You are on page 1of 6

Jason Cross

Systems Management

Zero Touch
Installation:
Automating
Operating System
Migrations
Historically, desktop OS migration has been a very labour intensive
project. The number of obstacles and questions to consider can be
intimidating. Will all the targeted machines support the new
operating system? Will your organisation’s is functioning properly and hope that the easy since you use the same SMS adminis-
applications work after migration? How will user won’t be too upset when he discovers trator console (see Figure 1).
the data on systems be preserved? How do his previous settings have been lost. It’s not BDD provides end-to-end guidance
you save money if specialists have to visit ev- a pretty process. on desktop deployments for moving to
ery computer? How do you prepare for and But I did start this article by saying “his- Windows XP and Microsoft Office 2003.
minimise the barrage of help desk calls that torically”. These deployment blockers and It’s very comprehensive, offering more than
will ensue? And once deployed, how will you resource intensive processes have been ad- two dozen documents covering the key top-
manage the new operating system? dressed, and now you can automate the work
During the typical roll-out, a herd of IT with the Systems Management Server (SMS)
• Three types of deployment
AT A GLANCE

staffers descend upon a workgroup of com- 2003 Operating System Deployment (OSD) scenarios
puters during off hours and do the heavy Feature Pack and the Solution Accelerator
• Key components needed for
lifting. They manually save user data to a for Business Desktop Deployment (BDD).
automated deployment
file share (or even take an entire snapshot The OSD adds support for operating sys-
of the PC), pull down the master image, tem deployment to SMS, offering a similar • A walk through the three main
scenarios
configure the system (manually join the paradigm for deploying OS images as used
domain, let policies flow down, reinstall to deploy applications. If you are accus- Jason Cross is a Senior Consultant with Microsoft. He
applications, and so on), manually restore tomed to creating software packages with has been involved in Zero Touch Technologies from its in-
ception.
user data, and then pray that the desktop SMS, you’ll find image packages are just as
TechNet Magazine October 2006 55
Systems Management

Figure 1 Using SMS to Create an OS Image Package

Using the Zero Touch or settings. The SMS OSD Feature Pack is a publicly
Replacement In this scenario, a user is available download that you install (very
Installation files moving from a legacy computer to a new quickly) on your SMS primary site server.
system. This means the user’s data and set- The OSD includes a version of the Windows
included in Business tings must be moved to the new computer Preinstallation Environment (Windows
and operating system. PE) and features for capturing your master
Desktop Deployment Refresh In this situation the user retains image. Out of the box, the OSD supports
the same hardware, but is migrating over bare-metal and refresh scenarios. For a bare-
can reduce the time to a new operating system. Once again, the metal build, a CD is used to boot the tar-
user’s data and settings must be moved to geted machine. This is called the Operating
and resources needed the new operating system. System Installation CD and is created using
The remainder of this article focuses on the SMS Administrator Console. When you
to migrate a desktop. these scenarios and how ZTI can greatly use ZTI, however, the functionality of this
reduce the time and resources needed to CD is replaced by RIS, which I will cover
migrate a desktop. in a moment.
ics of desktop deployment from soup to BDD Enterprise Edition is also a publicly
nuts. Included in BDD are the Zero Touch What You Need available download. It includes all the docu-
Installation (ZTI) files that are used to aug- If you plan on using ZTI, there are some mentation and scripts needed to implement
ment the capabilities of the SMS OSD for prerequisites. The primary products, tech- ZTI, as well as complete coverage of desktop
the following scenarios. nologies, and components you’ll need are: deployment guidance for Office Professional
Bare-Metal This involves a new, fresh in- SMS OSD Feature Pack, BDD Enterprise 2003 and Windows XP Professional (in-
stallation. In this case, a new image is de- Edition, Remote Installation Services (RIS) cluding the Windows XP Professional x64
ployed to a computer that does not have and User State Migration Toolkit (USMT). and Windows XP Tablet PC editions). The
any operating system installed on disk. A Let’s take a closer look at each of these, ex- Enterprise Edition of BDD is geared for
variation on this theme is when an operat- ploring how they are used in ZTI deploy- organisations with 500 or more PCs. But
ing system is already installed on the com- ments. For details on where you can get if you have the necessary infrastructure in
puter, but you are performing a fresh install these tools, see the sidebar “Get the Core place, BDD Enterprise Edition can assist
and do not need to save and restore any data Components”. any size company.
56 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine
Systems Management

