Microsoft Deployment Toolkit Team BlogOfficial blog for MDT 2010
One thing that amazes me about this community is the number of early adopters and the incredible amount of feedback that we receive on our products. We thank you very much for testing, implementing, and providing your feedback. We released Microsoft Deployment almost two weeks ago and we have already seen two relatively minor bugs surface through the public newsgroups. The following information describes these two bugs and how you can overcome them in your environment.
For those of you who may not know what ztitatoo does, this script adds entries into WMI on the client machine in order to track version information of your deployments so you can run WMI queries or SMS Reports to see some or all of the following properties:
Unfortunately the ztitatoo.wsf script was not fully updated to match our new name so there are some bugs inside of the script that point to registry entries that were used with BDD 2007.
To work around this bug, go to c:\program files\Microsoft Deployment Toolkit\templates\Distribution\scripts folder and edit the ztitatoo.wsf file. After saving the file in your templates folder make sure you copy the updated ztitattoo.wsf file to your distribution$\scripts directory.
Replace the following lines:
'//---------------------------------------------------------------------------- '// Record the deployment details '//----------------------------------------------------------------------------
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\Deployment Method", oEnvironment.Item("DeploymentMethod"), "REG_SZ" oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\Deployment Type", oEnvironment.Item("DeploymentType"), "REG_SZ"
Set oDate = CreateObject("WbemScripting.SWbemDateTime") oDate.SetVarDate(Now()) oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\Deployment Timestamp", oDate.Value, "REG_SZ"
'//---------------------------------------------------------------------------- '// If this is Lite Touch, populate the task sequence details '//----------------------------------------------------------------------------
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\Task Sequence ID", oEnvironment.Item("TaskSequenceID"), "REG_SZ" oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\Task Sequence Name", oEnvironment.Item("TaskSequenceName"), "REG_SZ" oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\Task Sequence Version", oEnvironment.Item("TaskSequenceVersion"), "REG_SZ"
'//---------------------------------------------------------------------------- '// If this is OSD, populate the package ID and program name '//----------------------------------------------------------------------------
If oEnvironment.Item("OSDPACKAGEID") <> "" then
sValue = oEnvironment.Item("OSDSITECODE") & ":" & oEnvironment.Item("OSDPACKAGEID") oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CM_DSLID", sValue, "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\OSD Package ID", oEnvironment.Item("OSDPACKAGEID") oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\OSD Program Name", oEnvironment.Item("OSDPROGRAMID") oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\BDD 2007\OSD Advertisement ID", oEnvironment.Item("OSDADVERTID")
Replace with this code:
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\Deployment Method", oEnvironment.Item("DeploymentMethod"), "REG_SZ" oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\Deployment Type", oEnvironment.Item("DeploymentType"), "REG_SZ"
Set oDate = CreateObject("WbemScripting.SWbemDateTime") oDate.SetVarDate(Now()) oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\Deployment Timestamp", oDate.Value, "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\Task Sequence ID", oEnvironment.Item("TaskSequenceID"), "REG_SZ" oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\Task Sequence Name", oEnvironment.Item("TaskSequenceName"), "REG_SZ" oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\Task Sequence Version", oEnvironment.Item("TaskSequenceVersion"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\OSD Package ID", oEnvironment.Item("OSDPACKAGEID") oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\OSD Program Name", oEnvironment.Item("OSDPROGRAMID") oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4\OSD Advertisement ID", oEnvironment.Item("OSDADVERTID")
You might have noticed that we have included a task item in our templates for Standard Client and Standard Server Lite Touch Task sequences called Set Diskpart BIOS Compatibility Mode. This task is designed to fix the Windows PE Uberbug that is described in the following KB articles:
This task is disabled by default. If you have enabled the task you have probably noticed that the task sequence fails and examining the smsts.log file shows that an "Access is denied" error occurred when running the ztisetvariable.wsf script. The actual error message is really Incorrect Function but that does not help you solve the problem.
The problem or bug is actually within the client.xml and server.xml files that serve as templates for our Standard Client and Standard Server task sequences.
Inside of the client and server.xml files in c:\program files\Microsoft Deployment Toolkit\templates folder, modify the following section:
Change this: <step type="SMS_TaskSequence_SetVariableAction" name="Set Diskpart BIOS Compatibility Mode" description="" disable="true" runIn="WinPEandFullOS" successCodeList="0"> <action>cscript.exe "%SCRIPTROOT%\ZTISetVariable.wsf"</action> <defaultVarList> <variable name="VariableName" property="VariableName" hidden="true">OSDDiskpartBiosCompatibilityMode</variable> <variable name="VariableValue" property="VariableValue" hidden="true">TRUE</variable> </defaultVarList> </step>
To this: <step type="SMS_TaskSequence_SetVariableAction" name="Set Diskpart BIOS Compatibility Mode" description="" disable="true" runIn="WinPEandFullOS" successCodeList="0"> <action>cscript.exe "%SCRIPTROOT%\ZTISetVariable.wsf"</action> <defaultVarList> <variable name="VariableName" property="VariableName">OSDDiskpartBiosCompatibilityMode</variable> <variable name="VariableValue" property="VariableValue">TRUE</variable> </defaultVarList> </step>
Essentially you are just removing the hidden="true" from the XML file. Once you save the XML files just delete your task sequence from the workbench and recreate it.
Again thank you very much for finding these issues and please keep the feedback coming!
One of the new tasks and scripts in the Microsoft Deployment Lite Touch Task sequence is called Windows Update. This task is disabled in the default task sequence for the Client Template. The task runs a script called ztiwindowsupdate.wsf. One item to note is that the current version of this script requires client access to the Internet and also does not support proxy authentication. However if you meet those requirements, there are some really nice advantages of using this action. Here is a brief description of what actions this script performs.
This script will install and download updates from Windows Update http://windowsupdate.microsoft.com and Microsoft Update http://update.microsoft.com/microsoftupdate over the Internet using the Windows Update Agent API http://msdn2.microsoft.com/en-us/library/Aa387099.aspx. By default this feature is disabled in each Task Sequence, it must be manually enabled to run, and each computer must have a connection via proxy to the Internet. This script was designed to run on Windows XP, 2003, Vista, and should be compatible with Windows Server 2008 when released.
Most companies will already have established teams and infrastructures in place to patch newly deployed machines on the corporate network. This involves tracking the latest set of patches, drivers and updates available for each desktop configuration and determining which updates should be downloaded and installed for each configuration. If your company already has an established process, this script should not be necessary. For those teams who do not have established processes, yet wish to ensure that their images are updated when deployed, this script was designed to fill that need.
Microsoft Windows Update will automatically scan your machine and download a wide range of updates:
· Windows Service Packs (for Windows XP, Windows 2003)
· Many 3rd party Drivers have been placed on Windows Update, and will be automatically installed
· Enhanced features for Windows Vista Ultimate
· And the latest QFE (Quick Fix Engineering) patches for your System.
· And more!
Tip Many hardware manufacturers have placed their drivers up on Windows Update. This means for those drivers you will no longer need to maintain these drivers in your “Out of Box Drivers” directory. You can experiment by removing drivers from your distribution share to see which ones are available on Windows Update. Note that if the drivers are not included with Windows by default you should not remove “Networking” or “Storage” drivers, as the OS will require these drivers to boot and connect to windows update over the internet.
Microsoft Update will automatically scan your machine and download a wide range of updates:
· Updates for Microsoft Office
· Updates for Exchange Server and SQL Server
· Updates for Visual Studio
· Some 3rd party (non-Microsoft) applications
ZTIWindowsUpdate.wsf is run multiple times during the deployment of an OS during the state restore phase. First it is run after the OS has started for the first time. This ensures that the latest updates and service packs are installed prior to installation of any applications that might require dependencies. This can include the latest version of the .NET Framework, for example. ZTIWindowsUpdate.wsf is also run after the installation of applications allowing Microsoft Update to ensure that the latest application service packs and updates have been applied. For example Microsoft Update can ensure that the latest updates are applied to Microsoft Office 2003 or 2007.
