This guide to corporate deployment of Windows Vista was originally published as the cover story of the January 2007 issue of Windows IT Pro Magazine. --Paul
For the first time since Windows NT, Microsoft has dramactically improved how users, enterprises, PC makers, and OEMs configure, install, and deploy Windows. New capabilities, such as offline servicing and the ability to create just one install image for multiple hardware configurations, make Windows deployment easier than ever. But if you're an IT administrator who'll need to deploy Windows Vista either now or in the future, you've got a lot to learn.
It's All About Image
Vista is deployed via a file-based image - similar to an ISO or virtual hard disk file - instead of a complex directory structure of files. You can edit a Vista image live and can easily create custom install images. Furthermore, Microsoft is distributing only one Vista image instead of a different image for each product edition. (Technically, there are actually two images: one for 32-bit versions and one for x64 versions.) The product key you use during installation determines which edition is installed from the image and which features are available to the user. Vista is also internally componentized, making it easier to choose exactly which applications and features will be installed.
Componentization has numerous benefits compared with previous development approaches, in which each product version heaped new features on top of the existing code base. With a componentized approach, end users, IT administrators, and PC makers will be able to easily specify which applications and services are installed with each Windows version.
Because desktop OSes have more dependencies than OSes on embedded devices, Vista's customization features aren't as fine-grained as those of Windows XP Emdedded, which literally lets device makers specify every single feature. In contrast to OSes on embedded devices, which are generally created once and then never changed, desktop OSes are often upgraded and changed by end users and applications.
Vista's componentized nature also gives Microsoft and its partners many new capabilities when creating various Windows versions. At the lowest level is what Microsoft calls the base OS component--or MinWin--which is about 95 percent of the total Vista code base. This base OS component is language independent and a subset of all the Vista product editions. Microsoft and its hardware partners use the base OS to create actual Vista product editions, or SKUs; IT administrators (and individuals) won't be able to do so; instead, they'll license specific Windows SKUs.
For example, to create the English version of Vista Home Basic, Microsoft or its hardware partners would simply add the Home Basic component and the English language component to the base OS component. To create Vista Business (the equivalent of Windows XP Professional Edition), Microsoft or its hardware partners would simply add the Business component and a language component to the base OS component. (Vista Business contains everything that Vista Home Basic does, plus business-specific features.) Because Vista Business is a true superset of Vista Home Basic, it actually builds off of Vista Home Basic internally.
Using simple drag-and-drop techniques (or scripting and command-line tools), you can easily update the Vista installation image with new device drivers, languages, service packs, and other features without having to go through image recompilation. Changes to images occur in real time, and you can base install images on other install images. For example, if you needed to roll out multiple language versions of Windows XP, you'd have to create a separate install point for each version. With Vista, you can create one language-free install image and then add language images on the fly, saving disk space and freeing you from having to maintain multiple install points.
Windows Imaging Format (WIM) images achieve smaller-than-expected file sizes by combining standard compression technology with Single Instance Storage (SIS) technology, which allows an image file to contain only one instance of each file, even when the image file contains multiple install images. You can edit a WIM image offline or mount it as a folder in the file system and work with it as you would any other folder. This capability will be revelatory to those used to the drudgery of maintaining and administering Remote Installation Services (RIS)-based client install points.
Tools of the Trade
Microsoft makes WIM management tools available in the Windows Automated Installation Kit (WAIK). The WAIK's collection of tools includes:
- ImageX - a command-line tool that lets you capture and modify WIM-based disk images
- Windows Preinstallation Environment (WinPE) - a miniature, bootable version of Vista that can exist in RAM and bootstrap the Vista install process
- Windows System Image Manager - a tool that builds next-generation answer files, which Windows Setup uses to apply custom settings for hands-off Vista installs
- Windows Deployment Services (WDS) - a new tool that replaces RIS
Out on a WIM: Examining a Vista Install Image
ImageX lets you view and modify Vista install images so that they can be deployed from a custom install DVD or a network file share. To edit the install image, copy install.wim to the hard disk of a system on which you've installed the WAIK. Then, open the WinPE tools command prompt from the WAIK Start Menu folder. This version of the command prompt includes paths for various WAIK command-line tools, including ImageX. Right-click the command line tool's icon in the Start Menu and choose Run as Administrator, clearing any User Account Protection dialog boxes that appear.
