Friday, October 19, 2012

Windows Deployment Services (WDS, was RIS)

I’ve got a test network with some servers, but not many clients. As the capabilities of the network expand I’m likely to want to be able to try stuff out and that might involve other people, and they will need client machines. I’ve got an old laptop lying around. I decide to use this to install my first, non-virtual, client OS.

I installed Windows Server 2012, thinking I might use System Center to try installing over the network, but on the way I discovered that Windows Server can already do this kind of thing via the Windows Deployment Services server role (used to be called RIS).

I also discover Windows Server 2012 has had a makeover with a new start page, like Windows 8. Most of the tools underneath are the same, but the surface is prettier.

As an aside, in doing this I also found that the default policy for this out-of-the-box domain (created by Windows Server 2008 R2) has a minimum password age of 1 day, so I can’t change my local admin password on this new server until tomorrow. Apparently this is because, with no minimum, a user can defeat a password history check by simply changing their password a few times to get back to their favourite password again. Makes sense, and I plan to leave the default alone, but tripped me up for a moment as it kept going on about password complexity.

After installing the role you then have to configure it. I chose to allow any client to connect, but to require admin approval.

You then need a boot image and an install image. The boot image is the one that is loaded over the network initially, via Pre-boot Execution Environment (PXE), just to do the actual install. It will pull these off the install DVD, so I gave it the Windows 8 ISO (mounted via Hyper-V) that I used earlier for a client install and it found both of the images it needed automatically.

You can’t customise the image at this point, and I don’t want to, but might return to this later.

I then boot my target laptop, with the test network cable attached; spam F12 to get boot options; and choose Boot from onboard NIC. It finds the deployment server via DHCP and then I miss pressing F12 again and it boots the existing Windows 7 installation that’s on the drive. Grrr. Reboot, repeat and this time hit F12 (instructions may vary depending on BIOS). Windows 8 setup begins. I give it my admin logon when prompted and it starts to copy files.  After that the installation is as expected.

Oddly, it doesn’t appear to need approval, although I’m sure I told it I wanted to approve new installations. This can be changed via WDS > SERVERNAME > Properties > PXE Response. The approval requirement is not set (I’m sure I set it during setup), so I set it. I also spot PXE Response Delay which is set to 0, so I change it to 10 seconds (maximum is 28 for some reason), thinking it will give me longer to hit F12 the second time, but, upon reinstalling the client, it doesn’t, so I put it back to 0 again.

Reboot again, and hit F12 and this time I get a message telling me I need to get approval and a place for a message from the Admin (although I don’t see a way to set this message on the server). On the server, under Pending Devices, I can Approve, Name and Approve or Reject. Choosing Name and Approve I can give the machine a hostname and choose a container in Active Directory. On the next page I can choose which image to install (I leave it blank) and I can choose to grant another user rights to join the computer to the domain. I leave this blank too.

The install proceeds as soon as I click Finish on the server to approve the request. The install proceeds as before and I join the domain by giving my admin credentials on the client, but it’s nice to know I can do all this on the server if needed.

Other tabs on the server properties imply I can disable the need to press F12 and set a computer naming convention, and a bunch of other stuff.

No comments: