Deploying and Managing Windows

Course 2401

All trademarked product and company names are the property of their respective trademark holders.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, or translated into any language, without the prior written permission of the publisher.

Copying software used in this course is prohibited without the express permission of Learning Tree International, Inc. Making unauthorized copies of such software violates federal copyright law, which includes both civil and criminal penalties.

Course Objectives

Upon completion of this course, you will be able to  Implement and manage Windows desktops in an enterprise environment  Embed tools and scripts into custom Windows PE boot images  Automate Windows deployments with the Microsoft Deployment Toolkit  Streamline and monitor Microsoft product activation  Optimize remote management of Windows tablets, desktops, and servers  Identify and recover from application and operating system failures

PE = Preinstallation Environment

Introduction and Overview

Chapter 1 Windows PE

Chapter 2 Creating and Managing Custom Images

Chapter 3 Deploying Windows Images

Chapter 4 Managing Windows Activation

Chapter 5 Streamlining Windows Administration

Chapter 6 Optimization and Troubleshooting

Chapter 7 Course Summary

Next Steps

Virtual machines

ADSRV (Windows Server 2012 R2) Domain controller for course.local

DeploySRV (Windows Server 2012 R2) Will be used for creating, hosting, and distributing images Physical machine ReferenceWS Reference computer for creating images (blank hard disk)

4321INTERNET12V 1A 12V 1A RESET RESET Virtual TargetWS switch Standard workstation for receiving images (blank hard disk)

UpgradeWS Workstation for performing an upgrade

ClientWS and AdminWS Windows 10 domain workstations for testing desktop management and troubleshooting

In your Exercise Manual, please refer to Hands-On Exercise 0.1: Installing Windows 10

Windows PE Chapter Objectives

In this chapter, we will  Build a basic Windows PE boot disk  Mount and edit WIM format files  Customize Windows PE for deployment or administrative use

WIM = Windows Imaging

 Building Windows PE Boot Media

 Hands-On Exercise 1.1

 Customizing Windows PE

 Hands-On Exercise 1.2

 Windows Preinstallation Environment (PE) replaces DOS • Live Windows OS running from RAM and booted from various media – CD or DVD – USB Flash Drive (UFD) – Hard drive – Network boot • Available as part of a free Internet download  Benefits include • Many hardware devices supported by default • USB removable-device support • Native 32-bit or 64-bit execution • May be customized with additional tools, utilities, and scripts • Much smaller footprint than a standard Windows installation – Less than 200 MB

DOS = Disk Operating System RAM = random-access memory OS = operating system USB = Universal Serial Bus

 Several Windows PE limitations need to be kept in mind • Interface is command line only (by default) • Windows On Windows (WOW) is not available – 64-bit versions of Windows PE will not run 32-bit applications – 32-bit versions of Windows PE will not run 16-bit applications • Many tools are not available – Explorer shell, Internet Explorer, Control Panel, etc.  Some of these limitations can be overcome • Third-party software can provide navigation and management functionality – More to come later! • Use 32-bit versions of Windows PE when necessary – Most tools and utilities are available in a 32-bit version

 Windows PE is used in many common scenarios • Default deployment mechanism for Windows • Manage and troubleshoot offline workstations – Virus and spyware removal – Hard-disk scanning • Repair issues rendering a system unbootable • Recover data from unbootable systems to network locations  Windows PE can be used for many scenarios • Understanding the architecture will allow you to customize PE for your own use

 Current Windows installation • Starts a Windows environment immediately – Disk partitioning and configuration – License acceptance • Copies a file-based image from the installation media to the local drive  Advantages: • DOS is no longer required • Less user intervention • Standardized format allows for easy customization of image files • File-based images allow all versions to ship as a single DVD – The product key dictates the features available

Start Windows PE

Apply the image install.wim

 Microsoft has adopted image-based installation to reduce time and errors • May be customized to fully realize benefits  Installation images are Windows Imaging (WIM) format files • Compressed to save space • File-based to allow customization • Leverage single-instance store to further reduce size  The WIM file format can be used for more than just deployment of images to hard disks • Images can be applied to RAM disk  Windows PE is a WIM format file • Various other files are included to boot the image

Windows PE

D: X: (Available RAM)

sources\ boot.wim

System memory

Windows PE boot media

 Common ways to access Windows PE: • Windows Recovery Environment (WinRE), such as from the installation media – More later! • Windows Assessment and Deployment Kit (ADK) – Free download from the Microsoft website  Windows ADK provides • Windows PE base image • Tools for managing WIM format files and creating boot media – copype.cmd, makewinpemedia, etc. • Documentation for Windows PE customization  copype.cmd is used to build an initial Windows PE image • Initial WIM format file • Boot files • Folder structure suitable for customizing Windows PE

 Building Windows PE Boot Media  Hands-On Exercise 1.1

 Customizing Windows PE

 Hands-On Exercise 1.2

 Electronic, interactive exercise manual  Offers an enhanced learning experience • Some courses provide folded steps that adapt to your skill level • Code is easily copied from the manual • After class, the manual can be accessed remotely for continued reference and practice  Printed and downloaded copies show all detail levels (hints and answers are unfolded)

1. Launch AdaptaLearn by double-clicking its icon on the desktop • Move the AdaptaLearn window to the side of your screen or shrink it to leave room for a work area for your development tools 2. Select an exercise from the exercise menu • Zoom in and out of the AdaptaLearn window • Toggle between the AdaptaLearn window and your other windows 3. Look for a folded area introduced with blue text (not available in all courses) • Click the text to see how folds work 4. Try to copy and paste text from the manual • Some courses have code boxes that make it easy to copy areas of text while highlighted (as shown)

In your Exercise Manual, please refer to Hands-On Exercise 1.1: Creating Windows PE Boot Media

 Building Windows PE Boot Media

 Hands-On Exercise 1.1  Customizing Windows PE

 Hands-On Exercise 1.2

 Windows PE is most powerful when it is customized • Customization requires an understanding of the build structure and process  Copype.cmd builds a directory structure suitable for building Windows PE • Divided into two logical access points: – boot.wim in the Sources directory is loaded into RAM disk – Contents of Media folder are stored and accessed on the removable media

Windows PE

D: X: (Available RAM)

D: WinPE

fwfiles Boot files

mount Empty directory for mounting WIM images

media Contents for the custom Windows PE media

sources Contains boot.wim, RAM disk image for Windows PE

 fwfiles • Contains various boot files necessary • etfsboot.com is the boot code needed if building bootable CDs or DVDs  Mount directory should always be empty • Used as a mount point to edit WIM format files

 media directory will be the contents of the Windows PE media • Additional directories and files may be added – Imaging tools – Diagnostic tools – Scripts  Media\Sources • Contains boot.wim RAM disk image  boot.wim will be copied to a RAM disk when Windows PE is booted • Assigned X: by default • Gives Windows PE a writable disk for temporary files and paging • Allows the Windows PE boot media to be disconnected once Windows PE is booted

 Deployment Image Servicing and Management (DISM) is used to customize Windows PE • Mount WIM format files for editing • Add optional features • Inject additional drivers • Capture and apply WIM format images  Mounting a WIM format file is similar to mapping a network drive • The contents of the WIM format file become accessible from the local file system – Mounted as a folder (D:\winpe\mount) instead of a drive letter (Y:) • Changes can then be made to the WIM format file • DISM can then unmount the image and either save or discard the changes

dism /mount-image /imagefile:d:\winpe\media\sources\boot.wim /index:1 /mountdir:d:\winpe\mount

 Windows PE includes optional features that can be added • Windows PowerShell • Windows Script Host – Processing VB and JS scripts • HTML Application (HTA) support – User-friendly script interfaces • Windows Management Instrumentation (WMI) support • Language packs for other languages • Others available can found in the Windows ADK documentation  Most features are language independent • First, install the base feature • Then install a supporting language for the feature

JS = JavaScript HTML = hypertext markup language VB = Visual Basic

 Windows PE 10 supports the same base hardware as Windows 10 • Windows PE 4 and above support touch controls by default • Windows 10 drivers can be added to support additional hardware  DISM is used to inject drivers into mounted images • Drivers must be in standard INF file format • .exe-based drivers will not work

 GImageX acts as a graphical version of ImageX • ImageX was the pre-cursor to DISM • 32-bit and 64-bit versions • www.autoitscript.com/gimagex  Explorer++ adds a file-management interface • www.explorerplusplus.com • Browsing the file system • Copy, cut, and paste • Drag-and-drop file management • 32-bit and 64-bit versions  Nu2Menu is a shell replacement • Allows a menu system to be built for launching applications • Launch button similar to the Start button in Windows • www.nu2.nu/nu2menu

 Sysinternals Suite • Microsoft now provides the Sysinternals Suite as a free download • Includes more than 65 different troubleshooting tools • Some of them will be more useful in a Windows PE environment than others  Remote Control • The remote desktop client can be added – mstsc.exe and mstscax.dll • VNC servers and clients can be added – Individual distribution configuration may vary

VNC = virtual network computing

If you need to add tools to your Windows PE boot media, in which two locations could they be added?

What are the advantages of each? What are the disadvantages?