Remote Installation Services ships with Windows Server 2003,


and has been greatly enhanced since Windows 2000. In particu-
lar, it delivers better performance and lets you automatically by-
pass configuration screens during OS deployment. This is a key
feature essential for ZTI. RIS provides PXE (Pre-Boot Execution
Environment) capabilities and is used to stream Windows PE over
the network.
Finally, the User State Migration Toolkit (USMT) is a publicly
available download that you can use for migrating user data and
settings. The latest release has been significantly upgraded—it now
supports migration of multiple profiles at once and can run unat-
tended (meaning the user does not need to be logged on). USMT
is governed by .inf files so you can explicitly control what is saved.
For example, you can ignore a user’s vast library of MP3 files, re-
ducing the amount of time and storage space used during the mi-
gration process.

Putting the Pieces Together


To implement ZTI, you’ll need a stable infrastructure that con-
tains Active Directory, DNS, DHCP and SMS 2003 (with SP1 or
higher). The basic components for this solution are highlighted in
the “How It Works” section of this article, though your environ-
ment may have a different mix of servers and services.
There are two excellent guides that provide information and step-
by-step instructions on how to configure the OSD and set up ZTI:
the Users Guide that is included as part of the OSD download and
the Zero Touch Installation Deployment Feature Team Guide that
is part of the BDD Enterprise Edition download. Here’s a quick
overview of the key steps involved in setting up a ZTI solution.
First you need to install the OSD on your SMS primary site
server. Once this is installed, you can use the SMS Administrator
Console to create an Operating System Image Capture CD and an
Operating System Image Installation CD. The Image Capture CD
is used to capture your master image into a single file. This file con-
forms to the Windows Imaging Format (WIM), which is the new
Figure 2 Update Custom Actions of the Image Program Microsoft file-based imaging technology that was introduced with
the OSD. WIM offers modern capabilities, such as enhanced com-
Remote pression that allows for smaller image sizes and the ability to retain
user data and settings on the local disk during the image process
Installation (this saves space on your file servers). The Image Installation CD
enables the installation of the image package and is used to con-
Services figure the RIS server for ZTI.
Then you can create a master image. This is the baseline image
delivers better that will be distributed to all the computers receiving the OS de-
ployment. To do this, you should use a fresh reference computer
performance that has Windows XP SP2 and all the related updates installed.
You may want to include other core enterprise applications, such
and lets you as virus protection and the Microsoft Office System, on the refer-
ence computer as well. (For more information on setting a ZTI
automatically bypass baseline, see “Design More Secure Desktop Deployments”, at mi-
crosoft.com/technet/technetmag/issues/2006/03/SecureDeployments). The com-
configuration screens puter should be part of a workgroup, but not joined to an Active
Directory domain.
during OS deployment. Install the SMS Advanced Client on the reference computer. You
TechNet Magazine October 2006 57
Systems Management

must run ccmdelcert.exe—a utility in the SMS Toolkit—after you


install the SMS Advanced Client. The sysprep directory and related
files must be on the system drive as well. For more instruction on
creating your master image, review the documentation and check
out the Computer Imaging System (CIS) utility in the BDD. CIS
will help you quickly generate a master image that can be used
with the OSD and ZTI.
Once the image has been created, you use the OSD Image Capture
CD to grab the master image and save it to a file server. This process
is as easy as placing the CD in the player and following the prompts.
Then using the SMS Administrator Console, create an image pack-
age and program. You then update the custom actions of the image
program to run the ZTI script, ZeroTouchInstallation.vbs, as seen
in Figure 2, and update accordingly for the State Capture, Preinstall,
Postinstall and State Restore phases.
Now create a standard SMS software package and include the
files from USMT and ZTI. This package will be used to capture the
user state in the Replacement Scenario. The ZeroTouchInstallation
.vbs script is used to drive the state capture in the Replacement
Scenario so you will need to use the following command line for
the package, which is shown in Figure 3:
wscript //b ZeroTouchInstallation.vbs /phase:OldComputer.