Create a folder (e.g., c:\mount) in the file system where the image will be mounted. You can then use ImageX's Mount (view only) and Mountwr (read/write) commands to mount, view, and customize the installation image. If your install.wim file is stored in c:\images and you want to mount it in c:\mount, you'd use the command
imagex /mountrw c:\images\install.wim 1 c:\mount
Now, if you open My Computer and navigate to c:\mount, you'll see the standard Vista folder structure, with the Program Files, Users, and Windows folders in the root. If you display hidden and protected files, you'll also see items such as $Recycle.Bin, Documents and Settings, and ProgramData. You can add files or even entire directory structures to the resulting Vista installation wherever is appropriate within the mounted image. (Copy and paste seems to work more consistently than does dragging files in Windows Explorer.) You can also view the contents of files within the image and edit individual files.
After making changes to the image, unmount it - which removes it from the namespace of the Windows shell on your PC - and save your changes. To make ImageX write the changes back to the original file, you'd type
imagex /unmount /commit c:\mount
Writing changes back to the original file could take a while because install.wim is quite large. To unmount the image without saving your changes, type
imagex /unmount c:\mount
A big benefit of image-based deployment tools is that you can copy an image and then edit the copy. Because the images are single files, they're easy to manipulate in the file system.
To slipstream a service pack or hotfix into a Vista install image, simply copy the update's executable into the Upgrade folder in the root of the install image. There are no complex command-line scripts to run or key codes to remember.
Working with Answer Files
Although it's possible to use an install image to trigger a remote Vista install, doing so will give you only a network-based version of interactive setup, forcing the user (or more typically, an administrator) to manually install the OS. By pairing an install image with an answer file (i.e., a text file containing the responses to Windows Setup dialog boxes), you can arrive at a fully automated Vista install that's customized for your needs. First, you need to create a master installation by adding an answer file and a Vista install image to a bootable DVD. You can then let the DVD run using just the WAIK tools. Alternatively, you can deploy master installations by using ImageX and WinPE.
Vista replaces Windows 2000's Setup Manager with Image Manager (Figure), and the text-based answer files have been superseded by XML versions. The XML answer files are harder to hand-edit (unless you're conversant in XML), but they're standards-based and more elegant than the old format. Microsoft has also created a new Windows catalog (.clg) file type, which is a binary (i.e., non-text) data file that's managed by Image Manager and contains the state of all the settings and packages in a given Windows image. If you look in the Sources folder on a Vista install DVD, you'll see a .clg file for each Vista product edition.
To create an answer file, open Image Manager (click Start Menu, All Programs, Microsoft Windows AIK, Windows System Image Manager). Then click File, Select Windows Image and locate a copy of install.wim in the File Open dialog box. (The file must be on the local hard disk, not on the install DVD.) Image Manager will prompt you to select an image. Typically, the image will include all the standard Vista product edition types.
After selecting the image type (I'll use Vista Ultimate as an example), click OK, and Image Manager will mount the image file and create an associated .clg file. When the process is complete, you'll see that the Windows Image pane in Image Manager now contains the Vista Ultimate image, from which you can select components and packages. Select New Answer File from the File menu, and the Answer File pane will contain new Components and Packages sections (Figure).
Components are internal Vista features (e.g., Remote Assistance, Windows Sidebar) that you can apply during Windows Setup. In Image Manager, you can specify the configuration pass - or phase of Windows installation - in which particular components are installed. Packages are external applications and features (e.g., service packs, hotfixes, language packs, drivers) that you can add to an install image. You can also enable and disable Windows features via packages.
It might at first appear that there's some overlap between components and packages, since you can use packages to enable and disable Windows features. But think of it this way: Components are internal to Windows, and packages are external. IT administrators or PC makers typically use packages to disable or enable certain Windows features, overriding the Microsoft-specified default behavior.
You'll see seven entries under Components in the Answer File pane: windowsPE, offlineServicing, generalize, specialize, auditSystem, auditUser, and oobeSystem. By default, there aren't any specified packages because this is a bare-bones install image.
You can expand the Components and Packages nodes in the Windows Image pane to see which components and packages are available for editing. You should see many components and a short list of packages. As you select items from the list, they populate the Properties pane so that you can edit properties.
For example, let's edit the default home page in Microsoft Internet Explorer (IE) so that it's a custom location. To do so, expand Components and locate the x86_Microsoft-Windows-InternetExplorer-6.0.xxxx.xxxxx_neutral node, where xxxx.xxxxx is the version number of the OS you're installing. Expand the Components node, then the StartPages subnode. To change the home page setting, right-click the StartPage subnode (under StartPages) and select Add Setting to Pass 4 specialize (Figure). (It's the only option available.) A collapsible set of component changes is added to 4 specialize in the Answer File pane.