 Once configured, the Windows PE files can be placed on removable media • USB flash drive • CD or DVD  The utility to create Windows PE media from the existing folder structure is makewinpemedia

 USB flash drive: • makewinpemedia /ufd d:\winpe f:\  ISO file that can be burned to CD or DVD: • makewinpemedia /iso d:\winpe d:\winpe\winpe.iso

ISO = International Organization for Standardization

Media

MyTools makewinpemedia winpe.iso

sources or

fwfiles

 Windows PE Flat Boot allows Windows PE to run directly from removable media • RAM disk is not used • Works only on writable media such as USB flash drives  Advantages: • Uses less RAM – Useful for systems with low system resources • May result in faster boot time because image doesn’t have to be loaded into RAM  Flat boot images can be installed to • USB flash drives • External hard drives • Fixed storage (internal) hard drive

 Windows PE has been used heavily for diagnostics • Extensive hardware support • Small footprint  Windows To Go may be another solution • Live copy of Windows 10 running from a USB drive  Points to remember: • Still a much larger footprint • Will have to run a plug-and-play scan for each new computer booted from each USB drive • Only available in Windows Enterprise Edition – Requires that software assurance be purchased

 Building Windows PE Boot Media

 Hands-On Exercise 1.1

 Customizing Windows PE  Hands-On Exercise 1.2

In your Exercise Manual, please refer to Hands-On Exercise 1.2: Customizing Windows PE Boot Media

In this chapter, we have  Built a basic Windows PE boot disk  Mounted and edited WIM format files  Customized Windows PE for deployment or administrative use

Creating and Managing Custom Images Chapter Objectives

In this chapter, we will  Prepare reference computers  Capture custom WIM images  Apply WIM images with Windows PE and DISM  Service offline WIM images

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

 Planning your deployment solution should be done before any implementation  Evaluate appropriate Windows versions • Features • Cost  Select level of image customization • Thick • Thin • Hybrid  Leverage the most suitable deployment media • DVD, USB drives, or network-based deployment  Implement automation when possible

 Answer files • Default installations • Customized images  Automating the imaging process • Scripting • Third-party tools  Integrating features and updates into images • Leveraging customized images  Scripting optional components • Windows features and roles • BitLocker – Cannot be integrated into deployment images  Editing images offline

 Planning the Deployment  Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

install.wim Customizations

Unattend.xml You are here…

Generalize

Capture image Image maintenance

Custom.wim

Deploy image

1. Build a deployment environment 2. Perform reference installation • May be automated with an answer file 3. Make customizations to the reference installations 4. Prepare the reference computer for imaging 5. Generate an image based on the reference computer 6. Build a deployment solution

 Technician computer • Newest version of Windows possible – Some tools and features are only available in the latest version • Tools – Windows ADK – Specialized tools such as Microsoft Deployment Toolkit or Windows Deployment Services – More to come!  Network resources • Folders for imaging resources – Drivers – Applications – Captured images • Accounts – Capturing and maintaining images – Applying images

 Deployment images are typically built from a reference computer • Clean, ideal installation and configuration  Creating the reference computer: 1. Partition and format the hard disk 2. Install a base installation of Windows 3. Install necessary drivers 4. Install latest service packs and security updates 5. Make necessary configuration changes 6. Install base software 7. Create an answer file 8. Generalize the system with Sysprep

 Windows can be started up in either Audit Mode or Windows Welcome • During initial installation of Windows • After Sysprep  Windows Welcome completes setup for the end user • Default mode when installing Windows • Local account must be created or link to a Microsoft account • License agreement must be accepted • Languages and time zones are set  Audit mode bypasses final settings for image preparation purposes • Administrator account is enabled on each audit mode boot and disabled after logon • Sysprep will be opened on every login for your convenience • Installation must be switched back to booting into Windows Welcome before final image capture

 Microsoft recommends audit mode for reference computer initial configuration  Audit mode can be entered by • Pressing when Windows Welcome starts • Using an answer file with the setting for entering audit mode • Selecting audit mode when running Sysprep  Computer can be configured to enter Windows Welcome by running Sysprep • Select Enter System Out-of-Box Experience (OOBE)

 Windows 10 Universal apps are typically installed from the Windows Store  Apps may be sideloaded when publishing apps in the Store isn’t practical • Sideloading refers to installation of apps that have not been certified by the Windows Store • Windows must be configured to allow sideloading – Settings | Update & Security | For developers  To sideload the application • Sign the app package • Trust the certificate used to sign the package • Use the Add-AppxPackage cmdlet to install the app – DISM can also be used with a slightly more complex syntax

GPO = Group Policy Object UI = user interface

 Answer files help to automate nearly all installations • Reference installations • Images prepared with the Sysprep tool  Formatting for answer files has been greatly modified since Windows XP • XML is used instead of standard .ini formatting • Answer files are divided into passes to match the installation process

XML = extensible markup language

true 1 true true true true

 Windows installation is composed of several discrete steps • Windows PE, System Configuration, Out-Of-Box Experience (OOBE), etc.  Unattended answer files are divided into matching sections • Referred to as configuration passes  Unattended answer-file settings must be placed into the correct configuration pass section of the unattended file • Entire unattended file is copied to C:\windows\panther\unattend.xml • During each configuration pass, another section of the answer file is parsed

 windowsPE • Product key and disk configuration • Keyboard mapping and locale settings for Windows PE setup screens  offlineServicing • Used to add offline updates to an image  specialize • Computer configuration – Domain information – Network settings • Keyboard mapping and locale settings for Windows  generalize • Run after executing sysprep /generalize

 auditSystem • Only applies to systems running in audit mode • Run scripts or commands at startup in the system context • Typically used to add drivers and applications to a base image  auditUser • Only applies to systems running in audit mode • Used to run scripts or commands after user logon in the user context  oobeSystem • Used to automate Windows Welcome  No given scenario would include all configuration passes

 Default installation with a supplied answer file:

Install Windows from DVD using an answer file

windowsPE

Base image is applied

specialize

Setup completes and Windows Welcome begins

oobeSystem

Windows Welcome completes and the computer is ready for use

 Customized installation with an embedded answer file:

Custom image is applied

specialize

Setup completes and Windows Welcome begins

oobeSystem

Windows Welcome completes and the computer is ready for use

 The Windows PE pass is not needed, because installation will be performed through a customized deployment process

 Answer files are built with the Windows System Image Manager (SIM) • Included in the Windows ADK  Features of the Windows SIM: • Creates XML answer files for installation and offline image editing – XML knowledge is not needed • Catalogs all available answer-file options directly from the WIM format file or existing catalog file • Verifies that syntax and settings meet minimal requirements – Misconfiguration may still cause setup problems

Right-click

 Distribution Share • Used to store drivers and updates in a common, accessible location  Windows Image • Index or catalog of configurable options • Can be built from a WIM image or provided by the vendor as a catalog  Answer File • Graphical representation of the XML answer file being built • Options are added from the Windows Image pane and appear here • Only sections are noted here  Properties • Values are set for various options • Contents change based on the selected section in the Answer File pane  Messages • Warnings, errors, and information

1. Select a Windows image (WIM format file) to build a catalog of options • Reads the available settings and creates a catalog for the user interface • May also select a prebuild catalog file 2. Create a new answer file 3. Locate a component in the Windows Image pane to automate 4. Add the component to a particular configuration pass • Right-click the component and select the appropriate pass • Most components may only be added to certain configuration passes 5. Configure the settings for the newly added component 6. Continue adding and configuring components until the installation is automated to meet your needs

7. Validate the answer file • Windows System Image Manager will check your answer file for common errors 8. Save the answer file • ASCII text file in XML format

ASCII = American Standard Code for Information Interchange

 Answer files may be used to automate Microsoft installs • Name the answer file autounattend.xml • Make available on the root of removable media at boot time – Typically a USB drive • Answer file should be available during boot and during image installation  Answer files can be embedded in customized images • Embedded with the Sysprep tool – More information on Sysprep later in this chapter • Embedded answer files can be initially named anything and located in any accessible location – The file will be copied and renamed to C:\Windows\Panther\Unattend.xml • Sensitive information—i.e., passwords—will be removed as they are used

 Planning the Deployment

 Building the Reference Computer  Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

In your Exercise Manual, please refer to Hands-On Exercise 2.1: Creating an Answer File

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1  Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

 Imaging Windows is now the standard for deployment • DVD-based installs install the default image from Microsoft – \sources\install.wim

 Two primary imaging techniques exist: • Sector-based images – Norton Ghost – Altiris Deployment Solution – Acronis Snap Deploy • File-based images – Windows Imaging – DISM and setup.exe – DriveImage XML

 Each deployment image is captured as a single file • Boot and partitioning information is stored • Data and file systems of all types can be saved  Disadvantages: • The same image typically won't support both BIOS-based and UEFI-based machines • Typically larger due to redundant files – Within a single image – Between multiple images • Do not typically support Microsoft offline updating – Drivers – Security updates • Re-imaging destroys all data on the target drive • Typically, there is a cost to license the imaging software

BIOS = basic input/output system UEFI = Unified Extensible Firmware Interface

 All deployment images of a given platform are captured to a single image • Redundant files within a single image are stored only once • Redundant files between two images are stored only once • Files are captured independently of the underlying disk structure or file system  Disadvantages: • Drives must be prepared before applying a file-based image – Partitioned and formatted • The capture process is usually slower due to indexing all files and their metadata  We will be focusing on file-based images using tools provided by Microsoft • Imaging with other solutions will be very similar except for offline updating

 A WIM header contains generic WIM file information • File size, signature, and version • Compression type  File resource (per image) • File-data streams are stored in their entirety  Metadata resource (per image) • Directory structure • File attributes, including security  Other per-image resources provide additional information and flexibility • Lookup table • XML table • Integrity table

WIM header

File resource File resource File resource

Metadata resource Metadata resource (Image 1) (Image 2)

 Windows natively supports WIM file images • WIM file operations performed by the WIM API set • Actions such as capture and apply are initiated from a management tool – DISM for Windows 8 and above – ImageX in the ADK – Various third-party utilities such as GImageX and DISM GUI • Browsing and editing is internally handled by the WIM File System Filter

File Explorer, etc.

