Document copyright 2010 Mark Minasi; please see below for info on subscribing, unsubscribing or copying portions of this text. What's Inside
NewsHi all — The past four years have seen many changes in the Windows world but one could argue that the biggest innovation has been in the area of deployment tools. But which tool to use? Rhonda Layfield returns with a quick and useful set of suggestions about how to "choose what you'll use," and I think it'll save you some time. I know you're going to want to give it a careful read... but first, a word from our sponsor: The Complete Two-Day "Running an R2-Based Active Directory" Seminar Comes to Charlotte, San Francisco and Chicago in February, March and April at a Discount RateAfter a very successful one-day "beta" version of my new AD class (many thanks to our December attendees!), I got some material shaken down and found out what topics I needed to add to create a two-day AD class that you'll find a cost-effective use of your time. To kick off the new complete version of the class, I'm running sessions in Charlotte, SF and Chicago and knocking $100 off every seat. As Active Directory enters its "tweens," most AD admins and managers have moved from "how do I design and set this up?" to "now that I'm in charge of somebody else's 10-year-old AD, how can I most easily and cheaply manage it, fix it, and streamline it?" I get (and answer) those questions all the time, and now I can answer them for you. Join me for a fun, fast-paced two day of AD setup, management, upgrading and troubleshooting. The course includes some in-depth DNS and AD troubleshooting, expert advice on safely virtualizing DCs, a practical, example-rich dive into solving AD admin problems with PowerShell, a quick review of the latest thinking on AD design and R2 upgrade, and in-depth discussions of R2's most significant "hey, I want that!" AD-related features. Everyone who's been asking for this class over the past year have been so patient that as a small "thank you," I'm running the first three sessions at $100/seat below the normal rate. The first run takes place in Charlotte (Feb 20-21), San Francisco (March 19-20), and Chicago (2-3 April), and if you're thinking of signing up, consider doing so early -- I was surprised to find that I had to close registration on the Seattle and New York classes last December. (The classes outgrew the hotel conference rooms we'd booked and there wasn't any place to move them to at that point.) Find the course outline here and then you can sign up here. I hope to see you in Charlotte, San Fran, or Chicago! Three New Audio SetsMany of you couldn't make it to my Win 7, R2 or Cloud Computing talks, so we've got them available as audio sets:
With the holidays just around the corner, could you possibly imagine a better stocking stuffer? My Free Replacement for Steady State... Steadier StateI know that a lot of you really miss Steady State, the tool that lets you essentially create virtual machine "snapshots," but on a physical copy of Windows like a classroom lab PC, public library workstation, kiosk PC etc, and that lets you un-do all of the mess done to a Windows box in under four minutes with no admin interaction needed. So I created what I call Steadier State. Put it on a PC, get it the way you like it, and snapshot the machine. Then turn it loose on the public for as long as you like, and reboot it. One of the reboot options will be "Roll Back Windows," and if you choose that, then in under four minutes everything that the users did is completely un-done. Give it a try at http://www.steadierstate.com. Tech Section: Microsoft Deployment Tools - Choose Your Tools Wisely!Not that long ago, Microsoft's operating system deployment tools -- Setup Manager, RIS, ADS -- were, well, not the most impressive pieces of software, and so most of us had little choice but to look elsewhere for applications that could simplify our rollout tasks. In the past few years, however, that's completely changed. Not only does Microsoft offer some terrific deployment tools, it now has so many that you may well have trouble figuring out where to get started in the first place. Should you base your decision on the number of computers you need to deploy? How about your company's geographical topology? Maybe How's the current skill set of your ITPros? I’ve had people ask “Do I need to install Configuration Manager (ConfigMgr), Windows Deployment Services (WDS), Microsoft Deployment Toolkit 2010 Update 1(MDT 2010 U1) and Windows Automated Installation Kit 2.0 (WAIK for Windows 7) just to get started? And what is this 'Modena' thing, anyway?” (The answer, by the way, is "no" -- Windows deployment can be quite easy.) So what's the right answer? Well, that depends on your deployment needs. Do you need to push an operating system deployment (OSD) with no human intervention to your client machines thus performing a zero touch installation (ZTI)? Or, do you want someone to have to initiate the installation/migration of Windows 7 to your clients performing a "lite touch" installation (LTI)? And don’t focus simply on how to get Windows 7 and/or Windows Server 2008 R2 deployed to your system --you should consider also how to handle re-imaging, that's a nearly ubiquitous troubleshooting step in IT today. In this short article, I’ll give you an overview of each of the tools and reasons why you would choose one tool over another and how to integrate multiple tools together to get the right deployment solution for your environment. System Center Configuration Manager ("ConfigMgr")Let's first consider the biggest, most feature-packed (and most expensive) option. Microsoft’s flagship deployment product is Config Manager (often abbreviated "ConfigMgr") and it comes with all the bells and whistles of a dream deployment: scheduled/mandatory OSD ZTI, the ability to target specific machines with an OSD based on criteria determined by you (e.g., 1 gigahertz (GHz) or faster processor, 2 GB RAM and 40 GB of available hard disk space). ConfigMgr allows you to push an operating system deployment (OSD) to the machines of your choice at the time of your choosing (for example, "begin OSD at 11:00 PM") due to ConfigMgr’s built in wake-on-lan (WOL) feature. Along with OSD ConfigMgr offers so much more: hardware and software inventory, patch management using WSUS, and detailed reporting capabilities allowing you to follow every step of an OSD. ConfigMgr also scales wonderfully to any size organization, regardless of the number of offices or no matter how far-flung or numerous the organization's offices might be . But ConfigMgr has some down-sides. It can be difficult to install and setup correctly. The Active Directory schema must be extended. SQL Server is required. Finally, there are multiple "site server roles" to be configured. If you're new to ConfigMgr, I strongly recommend that you find a class taught by a reputable source. At that course, you'll learn the ins and outs of installation and configuration to avoid making costly mistakes that can waste valuable time. Performing OSD deployments requires MDT 2010 and MDT 2010 requires Windows AIK for Windows 7 so integration is a must. You can also choose to integrate Windows Deployment Service for its multicasting functionality. WDS on Server 2008 or 2008 R2 offers the ability to send an OS image to multiple machines at the same time instead of supporting only unicast traffic -- which would put a much larger burden on your server and network infrastructure. If you can devote the resources to it, ConfigMgr's the option of choice. Microsoft Deployment Toolkit 2010 Update 1If ConfigMgr is not an option for you the next best tool is the Microsoft Deployment Toolkit 2010 Update 1 (MDT 2010 U1). MDT 2010 U1 requires Windows AIK for Windows 7. Both are free downloads from Microsoft. MDT 2010 U1 performs LTIs and provides built-in templates to support what it calls "refresh" (changing the OS but keeping the same hardware), "replace" (changing both OS and hardware), "migration" (migrating XP to Windows 7) and bare-metal installations. One of my favorite features of MDT is the way it compartmentalizes your entire deployment solution. MDT lets you quickly assemble a deployment solution by picking an operating system, applications, drivers and so on. Configuring an existing solution is as simple, whether you want to add or remove some drivers, or if you want to change your operating system altogether. As in most other deployment solutions, can support "thin" operating system images (a bare-bones operating system without pre-installed apps or perhaps even patches, to which we add apps and patches upon deployment), or "thick" OS images, single-image files that contain pre-configured combinations of applications, patches, drivers and the like. Grizzled veterans of deployment tools have debated the merits of thin versus thick for years, but if you opt for MDT 2010 U1, I'd go with thin images. (Okay, you could possibly roll out an in-between "hybrid" answer, a thin image with your corporate software included and then tell MDT to add various pieces of optional software as it performs a deployment -- MDT's flexibility is one of its strengths.) MDT 2010 U1 can do something close to a ZTI with a little extra tweaking, but you may have to integrate third party (sometimes paid for) solutions for functions like wake-on-lan (WOL). (Again ConfigMgr provides WOL in the box, MDT doesn't.) MDT also offers two great features for companies that have small branch offices that possibly don’t even have a local server in those branch offices - "Media" allows you to put an entire deployment solution onto one or more DVDs, UFD or external hard drive. Basically you can just FedEx a USB stick to someone in your branch office and tell him or her, "shove this into a USB slot, boot from the USB stick, and walk away," and the deployment's done. Or you could create a linked deployment share and copy the entire deployment solution (or just bits and pieces) to a local office so those clients can perform their deployments locally. You can also integrate WDS with MDT 2010 U1 to get