The D-spot

Microsoft released an update for the company’s free operating system deloyment solution.  If you’re planning to migrate to Windows 7, Server 2008 R2 or Office 2010, MDT is the tool you need.  Here at the D Spot we have blogged a lot about MDT already.  Keep yourself up to date and read our MDT related posts.

What has changed in MDT 2010 Update 1

 

For native MDT users (Lite Touch Installation)

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.

Improved driver importing. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

 

For ConfigMgr 2007 users (Zero Touch)

New User Driven Installation deployment method. An easy-to-use UDI Wizard allows users to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.

Support for Configuration Manager R3 Prestaged Media.For those deploying Windows 7 and Office 2010 along with new PCs, a custom OS image can easily be loaded in the factory and then customized once deployed.

 

For all users

A smooth and simple upgrade process. Installing MDT 2010 Update 1 will preserve your existing MDT configuration, with simple wizards to upgrade existing deployment shares and Configuration Manager installations.

Many small enhancements and bug fixes. Made in direct response to feedback received from customers and partners all around the world, MDT 2010 Update 1 is an indispensible upgrade for those currently using MDT (as well as a great starting point for those just starting).

Continued support for older products. MDT 2010 Update 1 still supports deployment of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office 2007.

 

Download binaries and documentation at Microsoft.

While setup some MDT lab environments this SQL error crossed my path a couple of times.

ZTI error opening SQL Connection. SQL server does not exist or access denied.

Unable to establish database connection using [CSETTINGS] properties. SQL Server does not exist or access denied.

Unable to establish database connection using [CROLES] properties. SQL Server does not exist or access denied.

I’m using a hidden share on the SQL Server box that MDT will use for authentication to the SQL Server. The same credentials are used to connect to the MDT database. So I had granted sufficient share and NTFS permissions to the hidden share and granted this user the db_datareader role on the MDT database.

If we read the error again it is clear that MDT cannot contact the SQL Server, it even cannot find the server.

Troubleshooting-time!

I hit F8 during deployment to get into a command prompt. Once in the command prompt I could contact the SQL Server box with the ping command.

A ping to the server gave a response of a wrong IP address. Turns out that the DNS server was holding an old IP address from the previous MDT and SQL Server installation. Deleting this A-record and register (ipconfig /registerdns) the SQL Machine again, was the solution for this issue.

In another lab environment I could ping and map a share on the SQL Server box.

net use * \\Servername\Hiddenshare$

Turns out that we forgot to open the Windows Firewall for SQL Server. Add an exception for sqlservr.exe and sqlbrowser.exe is enough. You don’t have to turn the complete firewall off.

With the firewall configured as it should and all DNS records registered, no error occurred and deployment went successfully.

Microsoft Deployment Toolkit 2010 has some nice improvements to its successors in the driver handling department. I will describe how I like to manage drivers in MDT 2010.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model.  This is what my folder tree looks like:

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at command prompt: ‘wmic csproduct get name’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude E5500”. My colleague for example, uses a HP laptop “HP Compaq 6730b (GW687AV)”. Use this info to build up folders in MDT’s Out-of-Box Drivers (you can make your own structure, as long as the computer and Model names are correct).

Now that we have drivers imported in our Deployment Share, it’s time to move on.

 

MDT has two different methods to manage drivers (actually three, but we skip DriverPaths used in BDD 2007, as support will probably be removed in future versions).

 

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree. You don’t want to query dead horses.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

 

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7x64\%Make%\%Model% as value for my Windows 7 x64 TS . You have to adapt this to your Out-of-Box tree.

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%
DriverGroup_002=Printers

 

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

First you have to create a Profile (or use one of the default profiles):

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

You can add  Selection Profiles for printer drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

 

Please do comment if you have any suggestions.

Just a quick tip, nobody likes to read much during holidays

If you want to troubleshoot a client deployment, a command prompt can be very handy. To get into one, just hit F8 during WinPE startup, it even works during operating system installation.

At the command prompt you can verify network settings, check log files during operating system install and so on.

In a previous article we discussed a very basic Lite Touch Installation (LTI). For the second part we will modify the MDT configuration files to make our installation more unattended.

The two configuration files we need to modify are CustomSettings.ini and Bootstrap.ini.  Use this method to view and modify them; In DeploymentWorkBench right-click your Deployment Share and choose Properties and hit the Rules tab. This is the CustomSettings.ini file. To view and modify Bootstrap.ini hit the Edit Bootstrap.ini-button at the bottom.

CustomSettings.ini file we will be using:

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipPackageDisplay=NO
SkipApplications=NO
SkipAppsOnUpgrade=YES
SkipCapture=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBDDWelcome=YES
SkipAdminPassword=YES
AdminPassword=Pa$$w0rd
SkipDeploymentType=YES
DeploymentType=NEWCOMPUTER
SkipUserData=YES
SkipDomainMembership=YES
SkipComputerName=NO
ComputerName=PC-xxxx
SkipTimeZone=YES
KeyboardLocale=0813:00000813
UserLocale=nl-be
TimeZone=105
TimeZoneName=Romance Standard Time
_SMSTSOrgName=The D Spot
SkipBitLocker=YES
SkipSummary=NO

You can adapt these settings to your needs. For example join a domain, skip the summary and so one.