DISM/ImageX WIM File System Filter

WIM API Set (WIMGAPI)

WIM file

API = application programming interface

install.wim Customizations

Unattend.xml

You are here…

Generalize

Capture image Image maintenance

Custom.wim

Deploy image

 Custom images are created from the reference computer • WIM format files • Third-party image formats  Cloning introduces a unique set of challenges • Identical computer names and IP addresses • Hardware is assumed to be similar • Computer Security IDentifiers (SIDs) are the same – Causes security issues, especially within a domain  Reference computer must first be generalized • Remove unique computer information • Initiate a full hardware scan at next reboot • Unjoin the computer from a domain, if necessary

IP = Internet Protocol

 Microsoft provides Sysprep to generalize systems • Independent from imaging software and format • Included as part of the Windows installation  Sysprep • Removes unique computer information – SID – Computer name • Clears the event logs • Resets Windows activation grace period

 Sysprep may be configured for various scenarios • System may be restarted in OOBE or audit mode • System generalization may be enabled or disabled • System may be shut down for imaging or restarted for testing

 As with most tools, Sysprep is most powerful when accessed from a command prompt

 /unattend • Allows you to specify an unattended answer file to use for the specified configuration passes • Specified file will be copied to C:\Windows\Panther and renamed unattend.xml to be used during future passes

install.wim Customizations

Unattend.xml

You are here… Generalize

Capture image Image maintenance

Custom.wim

Deploy image

 System is ready to be imaged after generalization • Boot to Windows PE • Connect to network share, if necessary • Run imaging software to capture the image  DISM or ImageX can be used to add an image to a new WIM format file • dism /Capture-Image /ImageFile:y:\win10.wim /CaptureDir:C:\ /Name:"Windows 10 Ent"

 DISM or ImageX may also be used to add an image to an existing WIM format file • dism /Append-Image /ImageFile:y:\win10.wim /CaptureDir:C:\ /Name:"Windows 10 Pro"

 BIOS-based Windows computers typically contain at least two partitions • System partition contains boot files • Windows partition contains the Windows operating system  Windows booting on BIOS-based computers requires the MBR partitioning scheme

System Windows

 UEFI-based Windows computers typically contain at least four partitions • Utility partition contains Windows RE tools for diagnostics and repair – Typically 300 MB or larger depending on needs • EFI System Partition for UEFI boot code – Must be FAT32 and at least 100 MB – 260 MB for 4K Native sector disks • Microsoft Reserved Partition (MSR) is 128 MB • Windows partition contains the Windows operating system  Windows booting UEFI-based systems requires the GPT partitioning scheme

Utility System MSR Windows

 Which partitions should you capture?

Partition Type Should you capture?

Microsoft Reserved (MSR) No

System Not normally. Use bcdboot to configure the system partition.

Windows Yes

Utility Only if customized. Typically copy the generic winre.wim boot image from System32 during deployment

 Files may be excluded from the capture via a configuration file by either • Naming the file wimscript.ini and placing it in the ImageX directory or • Specifying the file with the ImageX /config command-line option

[ExclusionList] \$ntfs.log \hiberfil.sys \pagefile.sys "\System Volume Information" \RECYCLER \Windows\CSC

[CompressionExclusionList] *.jpg

Note: Excluded files above are included by default and do not need to be manually included.

 Compression may be adjusted from command line or via a configuration file • Maximum • Fast (default) • None

dism /Capture-Image /ImageFile:y:\win10.wim /CaptureDir:C:\ /Name:"Windows 10 Ent" /Compress maximum

 Increased compression typically slows the capture process • Restoration can be accelerated by compression, especially across networks or when using DVDs for deployment – Speed of reading the source file is the limiting factor

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images  Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

In your Exercise Manual, please refer to Hands-On Exercise 2.2: Creating a WIM Format File

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2  Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

install.wim Customizations

Unattend.xml

Generalize

Capture image Image maintenance

You are here… Custom.wim

Deploy image

 Most third-party solutions have integrated partition information and data into a single file  WIM format files contain only data • Partitions must be created and formatted before applying images • Allows for very flexible deployment  Diskpart may be used to prepare computers for applying WIM images • Command line • Included with Windows and Windows PE • Supports scripting  ImageX or DISM can be used to apply WIM images

 Diskpart can be used interactively • Commands are entered and executed individually  Automated installations may be performed by scripting Diskpart • Put all necessary Diskpart commands in a text file • Run diskpart /s script-bios.txt

Script-bios.txt SELECT DISK 0 CLEAN

CREATE PARTITION PRIMARY SIZE=300 FORMAT QUICK FS=NTFS LABEL="System" ACTIVE ASSIGN LETTER="S"

CREATE PARTITION PRIMARY FORMAT QUICK FS=NTFS LABEL="Windows" ASSIGN LETTER="C"

EXIT

Script-uefi.txt SELECT DISK 0 CLEAN CONVERT GPT

CREATE PARTITION PRIMARY SIZE=300 FORMAT QUICK FS=NTFS LABEL="Windows RE Tools" ASSIGN LETTER="T"

CREATE PARTITION EFI SIZE=260 FORMAT QUICK FS=FAT32 LABEL="System" ASSIGN LETTER="S"

CREATE PARTITION MSR SIZE=128

CREATE PARTITION PRIMARY FORMAT QUICK FS=NTFS LABEL="Windows" ASSIGN LETTER="C"

EXIT

1. Boot to customized Windows PE media • ImageX (optional for Windows PE 4 and newer) • Scripting engines allow for automation – Windows PE’s startnet.cmd can autostart applications • Network adapter drivers for all organizational hardware 2. Connect to network share, if necessary 3. Diskpart • Create partitions • Set active partition • Assign drive letters for imaging – Final drive-letter assignments will be assigned by the new OS • Format partitions

4. Apply images • dism /Apply-Image /ImageFile:y:\win10.wim /Name:“Windows 10 Ent" /ApplyDir:C:\

5. Copy the Windows Recovery Environment (RE) tools • UEFI PC copy to the tools partition – md T:\Recovery\WindowsRE – copy C:\Windows\System32\Recovery\winre.wim T:\Recovery\WindowsRE\winre.wim • BIOS-based PCs copy to the system partition 6. Register the location of the Windows RE tools – C:\windows\system32\reagentc /setreimage /path t:\Recovery\WindowsRE /target c:\Windows

7. Configure the system partition • bcdboot c:\windows

 Custom images can also be applied as Windows To Go images • Windows To Go workspace wizard • Manually apply the image to a USB drive  Process to manually deploy Windows To Go: 1. Prepare the USB flash drive with Diskpart to ensure that proper boot information is configured 2. Use DISM to apply a WIM file image to the USB flash drive 3. Use BCDBoot to add a boot record to the USB flash drive

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images  Hands-On Exercise 2.3

 Servicing Offline Images

 Hands-On Exercise 2.4

In your Exercise Manual, please refer to Hands-On Exercise 2.3: Deploying a WIM Image

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3  Servicing Offline Images

 Hands-On Exercise 2.4

install.wim Customizations

Unattend.xml

Generalize

Capture image Image maintenance

Custom.wim

You are here… Deploy image

 WIM images can be mounted offline for servicing • DISM has flags for mounting WIM format files • ImageX may also be used – Especially useful for legacy operating systems where DISM is not available  DISM mounting flags • WimFile – Specifies the file to mount • Index – The image in the WIM format file to mount • MountDir – Folder in the file system to mount to the WIM image

dism /mount-wim /wimfile:d:\images\win10.wim /index:1 /MountDir:D:\mount

 Directly adding drivers with DISM • Allows for direct injection of drivers into mounted images • Drivers must be in INF format and not installation executables • Adds drivers to the local driver store of the image – Plug and Play will load appropriate drivers at next boot • Options allow for single-driver installation or recursive installation of multiple drivers within a single folder • Drivers not signed by Microsoft must be installed using the ForceUnsignedDriver option – Not valid with recursive driver installation  Using an answer file with DISM • Useful when many locations must be referenced • Answer file is built using the Windows SIM • Drivers are added to the offlineServicing pass

 Packages and updates can be applied directly with DISM • Easier than having to create an answer file • Works well for images that are kept up to date  Answer files can be used with DISM to apply packages and updates • Ensures that all updates are installed in order with prerequisites • Useful for images that frequently require many updates • Answer files are built with Windows SIM • Packages are added to the offlineServicing pass

 Windows is language independent • All dialogs and system texts are read from language packs • All versions ship with a default language pack • Enterprise allows multiple languages to be active – Each user account can have its own language  DISM can be used to install additional language packs • /AddPackage  DISM can be use to configure the default display language • /Set-SKUIntlDefaults

 Planning the Deployment

 Building the Reference Computer

 Hands-On Exercise 2.1

 Capturing Custom Images

 Hands-On Exercise 2.2

 Deploying Custom Images

 Hands-On Exercise 2.3

 Servicing Offline Images  Hands-On Exercise 2.4

In your Exercise Manual, please refer to Hands-On Exercise 2.4: Servicing an Offline WIM Image

In this chapter, we have  Prepared reference computers  Captured custom WIM images  Applied WIM images with Windows PE and DISM  Serviced offline WIM images

Deploying Windows Images Chapter Objectives

In this chapter, we will  Implement network booting and imaging with Windows Deployment Services  Build and maintain custom images with the Microsoft Deployment Toolkit  Migrate the user state from previous installations

 Windows Deployment Services

 Hands-On Exercise 3.1

 Microsoft Deployment Toolkit

 Hands-On Exercise 3.2

 Lite Touch Installations

 Hands-On Exercise 3.3

 Migrating to Windows 10

 Hands-On Exercise 3.4

 Windows Deployment Services (WDS) provides network boot services • Computers download a live operating system from the server – Must be supported by the network adapter and BIOS • Workstations can then install an operating system from the server  WDS is a role for Windows Server  WDS supports • Boot images • Install images

