automate the RIS Client Installation Wizard, perform the following steps: 1. | Enable the Tools option in the Choice Options dialog box, and disable all other options. | 2. | Modify the Tools.osc file (and the Tlchoice.osc file for Windows Server 2003 SP1) to enable automated installation. | 3. | Modify the Login.osc file to further automate installation. | 4. | Modify the Welcome.osc, Install.osc, and Oschoice.osc files to further automate installation. |
Enabling Only Tools in the Choice Options Dialog BoxTo enable the Tools (Maintenance and Troubleshooting) option in the Client Installation Wizard, perform the following steps: 1. | Start Active Directory Users and Computers. | 2. | In the console tree, browse to GroupPolicyContainer (where GroupPolicyContainer is either the domain or the organizational unit (OU) that contains the RIS servers), right-click GroupPolicyContainer, and then click Properties. | 3. | On the Group Policy tab, click the default domain policy, and then click Edit. | 4. | In the console tree of the Group Policy Object Editor, expand User Configuration, expand Windows Settings, and then click Remote Installation Services. | 5. | In the details pane, double-click Choice Options. | 6. | In the Tools section of the Choice Options Properties dialog box, click Enabled. | 7. | In the Automatic Setup section, click Disabled. | 8. | In the Custom Setup section, click Disabled. | 9. | In the Restart Setup section, click Disabled, and then click OK. | 10. | Close the Group Policy Object Editor. | 11. | Close Active Directory Users and Computers. |
Modifying Tools.osc and Tlchoice.osc FilesYou need to modify Tools.osc so that RIS automatically selects the default tool without waiting for interaction. Note In the version of RIS in Windows Server 2003 SP1 and later versions, two files need to be modified: Tools.osc and Tlchoice.osc. To modify the Tools.osc file (or the Tlchoice.osc file for SP1), perform the following steps: 1. | On the RIS server, start Notepad. | 2. | In Notepad, open ToolsPath\Tools.osc (or Tlchoice.osc for SP1) (where ToolsPath is the path to the Template folder of the Windows PE image that you want to modify)—for example, \RemoteInstall\Setup\English\Images\RIS\I386\Templates. | 3. | In the Tools.osc file (or the Tlchoice.osc file for SP1), locate the entry <SELECT NAME="SIF" NOAUTO SIZE=12>, which Listing 15 shows. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. <OSCML>
<META KEY=F3 ACTION="REBOOT">
<META KEY=F1 HREF="TOOLSHLP">
<META KEY=ESC HREF="CHOICE">
<META SERVER ACTION="ENUM TOOLS CMDCONS">
<TITLE> Client Installation Wizard Tools</TITLE>
<FOOTER> [ENTER] continue [ESC] go back
[F1] help [F3] restart computer</FOOTER>
<BODY left=5 right=75>
<BR>
<BR>
Use the arrow keys to select one of the
following options:
<BR>
<P left=8>
<FORM ACTION="LAUNCH">
<SELECT NAME="SIF" NOAUTO SIZE=12>
%OPTIONS%
</SELECT>
</FORM>
</P>
<BOLD>Description:</BOLD>  
<TIPAREA>
</BODY>
</OSCML> Listing 15. Original version of Tools.osc (or Tlchoice.osc for SP1) | 4. | Remove NOAUTO from the entry, as illustrated in Listing 16. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. <OSCML>
<META KEY=F3 ACTION="REBOOT">
<META KEY=F1 HREF="TOOLSHLP">
<META KEY=ESC HREF="CHOICE">
<META SERVER ACTION="ENUM TOOLS CMDCONS">
<TITLE> Client Installation Wizard Tools</TITLE>
<FOOTER> [ENTER] continue [ESC] go back
[F1] help [F3] restart computer</FOOTER>
<BODY left=5 right=75>
<BR>
<BR>
Use the arrow keys to select one of the
following options:
<BR>
<P left=8>
<FORM ACTION="LAUNCH">
<SELECT NAME="SIF" SIZE=12>
%OPTIONS%
</SELECT>
</FORM>
</P>
<BOLD>Description:</BOLD>  
<TIPAREA>
</BODY>
</OSCML> Listing 16. Modified version of Tools.osc (or Tlchoice.osc for SP1) | 5. | Save the file, and then close Notepad. Note If you are running Windows Server 2003 without SP1 (or later versions), no further modifications are necessary. |
To modify the Tools.osc file for Windows Server 2003 SP1 or later, complete the following steps: 1. | On the RIS server, start Notepad. | 2. | In Notepad, open ToolsPath\Tools.osc (where ToolsPath is the path to the Template folder of the Windows PE image that you want to modify)—for example, \RemoteInstall\Setup\English\Images\RIS\I386\Templates. | 3. | In the Tools.osc file, search for <TITLE>. | 4. | Insert a new line immediately above <TITLE> found in Step 3. | 5. | On the new line, type <META ACTION=AUTOENTER>. | 6. | Save the file, and then close Notepad. |
Customizing Login.oscTo customize Login.osc to provide credentials for authentication, complete the following steps: 1. | Use a text editor to open the file \RemoteInstall\OSChooser\English\login.osc. | 2. | Replace the string "*****" with the username and password values appropriate for your environment. For example, if you used OSDUser for the USERNAME value and Deploy101 for the PASSWORD value, the edited lines are illustrated in Listing 17: Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. <INPUT NAME="USERNAME" MAXLENGTH=255
TYPE=TEXT VALUE=OSDUser>
<INPUT NAME="*PASSWORD" TYPE=PASSWORD
MAXLENGTH=20 VALUE=Deploy101>
Listing 17. Example of modifying Login.osc Listing 18 is an example of a modified login.osc file: Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. <OSCML>
<TITLE> SMS OSD Client Installation Wizard Logon</TITLE>
[ENTER] continue [ESC] clear [F1] help
[F3] restart computer</FOOTER>
<META KEY=F3 ACTION="REBOOT">
<META KEY=F1 HREF="LOGINHLP">
<META KEY=ESC HREF="LOGIN">
<META ACTION="LOGIN">
<META ACTION=AUTOENTER>
<BODY left=5 right=75>
Type a valid user name, password, and domain name.
You may use the Internet-style logon format (for example:
Username@Company.com).
<FORM ACTION="CHOICE">
  User name: <INPUT NAME="USERNAME"
MAXLENGTH=255 TYPE=TEXT VALUE=osduser>
   Password: <INPUT NAME="*PASSWORD"
TYPE=PASSWORD MAXLENGTH=20 VALUE=Deploy101>
Domain name: <INPUT NAME="USERDOMAIN"
VALUE=%SERVERDOMAIN% MAXLENGTH=255>
</FORM>
Press the TAB key to move between the User name, Password,
and Domain name fields.
