Foreword ...... xxi Acknowledgments ...... xxiii Introduction ...... xxv

Part I: Developing the Deployment Strategy ...... 1 Chapter 1: Planning the Deployment ...... 3 Chapter 2: Creating Basic Windows Images ...... 43 Chapter 3: Managing Windows Licensing and Activation ...... 81

Part II: Customizing the Deployment Process ...... 101 Chapter 4: Working with ...... 103 Chapter 5: Migrating User Data ...... 141 Chapter 6: Managing Windows Images ...... 173 Chapter 7: Using the Deployment Toolkit 2008 ...... 223 Chapter 8: Windows Deployment Services ...... 263

Part III: Administering ...... 293 Chapter 9: Managing Change in Vista ...... 295 Chapter 10: Administering Workstations ...... 341

Part IV: Protecting and Maintaining the System ...... 397 Chapter 11: Securing the Workstation ...... 399 Chapter 12: Protecting User Data ...... 445 Chapter 13: Recovering Damaged Systems and Lost Data ...... 483

Appendix: What’s on the CD-ROM ...... 519 Index ...... COPYRIGHTED MATERIAL ...... 523

002_180211-ftoc.indd2_180211-ftoc.indd xixi 88/20/08/20/08 99:23:37:23:37 PPMM 002_180211-ftoc.indd2_180211-ftoc.indd xiixii 88/20/08/20/08 99:23:38:23:38 PPMM Foreword ...... xxi Acknowledgments ...... xxiii Introduction ...... xxv

Part I: Developing the Deployment Strategy 1

Chapter 1: Planning the Deployment ...... 3 Selecting Windows Vista Editions ...... 4 Vista Home Basic ...... 6 Vista Home Premium ...... 6 Vista Business ...... 6 Vista Enterprise ...... 7 Vista Ultimate...... 8 Other options ...... 8 Choosing a Deployment Type ...... 9 Replacing computers ...... 9 Upgrading computers ...... 9 Refreshing computers ...... 10 Deploying new computers ...... 10 Understanding Windows Vista Installation ...... 10 Investigating the Windows Imaging format ...... 10 Leveraging Windows PE ...... 14 Automating the installation of Windows Vista ...... 19 Automating Application Installations ...... 21 Customizing application installation commands ...... 21 Creating transform files ...... 22 Repackaging applications ...... 23 Selecting a Distribution Media ...... 23 DVD ...... 23 USB drives...... 24 Network ...... 24 Evaluating Hardware Requirements ...... 26 Ensuring Application Compatibility ...... 28 Understanding broken applications ...... 28 Identifying application incompatibilities ...... 29 Addressing application incompatibilities ...... 32

002_180211-ftoc.indd2_180211-ftoc.indd xiiixiii 88/20/08/20/08 99:23:38:23:38 PPMM Contents

Documenting the Deployment Plan ...... 41 Summary ...... 42 Chapter 2: Creating Basic Windows Images ...... 43 Building a Deployment ...... 44 Introducing the Windows Automated Installation Kit ...... 48 Creating Unattended Answer Files ...... 49 Getting familiar with configuration passes ...... 50 Navigating the Windows System Image Manager ...... 53 Building a Reference Computer ...... 63 Implementing an answer file ...... 64 Walkthrough: Automating Windows Vista installation ...... 65 Customizing the reference computer ...... 66 Preparing the reference computer for imaging ...... 69 Walkthrough: Preparing the computer for imaging ...... 72 Capturing Custom Images ...... 72 Windows PE ...... 72 Walkthrough: Creating Windows PE boot media ...... 73 ImageX ...... 74 Walkthrough: Capturing a WIM file with ImageX ...... 76 Deploying Custom Images ...... 76 Preparing the hard disk ...... 77 Walkthrough: Preparing a hard disk for an image ...... 78 Applying the image ...... 78 Walkthrough: Applying an image with ImageX ...... 79 Automating the deployment ...... 79 Summary ...... 80 Chapter 3: Managing Windows Licensing and Activation ...... 81 Licensing Windows ...... 81 Understanding retail licensing ...... 83 Understanding OEM licensing ...... 83 Understanding ...... 84 Understanding virtual machine licensing ...... 85 Managing Volume License Activation ...... 85 Centralizing activation with KMS ...... 86 Leveraging MAK activation ...... 89 Comparing KMS and MAK activation ...... 92 Managing licensing and activation ...... 93 Implementing KMS activation ...... 95 Implementing MAK independent activation ...... 97 Implementing MAK proxy activation ...... 98 Notification Experience and Reduced Functionality Mode (RFM) ...... 98 Introducing the notifications-based experience ...... 98

xiv

002_180211-ftoc.indd2_180211-ftoc.indd xivxiv 88/20/08/20/08 99:23:38:23:38 PPMM Contents