BIOS = basic input/output system

WDS server Request boot image Client workstation

Deliver boot image via TFTP

Request install image (WDS client only)

Deliver install image

TFTP = Trivial File Transfer Protocol

 Boot images • Windows PE WIM format files • Downloaded into RAM • A selection menu will be presented to clients when more than one boot image is available – Priority can be set to order the boot images  Install images • Images of full operating systems to be applied to the hard drive – Windows 10, 8, 7, etc.  Install images are accessible using the WDS client on a boot image • Windows installation DVD boot.wim file includes and uses the WDS client by default • Custom Windows PE boot disks can have the WDS Client package added

 Capture images can be generated from existing boot images • Scripts and tools to capture the local disk to a WDS install image are injected • Automatically begin a WIM format file capture after the boot process

 WDS requirements: • DHCP • DNS • NTFS volume to store images – ReFS and FAT32 not supported  Deployment process: 1. Client boots and requests an IP address for network communications 2. DHCP server provides a valid IP address 3. Client requests an operating system 4. Menu of available boot images is presented to the client, if applicable 5. WDS server provides an operating system via TFTP to the client 6. Client uses the downloaded OS to begin a local OS installation

DHCP = Dynamic Host Configuration Protocol DNS = domain name system FAT32 = File Allocation Table 32 ReFS = Resilient File System

 Images are normally added through the Windows Deployment Services snap-in • Boot images – Capture images • Install images

 WDS servers can respond to known, unknown, or no clients • Reponses may also be delayed

PXE = pre-boot execution environment

 Boot options: • Customize the PXE boot process for known and unknown clients • Specify the default boot image for different architectures

 Special considerations must be made when running DHCP and WDS on the same computer • This scenario should typically be avoided

 WDS provides multicasting capabilities • Round-robin style allows clients to join the session at any time • After reaching the end of the image, the server will rebroadcast the beginning for the clients that joined the session late  Multicast transfer settings can be configured • Allows for multiple multicast sessions at different transmission speeds  Multicast must be properly supported and configured on your switches and routers

 WDS can bundle and deploy drivers along with install images • Windows PE 3 and above boot images can also include the drivers

 Advantages: • PXE booting • Multicasting  Disadvantages: • Customization of the deployment is difficult – Extensive scripting knowledge to create a custom UI – Manually built answer files are helpful but generally flexible to support multiple platforms – Multiple answer files often must be managed • Management of the images can be difficult – Images are stored in resource and metadata WIM files

 Windows Deployment Services  Hands-On Exercise 3.1

 Microsoft Deployment Toolkit

 Hands-On Exercise 3.2

 Lite Touch Installations

 Hands-On Exercise 3.3

 Migrating to Windows 10

 Hands-On Exercise 3.4

In your Exercise Manual, please refer to Hands-On Exercise 3.1: Windows Deployment Services

 Windows Deployment Services

 Hands-On Exercise 3.1  Microsoft Deployment Toolkit

 Hands-On Exercise 3.2

 Lite Touch Installations

 Hands-On Exercise 3.3

 Migrating to Windows 10

 Hands-On Exercise 3.4

 The Microsoft Deployment Toolkit (MDT) is a series of scripts to help automate your deployment • Leverages several Windows ADK tools that must be installed prior to MDT  An MDT solution is comprised of • Deployment Workbench application on the technician computer – Used to create, customize, and manage deployments • Server share, which contains – Windows PE boot image to start the installation process on new workstations and map a drive back to the server share – Scripts to help automate the deployment process – Task sequences to define which actions to take and under what circumstances – HTAs to prompt the user for necessary deployment information – User-added images, software, packages, and drivers – User-defined deployment values configured through the Deployment Workbench

Deployment share 3. Read deployment settings 2. Start Lite Touch installation from server share Scripts 5. Perform 4. Select Task Sequence Task Sequence steps Task 1. Boot Windows PE Sequences

Operating systems

Applications

Drivers

Packages

 The deployment share will contain the files for the custom deployment • MDT will share the folder  The deployment share is the starting point for building images • Import an existing WIM format file or installation sources • Add applications to be installed during deployment • Add OS packages • Include additional drivers

 Applications may be specified to be installed after installation • Installed through a logon script

 The Operating Systems section contains a repository of available OSs • Full source files • Custom WIM format files supported  Operating systems are imported from one of the following: • Installation CDs or DVDs – Could be a mounted ISO in Windows • Existing custom WIM files • Existing WDS images • Images captured by running the Lite Touch script from the deployment share – \\server\deploymentshare\scripts\litetouch.vbs

 Out-of-box drivers will be injected into the deployment image • Source directory and subfolders are scanned for .inf files

 Packages include • Security updates • Language packs  A source directory is scanned for .cab or .msu files

 Task sequences define what tasks should be performed and in which order • Launch scripts from the deployment share using values queried during the deployment wizard • Several templates are provided and suitable for most situations – Standard Client – Standard Server – VHD deployments – More later – Sysprep and capture – To be run from a running reference machine

VHD = Virtual Hard Disk

Boot Windows PE

Windows PE

Map network drive Start the Windows Deployment Wizard

Shared folder

Deployment share

 Combining MDT with WDS can provide distinct advantages • Network booting and multicasting of WDS • Flexibility and management functionality of MDT  Two integration options can be configured • Import MDT boot images into WDS for network booting • Enable multicasting for deployment shares – Automatically creates WDS multicast sessions

 Windows Deployment Services

 Hands-On Exercise 3.1

 Microsoft Deployment Toolkit  Hands-On Exercise 3.2

 Lite Touch Installations

 Hands-On Exercise 3.3

 Migrating to Windows 10

 Hands-On Exercise 3.4

In your Exercise Manual, please refer to Hands-On Exercise 3.2: Microsoft Deployment Toolkit

 Windows Deployment Services

 Hands-On Exercise 3.1

 Microsoft Deployment Toolkit

 Hands-On Exercise 3.2  Lite Touch Installations

 Hands-On Exercise 3.3

 Migrating to Windows 10

 Hands-On Exercise 3.4

 MDT can be used to work with reference images • Build a reference image • Capture the reference image to the deployment share  To use MDT to capture an image • Define a "Sysprep and Capture" task sequence • Run the Lite Touch script on the reference computer from the deployment share – \\server\deploymentshare\scripts\litetouch.vbs • Select your "Sysprep and Capture" task sequence

 Windows PE will be temporarily deployed to the hard disk of the reference computer • Boot order will be modified to boot to this Windows PE image on next boot  Sysprep will be initiated after Windows PE is deployed • Restart will be issued when sysprep is complete  Local hard disk will be captured to WIM format file image • Windows PE, custom scripts, and HTAs will automate the process

 Lite Touch installations can be further streamlined • MDT standard settings, such as a custom background image • Automation of Lite Touch wizard screens • Integration with System Center Configuration Manager – Zero Touch installations can be configured – For more information on Zero Touch installations, see Learning Tree International Course 2415, System Center ® 2012 Configuration Manager Introduction 2415

 Lite Touch wizard screens are used to build a custom answer file • Custom answer file is merged into existing answer file after imaging

 Wizard screen contents can be modified • \\server\deploymentshare$\scripts\DeployWiz_Definition_ENU.xml references child XML files • Child XML files can be used to customize specific screens of the wizard – Modify text, add drop-down lists, etc.  Wizard screens can be automated and skipped • Bootstrap.ini • Customsettings.ini • SQL database

SQL = structured query language

 Scripts and task sequences perform actions based largely on MDT properties • Properties are essentially variables that can be – Scanned from the machine – Defined by the administrator – Interactively entered by technicians or users during deployment – More error prone and less efficient  Available properties and their purpose can be found in the MDT documentation • Toolkit Reference in the Documentation section of the Information Center

 To automate wizard screens or prepopulate values, use the automation table • Documentation | Toolkit Reference

 Wizard screen values can be defined in • Bootstrap.ini – Settings included on boot media before making a connection to the deployment share • CustomSettings.ini – Settings saved on the deployment share • MDT Database (optional) – Referenced from CustomSettings.ini – Allows for dynamic settings – Driven by Microsoft SQL Server

 The Property Definition section provides help for individual settings • Valid values • Definition location

 The settings files can be accessed from within the Deployment Workbench • Properties of the deployment share

CustomSettings.ini

Bootstrap.ini

 CustomSettings.ini is divided into sections identified by brackets around their names • Sections are read or skipped as a unit  The [Settings] section is the only required section and is the starting point for parsing the file • The Priority property defines – Which subsequent sections to parse – In what order to read the settings • The Properties property can be used to define user variables, if necessary  Priority values can be • Literal section names later in the file • MDT properties – For example, HostName, MACAddress, etc. • Indirect reference when one section calls another

 Database-driven settings allow for dynamic values based on predefined conditions • Specific computer, make, model, default gateway

Computer Make/model

 The Deployment Workbench can create the necessary database • SQL Server or SQL Server Express must be installed and configured for appropriate access – Named Pipes or TCP/IP Sockets

TCP/IP = Transmission Control Protocol/Internet Protocol

 Lite Touch installations can be placed onto removable media • No network connectivity required • DVD and USB images can be created  Deployment Media folders must be updated independently of the deployment share after Workbench modifications • USB files are updated • ISO file is rebuilt for DVD installations

