Security is a State of Mind

Video Series: Deploying Windows 7 from Windows XP Part 7 - Deploying Windows 7 via MDT Network Share

View video 

In the last part of this video series, we will take a look at how to run the Deployment Wizard from the Deployment Share

The Deployment Share is generated in Microsoft Deployment Toolkit when you first run and configure the Deployment Workbench. Now it's just a matter of running the Deployment Wizard from the share

To run the Deployment Wizard from the network share, just run \\servername\deploymentshare$\scripts\bdd_autorun from the Windows XP client

jay paloma  |  11 jan 2010  |  singapore

Video Series: Deploying Windows 7 from Windows XP Part 6 - Windows 7 Deployment via MDT 2010 Media

View video

In part 6 of this video series, we will take a look at how to prepare the MDT media, enabling us to deploy Windows 7 even to branch offices that may not permit us to use the Wide Area Network for deployment.

You use the Deployment Wizard of Microsoft Deployment Toolkit (MDT) 2010 to create the MDT media.

jay paloma  |  11 jan 2010  |  singapore

Video Series: Deploying Windows 7 from Windows XP Part 5 - Importing WIM into MDT 2010

View video 

In Part 5 of this video series, we will now take a look at how to prepare a WIM file for use in MDT. We will also see how to deploy Windows 7 using MDT on a bare metal machine scenario.

jay paloma  |  11 jan 2010  |  singapore

Video Series: Deploying Windows 7 from Windows XP Part 4 - Using MDT to Acquire Windows 7 Image into WIM

View video 

Let us now shift our attention from Windows Automated Installation Kit (WAIK) to Microsoft Deployment Toolkit 2010.

In Part 4 of this series, we will now take a look at how to acquire a WIM image, this time using the Microsoft Deployment Toolkit 2010. To do this, we use the Deployment Workbench to create a SYSPREP AND CAPTURE task sequence, then run the Deployment Wizard from the Deployment Share.

jay paloma  |  11 jan 2010  |  singapore

MDT 2010 Error using Sysprep and Capture TS When Booting from Network

Comment: To my opinion, this is one issue that looks like an error but in reality it just lacks an error trap. I have made the recommendation to the product groups at Microsoft that if SYSPREP AND CAPTURE TS really does not work on PXE Boot, ensure that the option to perform one does not appear, or at least a message that such a TS does not work in PXE Boot, but only when running the Deployment Wizard from the Deployment Share or from the MDT Media. (- jay paloma 9 jan 2010)

Symptoms:
When using Microsoft Deployment Toolki (MDT) 2010 to perform SYSPREP AND CAPTURE Task Sequence and the Windows 7 reference computer is booted from the network to execute the Deployment Wizard, MDT displays the following message:

Operating System deployment did not complete successfully
ZTI ERROR - Unhandled error returned by LTISysprep: The system cannot find the file specified. (-2147024894 0x80070002)
Litetouch deployment failed, Return Code = -2147467259 0x80004005

However, when Deployment Wizard is executed by running LiteTouch.vbs from the deployment share, the Sysprep and Capture TS works fine.

Recommendation:
Run the deployment wizard directly from the network share as follows: \\servername\deploymentshare$\scripts\LiteTouch.vbs. You can also run it from the MDT Media that you can generate separately.

jay paloma  |  5 jan 2010  |  singapore

Video Series: Deploying Windows 7 from Windows XP Part 3 - Using WAIK to Deploy WIM Image

View video 

In Part 3 of this series, let us take a look at how to deploy a WIM image using WAIK. We will use WAIK commands to partition and format the destination hard disk, then apply the WIM image into the computer. We will then reboot the machine to run Windows 7 for the first time and complete the configuration. Again, we will need the WinPE boot CD we created in Part 1

In a nutshell

1. Boot Target Computer from WinPE Boot CD
2. Use DISKPART to partition and format HDD
3. Use IMAGEX to apply the WIM Image
4. Use BCDBOOT to make the image bootable
5. Reboot and run Windows Welcome

jay paloma  |  03 jan 2010  |  singapore

Video Series: Deploying Windows 7 from Windows XP Part 2 - Using WAIK to Acquire Image into WIM

View video 

This video is Part 2 of the series Deploying Windows 7 from Windows XP. This discusses how to acquire a Windows 7 image using Windows Automated Installation Kit (WAIK). The general steps to perform in this case are as follows:

1. Use SYSPREP on Windows 7 to remove all uniqueness from the source Windows 7 machine
2. Boot the machine using the WinPE boot CD
3. Use IMAGEX to acquire the image.

jay paloma  |  03 jan 2010  |  singapore

Phlippine Windows Users Group (PHIWUG) Produces its 6th MVP!

The Philippine Windows Users Group (PHIWUG) has another accomplishment that makes me very excited and proud! It's produced its 6th MVP on 1 Jan 2010! He is John Delizo, new MVP on Management Infrastructure. Congratulations John!!!

