Vol. 17, #31 - July 30, 2012 - Issue #890

Building Images

  1. Editor's Corner
    • Survey Results
    • Building Images
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • TechMentor Conference Redmond, Aug 20-24, 2012
    • Americas
    • Europe
    • Asia/Pacific
  4. Webcast Calendar
    • Register for Webcasts
  5. Tech Briefing
    • Recommended deployment blogs
    • Sysprep, SkipRearm, and Image Build Best Practices
    • Next at Microsoft
    • An Introduction to PowerShell Remoting: Part One
    • Use PowerShell to Run WMI Commands on Remote Computers
    • Learn and try out System Center 2012 Configuration Manager
  6. Windows Server News
    • Desktop virtualization comparison: VDI vs. Remote Desktop Services
    • Windows Server 2012 Hyper-V storage: How Microsoft can fix the issues
    • When you need, and don’t need, vCenter Server
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • New Free tool - Real-time Bandwidth Monitor for Sub Second Device Polling and Interface Monitoring


New Free Tool - Real-time Bandwidth Monitor for Sub Second Device Polling and Interface Monitoring

Real-Time Bandwidth Monitor, SolarWinds’ latest and greatest free tool, allows you to monitor interfaces on your network, see how much bandwidth is in use, or how much is traffic is currently on the interfaces. Now you can poll your interface as frequently as every half second. Set critical and warning thresholds to instantly see when usage is out of bounds. Monitoring a troublesome interface has never been so easy!

Download Real-Time Bandwidth Monitor


Editor's Corner

SAVE THIS NEWSLETTER so you can refer back to it later for tips, tools and other resources you might need to do your job or troubleshoot some problem you're dealing with. And please feel free to FORWARD IT TO A COLLEAGUE who you think might find it useful. Thanks!

Survey Results

This week's newsletter is about building images for Windows server and client deployment. But before we look at this topic, we wanted to start by sharing with you some of the results we gathered from the reader survey we recently sent to readers of this newsletter. And we want to start by thanking those of you (many!) who took the time to respond.

What size company do you work for?

About one-third of our respondents indicated they worked at a large enterprise that employed 1,000 or more people, while almost one-quarter said they worked at a mid-sized organization of between 100 and 999 employees. The remaining respondents were either self-employed or worked at smaller organizations. This sounds to us that we should continue our current strategy of trying to divide our content fairly evenly between IT pros who work in enterprise environments and those who are either consultants or work in smaller businesses.

Which of the following, if any, describes your job function?

The top four job descriptions of respondents were:

Taken together, these four job roles represent the occupations of over half of our respondents. The remaining respondents have a wide range of different jobs apart from those who are retired or unemployed. This suggests to us that a large segment of our readership are IT decision makers who may want information about industry trends, tools, and best practices. We'll try to bring you more content along these lines but without the hype and fluff that other IT newsletters often have.

What is your age?

More than half of respondents to our survey are over 40 years of age, and this suggests to us that our newsletter has a mature audience of experienced individuals, many of whom have been in the IT industry for some time. We'll try to keep the technical level of our content fairly high for this audience, while still providing tips and pointers for those just starting out in the industry.

Which topics would you like to see more of?

This question presented a list of topics and allowed respondents to select as many of them as they liked. The top ten topics our respondents want to see more coverage on are:

We'll definitely keep these topics in mind as we plan the future editorial calendar for this newsletter.

We'll likely share more of our survey results with you in the near future, but meanwhile if you have any additional comments or suggestions you'd like to make concerning any of the above survey questions, please feel free to send your feedback to us at [email protected]

Now on to this issue's main topic.

Building Images

Before you can deploy a customized reference image of a Windows operating system to systems in your production environment, you first need to build and test that image. But before we discuss the various tools and approaches for doing this, you need to know that such IMAGING CAN OFTEN BE HORRIFYINGLY DANGEROUS:

Ghost of the past

When it comes to building images for Windows deployment, some of us in IT still feel that things were simpler back in the past because, well, things were simpler. You would install Windows 2000 or Windows XP on a computer together with all the drivers and applications your users needed, customize the desktop environment, run Sysprep or NewSID or some other tool, clone everything and then use Ghost or RIS or unattend.txt or some other method or tool to deploy your image to your systems.

Of course, everything changed when the Microsoft Deployment Toolkit (originally called Business Desktop Deployment or BDD) came on the scene. Plus changes to the user profile introduced in Windows Vista made user profile customization more complex, something administrators of terminal server (RDS) environments still grapple with.

Setting up your build lab

Building a reference (a.k.a. master or gold) image today is actually much easier than it was using the old method. Or let's just say it can be a lot more reliable than the old approach. That's because your goal should just be to build your reference image, but to build and maintain them. The old approach to image engineering often involved redeploying images, adding new applications and customizations to them, and then sysprepping and capturing them again. The problem with that approach was that Sysprep was designed to be run only once on a Windows installation, but I've heard of people running it dozens of times on a master installation they keep tweaking and updating. Unfortunately this sometimes resulted in deployed computers behaving strangely and unpredictability, and part of an administrators' job was to find workarounds for such issues when they arose.

