Post on 18-Jan-2018
Operating System Deployment in the Real World
Jarvis DavisSenior ConsultantVirtevaSession Code: MGT313
Agenda
Computer Lifecycle Management and OSDImage Build ProcessImage Deployment ProcessReal World Notes throughoutQ&A
Computer Lifecycle ManagementFive core components
OSD Process OnlyOperating System with integrated Service PackDevice Drivers
OSD and Existing Systems ManagementApplicationsUpdatesUser State
Computer Lifecycle ManagementApplications
Existing systems process example – Antivirus upgrade
Create Software Distribution packageCreate Program (silent/unattended)Advertise to self collapsing collection
Why use a different process for OSD installations?
Use the same package/programConsistency across the environment
Conclusion – package all apps in ConfigMgr
Computer Lifecycle ManagementUpdates
Existing Process – Patch TuesdayMicrosoft UpdateWSUSConfigMgr Software Update Point
Use the same process during OSDNo extra admin load to maintain itConsistency is good!
Computer Lifecycle ManagementUser state
User State – not just for OSDKey Decisions
Policies for what and how much a user can storeRedirect user data to the network and cache offlineHide local drives
Migrating user dataUser State Migration Tool (USMT) 3.0.1
Standalone Integrated – ConfigMgr State Migration Point
Upcoming – USMT 4
Computer Lifecycle ManagementConclusion and summary
A well designed plan for managing existing systems can be utilized in the OSD processThe OSD process is an extension of your existing management of the computer lifecycleAvoid creating special processes for OSD
Real World Notes
ConfigMgr/MDT IntegrationHTA Support (Hyper Text Application)ADO support (ability to talk to Active Directory)Scripts
MDT scriptsCustom scripts
More Task Sequence optionsBuild the image in a virtual machine
Cleaner image – no extraneous driversNot hardware dependent
Real World NotesApp requirements for use in a ConfigMgr Task Sequence
Must run as System accountConfigMgr must control all rebootsSilent/No user interaction
Caveat – HTA or VBS workaround
What about apps that “most” users get?Key requirement – deployment speedInclude it in the imageCreate a ConfigMgr program for the uninstallerUninstall during the deployment
Real World NotesProgram settings
Real World NotesUpdates
SUP – special setting required during a Build and Capture TSSMSSLP=<SiteServerName>
WSUS or Microsoft Update using an MDT scriptCustomsettings.ini setting (to point it to WSUS):
WSUSServer=http://mywsusservername
KB955955Affects ConfigMgr SP190 second delay between install software stepsFixed via a patch applied during client installation
Image Build Processdemo
Image Deployment ProcessRequirements
Consistent / Automated / RepeatableCommon methodology for multiple Operating Systems Integrated with existing process for apps and updatesSpeed of deploymentNear 100% success rateScalable / WAN friendlyAll deployment scenarios (bare/rebuild/replace)
Image Deployment ProcessRequirements (continued)
What deployment tools can meet those requirements?
MDT?Fast, flexible, automated, all scenarios, success rateIntegrated? Scalable?
ConfigMgrFast, automated, integrated, flexible, scalable, highly successfulMeets all of our requirements
Image Deployment ProcessWhat goes in the deploy?
Operating System – WIM created in the Build ProcessRole based or frequently updated applicationsUpdatesDevice driversUser state handling for refresh or replace scenarios
Real World NotesRole based applications
What are the requirements?IntegratedSpeedAutomated / RepeatableFlexible
HTA Front End script to start off the deploy task sequenceMDT Database
Image Deployment ProcessDevice driver management
Key Requirement – 100% success rateAuto Apply Drivers
FlexibleNot all devices are enabled during PnP portion of installMust use in conjunction with Apply Driver Package to ensure all drivers are applied
Apply Driver PackageDoes not rely on PnP detection100% success rate
Real World NotesDevice drivers
Driver import limitation Two workarounds
Unique text file in each driver folder.Don’t import drivers
Thanks and acknowledgement to Johan Arwidmarkwww.deployvista.com/Default.aspx?tabid=36&EntryID=82
Exception – hardware based driversTreat these as applications and utilize WMI to selectively install
Real World NotesFolder structure for source
Real World NotesGeneral deployment process issues
Computer naming optionsAutomated based on hardware
MAC AddressSerial Number
Caution: Lenovo is re-using serial numbersConsider using a Model/Serial combination
Manually import by MAC addressFront End HTA
Real World NotesGeneral deployment process issues
OSD Advertisement settings – Mandatory?Short answer: NO!!!
Worst case scenario – accidental re-imageIf you insist on making it mandatory –
PE and boot media are password protectedRestrict access to the advertisement collectionYou are willing to accept the risk of an accidental deploymentYou have an updated resume saved at an off-site location
Real World NotesOSD Multicast
Bandwidth conservation – simultaneous deploymentsOnly enable on OS Image PackagesPre-requirements
Windows Server 2008ConfigMgr R2
Real World NotesGeneral deployment process issues
verbalprocessor.com/2009/03/31/domain-join-account-minimum-rights/
Domain Join Account – Minimum RightsPermission Apply to
Reset Password Computer Objects
Validated write to DNS host name Computer Objects
Validated write to service principal name Computer Objects
Read/Write Account Restrictions Computer Objects
Create/Delete Computer Objects This object and all descendant objects
Image Deploy Processdemo
Troubleshooting Tips
Run CMD prompt as systemverbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-local-system/SMStrace (trace32.exe) log file viewer
Part of the SMS 2003 Toolkit 2Learn to use the log filesSample log files (success)
Use to compare with current log files to determine problems
Additional ResourcesTechNet forums
myITforum.com Johan Arwidmark
deployvista.com Michael Niehaus
blogs.technet.com/mniehaus/ Deployment Guys
blogs.technet.com/deploymentguys/ Jarvis’s blog
verbalprocessor.com
question & answer
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Related ContentBreakout SessionsMGT319 - Troubleshooting Microsoft System Center Configuration Manager 2007 OS DeploymentsMGT317 - Streamline Application and Desktop Delivery with Microsoft System Center
Interactive Theater SessionsMGT04-INT Share the Pain: Techniques for Managing Drivers with Microsoft System Center Configuration Manager and Microsoft Deployment Toolkit 2008
Hands-on LabsMGT04-HOL Deploying OS Images through Microsoft System Center Configuration Manager and Network Boot
Hands-on LabsMGT12-HOL Managing Microsoft Updates with Microsoft System Center Configuration Manager 2007
Track ResourcesKey Microsoft Sites
System Center on Microsoft.com: http://www.microsoft.com/systemcenterSystem Center on TechNet: http://technet.microsoft.com/systemcenter/Virtualization on Microsoft.com: http://www.microsoft.com/virtualization
Community ResourcesSystem Center Team Blog: http://blogs.technet.com/systemcenterSystem Center Central: http://www.systemcentercentral.comSystem Center Community: http://www.myITforum.com System Center on TechNet Edge: http://edge.technet.com/systemcenterSystem Center on Twitter: http://twitter.com/system_centerVirtualization Feed: http://www.virtualizationfeed.com System Center Influencers Program: Content, connections, and resources for influencers in the System Center Community. For information, contact scnetsup@microsoft.com
Complete an evaluation on CommNet and enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.