It really does me proud to have served in PHIWUG as VP on 2006-2007, and as President on 2007-2008 because as far as I know, PHIWUG has been regularly being awarded with MVPs because of this group's passion enthusiasm in evangelizing Microsoft technologies. The total roster of PHIWUG MVPs are

• Adrian Rodriguez - Games for Windows, Apr 2007
• Jay Paloma - Enterprise Security Apr 2008, Apr 2007
• Chester Coronel - Microsoft Office System, Jul 2007
• Jay-R Barrios - Setup/Deployment, Apr 2008
• Elczar Adame - Sharepoint Services, Jan 2009
• John Delizo - Management Infrastructure, Jan 2010

Video Series: Deploying Windows 7 from Windows XP Part 1 - Generating WinPE Boot CD on WAIK

View video

This video is Part 1 of our series on Windows 7 Deployment from Windows XP. This discusses what could be the first thing that you do on WAIK after installation: generate the WinPE boot cd. The Windows PE Boot CD will be used on these occasions when deploying Windows 7 using WinPE:

1. Boot the source machine after running SYSPREP and use IMAGEX to acquire the image of that machine into a WIM file
2. Boot the destination machine then after prepping the hard disk, apply the captured WIM into that machine.

After creating the ISO file, make sure you test it first on either Windows Server 2008 Hyper-V or Virtual PC to ensure it will boot successfully and the key tool you need -- IMAGEX.EXE -- is working properly before you burn this ISO into a CD.

jay paloma  |  29 dec 2009  |  singapore

Video Series: Deploying Windows 7 from Windows XP

This is a video series on Deploying Windows 7 from Windows XP using the Windows Automated Installation Kit (WAIK) and the Microsoft Deployment Toolkit (MDT) 2010

The first time I knew Microsoft Deployment Toolkit was during Windows Vista days. I found this an awesome technology added to the fact that it is free. Unfortunately, not many organizations really embraced Windows Vista, thereby overlooking this technology, and others that are related to Windows client deployment (e.g., WAIK, WIM).

Microsoft has gone through great lenghts in ensuring that Windows deployment would be a breeze in organizations that would have gone to Windows Vista, and will go to Windows 7. Therefore I have created this video series to share the best practices I gathered from the field on using these two free tools - MDT 2010 and WAIK - to deploy Windows 7 across the organization consisting of Windows XP machines.

A lot of folks may eventually figure out that Windows Automated Installation Kit (WAIK) is too cumbersome because of the fact that its tools are non-GUI, and that MDT is actually the GUI version of WAIK. However, I strongly recommend to technology professionals to familiarize themselves with at least the deployment cycle using WAIK alone, then adopting them to an automated process like MDT. This would give us the proper balance between automation and flexibility.

WAIK is cool, as follows:

1. You get to learn stuff under the hood. Although you can create WIM using MDT, managing it would still be through WAIK, therefore if you don't have WAIK knowledge, you will end up with default WIM and not really maximize the new and cool features of the Windows Imaging technologies.
2. Text-based = scriptable and flexible. It's not entirely difficult to automate Windows 7 Deployment using WAIK alone because you can script it, and your options are limitless as to customizing your deployment.
3. Let's face it: text-based commands are cool ... makes you look geeky.

But then again, having too much human control exposes the deployment exercise to human error, especially the processes that deal with the target machines. Those should be automated as much as possible.

So with that, here are the videos of the Windows 7 Deployment from Windows XP Series

• Part 1 - Generating WinPE Boot CD on WAIK
• Part 2 - Using WAIK to Acquire Windows 7 Image into WIM
• Part 3 - Using WAIK to Deploy Windows 7 WIM Image into a New Machine
• Part 4 - Using MDT to Acquire Windows 7 Image into WIM
• Part 5 - Using MDT to Import a WIM Image and Using PXE Boot to Deploy
• Part 6 - Windows 7 Deployment via MDT 2010 Media
• Part 7 - Deploying Windows 7 via MDT Network Share

jay paloma  |  29 dec 2009  |  singapore

Windows 7 Deployment: Microsoft Deployment Toolkit 2010 makes deployment so much easier

It's almost 2am on Monday 21 Dec 2009. I just got out of bed because this thing is whirling in my head: what steps in the deployment process will MDT be involved, vs WAIK? I just had to connect to my lab and find out. And this is the result. 

I've said it time and again to the folks I help out in deployment of Windows 7: the best way for us to learn Windows 7 Deployment is to work through the processes in Windows Automated Installation Kit (WAIK).

And I keep forgetting one thing about Microsoft Deployment Toolkit: it is a Solutions Accelerator! It is supposed to help me do things easier and more convenient. I was happy with working with WAIK and all those command-line tools (makes it look geekier), that I never quite imagined how easier and how more convenient MDT 2010 can get.