You are connected to %SERVERNAME%
</BODY>
</OSCML> Listing 18. Modified version of Login.osc |
Customizing Welcome.osc, Install.osc, and Oschoice.oscTo customize Welcome.osc, Install.osc, and Oschoice.osc to provide credentials for authentication, complete the following steps: 1. | On the RIS server, start Notepad. | 2. | In Notepad, open OSCFile (where OSCFile is \RemoteInstall\OSChooser\Welcome.osc). | 3. | In the file, search for <TITLE>. | 4. | Insert a new line immediately above <TITLE> found in Step 3. | 5. | On the new line, type <META ACTION=AUTOENTER>. | 6. | Save the file, and then close Notepad. |
Complete Steps 1-4 for the following files: | • | \RemoteInstall\OSChooser\English\Install.osc | | • | \RemoteInstall\OSChooser\English\Oschoice.osc |
An additional copy of the Welcome.osc file exists in the\RemoteInstall\OSChooser\English\ folder. This file is the language-specific version of the file. Only modify the version of Welcome.osc in the \RemoteInstall\OSChooser\ folder. Note Oschoice.osc is used by RIS when there is more than one RIS image to choose from. It prompts the user for the appropriate image. Installing Solution Accelerator for BDDBefore you can deploy images to workstations, you must install Solution Accelerator for BDD. Several technologies are included in Solution Accelerator for BDD, and you must install each technology separately. To install Solution Accelerator for BDD, perform the following steps: 1. | Install the SMS 2003 OSD Feature Pack. | 2. | Install the ZTI files. | 3. | Install USMT 2.6. | 4. | Install the AdminDB Console. | 5. | Install Solution Accelerator for BDD Reporting. |
Installing the SMS 2003 OSD Feature PackYou install the SMS 2003 OSD Feature Pack on either an SMS 2003 site server or on a workstation running the SMS 2003 Administrator Console. As previously mentioned, you must install SMS 2003 SP1 on all site servers to support the SMS 2003 OSD Feature Pack. In addition, you need to install the SMS Administrator Console supplied with SMS 2003 SP1. To ensure that more than one workstation can administer the SMS 2003 OSD Feature Pack, install the SMS 2003 OSD Feature Pack on an SMS 2003 site server (recommended). To install the SMS 2003 OSD Feature Pack, you must: | • | Extract the setup files that come with the product. | | • | Install the SMS 2003 OSD Feature Pack on an SMS site server and administrator console. Note It is recommended that you back up your SMS site before upgrading SMS or adding a feature pack. Note For more information about installing the SMS 2003 OSD Feature Pack, see Microsoft Systems Management Server 2003 Operating System Deployment Feature Pack Users Guide in the Additional Resources section of this guide. |
Installing ZTI FilesInstall the ZTI files in a folder in which you will create the SMS 2003 OSD Feature Pack images. To install the ZTI files, perform the following steps: 1. | Install the files in the Bddenterprise.msi file. | 2. | Install additional files that the ZTI scripts require. |
Install the Files in the Bddenterprise.msi FileTo install the files in the Bddenterprise.msi file, perform the following steps: 1. | Navigate to the folder in which the Bddenterprise.msi file resides. | 2. | Double-click the Bddenterprise.msi file. | 3. | Complete the BDD Enterprise wizard by performing the steps in Table 19. Table 19. Completing the BDD Enterprise Wizard Welcome to the BDD Enterprise Setup Wizard | Click Next. | License Agreement | Review the license agreement, click I agree, and then click Next. | BDD Enterprise Information | Review the information and then click Next. | Select Installation Folder | In the Folder text box, type BDDEnterpriseFolder (where BDDEnterpriseFolder is the path to the folder in which you want to install BDD Enterprise). The default folder location is C:\Program Files\BDD Enterprise 2.5. Click Everyone. Click Next. | Confirm Installation | Click Next. | Setup Complete | Click Close. |
| 4. | Set the NTFS file system folder permissions on ZTIFolder (where ZTIFolder is the name of the folder into which you installed the ZTI files)to the following permissions: | • | Authenticated Users: Read | | • | Administrators: Full Control |
| 5. | Share the folder selected in step 4 as ZTI with the following shared folder permissions: | • | Authenticated Users: Read | | • | Administrators: Full Control Note For the remainder of this document, the shared folder created in this step will be referred to as the ZTI shared folder. |
|
Install the Additional Files in the Bddenterprise.msi FileIn addition to the files found in the Bddenterprise.msi file, you also need to manually install files that the ZTI scripts require. Table 20 lists the additional files required and where they reside. Dbnmpntw.dll and Sqloledb.rll are only needed if you will be accessing SQL Server. Copy the files to the ZTI shared folder you created. You will add these files to phases in your Image package later as described in the Configuring the ZTI Operating System Image section of this guide. Table 20. Additional Files Required by ZTI Scripts and Their Location Dbnmpntw.dll | Any Windows XP SP2 installation | Sqloledb.rll | Any Windows XP SP2 installation | Capicom.dll | Downloaded from Microsoft at http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6&displaylang=en | OSDConnectToUNC.exe | \\servername\SMS_XXX\OSD\OSDConnectToUNC.exe (where servername is the name of your SMS site server and XXX is the site code of your SMS site server) |
Note You also need to include the Sqloledb.rll file in the Windows PE image. For more information about how to include files in Windows PE images, see the Microsoft Windows Preinstallation Environment User's Guide (Winpe.chm) in the Docs folder of the Windows PE 2004 CD or review the online documentation related to Windows PE at http://www.microsoft.com/whdc/system/winpreinst/default.mspx Installing USMT 2.6You need to install USMT version 2.6 in a shared folder. Create the shared folder so that the folder can be accessed by the SMS primary site server on which you installed the SMS 2003 OSD Feature Pack. You can obtain USMT version 2.6 at http://www.microsoft.com/downloads/details.aspx?FamilyID=4af2d2c9-f16c-4c52-a203-8daf944dd555&DisplayLang=en. To install USMT 2.6, perform the following steps: 1. | Complete the USMT Setup Wizard by using the information in Table 21. Table 21. Completing the USMT Setup Wizard Welcome | Click Next. | License Agreement | Review the license agreement, click I agree, and then click Next. | Select Installation Folder | In the Folder text box, type USMTFolder (where USMTFolder is the path to the folder in which you want to install USMT). The default folder location is C:\USMT. Click Everyone. Click Next. | Confirm Installation | Click Next. | Setup Complete | Click Close. |
| 2. | Set the following NTFS file system folder permissions on USMTFolder (where USMTFolder is the name of the folder in which you installed the USMT files): | • | Authenticated Users: Read | | • | Administrators: Full Control |