the ability to PXE boot (F12) to begin a deployment. WDS can also provide multicasting functionality for MDT images as it did for ConfigMgr. Again, MDT ain't ConfigMgr, but it's a whole heckuvalot cheaper! Windows Automated Installation Kit For Windows 7The Windows AIK contains tools that both ConfigMgr and MDT 2010 U1 use under the hood. For example, you may know that Microsoft gives away a program called the User State Migration Tool (USMT) that lets you save a user's data and application settings with a command called "ScanState." After running ScanState, you can then wipe the user's machine, install a new operating system and the user's applications, and then finally restore the user's data and application settings by running the second half of USMT, a program called "LoadState." When USMT works, it's great, but customizing it requires painstaking rewriting of a bunch of XML files and, in a few words, it just ain't no fun. Use USMT solely from the WAIK, though, and you can't around that XML work. Run it from MDT, in contrast, and MDT shields you from all mess, generating the XML files and command invocations automatically. (Running ScanState can also require figuring out a command line with over 200 characters. Not something you want to type on every machine, right?) The Windows AIK is the place to get all of the new basic deployment components, most of are the building blocks upon which MDT and ConfigMgr rely. It includes ImageX, a Ghost-like tool that lets you create and apply images. It's also got the Deployment Image Servicing and Management (DISM) tool, which you'll use to mount, unmount and manage images. (For example, you can add or remove drivers and hot fixes to/from an OS image without having to first deploy the image.) WAIK also includes OSCDIMG, which converts windows image (".wim") images to ISOs so that they can be burned to CDs and distributed for easy deployment. Windows System Image Manager (WSIM), another WAIK component, creates unattended answer files in XML format -- run WSIM, answer a few questions and in no time you've got an unattended XML file, meaning that you can deploy Windows to a new system by just popping the installation DVD into the new system. You can then just walk away, as the XML file keeps you from having to answer any setup questions. Come back in 20 minutes or so, and you've got a freshly installed system, with no babysitting the Setup program necessary. USMT's in the WAIK and so is CopyPE, a tool that creates a WinPE working environment so you can create custom Windows Preinstallation Environments (WinPEs). Lastly, the Volume Activation Management Tool 1.2 is included and helps you centrally manage volume activation. Sound good? It is, but, again, while the WAIK contains a wealth of useful (and free) tools, it's not for everyone. Most of the tools in the Windows AIK work from the command line only, and unfortunately each of the tools has its own unique syntax. A few of the WAIK tools have GUIs, but even they can be a bit cryptic. Although you could perform a complete deployment using the Windows AIK, you'd have to master a lot of concepts. Windows Deployment Service (WDS)WDS is a role that is in-the-box with Windows Server 2008 (and R2) and is the latest evolution of Remote Installation Service (RIS). WDS requires Active Directory, DHCP and DNS (unless you implement the Transport Service only) and provides LTI only -- no zero-touch installs. Microsoft supports deploying both .wim and .vhd image formats from WDS. Installation and configuration is pretty easy although the driver management is a bit cumbersome. WDS provides PXE boot capabilities and multicasting of images to your target machines. Two of the drawbacks of WDS are image management and the fact that WDS can only provide bare-metal installations -- no refreshes, no migration etc. Thick images are your only option -- you can't tell WDS, "first install Windows 7 Professional and then install Adobe Acrobat Reader" -- and if you want to make a change to an OS image you have to export the image from the WDS snap-in, use the Windows AIK tools to make your changes and add it back to the WDS snap-in. If you wanted to perform a refresh or replace scenario you would need to fully script those deployments yourself -- no GUI help from WDS on that score. I say, "why bother," as MDT 2010 U1 does all this for you and more! In Short...What to do? Well, if you've got ConfigMgr, which integrates MDT 2010 U1, Windows AIK and WDS as well as providing its own extras, then by all means that is the way to go -- you'll have the most robust feature set in that case. Next would be MDT 2010 U1 for its ease of use, manageability of images and friendly wizards. If that's not an possibility for some reason, then WDS is a great tool if you're only doing bare-metal installations and your OS image doesn’t change often. The greatest strength of WDS is how easy it is to integrate with ConfigMgr and MDT 2010 U1. As for the Windows AIK tools, you really need to learn them at some point. Yes, I did say that they had a steep learning curve, but that both MDT and ConfigMgr require the WAIK tools. Thus, when something goes wrong with your ConfigMgr- or MDT-based solution, you'll almost certainly need at least some knowledge of WAIK before you can start troubleshooting. (Note from Mark: I recently had an exchange with a friend who's a deployment genius. No, not Rhonda -- she's a deployment genius, but this was someone else. He'd advised someone to skip WAIK and go straight to MDT. I suggested that maybe that wasn't the right idea, as it's good to know the WAIK. He responded with a knowing smile that he used his car without worrying about or knowing about its fuel injection systems. I replied that true, in 2010 we automobile users can remain blissfully ignorant of fuel injectors because the auto companies have had over a century to make cars reliable. In contrast, I recall that when I first got my driver's license in 1974 that nearly everyone driving cars needed some knowledge of the fuel injector's predecessor, the carburetor, as we all spent at least a little time with the air filter off, staring down the carb's barrel while trying to figure out how to get the car running again. The new Microsoft deployment tools are great, but still new -- if I were to compare Microsoft deployment tools to cars, I'd say we're at about 1936 or so. As a result, I think we all should be prepared when one of the deployment tools leaves us stranded by the side of the road -- so I advise everyone to learn the WAIK tools.) So whether you have 200 or 200,000 computers to deploy, each tool can provide a complete deployment solution along with the good and bad each tool brings to the table. As for the skill set of your IT Pros, anyone can learn these tools: it just takes a little time and testing. I hope this article has helped you to decide which tool will do the job for you and give you a starting point to get more information. Come Learn With MeRhonda Layfield has been in the IT industry since 1982. She is a Setup and Deployment MVP and Desktop Deployment Product Specialist and is currently offering a 3 day hands on deployment class that covers all tools mentioned in this article. The class will be in Washington DC September 21-23, 2010. The cost is $1,200.00 per person and seating is limited. For details on what is covered in the class please visit http://www.deploymentdr.com/index.php?page_id=29. To register for this class go to www.minasi.com/seminar-register.htm. ConferencesWindows Cloud Connections, Las Vegas March 26-29 2012The Connections folks have assembled a show that is, as you can tell, cloud-focused, featuring folks like my friends Brian Desmond, Paul Thurrott, Sean Deuby, Don Jones, Jim McBee and others (as well as me) talking about cloud and cloud-related technologies. I'll be doing my "Windows 8: A Report from the Future" keynote, as well as my DNS troubleshooting talk (just try to get your cloud stuff working when DNS is broken, as, um, Microsoft found out last year in their cloud offering) and my popular IPv6 talk (where do you think we're going to get the addresses we'll need for all those cloud servers now that we're out of IPv4 addresses?). Find out more at http://cloudconnections.com/shows/sp2012/default.aspx?s=187. The 6th Annual Minasi Forum Conference, Virginia Beach April 29-May 2 2012We took a year off but we're back! Ten years ago, I started my online forum at www.minasi.com/forum and am blessed with a globe-spanning array of very smart and helpful folks. Six of the past seven years, we've met in Virginia Beach to network and present some great topics. We've got some big names -- Mark Russinovich will Skype in to talk to us about Azure, PowerShell Gods Don Jones (who's keynoting and doing some PS stuff) and Ed Wilson, The Scripting Guy will talk about, well, PowerShell -- but that's not all. This conference is also a chance for some of our forum members, most of whom aren't "big names" but who spend their days in the trenches, to talk about the things that they know inside and out. You may not yet know James Summerlin, Anne O'Day, Stacy Hein, Dennis Olidis, Curt Spanburgh, Jim Vigotti, Dave Bison, Eric Rux and others ... but you will once you've heard their great coverage of SQL, SharePoint, Sysinternals system repair tools, AppV and other topics. (There's also a rumor that I'm going to do a session or two.) What you may like best of all, however, is the price -- $450. We'll have the details up soon, but you'll be able to find out more (and until then, you can see 2010's schedule) at www.minasiconference.com. To Subscribe/Unsubscribe, Read Old Newsletters or Change Your Email AddressTo subscribe, visit http://www.minasi.com/nwsreg.htm. To change e-mail or other info, link to http://www.minasi.com/edit-newsletter-record.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm. Please do not reply to this mail; for comments, please link to http://www.minasi.com/gethelp. All contents copyright 2010 Mark Minasi. I encourage you to quote this material, SO LONG as you include this entire document; thanks. | |