So here's a comparison on how the general steps to deploy Windows 7 using Windows Automated Installation Kit and Microsoft Deployment Toolkit 2010

Generating the WinPE CD

• WAIK: First we use COPYPE to copy the necessary files in our working folder. Before we forget, we need to copy IMAGEX onto the folder structure. Then we do OSCDIMG to generate an ISO file. Lastly, we use our favorite ISO burning software to turn that ISO into a CD.
• MDT 2010: Create the Deployment Share. After all the necessary steps like uploading OS, apps and creating Task Sequences, ensure that you update the said deployment share. This generates the WinPE WIM for PXE bootup. At the same time, it also generates an ISO image of that WIM file. As in WAIK, we now use our favorite ISO burning software to turn that ISO into a CD. Another is to generate the media into MDT. Again, it generates an ISO then turn that ISO into a CD/DVD.

Acquiring Image

• WAIK: First we do SYSPREP /GENERALIZE on the source Win7 machine. We boot from our WinPE CD, then do IMAGEX /CAPTURE
• MDT 2010: Create a SYSPREP and CAPTURE Task Sequence. Boot from the media then select that Task Sequence.

Saving and Restoring User State Data

• WAIK: Use SCANSTATE then ensure you have external storage to store the files/app settings/local user accounts. For now I have no idea how to mimic the restore option without wiping the HDD using WAIK (generating the Windows.old folder). As for restoring user state, once Windows 7 has been installed, use LOADSTATE and restore from the storage used earlier.
• MDT 2010: Use the Standard Client Task Sequence then boot from MDT media. One of the options is to Refresh computer. After doing so, we will be presented with an option on how to save user state (see Windows 7 Deployment: Microsoft Deployment Toolkit 2010 Fills in the Gap), and we have an option to either do hardlink migration or store the data into an external storage or network location.

Deploying the Image

• WAIK: This one would be a mouthful. On the target machine, boot from WinPE CD. Run DISKPART to partition/clean the disk. Then do IMAGEX /APPLY to load the image into the target machine. Then use BDCBOOT to make the image bootable. Afterward you need to boot the machine and join this into the Domain if you haven't done any automation to do this whatsoever.
• MDT 2010: Use the Standard Client Task Sequence and fire away!

Even though it would be a lot easier for us to use MDT 2010 outright, again it is more advantageous if the longer, more tideous method using WAIK is learned by the deployment professional, so that one can easily troubleshoot any issues and provide more control over deployment.

jay paloma  |  21 dec 2009  |  singapore

Windows 7 Deployment: Microsoft Deployment Toolkit 2010 Fills in the Gap

EUREKA!!!

I have always been advocating on choosing the WIM imaging technology of Windows 7 because among its benefits, it gives you the flexibility of choosing whatever deployment technology you want - whether heavy touch, lite touch or zero touch. While testing MDT tough, I was always doing PXE boot and I thought there was a gap between Windows XP to Windows 7 with User State Migration and actual installation of Windows 7. With PXE boot, I needed to do manual SCANSTATE then use the Deployment Wizard for LOADSTATE, without maximizing USMT's hardlink migration feature.

I missed one thing though: MDT 2010's ability to create an external media. So when I did create an external media, I booted this media up in a Windows XP machine, selected Refresh this computer, and there it was! From Windows XP, to Windows 7 and USMT's Hardllink Migration! Will create series of videos on this in the next couple of days.

Picture shows Deployment Wizard as executed from CD in Windows XP, and not from PXE boot.

jay paloma  |  20 dec 2009  |  singapore

Windows 7: Why Bitlocker is important - WinPE bypasses NTFS

I was recording the screen capture of my Windows Automated Installation Kit (WAIK) video and it dawned on me: to get its job done, Windows PE provides full, unrestricted access to NTFS! This means that files that are secured with NTFS are no longer secured once the PC has been booted with Windows PE CD. And how easily is it to acquire the WinPE CD? One can generate it with WAIK!

NTFS provides file and folder security as long as physical access to the machine is not compromised. Once other people have access to the physical machine, your confidential files and folders secured with NTFS only can be accessed using the WinPE boot disk, which is readily available.

Solution: NTFS protects your files and folders as long as people do not have physical access to your machine. To protect your files and folders that are located on physically accessible machines (e.g., your laptop), you need to use Bitlocker Drive Encryption to encrypt your hard disk or at least Encrypting File System (EFS) to encrypt your confidential folders and files.

jay paloma  |  18 dec 2008  |  singapore

Tutorial: Fundamentals of Volume Activation

This demo will provide you insights on the Volume Activation process while deploying Windows^® 7 and Windows Server^® 2008.

Link

Tutorial: Upgrading from Windows XP to Windows 7

To upgrade your PC from Windows XP to Windows 7, you'll need to select the Custom option during Windows 7 installation. A custom installation doesn't preserve your programs, files, or settings. It's sometimes called a "clean" installation for that reason.

Remember to download the PDF of this tutorial!

Go