10

Where I work we deploy a lot of computers to staff and we try to keep them all roughly the same.

Presently we take each new machine type we get, configure it the way we want, and then take an image of it using Norton Ghost. We then deploy this to any other computers that come in.

The problem is that we have to not only do this for each machine, but also manually keep them up to date. Is there a convenient tool for building a relatively hardware independent image that can be updated in a virtual environment?

Ideally build image on virtual machine, use drivers from driver packs to allow deploy on any machine, thus reducing our work to simply fixing the minor driver issues that may come up and changing the computer name.

I know this is a feature of some very large enterprise type software, but I was hoping for a relatively simple solution. If there are several possibilities, I'm mostly looking for some direction - i.e.: keywords to look for, etc.

Jacob Schaer
  • 223
  • 2
  • 6
  • I just did this for Windows XP roughly a week ago. What OS are you looking for? – Devator Jun 13 '12 at 19:43
  • You would be better served at [sf]. Please don't cross-post; a moderator or the community will migrate this question for you. – bwDraco Jun 13 '12 at 19:44
  • @Devator: It's Windows 7 enterprise. But I am curious what you came up with. DragonLord: Thanks - I wasn't really sure and a quick glance at the most recent questions had me thinking this would be a good place. I'm usually over in programming type things :-) –  Jun 13 '12 at 20:11

5 Answers5

10

While @TheCompWiz's answer is good, I'd like to add my own version based on my own personal experience.

When you think about automating Windows deployments (anything Vista/2008 and beyond), it helps to separate the actual installation bits from the delivery of the installation bits to the destination machine. A Windows 7 DVD is the standard delivery mechanism for the default set of Windows 7 installation bits. It contains a small WinPE image (boot.wim) that loads on boot which is then responsible for writing the actual OS image (install.wim) down to the hard drive. Windows Deployment Services is also just a delivery mechanism. It can host both the boot.wim and install.wim so that clients can do the installation directly over the network with no physical media necessary.

But delivery of the installation bits is only a small part of the story. Creating your custom "image" (though it's really more of a hybrid image/automated installation) is generally what takes the most time and what most people care about. Others have mentioned using Sysprep to create your custom image. But using it directly and manually editing things like unattend.xml is way more trouble than it's worth. At the end of the day, many of the free and paid solutions for customizing Windows deployments are just wrappers and pre-made scripts that all tie back to Sysprep.

My personal favorite free tool for making custom Windows deployments is the Microsoft Deployment Toolkit (MDT) which recently released version 2012. All it really is is a bunch of pre-made scripts and some GUIs that work together with the Windows Automated Installation Kit (WAIK) to help you build your automated installation. You then have a variety of choices on how to deliver that installation to your clients (WDS boot.wim, bootable CD/DVD, bootable USB key, etc).

Out of the box, it's really not that difficult to build a quick image with some drivers, patches, and applications. Where it shines though is once you dig into making your own custom scripts. The sky is really the limit here. In my previous job, we were using it to deploy a single Windows 7 x64 image to about 1000 machines from multiple hardware vendors including dual-boot MacBooks and iMacs. MDT is really one of my favorite Microsoft products of all time. And did I mention it's free?

Ryan Bolger
  • 16,472
  • 3
  • 40
  • 59
  • I wonder if I can "accept" two answers since this is very good info as well. I'll definitely try this Microsoft Deployment Toolkit - we don't really need any advanced scripting features which is why Ghost has been tolerated for so long. It's just the bare minimum software + office + windows 7. We name the computers by hand to confirm that they get the correct asset tagging and that's about the extent of customization. Occasionally a user might require special software like Creative Suite, but in those cases we just do it by hand. At this point I'm just researching though. Thanks! – Jacob Schaer Jun 13 '12 at 22:01
  • Just to add to Ryan's post, There are some interesting features for keeping your image updated with MDT. You can download Windows updates and add them to MDT, and your next deployments will add those automatically. When you get a new model of computer, just import the drivers into MDT and you are ready to deploy to that model. Applications can be installed after Windows is finished installing with a post installation task. This allows you to change versions of software without re-creating the image. A [short video](http://technet.microsoft.com/en-us/windows/ee529974) to help you get started. – dwolters Jun 14 '12 at 18:55
8

The "Microsoft" answer: Windows Deployment Services. When used properly, these images are easily updated with the latest patches, service packs, drivers, and applications. It's very modular by design and can easily adapt to your needs. Unfortunately it takes a team of people to manage. Waaay too much for 1 person to configure/maintain.

Longer answer: It really depends on the scale of your operation. Deploying windows to 10-machines using WDS is a exercise in futility. It is a lot more work than you can imagine. If you're in the habit of provisioning dozens or hundreds of machines... Sure. It works great. The process consists of taking a stock image, throw it at the WDS to customize it to your needs... add additional components... (drivers/patches/servicepacks) and generate the answer-file for your needs... and you're off. It sounds simple... but sadly it's not. Not even slightly. Even knowing how to build a proper WDS setup from scratch... will take you weeks to get configured and setup for your needs. probably be better off building your machines as you have done by creating a "master" machine, then run "sysprep" to make the image generic again, and then blowing that image to all the machines you need. If I'm not mistaken, Symantec Ghost has this option, as well as open-source solutions like Fog which are much easier to maintain.