It is possible that during installation of one or more components, Windows Update might need to reboot. This script is designed to automatically reboot and resume again if the Windows Update API requires it. If this script is run and determines that the machine is fully up to date, it will exit and continue, however if after 7 unsuccessful attempts to update the machine, the script still requires a reboot, ZTIWindowsUpdate.wsf will log an error.
During runtime, ZTIWindowsUpdate.wsf will perform the following:
· Will ensure that the latest version of the Windows Update API is installed on the machine.
· Will ensure that the latest version of the Microsoft Update binaries are installed on the machine.
· Will search the local machine using the default query: "IsInstalled = 0 and IsHidden = 0". Meaning that it will search for all updates that apply to the local machine that are not already installed, and may or may not be normally hidden.
· For each update found, there will be an associated ID and a KBArticle
o The ID will be in the GUID format, example: “67da2176-5c57-4614-a514-33abbdd51f67”
o The KBArticle will be a numerical value: “987654”
· The script will compare the ID and the associated KBArticle against a list of known exclusions:
o WUMU_ExcludeKB – A list of KBArticles to exclude. Any Update with a KBArticle found in this list will not be installed.
o WUMU_ExcludeID – A list of ID’s to exclude. Any Update with an ID found in this list will not be installed.
o In addition, any update that requires user input will be excluded, and not installed.
· All updates that require a EULA to be approved are approved. Be sure to manually read and check each EULA before running this script in a production enviornment.
· Each update is written to the log with the string “INSTALL” or “SKIP” if the update has been approved for installation, along with the Update ID, a short description of the update, and the KB article.
· Then each update is downloaded and installed in batches.
· A number of reboots may be required to continue installation.
Note Internet Explorer 7.0 requires User Interaction, so it is not installed by ZTIWindowsUpdate.wsf
Note By default you should include 925471 in your KB exclude list to prevent Windows Vista Ultimate from installing extra language packs.
During the typical lifecycle of the ZTIWindowsUpdate.wsf tool, you will want to periodically review the list of updates being installed by the ZTIWindowsUpdate.wsf tool to verify that each update meets your teams needs and expectations. All updates are logged and recorded in the ZTIWindowsUpdate.log file generated during deployment. Each update should indicate if it was “INSTALLED”, or if the script “SKIP”’ed installation of the update, the Update ID, the name, and the KB article associated with each update. If you come across an update that you wish to exclude, you can add that entry to your CustomSettings.ini file (for Lite Touch Installations).
For example, if you wish to exclude the installation of Windows Vista Langauge Packs, you would look up the line in the ZTIWindowsUpdate.log showing where the update was identified and installed, and select either the ID, or if present, the KB article number. In this case the KBArticle number for the Language Pack is 925471. Your Custom Settings would then contain the lines:
If you are looking for a quick overview of how to set up the Microsoft Deployment environment, the Quick Start Guide is now available for download directly. Based on feedback from the community, this guide offeres the walkthrough step by step instructions on how to set up Microsoft Deployment in a Lite Touch environment.
The document can be downloaded directly from here
What is Microsoft Deployment?
Microsoft Deployment is the next version of Business Desktop Deployment (BDD) 2007. It unifies the tools and processes required for desktop and server deployment into a common deployment console and collection of guidance. Microsoft Deployment adds new deployment and task sequencing capabilities for desktops and servers using System Center Configuration Manager 2007. Microsoft Deployment also supports Zero Touch Installation of desktop operating systems using Systems Management Server 2003 with the Operating System Deployment Feature Pack. For organizations without software distribution infrastructure, Microsoft Deployment provides a Lite Touch Installation option using the included Deployment Workbench and free tools for disk imaging and deployment.
Microsoft Deployment is available on the Microsoft Download Center and guidance can be read online in the Desktop Deployment and Server Deployment TechCenters on Microsoft TechNet. For more details and links to these destinations and other related content, visit http://www.microsoft.com/deployment.
What applications and operating systems can I deploy using Microsoft Deployment?
Microsoft Deployment will deploy prerelease versions of Windows Server® 2008, Windows Server 2003, Windows® XP SP2, Windows Vista®, and the 2007 Microsoft® Office system using a variety of Microsoft tools and custom scripts. Ongoing updates to the toolset will support released versions of Windows Server 2008.