Experiencing Reduced Functionality Mode ...... 99 Resolving the notification experience and Reduced Functionality Mode ...... 100 Summary ...... 100

Part II: Customizing the Deployment Process 101

Chapter 4: Working with Windows Installer ...... 103 Introducing Windows Installer ...... 103 Integrating installations with the Windows Installer service ...... 105 Examining the Windows Installer service ...... 106 Windows security and software installations ...... 108 Understanding the Capabilities of Windows Installer ...... 110 Understanding the Windows Installer architecture ...... 111 Managing the Windows Installer service ...... 121 Changes to Windows Installer 4.0 ...... 132 Changes to Windows Installer 4.5 ...... 134 The MSI Package Lifecycle ...... 134 Best Practices for Using Windows Installer ...... 139 Summary ...... 140 Chapter 5: Migrating User Data ...... 141 Understanding User Data ...... 141 Identifying the migration scenario ...... 142 Determining the data and settings to be managed ...... 144 Determining where to store data during the migration process ...... 145 Choosing migration tools ...... 148 ...... 149 Running Easy Transfer from DVD ...... 149 Downloading Easy Transfer from Microsoft ...... 149 Understanding the capabilities of Easy Transfer ...... 150 Using Windows Easy Transfer ...... 150 Working with the User State Migration Tool (USMT) ...... 153 Requirements ...... 154 Understanding USMT limitations ...... 154 Customizing migration with USMT ...... 155 Collecting files and settings with ScanState ...... 163 Restoring files and settings with LoadState ...... 166 Reviewing best practices ...... 168 Investigating Third-Party Alternatives ...... 169 CA Desktop Migration Manager ...... 170 Tranxition Migration Studio ...... 170 PC Mover ...... 170 Summary ...... 171

xv

002_180211-ftoc.indd2_180211-ftoc.indd xvxv 88/20/08/20/08 99:23:38:23:38 PPMM Contents

Chapter 6: Managing Windows Images ...... 173 Introducing Windows Image File (WIM) ...... 174 Exploring the benefits of WIM ...... 174 Exploring the limitations of WIM ...... 175 Introducing Windows PE ...... 175 Understanding the benefits of Windows PE ...... 175 Understanding the limitations of Windows PE ...... 176 Meeting minimum requirements ...... 176 Using the provided Windows PE image ...... 176 Customizing Windows PE Boot Images ...... 177 Working with ImageX ...... 177 Working with an ImageX GUI ...... 188 Working with PEImg ...... 189 Working with OSCDImg ...... 196 Working with vLite ...... 200 Executing Common Tasks ...... 204 Adding packages to a Windows PE image ...... 205 Adding hotfixes to a Windows PE image ...... 207 Adding drivers to a Windows PE image ...... 207 Incorporating service packs ...... 208 Editing the registry of a Windows PE image ...... 208 Incorporating scripts in a Windows PE image ...... 209 Create a bootable ISO from WIM image ...... 211 Configure a UFD to boot to Windows PE ...... 212 Developing Custom Solutions ...... 214 Leveraging scripts for automation ...... 214 Developing solutions with SmartDeploy Imaging Component ...... 215 Investigating Third-Party Alternatives ...... 216 BartPE ...... 216 VistaPE ...... 217 Symantec Ghost ...... 219 KBOX Systems Deployment Appliance ...... 219 Summary ...... 221 Chapter 7: Using the Microsoft Deployment Toolkit 2008 ...... 223 Introducing the Microsoft Deployment Toolkit ...... 223 Going over documentation ...... 225 Getting familiar with the tools of MDT ...... 235 Installing and Configuring MDT ...... 239 Installing components ...... 239 Establishing a distribution share ...... 241 Imaging with MDT ...... 245 Creating task sequences ...... 245 Investigating Task Sequencer options ...... 247

xvi

002_180211-ftoc.indd2_180211-ftoc.indd xvixvi 88/20/08/20/08 99:23:38:23:38 PPMM Contents