On a machine running SQL Server, create the ZTI Administration


Database (AdminDB) with the supplied SQL scripts. If at all pos-
sible, create this on the SMS primary server so you can take ad- Figure 3 Specifying the ZTI Script
vantage of the existing instance of SQL Server. The ZTI AdminDB
is not large in regard to the number of tables and the amount of can create a custom version of Windows PE so that it uses WMI
data it stores. during the migration process. By using WMI you can determine
The ZTI AdminDB is queried by ZeroTouchInstallation.vbs to the make and model of the machine from the local computer BIOS.
retrieve configuration information about the computers that are The ZeroTouchInstallation.vbs script does this automatically. With
going to be migrated. Therefore, the database needs to be popu- this information, you can further refine which SMS image package
lated with information about the systems being updated—infor- and program to use as well as define any pertinent drivers you need
mation like the time zone, Active Directory domain to join, Active for a particular model. This avoids having to include all drivers for
Directory Organizational Unit to be used to create the computer all your computer models in the golden image, thus saving valu-
account, MAC address of the target desktop and so on. able space. Application reinstallation is a key part of any migra-
RIS must be installed and configured. Keep in mind you’ll need tion. Most often the golden image will not contain all applications
two partitions on the server since the RIS files need to be stored on needed by everyone, therefore targeting these workgroup needs is
a different partition than the operating system. You use the SMS very important. BDD can assist by defining a computer to a certain
Operating System Installation CD to create the RIS boot image. role which in turn can determine the applications to install. This
This CD includes the necessary files to stream Windows PE over information can be stored in the CustomSettings.ini file or the ZTI
the network. Then you create a ZTI share. This, for example, can AdminDB. By using this functionality, for example, the Accounting
be a file share on the SMS server. This share is where all the related Group can receive the applications it needs, but not those needed
files for ZTI (ZeroTouchInstallation.vbs, CustomSettings.ini, and by the Sales Group. l
USMT) are stored.
This is just a general guide to the essential steps in setting up Get the Core Components
and preparing for a ZTI deployment. For the most part, you will
follow these steps, though the order can vary somewhat depend- SMS OSD Feature Pack
ing on your scenario. microsoft.com/smserver/downloads/2003/osdfp.mspx
BDD Enterprise Edition
Advanced Features microsoft.com/technet/desktopdeployment/bddoverview.mspx
Remote Installation Services (RIS)
Beyond these basic features offered by BDD and the SMS OSD,
Included with Windows Server 2003
there is additional functionality that may be useful in your envi-
User State Migration Toolkit (USMT)
ronment. (These advanced features are further described in the
microsoft.com/technet/desktopdeployment/userstate/userstateusmt.mspx
Zero Touch Installation Deployment Feature Team Guide.) You
58 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine
HOW IT WORKS
Systems Management

To understand how these pieces interact, it’s important to understand that the focal point is SMS and the image
package. ZTI works within the framework of the OSD to extend or enhance its core capabilities.
There are a lot of moving parts in any desktop migration. The upfront work needed to configure the
infrastructure for the OSD and ZTI is well worth the effort. The time-consuming tasks of a desktop migration
project become automated with only a relatively small number of backend systems. Meanwhile, BDD provides
guidance for the entire process.
For the IT staff, this translates into greater consistency, fewer help desk calls, and personnel are freed up to
focus on real issues. For the end user, this translates into reduced downtime and increased satisfaction. The
automation allows for more desktops to be upgraded in less time, making for a more efficient project.

Bare-Metal Scenario
This process involves deploying a new operat-
ing system to machines without the need to
preserve any applications, data or user settings.
1 The New Computer is powered on and the F12 key is pressed to initi-
ate a PXE or network boot. An IP address is acquired and interaction
begins with the RIS server to obtain the proper boot files.

2 Windows PE is streamed from the RIS server to the New Computer


and loaded into memory. Windows PE provides the core pieces of
functionality needed to perform networking, scripting, and so on. This
enables the VBScript and ADO queries that happen next.

RIS/File Server
3 ZeroTouchInstallation.vbs is executed. This is the heart of ZTI and uses
CustomSettings.ini to determine what values to set and where to find
the data. In this example, the data is retrieved using an ADO query from
2 the database BDDAdminDB. This data can include the SMS package and
Active Directory SMS Server
DNS Services
DHCP Services 4 program to use as well as other settings such as time zone, computer
1 name, Active Directory domain, and so on. All or part of this data can
reside in CustomSettings.ini, allowing you to avoid the BDDAdminDB
3
database altogether.