When you select StartPage in the Answer File pane, various StartPage properties appear in the Properties pane, including the StartPageUrl field under Settings. To add a custom URL, type it in that field and press Enter. After the new setting is accepted, the text will be bolded.
The sheer number of components you can configure can be overwhelming. Let's look at a few common components and their locations in the Components hierarchy.
To automatically specify a username, add the Components, x86_Microsoft-Windows-Setup_6.0.xxxx.xxxxx_neutral, UserData setting to the first phase of Vista Setup. This component is used to specify the username and organization and determine whether the End User License Agreement is automatically accepted. To automatically add a product key, add the Components, x86_Microsoft-Windows-Setup_6.0.xxxx.xxxxx_neutral, UserData, ProductKey setting to the first phase of Vista Setup. Be sure to change the WillShowUI key to Never and specify the product key.
To configure packages, expand the Packages node under your install image in the Windows Image pane. By default, you should see packages such as FeaturePack, Foundation, LanguagePack, and Product (Figure). FeaturePacks are out-of-band additions, and Vista includes two by default: .NET Framework 3.0 and XML Paper Specification (the Microsoft format that competes with PDF). Foundation is the base OS (aka MinWin) component on which all Vista installs are built. Under LanguagePack, you should see at least two nodes (one for Windows and one for the .NET Framework) - more, if you're using a multilanguage version of Vista or are manually adding languages. Under Product, you'll see the component Microsoft added to MinWin to build the Vista product edition you're working with (in this case, the Vista Ultimate package).
Some packages offer interesting customization features. For example, you can go into the Foundation package and enable and disable specific features, such as InboxGames (which lets you enable or disable individual games), Tablet PC optional features, and the Microsoft Internet Information Services (IIS) Web server. To customize a package, right-click it in the Windows Image pane and choose Add to Answer File. Then select the package in the Answer File pane and edit its settings in the Properties pane.
To add a new package to your customized install, select Insert, Package(s). Then, navigate to the add-ons you'd like to install with Vista.
At any step along the way, you can click the Validate Answer File button in the Image Manager toolbar to ensure that the resulting answer file will work. If Image Manager finds any errors, it tells you where to find the problem.
You can save a validated answer file to a disk. From Image Manager's File menu, select Save Answer File and save the file to disk under a name such as autounattend.xml. If you double-click the file in Windows Explorer, it will open in IE or your default XML editor. You can open and edit an answer file either through Image Manager or by right-clicking the XML file, choosing Open With, navigating to c:\Program Files\Windows AIK\Tools\Image Manager\ImgMgr.exe, and adding Windows System Image Manager to the list of applications that can open that file type.
To install Vista on only a few PCs, the simplest solution might be to create a bootable DVD by copying a Vista install DVD and adding an answer file to the root. Then, you can use the customized installation DVD to boot each PC. Vista should set up in about 30 minutes.
Deployments in the pre-Vista world
You should be at least somewhat familiar with previous-generation Windows deployment tools, such as RIS, before moving up to the WAIK and WDS. If not, here's a quick overview: Windows Server 2003 includes an optional component--Microsoft Remote Installation Services (RIS)--that lets enterprises install virtually an unlimited number of Windows XP clients over a network. RIS supports several installation options, including a simple install, where the standard interactive Windows Setup can be used, and scripted installs, where an unattended install script allows for hands-off, automated Windows installations. You can also use RIS to image a running PC, upload the image to the RIS server, and then deploy the image to client PCs. (Don't confuse image in this sense with the new image-based setup tools in Windows Vista. Although they're conceptually similar, they aren't based on the same imaging technology. RIS images are collections of files and folders, whereas Vista images are single, more manageable files.)
You install RIS via the Add/Remove Windows Components section of the Control Panel Add or Remove Programs applet. (You don't use the role-based Manage Your Server dashboard because RIS isn't considered to be a server role.) After RIS is installed, you can launch the RIS Setup Wizard to determine where RIS images will be stored. To create RIS images, insert a client install CD, such as the XP setup CD, and the wizard will begin the lengthy process of copying the necessary files to the hard disk.
Like many Windows services, RIS requires an Active Directory (AD)-based network with a DHCP server. (RIS can't deploy Windows to PCs that have static IP addresses.) It's also possible for a RIS server to be a DHCP server, standard member server, or even a domain controller (DC), although the latter is advisable only in small environments.
RIS is pretty finicky. If you want to use a RIS server to install Windows over a network, the clients must support the Preboot Execution Environment (PXE). The clients must also include one of a specific range of network cards; otherwise, you'll have to use a PXE boot floppy disk, which is a problem because most PCs no longer include floppy disk drives. RIS supports installing Windows to only the C drive on the client system; you can't create images of systems if the Windows directory isn't on the C drive.