| 3. | Share USMTFolder (where USMTFolder is the name of the folder <typically Bin> in which you installed the USMT files)with the following shared folder permissions: | • | Authenticated Users: Read | | • | Administrators: Full Control Note For the remainder of this document, the shared folder created in this step will be referred to as the USMT shared folder. |
|
Installing the AdminDB ConsoleWhen you installed the ZTI files, you installed the AdminDB console in the same folder structure. The AdminDB console should be in the AdminDB folder beneath the ZTI shared folder. To install the AdminDB console, perform the following steps: 1. | Install the AdminDB files. | 2. | Determine the size of the AdminDB database | 3. | Run the script that creates the AdminDB database. | 4. | Configure the database and log settings for the AdminDB console |
Installing the AdminDB FilesTo install the AdminDB console, perform the following step: 1. | Copy the \\servername\ZTI\AdminDB (where servername is the name of the server on which you installed the ZTI files) folder and subfolders to LocalPath\AdminDB (where LocalPath is a local path on the computer on which you want to run the AdminDB console). |
Determining the Size of the AdminDB DatabaseBefore you can run the script that creates the AdminDB database, you need to determine the size of your AdminDB database. The database needs to be created large enough to hold all the configuration information for your workstation-specific settings. The default—9 MB—provides enough storage to support 500 computers (assuming that you are using an unmodified AdminDB database schema). For more information about modifying the AdminDB database schema, see Modifying the AdminDB Database Schema in this guide. | • | You can calculate the approximate size of the database by: |
1. | Multiplying the length of one row in the database (approximately 3.5 KB) by the number of computers that you want to include in the deployment. | 2. | Determining the number of administrators who will modify the AdminDB database, then adding two to that number. For each administrator, the AdminDB console creates a separate backup copy of the database to support the Rollback function. AdminDB creates backups of the database when an administrator performs an Import or an Update function on the AdminDB database. | 3. | Multiplying the size of the database you calculated in step 1 by the number you determined in step 2: This is the size of the data portion of the database. For example, if you want to deploy to approximately 10,000 computers and you have three administrators, the size of the data portion of the database will be 150 MB (3.5 KB × 10,000 × (3 + 2)). | 4. | Multiplying the size of the data portion of the database you calculated in step 3 by 1.5. This is the size of the transaction log portion of the database. For example, if you determine that the data portion of the database is 150 MB, the size of the transaction log portion of the database will be 225 MB (150MB × 1.5). | 5. | Adding the size of the data portion and the transaction log portion of the database to determine the total size of the AdminDB database. |
You must ensure that the SQL Server you select to host the AdminDB database has sufficient disk capacity to store the AdminDB database. Running the Script That Creates the AdminDB DatabaseTo create the AdminDB database, perform the following steps: 1. | Copy the following files from the AdminDB\database folder to TargetFolder on SQLServer (where AdminDB is the folder into which you copied the AdminDB, TargetFolder is a folder you create, and SQLServer is the same SQL Server that SMS uses): | • | BDDAdminDB-Create.sql | | • | BDDAdminDB-Create.cmd |
| 2. | From a command prompt, change to TargetFolder (where TargetFolder is the folder you created in step 1), type BDDAdminDB-Create, then press ENTER. The BDDAdminDB-Create.cmd script: | • | Creates a database on the SQL Server named BDDAdminDB. | | • | Creates the database objects (such as tables and user defined data types) in the BBDAdminDB database. | | • | Creates a log file called BDDAdminDB-Create.rpt. |
| 3. | Review the contents of the BDDAdminDB-Create.rpt file by using a text editor (such as Notepad) to determine if any errors occurred during the creation of the BDDAdminDB database. | 4. | Close the command prompt window. |
Configuring the Database and Log Settings for the AdminDB Console The AdminDB console need to be configured so that the console uses the appropriate data source for the database you created earlier in the process. In addition, you need to configure the location where the console will store log files. To configure the database and log settings for the AdminDB console, perform the following steps: 1. | Use an Extensible Markup Language (XML) editor such as Microsoft Office FrontPage® 2003 or Notepad to edit the AdminDB\GUI\BDDAdminDB config file (where AdminDB is the folder in which you copied the AdminDB folder). | 2. | Modify the SQL OLE DB connect string located at approximately line 19 to connect to SQLServer (where SQLServer is the same SQL Server machine that SMS uses), as shown in Listing 19. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. <add key="ConnectionString" value="Provider=sqloledb;
Data Source=(SQLServer); Integrated Security=SSPI;
Initial Catalog=BDDAdminDB" /> Listing 19. Configuring the name of the SQL Server that hosts the AdminDB Database | 3. | Modify the SQL OLE DB connect string located at approximately line 19 to connect to Database (where Database is the name of the AdminDB database), as shown in Listing 20. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. <add key="ConnectionString" value="Provider=sqloledb;
Data Source=(local); Integrated Security=SSPI;
Initial Catalog=Database" /> Listing 20. Configuring the name of the AdminDB database | 4. | If necessary, modify the file name and path of the log file created by the AdminDB console, as shown in Listing 21. <add key="LogFilePath" value="C:\BDDAdminDB.log" /> Listing 21. Configuring log path and file name used by the AdminDB console | 5. | Close the XML editor. |
Configuring the Appropriate Resource AccessDuring the deployment to the workstations, the SMS client connects to the distribution point shares and shared folders. You need to create accounts within SMS for use by the SMS client when accessing these resources. To configure the appropriate resource access, perform the following steps: 1. | Configure SMS client access accounts. | 2. | Configure shared folder permissions. |
Configuring Client Access AccountsThe SMS client needs an account to provide as credentials when accessing your distribution points and shared folders. The accounts you need to configure are listed in Table 22. Table 22. Accounts Needing to Be Configured SMS client connection account | Used by legacy clients (such as Windows NT 4.0 Workstation) to install the legacy client software. | SMS advanced client network access account | Used by OSD on Windows 2000 Workstation and later operating systems to access the distribution point that contains the OS package. | SMS legacy client software installation account | Used by OSD on operating systems prior to Windows 2000 Workstation to access the distribution point that contains the OS package. |