New Computer
4 The image is brought down and applied to the New Computer. After
the image is on the disk, sysprep.inf is updated with the particular
settings. The machine is then rebooted and mini-setup configures net-
working, joins the domain, and performs the other steps needed to make
the machine ready for use.

Replacement Old Computer

Scenario
In this scenario, you save user data and settings from the Old Computer, de-
3

2
1
ploy the new OS image to the New Computer, and then migrate the preexist-
ing user data and settings to the new system. Note that steps 4 to 7 for this
scenario are identical to steps 1 to 4 of the Bare-Metal Scenario.

1 This step involves the standard SMS way of delivering a package to a Active Directory
DNS Services
DHCP Services SMS Server
RIS/File Server
desktop. The USMT package is advertised to an SMS collection in which 4 5 8 7
6
the Old Computer is a member and then it is executed.

2 ZeroTouchInstallation.vbs is used to drive USMT so it needs some basic


information, such as where to save the data and what profiles to capture.
This data can be stored in BDDAdminDB or in CustomSettings.ini. In this
New Computer

example, an ADO query is used to obtain that information.


60
Systems Management

Refresh Scenario
This process involves deploying a new OS image to existing computers, while maintaining
user settings and data.
Old Computer

1 This step involves the standard SMS way of delivering a package to a desktop. However, the
advertisement is for an OSD Image Package based upon the SMS Collection membership of
the computer.

2 The OSD Image Package captures the user state with USMT. Note that in this step the user
data and settings are stored locally. The information is copied to a reserved directory under
c:\minint. ZeroTouchInstallation.vbs checks to ensure sufficient disk space prior to saving locally
2 6
and performs an ADO query to BDDAdminDB.
5
3 The files for Windows PE are installed on the Old Computer. Windows PE is not streamed via
RIS, but is actually copied to disk. The computer is rebooted to Windows PE and continues
with the imaging process.
4
3
4 ZeroTouchInstallation.vbs is executed and performs an ADO query to obtain the pertinent
OSD data from BDDAdminDB. 1
5 The OSD image is brought down and applied to the disk. Sysprep.inf is updated with the
particular settings and the machine is rebooted. Mini-setup
then prepares the system for use by configuring networking,
joining the domain, and so on.

6 User data and settings are restored prior to the user logging
on. In this scenario, user state is reinstated from the information
stored locally. After the OSD imaging process is completed, the
reserved directory is deleted. An important design-time decision
is whether you want to save user state on a file server (and delete
it at your discretion) or store the user state locally and have it Active Directory RIS/File
DNS Services Server
automatically deleted after the imaging process is completed. DHCP Services
SMS Server

3 USMT is run, saving user data and settings out to a file server. This information can be saved to any file server—not just
the RIS server.

4 The New Computer is powered on and the F12 key is pressed to initiate a PXE or network boot. An IP address is acquired
and interaction begins with the RIS server to obtain the proper boot files.

5 Windows PE is streamed from the RIS server to the New Computer and loaded into memory. Windows PE provides the
core pieces of functionality needed to perform networking, scripting, and so on. This enables the VBScript and ADO
queries that happen next.

6 ZeroTouchInstallation.vbs is executed. This is the heart of ZTI and uses CustomSettings.ini to determine what values to set
and where to find the data. In this example, the data is retrieved using an ADO query from the database BDDAdminDB.
This data can include the SMS package and program to use as well as other settings such as time zone, computer name,
Active Directory domain, and so on. All or part of this data can reside in CustomSettings.ini, allowing you to avoid the
BDDAdminDB database altogether.

7 The image is brought down and applied to the New Computer. After the image is on the disk, sysprep.inf is updated
with the particular settings. The machine is then rebooted and mini-setup configures networking, joins the domain, and
performs the other steps needed to make the machine ready for use.

8 User data and settings are restored before the user logs on. ZeroTouchInstallation.vbs is used to drive USMT and access
the saved data on the file server that is applied to the New Computer.
www.technetmagazine.com September 2006 61