Operating System Deployment in the Real World

Jarvis DavisSenior ConsultantVirtevaSession Code: MGT313

Agenda

Computer Lifecycle Management and OSDImage Build ProcessImage Deployment ProcessReal World Notes throughoutQ&A

Computer Lifecycle ManagementFive core components

OSD Process OnlyOperating System with integrated Service PackDevice Drivers

OSD and Existing Systems ManagementApplicationsUpdatesUser State

Computer Lifecycle ManagementApplications

Existing systems process example – Antivirus upgrade

Create Software Distribution packageCreate Program (silent/unattended)Advertise to self collapsing collection

Why use a different process for OSD installations?

Use the same package/programConsistency across the environment

Conclusion – package all apps in ConfigMgr

Computer Lifecycle ManagementUpdates

Existing Process – Patch TuesdayMicrosoft UpdateWSUSConfigMgr Software Update Point

Use the same process during OSDNo extra admin load to maintain itConsistency is good!

Computer Lifecycle ManagementUser state

User State – not just for OSDKey Decisions

Policies for what and how much a user can storeRedirect user data to the network and cache offlineHide local drives

Migrating user dataUser State Migration Tool (USMT) 3.0.1

Standalone Integrated – ConfigMgr State Migration Point

Upcoming – USMT 4

Computer Lifecycle ManagementConclusion and summary

A well designed plan for managing existing systems can be utilized in the OSD processThe OSD process is an extension of your existing management of the computer lifecycleAvoid creating special processes for OSD

Real World Notes

ConfigMgr/MDT IntegrationHTA Support (Hyper Text Application)ADO support (ability to talk to Active Directory)Scripts

MDT scriptsCustom scripts

More Task Sequence optionsBuild the image in a virtual machine

Cleaner image – no extraneous driversNot hardware dependent

Real World NotesApp requirements for use in a ConfigMgr Task Sequence

Must run as System accountConfigMgr must control all rebootsSilent/No user interaction

Caveat – HTA or VBS workaround

What about apps that “most” users get?Key requirement – deployment speedInclude it in the imageCreate a ConfigMgr program for the uninstallerUninstall during the deployment

Real World NotesProgram settings

Real World NotesUpdates

SUP – special setting required during a Build and Capture TSSMSSLP=<SiteServerName>

WSUS or Microsoft Update using an MDT scriptCustomsettings.ini setting (to point it to WSUS):

WSUSServer=http://mywsusservername

KB955955Affects ConfigMgr SP190 second delay between install software stepsFixed via a patch applied during client installation

Image Build Processdemo

Image Deployment ProcessRequirements

Consistent / Automated / RepeatableCommon methodology for multiple Operating Systems Integrated with existing process for apps and updatesSpeed of deploymentNear 100% success rateScalable / WAN friendlyAll deployment scenarios (bare/rebuild/replace)

Image Deployment ProcessRequirements (continued)

What deployment tools can meet those requirements?

MDT?Fast, flexible, automated, all scenarios, success rateIntegrated? Scalable?

ConfigMgrFast, automated, integrated, flexible, scalable, highly successfulMeets all of our requirements

Image Deployment ProcessWhat goes in the deploy?

Operating System – WIM created in the Build ProcessRole based or frequently updated applicationsUpdatesDevice driversUser state handling for refresh or replace scenarios

Real World NotesRole based applications

What are the requirements?IntegratedSpeedAutomated / RepeatableFlexible

HTA Front End script to start off the deploy task sequenceMDT Database

Image Deployment ProcessDevice driver management

Key Requirement – 100% success rateAuto Apply Drivers

FlexibleNot all devices are enabled during PnP portion of installMust use in conjunction with Apply Driver Package to ensure all drivers are applied

Apply Driver PackageDoes not rely on PnP detection100% success rate

Real World NotesDevice drivers

Driver import limitation Two workarounds

Unique text file in each driver folder.Don’t import drivers

Thanks and acknowledgement to Johan Arwidmarkwww.deployvista.com/Default.aspx?tabid=36&EntryID=82

Exception – hardware based driversTreat these as applications and utilize WMI to selectively install

Real World NotesFolder structure for source

Real World NotesGeneral deployment process issues

Computer naming optionsAutomated based on hardware

MAC AddressSerial Number

Caution: Lenovo is re-using serial numbersConsider using a Model/Serial combination

Manually import by MAC addressFront End HTA

Real World NotesGeneral deployment process issues

OSD Advertisement settings – Mandatory?Short answer: NO!!!

Worst case scenario – accidental re-imageIf you insist on making it mandatory –

PE and boot media are password protectedRestrict access to the advertisement collectionYou are willing to accept the risk of an accidental deploymentYou have an updated resume saved at an off-site location

Real World NotesOSD Multicast

Bandwidth conservation – simultaneous deploymentsOnly enable on OS Image PackagesPre-requirements

Windows Server 2008ConfigMgr R2

Real World NotesGeneral deployment process issues

verbalprocessor.com/2009/03/31/domain-join-account-minimum-rights/

Domain Join Account – Minimum RightsPermission Apply to

Reset Password Computer Objects

Validated write to DNS host name Computer Objects

Validated write to service principal name Computer Objects

Read/Write Account Restrictions Computer Objects

Create/Delete Computer Objects This object and all descendant objects

Image Deploy Processdemo

Troubleshooting Tips

Run CMD prompt as systemverbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-local-system/SMStrace (trace32.exe) log file viewer

Part of the SMS 2003 Toolkit 2Learn to use the log filesSample log files (success)

Use to compare with current log files to determine problems

Additional ResourcesTechNet forums

myITforum.com Johan Arwidmark

deployvista.com Michael Niehaus

blogs.technet.com/mniehaus/ Deployment Guys

blogs.technet.com/deploymentguys/ Jarvis’s blog

verbalprocessor.com

question & answer

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learningMicrosoft Certification and Training Resources

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

Related ContentBreakout SessionsMGT319 - Troubleshooting Microsoft System Center Configuration Manager 2007 OS DeploymentsMGT317 - Streamline Application and Desktop Delivery with Microsoft System Center

Interactive Theater SessionsMGT04-INT Share the Pain: Techniques for Managing Drivers with Microsoft System Center Configuration Manager and Microsoft Deployment Toolkit 2008

Hands-on LabsMGT04-HOL Deploying OS Images through Microsoft System Center Configuration Manager and Network Boot

Hands-on LabsMGT12-HOL Managing Microsoft Updates with Microsoft System Center Configuration Manager 2007

Track ResourcesKey Microsoft Sites

System Center on Microsoft.com: http://www.microsoft.com/systemcenterSystem Center on TechNet: http://technet.microsoft.com/systemcenter/Virtualization on Microsoft.com: http://www.microsoft.com/virtualization

Community ResourcesSystem Center Team Blog: http://blogs.technet.com/systemcenterSystem Center Central: http://www.systemcentercentral.comSystem Center Community: http://www.myITforum.com System Center on TechNet Edge: http://edge.technet.com/systemcenterSystem Center on Twitter: http://twitter.com/system_centerVirtualization Feed: http://www.virtualizationfeed.com System Center Influencers Program: Content, connections, and resources for influencers in the System Center Community. For information, contact scnetsup@microsoft.com

Complete an evaluation on CommNet and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.