Can I use Microsoft Deployment to deploy prerelease versions of Windows Server 2008?
Yes. Microsoft Deployment and its Beta predecessor Windows Server Deployment have been part of the Windows Server 2008 Beta programs. Shortly after the official release of Windows Server 2008, an updated version of Microsoft Deployment will provide full support of Windows Server 2008.
Where do I find Microsoft Deployment?
Visit microsoft.com/deployment for all downloads and Microsoft TechNet online resources for Microsoft Deployment. The Microsoft Deployment Toolkit containing both the tools and guidance necessary for automating server and desktop deployment is currently available on the Microsoft Download Center at downloads.microsoft.com, keyword “Microsoft Deployment.”
What new features does Microsoft Deployment contain?
Microsoft System Center Configuration Manager 2007 support, with the following features:
Lite Touch Installation support for Windows Server 2008:
Lite Touch Installation enhancements:
Lite Touch Installation multicast support:
What is the difference between Microsoft Deployment Lite Touch Installation and Zero Touch Installation?
Microsoft Deployment has been updated from Business Desktop Deployment 2007. As with previous releases, Lite Touch Installation requires a minimum set of tools and assumes that the environment does not have systems management utilities, directory services, or deployment servers in place. The highly automated Zero Touch Installation requires Microsoft System Center Configuration Manager 2007 or Microsoft Systems Management Server 2003 and Microsoft Active Directory® environment for deployment. Microsoft Deployment’s Lite Touch Installation has been updated to share most of the configuration process with Zero Touch Installation. The unified architecture makes it easier to implement both Zero Touch Installation and Lite Touch Installation together if desired, depending on the breadth of tools available in the environment.
What does Microsoft Deployment include?
Microsoft Deployment provides the assets required to deliver Windows Vista and the 2007 Microsoft Office system to the corporate desktop.
Included Tools and Related Guidance
Technical Solution Guidance
Sample and Job Aid Documents
Which organizations will benefit from Microsoft Deployment?
Microsoft Deployment offers a solution targeted to all corporate customers who have as few as 25 or more networked PCs using Microsoft desktops and/or servers who need a high level of operational excellence and scalability. Microsoft Deployment is especially useful for organizations with varied network and systems management infrastructure. Organizations with low bandwidth or disconnected branch offices or remote users can also benefit from new capabilities in Microsoft Deployment to create stand-alone media-initiated operating system deployments.
Which operating system migrations does Microsoft Deployment provide guidance for?
Microsoft Deployment can be used to manage desktop migrations of Windows 2000 and later operating systems to Windows Vista. Microsoft Deployment also provides functionality for migrating Windows 2000 to Windows XP with Service Pack 2.
Do I need Microsoft Deployment if my organization has System Center Configuration Manager 2007?
System Center Configuration Manager 2007 contains several deployment enhancements compared to Systems Management Server 2003. These enhancements include native support for operating system deployment, an integrated task sequencing engine and support for standalone media-initiated deployment. If your organization has System Center Configuration Manager 2007, Microsoft Deployment provides additional value by delivering deployment project management guidance, extensions to task sequencing capabilities, three additional task sequence templates and enhanced post operating system installation provisioning tasks—including automated role installation for Windows Server 2003 deployment.
How does the workflow process ensure smooth deployment?
The Microsoft Deployment process is based on Microsoft Solutions Framework (MSF). MSF delivers proven practices for planning, building, and deploying a variety of technology solutions. It combines aspects of software design and development plus infrastructure design and deployment into a single project life cycle. With MSF, organizations can achieve the right balance of flexibility while meeting their commitments, as well as achieve speed while minimizing their risks.
Does Microsoft Deployment make it easier for implementers to get to technical content?
Microsoft Deployment contains feature team guides in two sections: guidance for project management and guidance and technical guidance for implementers. The Deployment Workbench MMC application has document navigation features built into the tool.
How does Microsoft Deployment address the biggest obstacles in deployment?
Microsoft conducted extensive research to prioritize the top “deployment blockers” that prevent efficient migration and designed Microsoft Deployment to address these:
· Application compatibility
· Data migration
· Deployment automation
· Disk Imaging
· Post installation configuration and provisioning
Which technologies are being applied in Microsoft Deployment?