Our Bootstrap.ini file:

[Settings]
Priority=Default

[Default]
SkipBDDWelcome=YES
DeployRoot=\\Servername\DeploymentShare$
UserDomain=DOMAINNAME
UserID=SERVICEACCOUNTNAME
UserPassword=PASSWORD
KeyboardLocalePE=0813:00000813

This file will be injected in the WinPE ISO file, to connect to the Deployment Share. After a modification to this file you need to perform a Deployment Share Update. To regenerate the LiteTouchPE_x64.iso & LiteTouchPE_x86.iso files.

With these configuration files in place, our LTI will ask for a Task Sequence and Computername only.

If your environment has computer names based on MAC Addresses you can get the computer name out of a SQL Database. But in most companies a technician will choose the computer name based on the label attached on the computer case, I choose this just to have an example.

Next time we will go further with user data migration.

As Windows 7 is available to the public, deployments of the new operating system will knock on our door in the near future. Here at The D Spot we will go through Microsoft Deployment Toolkit 2010 (MDT), in order to be prepared when management decides to roll out first thing Monday morning.

Microsoft Deployment Toolkit (MDT) is a Solution Accelerator for operating system and application deployment. MDT 2010 supports deployment of Windows 7 and Windows Server 2008 R2 in addition to deployment of Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP.

We will start our MDT 2010 series with a basic Windows 7 Lite Touch installation (LTI). In this first article we will setup an easy to understand deployment of Windows 7. In future articles we will customize our LTI deployment to understand all possible options available in MDT 2010.

Prerequisites:

You must be a member of a domain and have a DHCP server in place to feed our client machines with IP addresses. Prerequisites tools are MDT 2010 and Windows Automated Installation Kit (AIK) for Windows 7, available at Microsoft for free. After installing both tools on our client computer we are ready to begin.

Start the Deployment Workbench.

You can find it under All Programs –> Microsoft Deployment Toolkit –> Deployment Workbench.

First we need to create a Deployment Share:

Right-click on Deployment Shares and choose New Deployment Share.

Choose a path where all data will be stored. This folder must be on a NTFS partition. I choose X:\DeploymentShare.

Next, specify a sharename and description for the store:

DeploymentShare$ is the sharename and MDT Deployment Share is the description. I leave both default settings.

Next step we need to choose whether we want to be able to capture an image after deploying it to a computer. We leave this option enabled, so we can capture an reference image later.

We leave options Allow Admin Password and Allow Product Key disabled. Last screen is the summary, click next to start creating of the Deployment Share. Close the wizard to return the our Deployment Workbench.

Installation complete, we’re ready to configure our newly create deployment share.

First add Windows 7 setup files to the deployment share by right-click Operating Systems and choose Import Operating System.

Choose Full set of source files, specify the Windows 7 DVD so all files can be copied to the deployment share:

Choose a directory name, where to store this operating system in the deployment share:

At the Summary screen we get an overview of what we have created, give it a quick look and click Next to begin the import process.

We’re done importing the Windows 7 DVD.  We can add applications and drivers as we like, but in this basic article I will leave it for future posts.

Now we need to create a Task Sequence (TS). Task sequences provide the mechanism for performing multiple steps or tasks on a client computer at the command-line level without requiring user intervention. We need to create a TS for deploying our Windows 7 to a virtual bare-metal computer. Right-click Task Sequences and choose New Task Sequence.

Choose an ID, and a Name for the Task Sequence.

Select Standard Client Task Sequence and select the operating system to deploy (we have only one OS imported yet).

Select Do not specify a product key, and fill in the OS Settings.

Last step is to specify a local admin password for the client computer. Next, Finish to create the Task Sequence.

After creating our TS we need to update the deployment share by right-click our deployment share and choose Update Deployment Share.

The update process does several things. Like the creation of the WinPE iso files, needed to boot our client to start deployment. These iso files are stored in the \Boot directory of the deployment share.

Now we are ready to perform the operating system installation. I’m using a Hyper-V virtual machine as a target machine. But you can burn the ISO to CD or copy it to a bootable USB drive to install a physical machine as well.

I create a new virtual machine in Hyper-V. And choose to install an OS from image and specify the file LiteTouchPE_x86.iso created earlier with MDT (in the Update process). So it will boot from the ISO file.

Fire up the virtual machine:

As you can see the default keyboard layout is set to United States, and we need to specify credentials to the deployment share. These and many more can be preconfigured in configuration files. Think about the winnt.sif file used in Windows XP unattended setups. It’s not like it, but it will come close.

To proceed the installation choose a Task Sequence. As we have only one, we can’t miss. Choose a computername and click Next.

You can join the domain or choose to join a workgroup and restore files using USMT.

All these settings need to be modified. I made screencaps of the default settings, so you can see what we can preconfigure with the configuration files. In order make an installation with only the minimal user interaction.

The installation has started.

Installation complete.

In the next article we will modify the MDT configuration files, to make this deployment less interactive and more unattended.