Creating a deployment point ...... 248 Preparing a reference computer ...... 249 Adding the custom image to the distribution share ...... 252 Creating a deployment build for a custom image ...... 252 Creating the MDT database ...... 253 Configuring the MDT database ...... 254 Populating the Microsoft Management database ...... 255 Understanding deployment rules ...... 256 Configuring LTI deployment for full automation ...... 258 Deploying the custom image ...... 259 Investigating MDT Alternatives ...... 260 Client Management Suite ...... 260 ZENworks Suite ...... 261 KBOX Systems Management Appliances ...... 261 LANDesk Management Suite ...... 261 Summary ...... 262 Chapter 8: Windows Deployment Services ...... 263 Introducing Windows Deployment Services...... 263 Replacing Remote Installation Services ...... 264 Reviewing components of Windows Deployment Services ...... 266 Installing Windows Deployment Services...... 269 Satisfying prerequisites ...... 269 Setting up Windows Deployment Services for Server 2003 ...... 270 Setting up Windows Deployment Services for Server 2008 ...... 272 Configuring Windows Deployment Services ...... 273 Working with Windows Deployment Services ...... 283 Creating a Capture image ...... 283 Creating a Custom Install image ...... 284 Creating a Discover image ...... 286 Preparing media for a Discover image ...... 287 Deploying an Install image ...... 288 Automating the installation of an Install image ...... 290 Leveraging the Windows Deployment Services API ...... 291 Summary ...... 292

Part III: Administering Windows Vista 293

Chapter 9: Managing Change in Vista...... 295 Managing Change through ...... 295 Working with Local Policies ...... 298 Working with central policies ...... 303

xvii

002_180211-ftoc.indd2_180211-ftoc.indd xviixvii 88/20/08/20/08 99:23:38:23:38 PPMM Contents

Working with GPO tools ...... 310 Working with ADMX/ADML files ...... 318 Assigning PC-Related GPOs ...... 320 Troubleshooting and monitoring Group Policy ...... 322 Tracking Change in Vista ...... 325 Turning on the audit policy ...... 325 Exploring the Vista Event Log ...... 327 Exploring the Vista Task Scheduler ...... 331 Automating Vista Events ...... 334 Collecting Vista Events ...... 336 Summary ...... 340 Chapter 10: Administering Workstations ...... 341 Performing Local PC Administration ...... 342 Working with workstation administration tools ...... 342 Performing common workstation administration tasks ...... 358 Performing Remote PC Administration ...... 368 Working with the Remote Shell ...... 368 Relying on Telnet ...... 370 Automating Recurrent Tasks ...... 371 Working with the Command Prompt ...... 371 Working with Windows PowerShell ...... 382 Scheduling automated tasks ...... 392 Supporting Users ...... 392 Helping users with Remote Assistance ...... 393 Relying on the Remote Desktop...... 394 Summary ...... 395

Part IV: Protecting and Maintaining the System 397

Chapter 11: Securing the Workstation ...... 399 Beginning with Basic Security ...... 400 Designing a security policy ...... 402 Using the Castle Defense System ...... 402 Building a security plan ...... 404 Using the Windows Vista Security Guide ...... 407 Learning Windows Vista security features ...... 407 Applying the Castle Defense System ...... 409 Layer 1: Protecting information ...... 412 Layer 2: Working with protection ...... 413 Layer 3: Hardening the system ...... 414 Layer 4: Managing information access ...... 429 Layer 5: Working with external access ...... 431 Summary ...... 444

xviii

002_180211-ftoc.indd2_180211-ftoc.indd xviiixviii 88/20/08/20/08 99:23:38:23:38 PPMM Contents

Chapter 12: Protecting User Data ...... 445 Protecting User Profiles ...... 446 Providing User Data Protection ...... 448 Completing a data protection strategy ...... 450 Putting data protection in place ...... 451 Using the Encrypting ...... 461 Understanding EFS ...... 461 Interacting with EFS and PKI ...... 462 Working with EFS ...... 464 Running BitLocker Full Drive Encryption ...... 475 Understanding BitLocker requirements ...... 477 Integrating BitLocker with ...... 478 Relying on Group Policy to manage BitLocker ...... 479 Supporting BitLocker ...... 481 Summary ...... 482 Chapter 13: Recovering Damaged Systems and Lost Data ...... 483 Recovering Systems ...... 484 Level 1: Dealing with system instability ...... 484 Level 2: Dealing with startup instability ...... 495 Level 3: Dealing with total system instability ...... 498 Recovering Data ...... 505 Level 1: Dealing with minor data loss ...... 506 Level 2: Automating data protection ...... 508 Level 3: Protecting a complete PC ...... 514 Summary ...... 517

Appendix: What’s on the CD-ROM ...... 519 Index ...... 523

xix

002_180211-ftoc.indd2_180211-ftoc.indd xixxix 88/20/08/20/08 99:23:38:23:38 PPMM 002_180211-ftoc.indd2_180211-ftoc.indd xxxx 88/20/08/20/08 99:23:38:23:38 PPMM