 Windows Deployment Services

 Hands-On Exercise 3.1

 Microsoft Deployment Toolkit

 Hands-On Exercise 3.2

 Lite Touch Installations  Hands-On Exercise 3.3

 Migrating to Windows 10

 Hands-On Exercise 3.4

In your Exercise Manual, please refer to Hands-On Exercise 3.3: Lite Touch Installation

 Windows Deployment Services

 Hands-On Exercise 3.1

 Microsoft Deployment Toolkit

 Hands-On Exercise 3.2

 Lite Touch Installations

 Hands-On Exercise 3.3  Migrating to Windows 10

 Hands-On Exercise 3.4

 Recall that Windows installation is performed via imaging • Applying WIM images is not necessarily destructive – Images may be applied onto partitions containing data  Windows 10 can perform an in-place upgrade from previous versions of Windows • setup.exe from the Windows DVD provides more sophisticated installation than a simple imagex /apply command • WIM image is applied over the existing file system • User state is retained • Applications can be carried over from Windows 7  In-place upgrades are often not practical • Legacy applications may have issues • Existing problems are carried over

 Migrations provide a cleaner upgrade path  User state must often be carried across a migration • Local data • Settings such as e-mail configuration, favorites, etc.  User state may be migrated with the User State Migration Tool (USMT)  Data can be stored • Local disk – WIM file images are nondestructive • USB drives • Network shares

 USMT migrates user state from the command line • Automates data migration as part of the deployment process • Useful from administrative scripts • Included with the Windows ADK and available within MDT  Two separate commands are used to save and restore state information: • ScanState.exe is used to back up user state • LoadState.exe is used to recover backups to a replacement system  USMT migration is controlled by XML configuration files • Several default files are provided • Files may be customized as needed • /auto implies the use of migdocs.xml and migapp.xml

 Configuration files • MigApp.xml – Application settings • MigDocs.xml – Automatically searches for user data without defining specific file types and extensions • MigUser.xml – Migrates the user’s profile and any files with extensions specifically defined in the XML file • Config.xml – Used to exclude some migration components without modifying the standard migration XML files  Sample usage: • scanstate \\server\migration\comp1 /auto • loadstate \\server\migration\comp1 /i:migdocs.xml /i:migapp.xml

 USMT can use hard links to migrate data • Data on the local disk is backed up by either – Hard-linking data to a migration store on the local disk during a scanstate – Or clean installation of Windows, creating a Windows.old folder • After imaging, data can be restored by simply re-linking the data to the proper location in the file system • Much faster for large amounts of data because the data is never actually moved or copied  Hard-link migration stores are preferred when upgrading in-place without changing hardware • Removable disks or network store migrations should be used when changing a user’s computer

 To back up all local data and all accounts (no UFD or network data): • scanstate.exe \\server\share\%computername% /auto /localonly

 To back up all user data using a hard-link migration store: • scanstate.exe /hardlink c:\usmtmig /i:miguser.xml /i:migapp.xml /i:migdocs.xml

 To restore data and re-create and enable local accounts: • loadstate.exe \\server\share\%computername% /auto /lac /lae

 MDT can automate user state migration with USMT • Hard links are used for computer refreshes • Network backup locations must be specified for the backup and recovery when hard links cannot be used – New computer deployments – When drives must be repartitioned or reformatted • Full image backups can be taken  User State migration is configured via • Task Sequence – Standard Client template will not normally require modification • CustomSettings.ini or MDT DB – Parameters to pass to scanstate and loadstate – User data backup location – Optionally, force offline migration – Computer boots into Windows PE to perform the scanstate

 Windows Deployment Services

 Hands-On Exercise 3.1

 Microsoft Deployment Toolkit

 Hands-On Exercise 3.2

 Lite Touch Installations

 Hands-On Exercise 3.3

 Migrating to Windows 10  Hands-On Exercise 3.4

In your Exercise Manual, please refer to Hands-On Exercise 3.4: Migrating to Windows 10

In this chapter, we have  Implemented network booting and imaging with Windows Deployment Services  Built and maintained custom images with the Microsoft Deployment Toolkit  Migrated the user state from previous installations

Chapter 4

Managing Windows Activation Chapter Objectives

In this chapter, we will  Implement Multiple Activation Key (MAK)  Install and configure Key Management Services (KMS) for internal activation  Integrate Windows activation into the Active Directory  Leverage Microsoft tools for license and activation management

 Licensing and Activation Models

 Planning Activation

 Managing Volume Activation

 Hands-On Exercise 4.1

 Windows 10 Home • Core Windows functionality on x86 and AMD64 processors • Windows updates cannot be configured • Does not support joining a domain  Windows 10 Pro • Domain-joining and management features • BitLocker, Client Hyper-V, Boot from VHD, Remote Desktop Services

OEM = original equipment manufacturer

 Windows 10 Enterprise • Windows To Go, DirectAccess, BranchCache, AppLocker • Available by purchasing software assurance  Windows 10 Enterprise Long Term Servicing Branch (LTSB) • Same as Enterprise except it does not receive feature updates via Windows Updates

 Microsoft Windows 7 and above is required to be • Licensed • Activated  Licensing Windows refers to the legal right to use the software • Required but not enforced  Activation is the process by which Microsoft verifies that your license is valid • Required and enforced through software

 Microsoft has full-time staff and a significant section of its website dedicated to answering licensing questions • Costs • Legalities  Your company should work with a Microsoft representative to ensure that it is • Obtaining the best price • Properly licensed for all computers  Microsoft offers several licensing models: • System builder – Also referred to as OEM licenses • Retail – Also referred to as Full Packaged Product (FPP) • Volume licensing – Open, Academic, Government, Enterprise, Select, etc.

 Most organizations will choose volume licensing upgrades • Typically more economical than retail upgrades • Some offerings are exclusive to volume licensing – Downgrade rights, Microsoft Desktop Optimization Pack (MDOP), reimaging rights • A single license key can be used for multiple installations • Media are purchased or downloaded separately  Software assurance for volume licenses provides exclusive benefits • Windows 10 Enterprise Edition • MDOP  Volume licenses of Windows are upgrades only • The system must already be licensed for a qualifying operating system – Check the Microsoft website for your license and organization type

 Not all Windows editions are available in all licensing models

License type Editions available System Builder (OEM) Windows 10 Home, Windows 10 Professional Retail upgrade Windows 10 Home, Windows 10 Professional Volume upgrade Windows 10 Professional Volume upgrade and Windows 10 Enterprise Software Assurance

 OEM versions may be activated • Through the Internet • By a telephone call to Microsoft • Permanently by vendors – Embed licensing information into BIOS licensing tables – Digitally signed media by the vendor  Retail versions rely on manual activation • Telephone call to Microsoft • Internet activation  Each license key may only be activated on a single machine • The machine may be reactivated as many times as necessary – After reloading Windows – After significant hardware upgrades

 Volume Activation 1.0 bypasses activation • Requires volume-license version of the software and a volume-license key • Intended for businesses that use imaging and other mass-deployment tools • Keys are easily exploited and frequently leak out of the organization • Used by – Windows XP and Windows Server 2003 – Microsoft Office 2003 and 2007

 Microsoft is fighting piracy with the Windows Genuine Advantage program • Marketing to inform customers of the advantages of owning genuine software and the dangers of pirated software • Validation for updates and various downloads on the Microsoft website – Checks for known compromised license keys

 Part of the Windows Genuine Advantage program is Volume Activation (VA) 2.0 • Products using VA 2.0 do not bypass activation • Windows Vista and 7 • Windows Server 2008 • Microsoft Office 2010 and above  VA 2.0 allows activation by one of two methods: • Multiple Activation Key (MAK) – Each workstation is individually activated with the same key • Key Management Service (KMS) – Organizational server activates workstations in the background – Default for Windows Vista, 7, and Server 2008  VA 3.0 adds an additional activation option • Active Directory-based – Available for Windows 8, 10, Server 2012, and Office 2013

 Multiple Activation Keys are allowed to activate computers a specific number of times • Microsoft maintains a database of computers associated with a MAK • After each activation, the pool of available activations is decreased – Even after reimaging • Activations can be performed via telephone or the Internet  The activation pool is not directly tied to licenses • More activations may be obtained by calling Microsoft

Reduce the activation count by 1

Activation request Activation pool 100 99 98 97 96 Microsoft activation servers

 KMS activation is performed locally • Central server runs the KMS service • Workstations activate from a local server rather than from Microsoft • No limit to the number of local activations • Activation must be renewed every 180 days – Attempts to renew every seven days  KMS activation requires • 25 or more Windows Vista, 7, 8, or 10 clients • Five or more Windows Server 2008 or Server 2012 clients  KMS servers are located through either • Manual configuration – Registry edit to specify a KMS server – slmgr.vbs –skms servername • DNS query – Default and preferred

DNS server

May I be activated?

Windows 10 Yes

KMS server

 Uses a KMS host key • Still obtains 180-day leases, similar to KMS • No client minimums • Doesn’t require multiple KMS servers for fault tolerance • Activation servers are located automatically when clients are configured with a Generic Volume License Key (GVLK) – Sometimes referred to as a KMS client key

 Advantages of MAK: • Computers don’t need to reactivate except during major hardware upgrades • No minimum number of clients required • No network requirements or traffic • Supported on Windows Vista and higher  Advantages of KMS: • Unlimited reactivations using the local KMS server – Especially useful in a lab environment with frequent reimaging • No manual configuration of workstations – KMS is the default when using volume-license media • Supported on Windows Vista and higher  Advantages of Active Directory-based: • Same advantages as KMS, except it requires Windows 8 or higher • No minimum number of clients required • Fault tolerance built into the Active Directory architecture

 If you are provided with a volume license key, make sure you know which type it is • MAK • KMS host • Generic Volume License Key (GVLK) – KMS or Active Directory-based client  With KMS or Active Directory-based activation, most IT staffers will not need to know the volume keys • Clients will default to GVLK without further configuration

 Licensing and Activation Models  Planning Activation

 Managing Volume Activation

 Hands-On Exercise 4.1

 Learning Tree Gadgets has several groups of users that are being upgraded from Windows 7 to Windows 10  For each of the following groups, decide on the best activation method and justify your decision, then note your decision and justification on the next slide: 1. 250 desktop PC users reside in the Reston corporate headquarters and remain connected to the corporate network at all times 2. 50 laptop users reside in the Reston corporate headquarters and leave the office only on weekends or during weeklong meetings 3. 25 laptop users are sales agents and connect to the corporate network only when their computers are sent in for repair or annual updates 4. 10 desktop PCs are used for testing and training, are never connected to the corporate network, and are reloaded at least every two weeks

Group Activation model Justification Corporate desktops Corporate laptops

Sales laptops

Testing/training desktops

 Licensing and Activation Models

 Planning Activation  Managing Volume Activation

 Hands-On Exercise 4.1

 Microsoft provides tools to administer activation  Windows Software Licensing Management Tool • slmgr.vbs  Volume Activation Management Tool (VAMT) • Free download from Microsoft • Included as part of Windows ADK  Windows Server 2012 introduces a Volume Activation Services role • Volume Activation Tools can be used to configure KMS or Active Directory- based activation

 Computers using MAK activation may be activated via two methods: • MAK Independent activation – Each computer is activated individually • MAK Proxy activation – Groups of computers are activated through a single Internet connection – Requires the Volume Activation Management Tool (VAMT)

 Using MAK requires changing the product key  Graphical interface options • PC Settings | Activate Windows • Execute slui  Command line or script • slmgr.vbs –ipk {MAK}  Answer file during setup • Implemented in the “specialize” pass • Automated within the MDT

Microsoft activation servers

Internet

Admin workstation (with the VAMT and Internet access) Isolated admin workstation (with the VAMT)

Windows 10 client

 KMS server must be configured • Change the product key to a KMS host key provided by Microsoft • Activate the server over the Internet or telephone  Clients using the generic setup key will default to KMS client activation

 KMS server will attempt to register itself in DNS • SRV record will be entered into servers supporting DDNS • Windows automatically attempts to activate using a KMS machine obtained from a DNS query  Potential discovery issues • SRV records will not be removed if you uninstall KMS keys  Manual KMS configuration can be performed with slmgr.vbs • slmgr.vbs -skms kms1.domain.com  Clients request and receive activation through a 250-byte activation request and response • Most modern networks should be able to handle the additional network load

DDNS = dynamic domain name system SRV = service

DNS server

What is the address for _VLMCS._TCP.domain.com?

10.1.1.10

May I be activated?

Activation cache 50 workstations 10 servers Windows 10 Yes

KMS server 10.1.1.10

 Apply the KMS host key to the forest • Volume Activation Management Tool (VAMT) • Volume Activation Tools from Server Manager  Clients will automatically be activated once joined to the domain • Existing clients should be activated at next restart and logon

 When Windows activation or reactivation fails • Windows enters notification, then non-genuine mode • The user will be alerted via the Message Center • Watermark on the desktop • Personalization options are limited

 When using KMS host-based activation, use multiple servers • When a KMS machine is unavailable, the client will query DNS for another • Each KMS server will require the minimum client count  Consider using Active Directory–based activation when possible • May not be available for legacy operating systems  When adding or changing hardware to MAK activation workstations, ensure that an Internet connection or phone is available for reactivation

 Virtual Machines (VMs) running Windows require a separate license • Windows Enterprise Edition include licensing for up to four virtual machines per host license  VMs running Windows must be licensed • Activation will be required to avoid non-genuine mode  VMs used for testing or training may not require activation • Testing • Development

 Licensing and Activation Models

 Planning Activation

 Managing Volume Activation  Hands-On Exercise 4.1

In your Exercise Manual, please refer to Hands-On Exercise 4.1: Exploring Licensing and Activation

In this chapter, we have  Implemented Multiple Activation Key (MAK)  Installed and configured Key Management Services (KMS) for internal activation  Integrated Windows activation into the Active Directory  Leveraged Microsoft tools for license and activation management

Streamlining Windows Administration Chapter Objectives

In this chapter, we will  Centralize configuration with Group Policy Objects  Schedule local and remote tasks  Control remote workstations with Remote Assistance and Remote Desktop  Leverage advanced command-line management tools

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Policies are settings configured for users and computers • Security, user interface, scripts, software installation, etc.  Policies can be implemented locally • Impacting local users on the local machine only • Different policies can be defined for each user or group  Policies can be linked to scopes of management in the Active Directory • Implemented as Group Policy Objects (GPOs) • May be linked to sites, domains, and Organizational Units (OUs) • Override local policies if in conflict • Can be controlled centrally • Targeting is much more flexible

 Centralized management is increasingly important to organizations • Reduced administrative costs • More stable and consistent environment • Rapid recovery from workstation failures  Key component in centralized management GPOs • A single policy can be enforced on any number of computers • Multiple policies may be applied to a single object • Group Policy Objects are stored and replicated in the Active Directory  Group Policy settings control either computer- or user-specific settings • Computer settings are applied at startup and refreshed periodically • User settings are applied at logon and refreshed periodically – Many user settings can’t be applied after logon

course.local

Install Acrobat Reader Standard Map shared drive Workstations Disable the IIS service users Use corporate background Enable the Windows Firewall

Show limited programs Map a Sales drive Redirect the desktop Kiosks Marketing Sales Install Sales software Disable USB drives Connect to the Sales printer

IIS = Internet Information Services

 Group Policy settings are configured with the Group Policy Management Editor

 Software • Software to install for all users of the computer  Windows settings • Startup and shutdown scripts • Deployed printers • System security settings  Administrative templates • Configure system services • Control network communications and behavior • Global Windows component settings – Internet Explorer, Event Viewer, Task Scheduler, etc.  Preferences • Copy files to the local system • Define VPN connection

VPN = virtual private network

 Software • Software to install for this user on each computer the user logs on to • Software will not be available to other users of the computer  Windows settings • Logon and logoff scripts • Deployed printers • Internet Explorer maintenance settings  Administrative templates • Available Control Panel applets • Desktop and Start menu configuration and restrictions • User interface settings and restrictions for system components  Preferences • Drive mappings • Create, delete, or update shortcuts

 Users’ start screen tiles and layout can be controlled • Configure the start screen on a reference machine to the desired layout • Export the current layout from PowerShell on the reference machine – export-startlayout –path my_layout.xml • Deploy the layout file via GPO – User Configuration | Policies | Administrative Templates | Start Menu and Taskbar | Start Screen Layout

 OU policy refresh • Group Policy Management console • PowerShell’s Invoke-GPUpdate cmdlet in the GroupPolicy module

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

In your Exercise Manual, please refer to Hands-On Exercise 5.1: Managing Settings With Group Policies

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Windows Vista and later include an even more secure version of the Windows Firewall • Controls both inbound and outbound traffic • Configured to behave differently in work, home, or public locations • Rules based on application, port, and source network address  Proper firewall configuration can be very important • Protects remote users while in public or unsecured areas • Configured to allow administration while in the office  Windows Firewall has two configuration interfaces: • Standard Windows Firewall applet in the Control Panel • Windows Firewall with Advanced Security in Administrative Tools

 Controls include • Enabling and disabling the firewall globally • Port, application, and subnet rules and exceptions

 Rules are much more configurable within Windows Firewall with Advanced Security • Inbound and outbound rules can be defined • Rules may be applied to any of the three network profiles – Private, public, and domain • Firewall settings may be imported and exported  Individual rules have more options • Require a secure connection • Apply to a specific application or service • Local and remote IP address restrictions • Apply to specific user and/or computer accounts

 To configure rules specific to a Universal (AppX) app, you must use Windows Firewall with Advanced Security

 Windows Firewall configuration can be automated  Group Policies can centrally manage firewall settings • Ensure a consistent security configuration • GPO targeting and security filtering can be used to create various firewall configurations within the organization  netsh • Command-line utility for network configuration • Allows basic or advanced firewall configuration • Useful for scripts when GPOs are not practical  PowerShell • Several PowerShell cmdlets allow for firewall configuration • get-command *firewall*

 Leverage the Windows Firewall • Avoid third-party firewalls unless there are documented justifications • Avoid using multiple host-based firewalls  Use profiles • Secure the public and private profiles as much as possible • Only allow administration on the domain profile • Set the default profile to public without prompting  Combine host-based firewalls with perimeter firewalls

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Task Scheduler allows you to schedule repetitive administrative tasks • Major upgrade from Windows XP  Many system tasks are scheduled by default • Windows Defender scans, disk defragmentation, System Restore protection points, etc.  Task Scheduler allows for granular control of scheduled tasks • Triggers • Actions • Conditions • Settings

 Tasks can be triggered in many ways • On a schedule • Based on system events

 When triggers are activated, several actions may be performed • Start programs or scripts • Send an e-mail (deprecated) – An e-mail server must be specified • Pop-up messages on the local computer (deprecated)

 Schtasks allows configuration of tasks from the command line • Create and delete tasks • Modify tasks • Query or list tasks • Start and stop existing tasks  New tasks can be created by • Providing all necessary parameters at the command prompt • Importing the XML file of a previously exported task

 Scheduled tasks can be managed from PowerShell with the ScheduledTasks module

 Tasks may be remotely administered • The Windows Firewall must be configured to allow remote configuration  Tasks may be duplicated to other machines by exporting and importing them • Exporting – Tasks are exported into XML format • Importing – XML files can be imported from the graphical interface or command line  Tasks may be configured with Group Policies • Centrally administered • No firewall configuration necessary • A preference, not a policy – Simply disabling the Group Policy will not stop the task from running