As a 3rd option, which is sort-of in the middle somewhere... you can make use of tools like nLite (for XP), vLite (for Vista) rt7Lite for (Win7) which allow you to make a "slipstreamed" install disk. Basically, you give it the Windows CD... and it extracts all the bits it needs, then you can customize the installer to make it not ask any dumb questions... and then pre-install drivers/servicepacks/patches into the iso. Once you have the ISO... you can simply burn it to a physical disk & boot off it. It will install all the drivers & such you slip-streamed into the iso. Unfortunately, it won't let you pre-create user accounts & configure network shares & install network printers & such.

TheCompWiz
  • 7,349
  • 16
  • 23
  • Hmmm... I was actually hoping to avoid WDS for the same reasons - it's been considered, but it would require more expertise than anyone presently employed has. Sysprep is certainly a tool we've considered, but it had its issues if I recall. I might have to look into it again since it does help generalize what are otherwise extremely specific images. I was rather hoping there was some third party solution. I know Ghost has limited support for this idea in the form of "deploy anywhere" but I never really looked into it much. I might look into Fog - I was getting tired of old Ghost. –  Jun 13 '12 at 20:10
  • sysprep has become pretty robust over the last few years... Most of the problems in the past were related to drivers and HAL-specific issues if I recall correctly. With Windows 7... most of those problems have become a non-issue, as win7 is smart enough to fail-back to a generic HAL and let you install chipset drivers & such for different types of hardware. – TheCompWiz Jun 13 '12 at 20:17
  • I'll definitely look into it again then - it definitely has been a while since we considered it. One of the previous employees messed around with it some for Windows 7 and we had issues, but I'm not entirely sure he was doing it correctly. Basically I was just asking wishfully, hoping that perhaps some third party had perfected it somehow. I had read that perhaps Novell had some solutions, but they were very large all-in-one solutions with things like asset management, licensing, etc. – Jacob Schaer Jun 13 '12 at 20:24
  • If you're not looking to get into WDS right away (you should seriously consider it though), get [the AIK](http://www.microsoft.com/en-us/download/details.aspx?id=5753), which can get you started on building, capturing, servicing and deploying WIMs without WDS. – jscott Jun 13 '12 at 20:30
  • I'm going to accept this as the answer - it gave me a lot to think about. Thanks @jscott for the AIK idea. As far as nLite goes, I did use it back in XP and it was great, but the fact that it was basically full install every time made it very time consuming and impractical for bulk distribution. I did some looking around myself and found no real virtual-to-physical solutions, so I guess I'll just bite the bullet and start reading about WDS/AIK. – Jacob Schaer Jun 13 '12 at 20:38
1

As you said you would like to not use WDS, have a look at Sysprep. You can install the software / updates you want (but NO drivers!), run sysprep.exe (located in %SYSTEMROOT%\system32\Sysprep\), with the generalize option and then image your PC with FOG or any other imaging solution (Ghost, CloneZilla).

Now when you image another machine and when it boots, it will install the required drivers. You can also automate some parts through the "mini-install" with unattend.xml (see various articles on the web regarding this).

With this method you don't need to use WDS, WindowsPE (even some articles say you have to install it - it's not necessary but it's the way Microsoft wants you to use this).

Devator
  • 1,463
  • 4
  • 17
  • 35
0

One way to make "a relatively hardware independent image that can be updated in a virtual environment":

  • Install your favorite OS inside a virtual machine (VirtualBox or VMWare or etc.). Also install all the standard apps you want everyone to use. Also all the latest updates, etc. Then pause that VM.
  • Copy the VM image to each of your physical machines.
  • Configure your physical machines to boot into the local copy of that virtual machine. So the next time your user turns on the physical hardware and allows the default OS to start up, your user ends up running everything inside that VM.
  • Reboot the physical machine, and when it finishes booting up into the VM, change the computer name, etc.

Because the VM can hide a few of the physical hardware differences between one computer and another (different sound cards, etc.), the VM image can be exactly the same between two computers that are different enough that your previous system would require 2 different images.

Several people seems to be doing something very similar to this: How to Boot from a VHD; EasyBCD; openQRM; How to boot an image directly, bypassing the host machines OS; How do I boot a virtual machine image from my network? ; etc.

Community
  • 1
David Cary
  • 398
  • 3
  • 16
-1

I'm not sure why these answers are going the route of not using a tool specifically designed for doing this for you. I.e. smartImager or something similar. We used to use MDT and SCCM, then tried a bunch of tools but the time in overhead for updating and making everything was insane. We ended up using smartImager because it was the most automated and had the best interface that was easy. I know there are a few tools out there that do this for you.

MyDogIsChoking
  • 1