RIS servers require a partition or drive that's separate from the Windows directory, so you can't store RIS images on the C drive, on a network drive, or on a drive that isn't formatted with NTFS. Like its replacement in Vista--Windows Deployment Services (WDS)--RIS utilizes Single Instance Storage (SIS) so that files that would have otherwise been duplicated acrOSes multiple images are stored only once on the disk when pOSesible, saving disk space.
Client OSes are deployed by booting a PXE-based client system and choosing the network boot option. Although each PC handles this type of deployment differently, the high-level view is always the same: PXE locates a RIS server on the network, gets an IP address via DHCP, and launches Setup. You might have to enter certain information on the client to jump-start things, depending on whether you configured the install image with a text-based answer file.
Windows Deployment Services is RIS's replacement and is installed from the WAIK CD or through a download. After installing WDS, you'll no longer have access to RIS, although any RIS install images you previously configured will still be available via the Legacy Images section of the WDS UI. Like RIS, WDS requires an AD-based network running DNS and DHCP services, and the WDS server must have an NTFS partition on which to store install images. If you've already installed RIS and configured these items, the WDS install wizard will let you use the RIS settings. However, some users will install WDS "fresh," in which case they have to install (but not configure) RIS, install WDS, and then configure WDS during the install process.
Because of the modular nature of Vista, WDS will install several installation images when you add the Vista install.wim file to the WDS image store. On a typical version of Vista, you'll likely see seven images, each representing one of the available Vista product editions. These images will be installed into the WDS Install Images group, which is accessible from the WDS GUI.
Using the tools and techniques described earlier, you can create custom install images with custom answer files, store them in WDS, then deploy them to clients. For the most part, WDS works similarly to RIS. When you boot a Preboot Execution Environment (PXE) - enabled computer on the network, it finds the WDS server, loads WinPE to boot from RAM, then processes the answer file, if one exists. Depending on how automated the install is, you might have to answer some interactive setup questions at the beginning of the process and specify a computer name at the end.
Like RIS, WDS has its limitations. It doesn't include decent monitoring functionality, making it hard to gauge how well large-scale deployments have gone. For this reason, large enterprises will still want to rely on high-end deployment tools such as Microsoft Systems Management Server (SMS), whose useful deployment features include the ability to install Vista and Microsoft Office 2007 System simultaneously using Zero Touch Installation technologies. Microsoft is also working on a set of Business Desktop Deployment solution accelerators for Vista and Office 2007 that will make rolling out these products in large environments easier.
Migrating to Vista
Traditionally, it's been best to install new Windows versions on new hardware for a couple of reasons. First, a new OS tends to introduce hardware and software incompatibilities, and second, the process of upgrading from one version of Windows to another has generally proven to be problematic. However, Vista's modular architecture partially eliminates these problems.
When you upgrade an XP PC to Vista, Windows Setup actually performs a clean install of Vista, then reinstalls applications and user settings to the upgraded system. The result is a system that generally performs as before, but with the benefits of Vista. (With Win2K, upgrading isn't as easy. Win2K can't be upgraded in-place to Vista, so you'll need to back up all user documents and data files from the Win2K system and copy them back to the PC after completing the upgrade. Regardless of what Windows version is on your client PCs now, make sure those systems meet the minimum Vista requirements before attempting a migration.
There are two ways to migrate to Vista. Small businesses and individuals can use the Windows Easy Transfer tool and an optional Easy Transfer Cable (see my screenshot gallery) to move user accounts, files and folders, program settings, Internet settings and favorites, and email settings from an existing Windows PC to a new PC running Vista. Or, you can capture this information from a client PC, put it on a recordable DVD, network share, or removable hard disk drive, install Vista interactively or using any of the methods described above, and then use the Windows Easy Transfer tool again to copy everything back to Vista.
Enterprises and large businesses need a more scalable approach. For them, the WAIK provides a new version of User State Migration Tool (USMT) to help migrate user files and settings during large Windows deployments.
As is befitting a major Windows release, Microsoft has bestowed Windows Vista with major new versions of its software deployment tools. But Windows Vista also comes with a new modularized architecture that provides additional functionality and, not coincidentally, a new set of tools aimed at that functionality. If you're familiar with today's Windows deployment tools, the new WAIK, WDS, and USMT will seem familiar and yet more powerful. But if you've never had to deploy Windows before, rejoice: It's now simpler than ever before.