To configure the client access accounts, perform the following steps: 1. | Create the user account and password in an Active Directory domain. | 2. | In the SMS Administrator Console, navigate to the Client node, as illustrated in Figure 8. | 3. | Right-click the Client node, click New, and then click Windows User Account. | 4. | In the Connection Account Properties dialog box, click Set. | 5. | Complete the Windows User Account dialog box by using the information in Table 23, and then click OK. Table 23. Information Required to Complete the Windows User Account Dialog Box User name | Type UserName (where UserName is the name of the user account that you wish to use). | Password | Type Password (where Password is the password for the user account that you wish to use). | Confirm Password | Type Password (where Password is the password for the user account that you wish to use). |
| 6. | Repeat steps 3–5 for each client access account you need to create. | 7. | In the SMS Administrator Console, navigate to the Component Configuration node, as illustrated in Figure 9.  Figure 9. Configuring Software Distribution to use the Client Connection accounts
See full-sized image | 8. | In the details pane, right-click Software Distribution, and then click Properties. The Software Distribution Properties dialog box, illustrated in Figure 10, appears. | 9. | In the Software Distribution Properties dialog box, click the General tab, enter the corresponding accounts in the Legacy Client Software Installation Account and the Advanced Client Network Access Account text boxes, and then click OK. | 10. | Close any open windows. |
Creating Additional Shared FoldersAfter you have configured the SMS client access accounts, you need to create additional shared folders in which to store the user state migration data and the deployment logs. Table 24 lists the shared folders that you need to create and describes the purpose of each shared folder. For more information about the planning for these share folders, see Providing Sufficient Storage for User State Migration Data and Providing Sufficient Storage for Deployment Logs earlier in this guide. Table 24. Shared Folders and Their Descriptions MigData | Stores the user state migration data during the deployment process. | Logs | Stores the deployment logs during the deployment process. |
Configuring Shared Folder PermissionsAfter you have configured the SMS client access accounts, you need to configure the appropriate shared folder permissions. Ensure that unauthorized users are unable to access user state migration information and the deployment logs. Only the workstation creating the user state migration information and the deployment logs should have access to these folders. To configure the shared folder permissions for each folder listed in Table 24, perform the following steps for each folder: 1. | Start Windows Explorer and navigate to SharedFolder (where SharedFolder is one of the shared folders listed in Table 24). | 2. | Right-click SharedFolder (where SharedFolder is one of the shared folders listed in Table 24), and then click Properties. | 3. | On the Security tab, click Advanced. | 4. | On the Permissions tab, clear the Allow inheritable permissions from the parent to propagate to this object and all child objects check box. | 5. | When the Remove when prompted to either Copy or Remove the permission entries that were previously applied from the parent appears, click Remove. | 6. | On the Permissions tab, click Add. | 7. | In the Enter the object name to select text box, type Domain Computers, and then click OK. This action allows domain computers to create subfolders. | 8. | On the Permission Entry for Text dialog box, in the Apply onto list, select This folder only. | 9. | On the Permission Entry for Text dialog box, in the Permissions list, select Allow for the Create Folders/Append Data permission, and then click OK. | 10. | Repeat steps 6– 9 substituting Domain Users for Domain Computers. | 11. | On the Permissions tab, click Add. | 12. | In the Enter the object name to select text box, type CREATOR OWNER, and then click OK. This action allows domain computers and domain users to access the subfolders they create. | 13. | On the Permission Entry for Text dialog box, in the Apply onto list, select Subfolders and files only. | 14. | On the Permission Entry for Text dialog box, in the Permissions list, select Allow for the Full Control permission, and then click OK. | 15. | Repeat steps 11–13 for each group that you want to grant administrative privileges. |
The permissions you set in these steps allow a workstation to connect to the appropriate share and create a new folder in which to store user state information or logs, respectively. The folder permissions prevent other users or computers from accessing the data stored in the folder. Note The default permissions on the SMS distribution point shares should provide the appropriate resource access by default. Configuring Access for Deployment PhasesThe deployment of your operating system packages to your workstation can be broken down into the phases described in Table 25. These phases occur during different sequences in the deployment process. Table 25. Operating System Deployment Phases and Their Descriptions Validation | Performs validation checks to make sure that the operating system installation can proceed; specifically blocks installation on server operating systems. | Any credentials | State Capture | Gathers information from the configuration file, databases, and the local machine to determine how the image installation process should proceed, including whether there is enough space to do a local USMT state backup; invokes USMT Scanstate as appropriate. | Any credentials | Package Selection | When Windows PE is used to prepare the workstation for installation, OSD uses the information in the Ripinfo.ini file to locate and run the command in the [UserCommand] section (ZeroTouchInstallation.vbs). OSD ignores the [ImageInfo] section and simply passes control to ZeroTouchInstallation.vbs. When you initiate the installation of Windows PE from a CD, the CD-based method ignores the [UserCommand] section and uses the information in the [ImageInfo] section. The CD-based method is not automated and requires manual selection of the image to install. This phase exists only when you are installing a new operating system installation (New Computer and Replace Computer scenarios). | Credentials in Ripinfo.ini that provide access to the distribution point Credentials in Ripinfo.ini that provide access to the shared folder specified in the [UserCommand] section | Preinstall | Confirms that the necessary information has been gathered (or in the case of the New Computer or Replace Computer scenario, gathers the information). | Any credentials | Postinstall | Updates the Sysprep.inf file with information gathered in the previous custom actions. | Any credentials | State Restore | Invokes USMT Loadstate to restore the user state that was previously backed up. | Any credentials |
