Friday, November 13, 2009

Deploying Windows 7 to a domain

Been a while but thought i would add this to my blog.

Preparing Windows 7 to be imaged out the our vanilla domain. For imaging we are currently using Free Open Ghost which is proving to be a very nice imaging suit, but the AD integration has never worked for us so we have always relied on sysprep which under XP was very simple, and would present us with a nice easy setup screen to change workstation name and then add the machine to the domain. With Win 7 sysprep can do the same process but only seems to be able to add the workstation to the domain with a nearly random machine name which is not very helpful so we have come up with a more creative way which seems to work.

Step 1:
Install Windows 7, install drivers, updates and all packages that are required in the image.
Packages we put in as default: Flash, Shockwave, reader, java, realplayer, office, quicktime, photoshop(site licence), openoffice, and VLC.
Disable the UAC in the user control panel.
Step 2:
Create our setup folder structure.
On a networkshare or memory stick create a folder called "c_drive".
Under "c_dirve" create folders "ProgramData" and "Windows".
Under "c_drive\ProgramData" create "Microsoft".
Under "c_drive\ProgramData\Microsoft" create "Windows".
Under "c_drive\ProgramData\Microsoft\Windows" create "Start Menu".
Under "C_drive\ProgramData\Microsoft\Windows\Start Menu" create "Programs".
Under "C_drive\ProgramData\Microsoft\Windows\Start Menu\Programs" create "Startup".
Under "C_drive\Windows" create "System32".
Under "C_drive\Windows\System32" create "Sysprep".

Now we have our folder structure we start to populate it with the files required.

Step 3:
Prepare a unattend.xml.
This file is used by sysprep to minimize the amount of information that needs to be setup after imaging, such as region, timezone, agrement.

To create this file we have used a free microsoft product called "Microsoft Windows AIK" installed on our Win 7 machine.

Insert a windows 7 DVD then run "Windows System Image Manager".

In the "Windows Image" right click and select new image, browse to DVD:\sources and select "install_Windows7 PROFESSIONAL.clg".
In the "Answer File" section right click and create a new answer file.

In the "Windows Image" section under the components find x86_Microsoft-Windows-Inernational-Core(version)_neutral and right click add to oobeSystem.
Under the components find x86_Microsoft-Windows-Shell-Setup_(version)_neutral and right click add to oobeSystem.

Back into the "Answer File" location expand components - oobeSystem, and select x86_Microsoft-Windows-International-Core.

Set everything under the settings on the right to "en-UK".

Select x86_Microsoft-Windows-Shell-Setup in the Answer file. expand to AutoLogon and set Enabled to true, LogonCount to 1, and username to administrator.

expand password and set value to the local administrators password.

Below AutoLogon select OOBE and set HideEULAPage to true, HideWirelessSetup to true, NetworkLocation to Work, and ProtectYourPC to 1.

Below OOBE select UserAccounts and Set the AdministratorsPassword to the same as above.

We now need to create a local user to stop the menu showing during setup, this user will not be required for any other purpose so the password can be set to a long complicated password which we will never need to use.

Right click on LocalAccounts and insert new local account, give the new account a description, display name, group = administrators, any name you like that does not already exists on the machine. Expand the local account and select password and set it to a long random string of chars/numbers/upper and lower-case characters.

Click File - Save Answer File as.... and save it in the previously created folder structure as: C_drive\Windows\System32\Sysprep\unattend.xml

Step 4:
Crate a new file in our file structure C_drive\Windows\System32\Sysprep\addtdom.ps1

Edit the file and add the following on one line changing the domain name to your domain name, and add2dom to the account you use to add machines to the domain, and password to the password of that account.

$credential = New-Object System.Management.Automation.PsCredential("DomainName\add2dom", (ConvertTo-SecureString "password" -AsPlainText -Force))

Then add the line replacing DomainName.local to your domain name:

Add-Computer -DomainName "DomainName.local" -Credential $credential

Save and exit.

Step 5:
Crate a new file in our file structure C_drive\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\runonce.bat

Edit the file and add the following lines:
powershell Set-ExecutionPolicy unrestricted
powershell c:\windows\system32\sysprep\addtdom.ps1
shutdown -r -t 30
del "c:\setup.bat"
del "c:\Windows\System32\sysprep\unattend.xml"
del "c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\runonce.bat"


Save and exit the file.

Step 6:
Create a new file in our file structure c_drive\setup.bat
and add the line:
c:\windows\system32\sysprep\sysprep.exe /oobe /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml

Save and exit.

Step 7:
You now have all the necessary files in place and are ready for gathering the image.
Copy the contents of you created file structure onto the root of c:\ then run c:\setup.bat

Your machine will now sysprep then shutdown, Now is the time to gather the image.

When your workstation next boots all it will prompt you for is a machine name then it will add itself to the domain reset a few times then be ready to use.

End

Just to remind you I mainly only write this for my own memory but welcome any use and comments.