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

In your Exercise Manual, please refer to Hands-On Exercise 5.2: Automating Remote Tasks

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Remote Assistance allows remote control of a workstation • A local user can obtain assistance from a remote expert • User and expert both see the same desktop  Common uses: • The help desk views problematic steps or error messages • The expert demonstrates actions to an end user • The local and remote users work together to solve an issue

 Remote Assistance can be initiated by the user • E-mail and file invitations are compatible with previous versions of Remote Assistance • Easy Connect streamlines connections between Windows 7 and above computers  Easy Connect features: • Uses Internet connectivity to locate each computer – Even when both computers are on the same local network • The password is given to the expert to make the connection • Contact information can be saved so that passwords don’t have to be entered for subsequent connections • Leverages IPv6 – Can be tunneled over IPv4 networks but requires IPv6 be enabled on both computers

 Initiating a Remote Assistance session as the expert • Less action for the user • Requires that the expert be contacted through external means, such as a phone call

 Several security measures are in place with Remote Assistance • The user must approve connections from the expert • Remote viewing only by default – Expert control of the keyboard and mouse requires user approval • Domain workstations do not allow unsolicited assistance by default – Must be configured in a Group Policy that defines which groups are allowed to connect • Traffic is encrypted using the RDP encryption algorithm – RC4 128-bit encryption

RC4 = Ron’s Code 4 RDP = Remote Desktop Protocol

 Several settings must be configured to allow Remote Assistance connections • Local setting • Firewall • GPO to allow connections – Domain workstations only

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Remote Desktop allows remote control of a workstation • The remote user gets a separate session • Local and remote users don’t see the same Windows desktop • Client/server model allows connections at any time  Features: • Access to local drives from remote workstation • Local printing from the remote machine • Access to clipboard for copy/paste • Audio redirection to local machine

 The Remote Desktop Connection client is used to initiate connections on the legacy desktop • Several options allow optimization of the Remote Desktop Connection

 A Remote Desktop client is also available from the Windows Store • Touch-friendly redesign of the Remote Desktop Connection client • Useful especially from tablets

 User or administrator remotes in with no one logged in locally • Remote user gets new clean session immediately  User or administrator remotes in while a different account is logged on locally • Local user is prompted • Administrator gets a new session • Local session is simply locked  User or administrator remotes in using the same credentials as the locally logged-in user • Remote user takes over local session and sees active programs • Local user is disconnected as session is being controlled remotely

 Connections are limited to users in the local Remote Desktop Users group • Administrators are always allowed to connect  Remote experts don’t see local user desktops or data • Prevents accidental viewing of confidential user data  Traffic is encrypted using the RDP encryption algorithm  Network Level Authentication • Optional additional level of security

 Provides remote connections through a firewall • Connections are proxied by a Windows Server gateway server • Increases security by transmitting traffic over HTTPS • Allows granular security controls, such as limiting users to specific machines • Allows multiple connections into networks leveraging Network Address Translation (NAT)

HTTPS = Hypertext Transfer Protocol Secure

Remote Assistance Remote Desktop

Protocol Remote Desktop Protocol Remote Desktop Protocol

Desktops Same for user and expert Unique for each user

Access Requires user approval Experts allowed by default

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

In your Exercise Manual, please refer to Hands-On Exercise 5.3: Remote User Interfaces

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Command-line interfaces provide several advantages • Automation – Performing the same action multiple times – Responding to system events • More options than found in the GUI – Sysprep answer-file specification  Command-line interfaces for Windows 10 • Command prompt • PowerShell

GUI = graphical user interface

 ipconfig • Displays TCP/IP configuration for local network interfaces • Releases and renews IP address if using DHCP • Displays and flushes the DNS resolver cache  netsh • Configures local and remote TCP/IP settings • Manages firewall settings • Configures various TCP/IP services – RAS, IPsec, BranchCache, etc.  taskkill • Kills local and remote processes • Can sometimes end processes that Task Manager will not

IPsec = IP security RAS = remote access server TCP/IP = Transmission Control Protocol/Internet Protocol

 for • Performs commands in a loop • Can run a preset number of times • Can read lines from a text file and perform actions for each line  shutdown • Performs local and remote shutdowns and restarts  Active Directory commands are available after installing the Remote Server Administration Tools (RSAT) • dsadd – Creates objects • dsquery – Query for objects based on specific criteria • dsrm – Deletes objects

 PowerShell is an available command-line shell for Windows • Feature of Windows 7 and above • Free download for Windows XP, Server 2003, and Vista • Leverages .NET classes and objects  Specifically designed for system administration • File system, registry, WMI • Active Directory

 PowerShell functionality comes mostly from cmdlets • Simple “verb–noun” commands • The same verbs can be used for many nouns – get – format – copy – add

 Sample commands: • get-command – Lists available cmdlets • get-help {cmdlet} – Gets help for a specified cmdlet • get-service – Lists all installed services

 PowerShell includes only a limited set of cmdlets by default • Importing modules will provide additional cmdlets and functionality  Modules are provided by • Windows 10 • Add-on features through Remote Server Administration Tools (RSAT) – Active Directory, for example • Installed software – VMware’s PowerCLI, for example  Cmdlets to work with modules: • get-module – Lists all currently loaded modules • get-module –listavailable – Lists known available modules • get-command –module ActiveDirectory – List all cmdlets in the ActiveDirectory module

 Standard input and output format of commands allows for easy pipelining • Send the output of one command as the input to another • Output is generally an object  Reformatting of output must be handled by pipelining  To see the files in R:\winpe sorted by size and only showing the type, size, and name properties:

 Windows 10 supports several scripting interfaces • Batch or shell scripting • Windows Script Host (WSH) • PowerShell  Batch files execute command-line utilities • Each command is placed on a separate line  Windows Script Host • Interactive commands are not possible – Scripts must be written and executed as a whole • JScript and VBScript are supported • Access to COM objects allows more flexibility • Error handling

COM = component object model

 Several commands may be combined into a PowerShell script • Users may be prompted for input – read-host • Variables may be used and are prefaced with $ ScanDir.ps1 $dirname=read-host ″Name of directory to scan″ foreach ($fileorfolder in $(get-childitem $dirname)) { echo ″Found file or folder - $fileorfolder″ }

 Scripts are not allowed to run by default • Execution policy must be configured to allow unsigned scripts – Example: Set-ExecutionPolicy RemoteSigned • Alternatively, you could digitally sign all of your scripts  Files with the extension .ps1 are registered to Notepad • Helps to deter accidental execution of malicious scripts  To execute PowerShell scripts • Run the script from within a PowerShell prompt – Current directory is not in the system path – Script names must include path or be prefaced with ./ • Create a shortcut to PowerShell with the script name as an argument – powershell.exe c:\myscripts\somescript.ps1

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

 Microsoft provides a toolset for enterprises to manage desktops • Microsoft Desktop Optimization Pack (MDOP)  MDOP is only available to Software Assurance customers

 Application Virtualization (App-V) • Applications are streamed to desktops as needed – Not installed locally on the desktop • Only the App-V service is installed on the desktop • Can be integrated with System Center Configuration Manager for more centralized control and management  Microsoft User Experience Virtualization • User state virtualization solution • Selectively synchronizes Universal App settings and traditional application settings to a central store • Agent retrieves application and system settings • Administrator can control which application and system settings are synchronized

 Advanced Group Policy Manager • Managed workflow system for Group Policy editing – Policies are edited offline and online once approval has been provided • Difference reporting and auditing capabilities • Integrates into the standard Group Policy Editor  BitLocker Administration and Monitoring • Centrally manage and monitor BitLocker drive encryption • Built-in compliancy reports • Self-service recovery portal  Diagnostics and Recovery Toolset • Covered in the next chapter

 Microsoft also provides the Security Compliance Manager • Allows centralized configuration of security settings • Solution accelerator available as a free download from Microsoft  Features include • Integration with System Center Configuration Manager • Importing of existing settings from machines you wish to use as a reference • Deployment of settings via Group Policy • Configure standalone machines • Comparison of existing security against industry best practices

 Group Policies  Hands-On Exercise 5.1  Enabling Remote Management  Scheduling Administrative Tasks  Hands-On Exercise 5.2  Remote Assistance  Remote Desktop  Hands-On Exercise 5.3  Command-Line Management  Microsoft Desktop Optimization Pack  Hands-On Exercise 5.4

In your Exercise Manual, please refer to Hands-On Exercise 5.4: Scripting Administrative Tasks

In this chapter, we have  Centralized configuration with Group Policy Objects  Scheduled local and remote tasks  Controlled remote workstations with Remote Assistance and Remote Desktop  Leveraged advanced command-line management tools

Chapter 6

Optimization and Troubleshooting Chapter Objectives

In this chapter, we will  Back up and recover data and system files  Monitor the system with built-in tools  Boot Windows 10 natively from VHD  Troubleshoot network and application issues  Leverage the Diagnostics and Recovery Toolset

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

 Before troubleshooting is necessary, make sure you have a backup  Microsoft provides several backup tools in Windows 10 • Backup and Restore – Windows 7 backup utility • Access to previous versions • Reset • File History

 The Backup and Restore (Windows 7) applet controls the Windows Backup application  Windows Backup provides file backups and system image backups • The interface has been simplified compared to previous versions • A full backup is performed the first time • Incremental backups are performed on following runs  Selected files • Libraries • Individual folders in the local file system • Keeps backups to a minimum size  System Image • Includes everything in the backup • Disaster recovery