You can divide the authentication requirements into authentication required for: | • | The Package Selection Phase. | | • | All other phases. |
Authenticating Access During the Package Selection PhaseDuring the Package Selection Phase, only a limited number of credentials are available. These credentials are stored in the Ripinfo.ini file and are used by OSD to provide access to the resources. The credentials supplied in Ripinfo.ini include credentials as specified in the: | • | [RIPInfo] section. The credentials in [RIPInfo] are used to authenticate access for the shared folder on the distribution point where the package image is stored. | | • | [UserCommand] section. The credentials in the [UserCommand] section are used to authenticate access to the shared folder where the command line program is stored (which may also be on the same distribution point). |
A sample Ripinfo.ini file is illustrated in Listing 22. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. [RIPInfo]
Images=1
LocalImage=Yes
WizTitle=XPSP2
AllowMachineName=No
SiteCode=SMS
ManagementPoint=SERVER1:80
Reserved1=5EDBD289503F9DA5B84F6BA5320EACCB250DA92C
A96A46E265F7732A4071BF0BD196976C659D66
Reserved2=E35E5E17C5AD023A280D3DBC9D5C0DF0042E583
113F3A183CE7A9DDE0E15640B29D4AFC6BE517A
Reserved3=66AEA099AE219FD2A1AB1C4E97D1D3E9C67E58F60B
[UserCommand]
CommandLine=""\\Server1\SMSPKGE$\SMS00001
\ZeroTouchInstallation.vbs" /phase:NewComputer" /scriptlog
NetworkShare=\\Server1\SMSPKGE$\SMS00001
Reserved1=2BDEF2AE706BC58AEA1B1DF04F0BD8CF5C0AA
B5DDB1F43E25F2D6967E794E2F62416DCD3736A27
Reserved2=965B5E10C5D97A355AA70B0082C94BADE1A90
C403969116AF008F0618690CDAFB7A374FD7E7E56
Reserved3=C3ABADA631DDDC0686C3C3CFF748EB6F0E5FCE89AD Listing 22. Sample Ripinfo.ini You can only connect to the following two servers during the Package Selection: | • | Distribution point specified in the [RIPInfo] section. | | • | Server hosting the network share specified in the [UserCommand] section. Note If both of these sections point to the distribution point, then you can only access resources on the distribution point. |
Authenticating Access During All Other PhasesDuring the other phases listed in table, you can connect to: | • | The distribution point by using the user credentials supplied by OSD. | | • | Other servers by using the Connect to UNC action. |
You supply credentials when you configure a Connect to UNC action. In addition to a connection to shared folders, you can use the credentials supplied in the Connect to UNC action to authenticate to application or database servers (such as Microsoft SQL Server 2000 or Microsoft Exchange Server 2003). To authenticate on these application or database servers, use the Connect to UNC action to connect to any share on that server. Other connections, such as Named Pipes or Remote Procedure Call, will use the same credentials you supplied in the Connect to UNC action. Authenticating Access Through Encrypted CredentialsYou can also supply credentials to the ZeroTouchInstallation.vbs script through the Encryptedsettings.ini file. The ZeroTouchInstallation.vbs. script first tries to obtain credentials from Encryptedsettings.ini to use when accessing SQL server or a shared folder (such as SLShare, UDShare, or DriverPath). You can use this method for providing credentials when you need to deliver an SMS package to a workstation without using OSD. For example, you could use this method in the Replace Computer scenario when you send an SMSP package that captures user state migration information (see more information on this by reviewing the Replace Computers scenario earlier in this guide). In instances where you are using OSD, use Connect to UNC instead. The credentials stored in ZeroTouchInstallation.vbs are encrypted and decrypted by: | • | Encrypt.vbs. Used to encrypt the credentials and place them in Encryptedsettings.ini by using an encryption key stored in another file. The syntax is as follows: Cscript Encrypt.vbs Unencryptedcredentials.ini Encryptionkey.txt Encryptedcredentials.ini Where: | • | Unencryptedcredentials.ini is the name of the file that contains your unencrypted credentials (as illustrated in Listing 23). | | • | Encryptionkey.txt is the name of the file that contains the key pair used for encryption. |
| | • | Decrypt.vbs. Used to decrypt the credentials stored in Encryptedsettings.ini and place the unencrypted credentials in a file by using an encryption key stored in another file. Cscript Decrypt.vbs Encryptedcredentials.ini Encryptionkey.txt Unencryptedcredentials.ini Where: | • | Unencryptedcredentials.ini is the name of the file that contains your unencrypted credentials (as illustrated in Listing 23). | | • | Encryptionkey.txt is the name of the file that contains the key pair used for encryption. Note Encrypt.vbs and Decrypt.vbs are installed during the BDDEnterprise.msi process. [Server]
NYC-AM-FIL-01=WOODGROVEBANK\NYCUtil;P@ssword
DAL-AM-FIL-01=WOODGROVEBANK\DALUtil;password!
[SQL]
NYC-AM-SQL-04=sa;password
Listing 23. Sample file that contains unencrypted credentials |
|
To use Encryptedcredentials.ini you need to include the following in the image package: | • | An Encryptedcredentials.ini file that contains your credentials. | | • | Capicom.dll to support access to Encryptedcredentials.ini. |
To use Encryptedcredentials.ini to provide credentials to a server running SQL Server 2000, you need to add the SQLShare parameter in the SQL section in Customsettings.ini. Configuring the ZTI Operating System ImageYou can configure a particular operating system to use the ZTI scripts by using the SMS Administrator Console. The SMS 2003 OSD Feature Pack defines phases, listed in Table 26, that occur during the deployment of your SMS 2003 OSD Feature Pack image to the workstation. You need to configure each phase with the appropriate ZTI script settings to fully automate your Windows XP deployment. Table 26. SMS OSD Feature Pack Phases, the Custom Action Names, and Their Descriptions Validation | Zero Touch Installation—Validation | Performs validation checks to make sure that the operating system installation can proceed; specifically blocks installation on server operating systems. | State Capture | Zero Touch Installation—State Capture | Gathers information from the configuration file, databases, and the local machine to determine how the image installation process should proceed, including whether there is enough space to do a local USMT state backup; invokes USMT Scanstate as appropriate. | Preinstall | Zero Touch Installation—Preinstall | Confirms that the necessary information has been gathered (or in the “bare metal” case, gathers it). | Postinstall | Zero Touch Installation—Postinstall | Updates the Sysprep.inf file with information gathered in the previous custom actions. | State Restore | Zero Touch Installation—State Restore | Invokes USMT Loadstate to restore the user state that was previously backed up. |