Microsoft Deployment is based on deployment tools from Microsoft, as well as custom scripts.
· Hardware and software Inventory—Application Compatibility Analyzer, Microsoft SQL Server™/Microsoft SQL Server™ 2000 Desktop Engine, Microsoft Office Access™
· Application Compatibility Testing and Remediation—Application Compatibility Toolkit 5.0.2, Microsoft Virtual PC 2004
· Core Application Packaging—Office Professional Edition 2007, the Microsoft Office Resource Kit
· Imaging—ImageX, System Image Manager, Microsoft Windows Preinstallation Environment 2.0 (Windows PE 2.0), Sysprep, Deployment Workbench
· Project Management—Microsoft Project 2003
· Application Packaging—Customer choice
· Volume Activation 2.0—New methods of activation
· User Data and Settings—User State Migration Tool 3.0.1
· Deployment Process—Windows PE 2.0, Sysprep, Windows Deployment Services, Microsoft Deployment Deployment Wizard
· BitLocker™ drive encryption support for Lite Touch Install scenarios
Are there technology constraints to Microsoft Deployment?
By design, there are very few. With Microsoft Deployment, Microsoft does not assume that any network management system or specific deployment servers already exist within the organization.
Will desktop users lose all data and settings that they currently have on their computers?
No. Microsoft Deployment provides detailed, best-practice guidance about user state migration for desktops and employs the User State Migration Tool 3.0.1 to migrate the desired settings and attributes to the new desktop.
Does Microsoft Deployment support Windows XP Professional with Service Pack 2 and Windows Server 2003 installations?
Yes. Microsoft Deployment supports Windows XP SP2, Windows Vista, and Windows Server 2003 operating system installations.
How do I get Windows PE 2.0?
Windows PE 2.0 is available as part of the Windows Vista and Windows Server 2008 operating systems (boot.wim). It is also available separately in the Windows Automated Installation Kit (Windows AIK), which includes Windows PE for each platform (ia64, x64, x86) and tools to customize it using Windows System Image Manager and Windows Deployment Services. Microsoft Deployment downloads the Windows AIK from the Deployment Workbench.
What tools are used in the Microsoft Deployment accelerator for imaging?
Microsoft Deployment delivers a feature-rich MMC console, Deployment Workbench, which is built on Windows Vista and Windows Server deployment tools including: ImageX, Windows System Image Manager, Windows PE 2.0, and Windows Deployment Services. Microsoft Deployment also uses Configuration Manager 2007’s stand-alone media initiated operating system deployment feature as well as System Management Server 2003 OS Deployment Feature Pack OS Image package contents and image management.
Does Microsoft Deployment address security policies necessary for desktop and server hardware?
Microsoft Deployment helps companies understand how security policies affect the design of operating system images and also discuss strategies for hardening of desktops and servers. However, Microsoft Deployment is not intended to replace specific security solutions. In parallel with Microsoft Deployment, the Windows Vista Security Guide and Windows Server 2003 Security Guide is available on Microsoft TechNet and from the Microsoft Download Center. Future Deployment accelerator releases will integrate the 2007 Office Security Guide and the Windows Server 2008 Security Guide.
Can Microsoft Deployment be tailored to fit a company’s specific project-management methodology?
Yes. Microsoft Solutions Framework (MSF) is a life-cycle model that addresses a number of disciplines, including project management, so good project-management methodology can be used in conjunction with the solution. The solution can even be adapted to operate within a different life-cycle methodology. Although the phases, tasks, and milestones are specific to MSF, the process is generic. Any analyst with a basic knowledge of MSF and the target methodology should be able to adapt Microsoft Deployment to fit into any project-management methodology.
Who should use Microsoft Deployment and how much does it cost?
Microsoft Deployment is freely available to customers and partners to use in planning and testing their operating system migration and deployment projects for pre-release versions of Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP SP2, and the 2007 Microsoft Office System. More information on Microsoft Deployment and links to downloads and related Microsoft TechNet content can be found at microsoft.com/deployment.