But if you use MDT to build images, you can easily update them when needed simply by rebuilding them. And to make things even easier (and cleaner) you can set up your entire build lab in a virtualized environment running on a single Hyper-V host. A typical build lab might look like this:

To simplify things, you could even combine the first three functions into a single virtual machine.

The build process

Once you've got your build lab set up, you define the build process. The steps for building a reference image using MDT 2012 Update 1 look like this:

1. Create your deployment share and import OS source files, installation files for applications, packages like language packs, and any out-of-box drivers needed for target systems in your production environment.

2. Create a task sequence that will deploy Windows, applications and drivers to your master computer, sysprep the installation, capture its image, and upload the captured reference image back to your deployment share.

3. Customize the deployment process as needed by modifying your task sequence. For example, you can ensure your reference image has the latest software updates applied by enabling the following two steps found in the State Restore group of your task sequence:

By enabling these steps, MDT will ensure that software updates available on Windows Update (or on a WSUS server in your build lab if you decide to need to approve updates before applying them) will get applied to your master installation during the deployment process. And if you want to customize the default profile of your master installation, you would do that here as well, typically by inserting task sequence steps that run scripts to configure various aspects of the default user's environment.

4. Modify the CustomSettings.ini configuration file of your deployment share to automate as much of the deployment process as you want (the more the better when it comes to automation).

5. Update your deployment share to create or regenerate boot media (ISO and WIM) that can be used to start the deployment process on your master computer, then import the WIM boot media (typically LiteTouchPE_x64.wim) into the Boot folder of Windows Deployment Services.

6. Start your master computer, press F12, select the option to PXE boot, and sit back as MDT deploys, syspreps, captures and uploads your reference image to the Captures folder of your deployment share.

Testing your master image

To test if your reference image works properly, use MDT to deploy it to sample physical systems taken from your production environment. All you need to do is this:

  1. Import your reference image into the Operating Systems folder of your deployment share as a Custom Image File. I actually prefer to create a second deployment share in my build lab for this purpose as that way I can control the deployment processes for both building and testing images by customizing the CustomSettings.ini file of each deployment share differently.
  2. Create a plain vanilla Standard Client task sequence for deploying the reference image to the target systems.
  3. Update the second deployment share to create boot media and import the WIM boot file into Windows Deployment Services.
  4. Make sure your target systems all have their BIOS set to allow PXE-booting but don't configure PXE as the first boot option, just press F12 when the boot menu appears to manually select a one-time PXE boot.
  5. Turn on the target systems and let MDT and WDS deploy the reference image to them.
  6. Spend the rest of the afternoon checking the event logs and running stuff on each target system to make sure Windows works properly, deployed applications behave as expected, and all hardware devices have the correct drivers and are functioning properly.

Once you're satisfied that everything works, you can begin deploying your reference image on your production network. To do this you might use MDT with WDS for small- to mid-sized environments, or MDT with SCCM for mid-sized to large environments. Why use MDT if you already have SCCM? See here:


Maintaining your image

Once you've set up your build lab to create your reference image, maintaining your image by updating it becomes easy. All you do is add any new applications, drivers or packages needed by your users and production systems, tweak your task sequence if needed, and run the build process on your master computer again. Go for coffee and when you come back you have an updated reference image to test.

Of course, in larger organizations it's not that simple. You'll probably need to organize a team to evaluate what needs to be added to (or removed from) your reference image, have team members propose changes, meet to discuss and sign off on the changes, and maintain a support history of modifications made to your reference image. I call this the P and P process (politics and paperwork) that management loves but IT traditionally abhors, but it's part of the job. You'll also want to schedule your image review process, for example once per quarter.

Share your wisdom

How do you build and test reference images in your own organization? What do and don't you include in your images, and why? Share some of your accumulated wisdom with our readers by emailing me at [email protected]

Recommended blogs

For some recommended deployment blogs, see the Tech Briefing section of this issue.

Get deployment help

To get answers to all your deployment questions, post them to one of these TechNet Forums:

MDT forum:

Windows 7 Installation, Setup, and Deployment forum:

Windows Server Setup Deployment forum:

Windows Server Migration forum:

Configuration Manager 2007 Operating System Deployment forum:

Configuration Manager 2012 - Operating System Deployment forum:

Tip of the Week

Question: I get my desktop computers from an OEM with Windows 7 and Office 2010 preinstalled. I'd like to take one of these machines and sysprep it and capture a WIM image from it and then deploy this image onto some bare-metal PCs that I bought on the cheap. Is this a good idea?

Answer: The procedure is probably in violation of your OEM licensing agreement but you should read the agreement to make sure. But even if it doesn't violate your OEM license, the procedure has several problems with it:

So it's best to build your reference images using volume-licensed Microsoft software and not from an existing OEM installation.

Got any tips of your own to share with our readers? Email me at [email protected]

Recommended for Learning

Inside Windows Debugging: Practical Debugging and Tracing Strategies from Microsoft Press explains and demonstrates how to use the Windows debugging tools for analyzing problems and code defects:

Data Center Storage: Cost-Effective Strategies, Implementation, and Management from CRC Press provides a decision-maker's overview of planning and implementing different forms of enterprise storage solutions. The book includes strategies for email storage, archiving, storage virtualization, and managed hosting in the cloud:

Quote of the Week

"One continues to learn about war by practicing war." --from War As I Knew It, by General George. S. Patton

IT isn't the only career where you need to be constantly learning to survive and to thrive. Patton was one of the most effective military strategists in history, largely because of his lifelong commitment to learning his trade. Those of us in IT need to have the same kind of commitment if we want to achieve success in our careers.

Until next week,

Mitch Tulloch


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Prepare your organization for the surprises in Exchange 2010 with Metalogix.

Using Microsoft Hyper-V? Altaro Hyper-V Backup Freeware Edition is an easy to use Hyper-V aware backup solution. Watch YouTube Video.

DLP Lite -- Free utility from STEALTHbits. A powerful, flexible, and Regex engine designed to mitigate the risk of data leakage(PII) and theft.

Perform fuzzy matching of textual data in Excel using this free add-in from Microsoft:

Recover lost files including video, documents and archives from different storage media using this free tool from CGSecurity:

Mouse without Borders lets you control up to four computers from a single mouse and keyboard:


Events Calendar

TechMentor Conference Redmond, Aug. 20-24, 2012

TechMentor, the top conference for IT professionals, is coming to the Microsoft campus! Register with code TMRTU for a $300 discount:




Add your event

Contact Michael Vella at [email protected] to get your conference or other event listed in our Events Calendar.


Webcast Calendar

Register for Webcasts

 Add your Webcast

Contact Michael Vella at [email protected] to get your webcast listed in our Webcasts Calendar.


Tech Briefing

Recommended deployment blogs

If deploying Windows is one of your job roles at your company, you can learn a lot from the blogs of these deployment experts:

Microsoft Deployment Toolkit Team Blog:

Michael Niehaus' Windows and Office deployment ramblings:

The Deployment Guys:

Deployment Research blog (Johan Arwidmark):

Sysprep, SkipRearm, and Image Build Best Practices

Still thinking of running Sysprep multiple times to rebuild an image? Better read this post from awhile back on the Ask The Core Team blog first!

Next at Microsoft

Want to know what exciting things will be coming out of the garage at Redmond? Check out the Next at Microsoft blog:

An Introduction to PowerShell Remoting: Part One

PowerShell Remoting is important to understand when you want to remotely manage Windows Servers using PowerShell. This is the first in a series of five blog posts on this topic by Jason Hofferle:

Use PowerShell to Run WMI Commands on Remote Computers

The Scripting Guy shows you how to use Windows PowerShell to run WMI commands on remote computers without opening a lot of holes in your firewall:

Learn and try out System Center 2012 Configuration Manager

Microsoft has 13 Configuration Manager virtual labs that you can explore and more than 30 how-to videos that step you through key capabilities


Windows Server News

Desktop virtualization comparison: VDI vs. Remote Desktop Services

For desktop virtualization in your organization, you can take the VDI route or the Remote Desktop Services route -- or you could go with a combo. To help you choose the right path for your environment, see how VDI and RDS stack up against one another in this desktop virtualization comparison.

Windows Server 2012 Hyper-V storage: How Microsoft can fix the issues

Despite improvements, the Windows Server 2012 Hyper-V storage architecture still has holes. One expert details how Microsoft can fix the issues in this featured article.

When you need, and don't need, vCenter Server

Some organizations don't need the advanced features offered by vCenter Server and can effectively manage their infrastructure with the free vSphere Client. Can yours? Find out in this expert tip.


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Global National reporter Francis Silvaggio got up close and personal with a devastating mudslide in Johnsons Landing, British Columbia.

This 160-inch, 175-degree curved screen completely fills your peripheral vision and is used for Formula 1 training:

Irina Akimova is an amazing hula hoop performer from Russia who has performed all over the world, including at 'Cirque Du Soleil':

Comedy illusionists Scott & Muriel totally amazed and entertained the audience and judges at the 32nd Monte Carlo International Circus Festival:

The story of a true friendship between a hunter and a mixed wolfdog with clips from the amazing 1991 Disney movie: "White Fang":

View from the International Space Station at night:


WServerNews - Product of the Week

New Free Tool - Real-time Bandwidth Monitor for Sub Second Device Polling and Interface Monitoring

Real-Time Bandwidth Monitor, SolarWinds’ latest and greatest free tool, allows you to monitor interfaces on your network, see how much bandwidth is in use, or how much is traffic is currently on the interfaces. Now you can poll your interface as frequently as every half second. Set critical and warning thresholds to instantly see when usage is out of bounds. Monitoring a troublesome interface has never been so easy!

Download Real-Time Bandwidth Monitor


WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.