Configuring the Validation Phase ActionsTo configure the Validation Phase actions, perform the following steps: 1. | In the SMS Administrator Console, expand Image Packages, expand Package, then click Programs (where Package is the name of the package you want to configure). | 2. | In the details pane, double-click Program (where Program is the name of the program that you want to configure). | 3. | In the Program Properties dialog box, click the Advanced tab (where Program is the name of the program that you want to configure). | 4. | In the Phase drop-down list, select Validation, and then click Add. The Add Action: Validation dialog box appears. | 5. | From the list of action types, select Custom, and then click OK. | 6. | Complete the custom actions by using the information listed in Table 27, where servername is the name of the server hosting the shared folder. Table 27. Configuration Information for the Validation Phase Actions Name | Zero Touch Installation—Validation | Command line | ZeroTouchInstallation.vbs /phase:Validation | Files | \\servername\ZTI\Customsettings.ini \\servername\ZTI\Dbnmpntw.dll \\servername\ZTI\ZeroTouchInstallation.vbs \\servername\ZTI\Sqloledb.rll |
|
Configuring the State Capture Phase ActionsTo configure the State Capture Phase actions, perform the following steps: 1. | In the SMS Administrator Console, expand Image Packages, expand Package, then click Programs (where Package is the name of the package you want to configure). | 2. | In the details pane, double-click Program (where Program is the name of the program that you want to configure). | 3. | In the Program Properties dialog box, click the Advanced tab (where Program is the name of the program that you want to configure). | 4. | In the Phase drop-down list, select State Capture, and then click Add. | 5. | From the list of action types, select Custom, and then click OK. | 6. | Complete the custom actions by using the information listed in Table 28, where servername is the name of the server hosting the shared folder. Table 28. Configuration Information for the State Capture Phase Actions Name | Zero Touch Installation—State Capture | Command line | ZeroTouchInstallation.vbs /phase:StateCapture | Files | \\servername\ZTI\Customsettings.ini \\servername\ZTI\Dbnmpntw.dll \\servername\ZTI\ZeroTouchInstallation.vbs \\servername\ZTI\Sqloledb.rll \\servername\ZTI\Updateuser.inf \\servername\ZTI\Userdata.inf \\servername\USMT\*.* |
|
Specifying User Profiles to MigrateDuring the State Capture Phase, you need to specify the user profiles that you want to migrate. The deployment process provides a number of ways to specify the user profiles that you want to migrate. You can specify the user profiles to migrate in the following: | • | UDProfiles. This key in the CustomKeysUserData line in the [Settings] section is used to specify the user profiles to migrate in the Customsettings.ini file or in the AdminDB. | | • | Updateuser.inf. This file is stored in the ZTI shared folder, is the same for all users accessing that share and is provided as a parameter to USMT. |
Table 29 lists the advantages and disadvantages of these methods for specifying the user profiles to migrate. Table 29. Advantages and Disadvantages of the Methods for Specifying User Profiles to Migrate UDProfiles | List of user profiles can be dynamically based on the Customsettings.ini file or AdminDB settings. | Can only include user profiles to be migrated. This method cannot exclude user profiles. | Updateuser.inf | Can explicitly include and exclude user profiles to be migrated. | List of user profiles to migrate is static and is the same for all computers that use the same ZTI share. |
Specifying User Profiles to Migrate in UDProfilesThe UDProfiles custom user key is used to specify the user profiles to be migrated. You can configure UDProfiles in the Customsettings.ini file or in the AdminDB database. You can specify multiple users by separating the users with a comma. Listing 24 illustrates the use of UDProfiles in specifying the user profiles to migrate. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. [Settings]
Priority= DefaultGateway, SQL, Default
CustomKeysUserData=UDShare,UDDir,
UDProfiles,SLShare,OSInstall,JoinDomain,CaptureGroups
CustomKeysSysprep=ComputerName,TimeZone,JoinDomain,
MachineObjectOU
OSDVariableKeys=OSDINSTALLSILENT,OSDINSTALLPACKAGE,
OSDINSTALLPROGRAM,OSDNEWMACHINENAME
ScanStateArgs=/i:miguser.inf /i:migapp.inf /i:migsys.inf
/i:sysfiles.inf /i:updateuser.inf /v:7 /x /s /f /o /c
LoadStateArgs=/v:7 /c
UserExit=ZTIUserExit.vbs
[Default]
UDShare=\\NYC-AM-FIL-01\MigData
SLShare=\\NYC-AM-FIL-01\Logs
UDProfiles=*\*
CaptureGroups=No
OSDINSTALLSILENT=1
OSDINSTALLPACKAGE=NYC00001
OSDINSTALLPROGRAM=InstallXPAPPDOMAIN\* Listing 24. Excerpt from a Customsettings.ini file that illustrates the use of UDProfiles The UDProfiles custom user key is scanned by the ZTI engine and translates the setting to a corresponding /user parameter for USMT during the State Capture Phase. During the State Restore Phase, the ZTI engine passes the same /user parameter to USMT to restore the same list of users. Note The /user parameter (created by UDProfiles) automatically overrides any settings in Updateuser.inf. However, you cannot use UDProfiles, or the /user parameter, with the USMT /all parameter. For more information about the parameters supported by USMT, see “To select user states to migrate using Scanstate” and “To include and exclude user states using .inf files” in User State Migration Tool Help included with USMT version 2.6. Specifying Users Profiles to Migrate in Updateuser.infThe deployment process utilizes a file called Updateuser.inf, as seen in Table 28. Updateuser.inf is included as a parameter on the USMT command line during the State Capture Phase. You specify the user profiles that you want USMT to migrate by entering them in the [IncludeUsers] section of the Updateuser.inf file. You can also specify user profiles that you want USMT to ignore by entering them in the [ExcludeUsers] section of the Updateuser.inf file. The Updateuser.inf file allows you to dynamically build a user list, while keeping the USMT command line the same. The format for entering the names of the user profiles is Domain\Username (where Domain can be any Active Directory domain, or computer name for local accounts, and Username is the username of the user profile). Table 30 lists examples entries in Updateuser.inf. Table 30. Examples of Entries in Updateuser.inf * or *\* | All user profiles. | Domain\* | All user profiles in Domain (where Domain is the name of a domain or computer). | Domain\Username | Username profile in Domain (where Username is the name of the user and Domain is the name of the domain or computer where Username exists). |
By default, ZTI includes an Updateuser.inf file as show in Listing 25. [Version]
Signature=$Windows NT$
DriverVer=10/01/2002,5.2.3790.1170
[IncludeUsers]
*\*
%COMPUTERNAME%\*
[ExcludeUsers]
%COMPUTERNAME%\SMSCliSvcAcct&
%Computername%\*
APPDOMAIN\* Listing 25. Default Updateuser.inf included in ZTI deployments Listing 26 shows a sample Updateuser.ini. In this example, all user profiles are migrated except any user profiles for users that exist: | • | On the local computer (%Computername%\*). | | • | In the APPDOMAIN domain (APPDOMAIN\*). [IncludeUsers]
*\*
.
.
.
[ExcludeUsers]
%Computername%\*
APPDOMAIN\* Listing 26. Sample Updateuser.inf |
For more information about the variables and wild-card characters supported by USMT in Updateuser.inf, see [Include Users] Section and [Exclude Users] Section in User State Migration Tool Help included with USMT 2.6. Specifying Additional File Extensions to MigrateBy default, USMT migrates the file type known to the Windows operating system. You can instruct USMT to migrate additional file types by using the Userdata.inf file. The [Files and Folders] section of Userdata.inf allows you to easily migrate extensions, specific files, standard directories (like My Documents), and new directories (for example, C:\myfiles) directly to the same location on the destination computer. A sample Userdata.inf file is illustrated in Listing 27. [Files and Folders]
EXT, doc
FILE, %appdata%\myfile.dat
DIR, %csidl_personal%*\* Listing 27. Sample Userdata.inf For more information about the [Files and Folders] section in Userdata.inf, see [Files and Folders] Section in User State Migration Tool Help included with USMT 2.6. Backing Up the Administrators and Power Users Group MembershipDuring the State Capture Phase, the ZeroTouchInstallation.vbs script backs up the membership of the local Administrators and Power Users groups. Later in the State Restore Phase, the ZeroTouchInstallation.vbs script restores the group membership for each group to the same list of users. If you want to disable the backup and restore of Administrator and Power Users group membership, configure the CaptureGroups setting in Customsettings.ini to NO, as illustrated in Listing 28. If the CaptureGroups setting is missing or set to any other value, the Administrators and Power Users group membership is migrated. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. [Settings]
Priority= DefaultGateway, SQL, Default
CustomKeysUserData=UDShare,UDDir,UDProfiles,
SLShare,OSInstall,JoinDomain,CaptureGroups
CustomKeysSysprep=ComputerName,TimeZone,
JoinDomain,MachineObjectOU
OSDVariableKeys=OSDINSTALLSILENT,OSDINSTALLPACKAGE,
OSDINSTALLPROGRAM,OSDNEWMACHINENAME
ScanStateArgs=/i:miguser.inf /i:migapp.inf
/i:migsys.inf /i:sysfiles.inf /i:updateuser.inf
/v:7 /x /s /f /o /c
LoadStateArgs=/v:7 /c
UserExit=ZTIUserExit.vbs
[Default]
UDShare=\\NYC-AM-FIL-01\MigData
SLShare=\\NYC-AM-FIL-01\Logs
UDProfiles=*\*
CaptureGroups=No
OSDINSTALLSILENT=1
OSDINSTALLPACKAGE=NYC00001
OSDINSTALLPROGRAM=InstallXP
TimeZone=010
JoinDomain=WOODGROVEBANK
MachineObjectOU= OU=Workstations,DC=americas,DC=corp,
DC=woodgrovebank,DC=com
ComputerName=%OSDNEWMACHINENAME%
UDDir=%OSDCOMPUTERNAME%
OSInstall=Y
Listing 28. Configuring CaptureGroups settings to disable migration of Administrators and Power Users group membership For more information on migrating the Administrators and Power Users group membership see, Restoring the Administrators and Power Users Group Membership later in this guide. Configuring the Preinstall Phase ActionsTo configure the Preinstall Phase actions, perform the following steps: 1. | In the SMS Administrator Console, expand Image Packages, expand Package, then click Programs (where Package is the name of the package you want to configure). | 2. | In the details pane, double-click Program (where Program is the name of the program that you want to configure). | 3. | In the Program Properties dialog box, click the Advanced tab (where Program is the name of the program that you want to configure). | 4. | In the Phase drop-down list, select Preinstall, and then click Add. | 5. | In the list of action types, select Custom, and then click OK. | 6. | Complete the custom actions by using the information listed in Table 31, where servername is the name of the server hosting the shared folder. Table 31. Configuration Information for the Preinstall Phase Actions Name | Zero Touch Installation—Preinstall | Command line | ZeroTouchInstallation.vbs /phase:Preinstall | Files | \\servername\ZTI\Customsettings.ini \\servername\ZTI\Dbnmpntw.dll \\servername\ZTI\ZeroTouchInstallation.vbs \\servername\ZTI\Sqloledb.rll |
Note If the Logs or Migdata shared folders, created earlier in the process, are located on a server other than the distribution point containing your image packages, you will need to add a Connect to UNC custom action as the first item in the Preinstall Phase. The syntax of this action would be something like %UDShare%. |
Configuring the Postinstall Phase ActionsTo configure the Postinstall Phase actions, perform the following steps: 1. | In the SMS Administrator Console, expand Image Packages, expand Package, then click Programs (where Package is the name of the package you want to configure). | 2. | In the details pane, double-click Program (where Program is the name of the program that you want to configure). | 3. | In the Program Properties dialog box, click the Advanced tab (where Program is the name of the program that you want to configure). | 4. | In the Phase drop-down list, select Postinstall, and then click Add. | 5. | In the list of action types, select Custom, and then click OK. | 6. | Complete the custom actions by using the information listed in Table 32, where servername is the name of the server hosting the shared folder. Table 32. Configuration Information for the Postinstall Phase Actions Name | Zero Touch Installation—Postinstall | Command line | ZeroTouchInstallation.vbs /phase:Postinstall | Files | \\servername\ZTI\Capicom.dll \\servername\ZTI\Customsettings.ini \\servername\ZTI\Dbnmpntw.dll \\servername\ZTI\ZeroTouchInstallation.vbs \\servername\ZTI\Sqloledb.rll |
|
Configuring the State Restore Phase ActionsTo configure the State Restore Phase actions, perform the following steps: 1. | In the SMS Administrator Console, expand Image Packages, expand Package, then click Programs (where Package is the name of the package you want to configure). | 2. | In the details pane, double-click Program (where Program is the name of the program that you want to configure). | 3. | In the Program Properties dialog box, click the Advanced tab (where Program is the name of the program that you want to configure). | 4. | In the Phase drop-down list, select State Restore, and then click Add. | 5. | In the list of action types, select Custom, and then click OK. | 6. | Complete the custom actions by using the information listed in Table 33, where servername is the name of the server hosting the shared folder. Table 33. Configuration Information for the State Restore Phase Actions Name | Zero Touch Installation—State Restore | Command line | ZeroTouchInstallation.vbs /phase:StateRestore | Files | \\servername\ZTI\Capicom.dll \\servername\ZTI\Customsettings.ini \\servername\ZTI\Dbnmpntw.dll \\servername\ZTI\ZeroTouchInstallation.vbs \\servername\ZTI\Sqloledb.rll \\servername\ZTI\Updateuser.inf \\servername\USMT\*.* \\servername\SMS_XXX\OSD\OSDSWDExec.exe (where XXX is the site code of your SMS site server) \\servername\\SMS_XXX\OSD\OSDConnectToUNC.exe (where XXX is the site code of your SMS site server) |
Note For troubleshooting purposes in your lab environment, you may want to include the /debug:true switch to the end of your command line in each phase. This causes OSD to retain the C:\MININT directory, instead of deleting it, when complete. This allows you to review the logs when any error occurs. |
Performing Steps Required for Images Created by Using the BDD Computer Imaging SystemIf the image you are deploying is created by using the BDD Computer Imaging System, you need to call POST2.BAT to: | • | Install any hardware-specific software. | | • | Make any necessary post-deployment configuration changes (such as configuring network settings). |