 Valid locations for storing backups include • Local drives not included in the backup set • Removable disk drives • Network locations • CDs or DVDs  Backups are scheduled to repeat by default • Can be disabled for individual backups • Daily, weekly, and monthly backup options are available

 Windows Backup can be used to recover data • Useful for individual files that have been deleted or corrupted • Requires that Windows be in an operable state  Restoration of full Windows 7-style system images can be performed from the Windows installation DVD • Make the backup available on a local disk, USB drive, or network location • Select the option to “Repair your computer”

 Windows 10 provides two reset options to replace standard backups • Keep my files • Remove everything  Reset is essentially a reinstallation of Windows • The “Keep my files” option maintains documents and some settings – Some settings are removed that may be the cause of the system failure – Windows Firewall • The “Remove everything” option does not maintain any local data

 Resetting the PC can be performed • Settings | Update & Security | Recovery – Assumes the PC is able to start successfully and the user is able to log in • From the sign-in screen, hold and select Power | Restart • Boot from the Windows installation media

 File History is a replacement for file backups • Frequency and retention length can be configured  Configuring a File History storage location • External disk • Network  Recovering files • Files can be easily recovered directly from Windows Explorer

 Microsoft provides several boot-time diagnostic tools • Automatically appears after failed Windows boots • Can be initiated from Settings | Update and Security | Recovery | Advanced Startup

 The Windows Recovery Environment (WinRE) consists of • Windows PE • Microsoft-provided tools and utilities  Available tools include • System recovery tools – Reset your PC – Recover from a system image backup • Automatic repair – Correct some boot issues • Startup options – Boot from alternate devices – Change boot menu defaults

 The Windows Recovery Environment is installed by default with Windows 10 • On the hidden system partition

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

In your Exercise Manual, please refer to Hands-On Exercise 6.1: System and Data Recovery

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

 Before troubleshooting, evaluate the time required to redeploy the system • Set a time limit for troubleshooting Windows issues • It is often more effective to reload a computer  For some issues, it makes sense to spend more time troubleshooting • Global issues or issues found on multiple computers throughout the organization • Issues that appear to be hardware-related • Issues that recur even after reimaging the computer

 Event Viewer is the best place to start troubleshooting most issues • Windows now logs many more events than in Windows XP  New features of the Event Viewer include • Events are now split into much more granular logs instead of just the traditional three • The new interface has been introduced to get a better overview of the large number of new logs • Custom views to view specific logs and event types • Subscriptions allow events to be collected on remote computers

 Event log subscriptions require special configuration • WinRM must be enabled on the source computer • The account performing the collection must be a member of the Event Log Readers group on the source computer • Event subscription must be defined – GPO may be set to configure events to be “pushed” to a collector computer – Collector computers may configure a “pull” subscription to a defined set of source computers

WinRM = Windows Remote Management

 Task Manager provides point-in-time data for troubleshooting • Lacks the ability to record historical data  Performance issues can be identified relating to • CPU usage • Disk performance • Memory usage • Network adapter throughput  Task Manager is largely the same since the Windows 8 redesign • Defaults to very simple list of tasks • Detailed view provides detailed information about processes, services, and users

CPU = central processing unit

 Resource Monitor provides additional performance data over Task Manager • Disk reads vs. writes • Current CPU frequency • Memory hard faults  Data is not retained for review or logging

 Reliability Monitor can be used to gauge the long-term reliability of a system

 Performance Monitor can be used to view hundreds of performance counters • Additional counters are added with many features and software applications – Microsoft SQL Server – Internet Information Services (IIS)

SQL = structured query language

 Performance Monitor data can be logged into Data Collector Sets • Microsoft provides two system sets – May not be modified • Custom Data Collector Sets can be created from scratch or using the system sets as a template  Data collection can be stored in several formats • Local files – Binary format readable with Performance Monitor – Tab- or comma-separated text files • SQL database – Allows for centralized collection of performance data

 Data Collector Sets are viewed with Performance Monitor • Simply change the source of the graph from “Current activity” to “Log files” • Individual counters may be added and removed from display • Time Range can be used to limit the amount of data displayed and show greater detail in the graph

 Data Collector Sets generate reports after running • Display overall system performance • Indicate possible areas of concern  Reports perform a bulk of the initial performance analysis

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

In your Exercise Manual, please refer to Hands-On Exercise 6.2: System Monitoring

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

 Windows may be run on native hardware entirely from within a VHD file • VHD native boot • VHD format is the same as is used with Microsoft-based virtual machines  Does not function like a virtual machine • A single OS is running • Actual hardware is accessed instead of emulated or virtualized hardware  The OS installed in the VHD must support native VHD booting • Windows 8 and above • Windows 7 Enterprise and Ultimate • Windows Server 2008 R2 and above  Use cases • Centrally deploying workstations as VHDs • Test Windows 10 on an existing Windows 7 or 8 computer • Dual boot between two entirely separate configurations

 VHD boot files can be deployed • Manually • With Windows Deployment Services • Using the Microsoft Deployment Toolkit – Pre-built task sequences for servers and workstations

 Creating the VHD • Disk Management now has the native capability to generate empty VHD files  Applying the image • Disk Management may be used to mount the empty VHD file into the current file system – Similar to mounting WIM format files for editing • Imaging utilities can be used to apply a WIM format file to the VHD mount – ImageX • VHD may then be unmounted  Configure boot options • The boot configuration database must have an entry created referencing the VHD – Use bcdboot from the command line

 VHD images may be deployed to the local file system • Single boot images may be used instead of full native file systems on workstations • VHDs provide for simplified and isolated dual-boot configurations

 Windows Deployment Services allows VHD images to be deployed as install images • Clients will download and install the VHD or VHDX image to the hard drive • Image installation must be fully automated with an unattended answer file  VHD or VHDX files must be created before importing them into WDS

 The MDT has a template task sequence to deploy VHD native boot images

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

In your Exercise Manual, please refer to Optional Hands-On Exercise 6.3: VHD Native Boot

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

 Windows provides Network and Internet Troubleshooter • Extensible and updateable with troubleshooting packs  Can locate common problems with • Internet connections • Shared folder access • Network adapter settings

 ipconfig • Validates IP configuration and refreshes dynamic settings and data  ping • Tests IP connectivity between network devices  nslookup • Tests DNS name resolution  nbtstat • Displays NetBIOS over TCP/IP statistics and information  netstat • Displays various network statistics and current connections  arp • Displays and modifies IP address to MAC address resolution

NetBIOS = network basic input/output system

 Windows enables the Windows Firewall by default • It may be disabled for network troubleshooting – Ensure that you enable the firewall when testing is complete  The Windows Firewall configures itself dynamically for different profiles • Domain • Public • Private  Universal Windows apps can have custom firewall settings • Based on access requested by the application developer  Keep firewall profiles in mind when considering connectivity issues

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

 Some legacy applications may not run correctly under current versions of Windows • File system permissions • Registry permissions • Violate Windows security rules  Several technologies in Windows aid with running legacy applications • User Account Control (UAC) – Registry and file system redirection • Compatibility settings • Application Compatibility Toolkit • Remote Desktop/RemoteApp • Client Hyper-V

 User Account Control aids with running legacy applications, in addition to increased security • Application calls to inappropriate file or registry locations are redirected  UAC is enabled by default for desktop applications • Be aware of its behavior while troubleshooting

 Windows can execute applications with various compatibility settings • Application interfaces behave like previous versions of Windows • Many older applications that don’t violate security standards are enabled to run  Compatibility Troubleshooter can configure these settings automatically • Right-click option on applications

 Windows 10 also provides client Hyper-V to run legacy applications • Available for the Professional and Enterprise editions only  Client Hyper-V requires more system resources than other compatibility tools • Try other methods of executing legacy applications first

 Repeatable problems can be recorded for review or forwarding to experts • Steps Recorder records screenshots of a process • The result is saved as a web page and zipped – Optimal for e-mailing to support personnel  Steps Recorder must be manually started • Search for “Steps Recorder”

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

In your Exercise Manual, please refer to Hands-On Exercise 6.4: Troubleshooting Windows 10

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

 Microsoft Desktop Optimization Pack includes the Diagnostics and Recovery Toolset • Crash Analyzer Wizard • DaRT Recovery Image  Crash Analyzer Wizard • Leverages free debug symbols from Microsoft to analyze kernel dumps • Very automated and wizard-driven • Identifies the most likely cause of the Windows kernel crash  DaRT Recovery Image • Windows PE-based recovery boot disk • Allows remote control from an admin console • Tools include – Password recovery – Registry editing – File and partition recovery

DaRT= Diagnostics and Recovery Toolset

 Backup and Recovery  Hands-On Exercise 6.1  System Monitoring Tools  Hands-On Exercise 6.2  VHD Native Boot  Optional Hands-On Exercise 6.3  Network Troubleshooting  Application Troubleshooting  Hands-On Exercise 6.4  Diagnostics and Recovery Toolset  Hands-On Exercise 6.5

In your Exercise Manual, please refer to Hands-On Exercise 6.5: Diagnostics and Recovery Toolset

In this chapter, we have  Backed up and recovered data and system files  Monitored the system with built-in tools  Booted Windows 10 natively from VHD  Troubleshot network and application issues  Leveraged the Diagnostics and Recovery Toolset

Course Summary Course Summary

In this course, you have developed the skills to  Implement and manage Windows desktops in an enterprise environment  Embed tools and scripts into custom Windows PE boot images  Automate Windows deployments with the Microsoft Deployment Toolkit  Streamline and monitor Microsoft product activation  Optimize remote management of Windows tablets, desktops, and servers  Identify and recover from application and operating system failures