To call POST2.BAT, add a new custom action after the Zero Touch Installation—State Restore custom action. The custom action should run C:\Local\POST2.BAT with no parameters. Note POST2.BAT (and the other batch files that POST2.BAT calls) cannot reboot the system. If a reboot is required, use a Reboot action after the custom action that runs POST2.BAT. Restoring the Administrators and Power Users Group MembershipEarlier in the State Capture Phase, the ZeroTouchInstallation.vbs script backs up the membership of the local Administrators and Power Users groups. During the State Restore Phase, the ZeroTouchInstallation.vbs script restores the group membership for each group to the same list of users. If you want to disable the backup and restore of Administrator and Power Users group membership, configure the CaptureGroups setting in Customsettings.ini to NO, as illustrated in Listing 29. If the CaptureGroups setting is missing or set to any other value, the Administrators and Power Users group membership is migrated. Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. [Settings]
Priority= DefaultGateway, SQL, Default
CustomKeysUserData=UDShare,UDDir,UDProfiles,SLShare,
OSInstall,JoinDomain
CustomKeysSysprep=ComputerName,TimeZone,JoinDomain,
MachineObjectOU
OSDVariableKeys=OSDINSTALLSILENT,OSDINSTALLPACKAGE,
OSDINSTALLPROGRAM,OSDNEWMACHINENAME
ScanStateArgs=/i:miguser.inf /i:migapp.inf /i:migsys.inf
/i:sysfiles.inf /i:updateuser.inf /v:7 /x /s /f /o /c
LoadStateArgs=/v:7 /c
CaptureGroups=NO
UserExit=ZTIUserExit.vbs
Listing 29. Configuring CaptureGroups settings to disable migration of Administrators and Power Users group membership For more information about migrating the Administrators and Power Users group membership see, Backing Up the Administrators and Power Users Group Membership earlier in this guide. Creating the ZTI OS Image Installation CDTo completely automate the SMS 2003 OSD Feature Pack image installation process, you need to include the ZTI script in the image installation CD. The script ZeroTouchInstallation.vbs gathers the SMS operating system image package ID and program name. You can create a Windows PE boot image file by using the SMS 2003 OSD Feature Pack. However, the version created by OSD cannot be customized and does not include WMI. To create a customized Windows PE boot image, you can use Config.hta or your own process. The Config.hta process adds WMI and makes other necessary changes to the Windows PE boot image. To create your own Windows PE boot CD, see Preparing the Windows PE CDs and Images, later in this guide. Note If the image you are creating is not for use on a RIS server, skip any RIS related instructions in this section. To create the ZTI operating system image installation CD, perform the following steps: 1. | In the SMS Administrator Console, navigate to the Image Packages node. | 2. | Right-click the Image Packages node, click All Tasks, and then click Create Operating System Image Installation CD. | 3. | Complete the Operating System Image Installation CD Wizard by using the information in Table 34. Table 34. Completing the Operating System Image Installation CD Wizard Welcome to the Operating System Image Installation CD Wizard | Click Next. | Installation Settings | Select the Automatically choose the OS Package to install by running a custom program or a script check box, and then click Next. | Install from SMS distribution points | Ensure the central site server is specified in the list of servers, click Select All, and then click Next. | Automatically select Operating System Package | In the File name text box, type \\servername\ZTI\ZeroTouchInstallation.vbs (where servername is the name of the server hosting the shared folder). Note The ZeroTouchInstallation.vbs file must reside on the same server as the distribution point on which your image packages reside, because you do not have the option to provide a second set of credentials to connect to a different server (Connect to UNC). In the Arguments text box, type /phase:NewComputer. Note In your lab environment, add the /debug:true switch to the end of the argument to provide additional debugging and troubleshooting information by using pop-ups displayed in Windows PE. In the User name text box, type SMSClientAccount (where SMSClientAccount is the name of the client account created in Configuring Client Access Accounts earlier in this guide. In the Password text box and Confirm password box, type Password (where Password is the password of the client account created earlier in the deployment process). Click Next. Note The account credentials are stored on the installation CD in an encrypted format. | Windows PE Settings | If additional network drivers are required, select the Include additional network drivers from this location check box, and then type DriverPath (where DriverPath is the fully qualified path to any additional network drivers required in your environment). If additional storage drivers are required, select the Include additional storage drivers from this location check box, and then type DriverPath (where DriverPath is the fully qualified path to any additional storage drivers required in your environment). Click Next. | Create CD Image | In the Name text box, type CDName (where CDName is the name of the CD image). In the File name text box, type CDFileName (where CDFileName is the file name for the CD image). | Wizard Complete | Click Finish. |
| 4. | Generate a CD of the operating system image contents. Note Do not burn the image file itself onto the CD. Burn the content of the image onto the CD. |
In the .iso image that you create, there is a file named Ripinfo.ini. Ripinfo.ini is an answer file used by RIS to automate the installation of your operating system. When you are booting Windows PE from a RIS server, Ripinfo.ini also includes: | • | The command line for the script used to automate your installation. | | • | The list of available packages in the image. |
You need to update your images when either of the items listed above change. While you can edit the Ripinfo.ini file directly, it is recommended that you create a new image by using the Operating System Image Installation CD wizard. The wizard will automatically update Ripinfo.ini to reflect any changes in the command line or available packages. Configuring ZTI Processing RulesThe ZTI scripts configure workstations settings based on rules and configuration settings stored in the Customsettings.ini file or in a SQL Server database. During the MSF Planning Phase, you determined the appropriate ZTI processing rules to use in your organization. Now you need to configure those rules in the Customsettings.ini or in the AdminDB database. To configure the ZTI processing rules, perform these steps: 1. | Configure group-based rules in Customsettings.ini. | 2. | Modify the AdminDB database schema. | 3. | Configure workstation-based rules. | 4. | Update ZTI processing rules in the SMS OSD Feature Pack image. Note For more information about determining the appropriate ZTI processing rules, see Determining the Appropriate ZTI Processing Rules earlier in this guide. For more information about the Customsettings.ini file, see Appendix B: Customsettings.ini Reference, later in this guide. |
Configuring Group-Based Rules in Customsettings.iniYou configure group-based rules in the Customsettings.ini file. Modify the Customsettings.ini file based on the group-based rules you determined during the MSF Planning Phase. The Customsettings.ini file, along with your group-based rules, becomes your Customsettings.ini template. For more information about determining the appropriate group-based rules, see Determining the Appropriate ZTI Processing Rules earlier in this guide. Modifying the AdminDB Database SchemaThe AdminDB database contains the workstation-based rules. The default schema contains the common characteristics used to identify and configure a workstation. However, if you want to provide additional configuration options or use other characteristics to identify a workstation, you need to modify the database schema. To modify the AdminDB database schema, perform the following steps: 1. | Modify the AdminDB console components. | 2. | Modify the AdminDB console validation functions. |
Modifying the AdminDB Console ComponentsYou can modify or remove any column in the AdminDB database except for the following: | • | ID | | • | ComputerName | | • | MacAddress | | • |
|
