Managing and deploying Windows Vista James O’Neill IT Pro Evangelist Microsoft UK Ltd.
Vista for the IT Professional Support Easier to support Help users to help themselves Management Better control Deployment New imaging technology, new install process
So, we’re going to look at Deployment System image manager, ImageX, Windows PE Management and Support User access control, Group Policy, Resource protection, Reliability Analysis, Scheduling, Event view....
What’s new in installation ? A new “Pre-installation environment” Windows PE 2.0 (now for everyone) 32 bit and 64 bit versions Uses Vista drivers and utilities A new installation file format.WIM Can hold multiple images Compressed and single instanced Command line tools to capture & apply images
PE’s role in Vista installation... Boot Windows PE PE is stored in a bootable WIM file Copied to a RAM disk and boots from there Loads storage and network drivers If Windows Setup is present, run it Step user through image choice & installation If not, present a Command Prompt For maintenance tasks
Image X - Image X - with Windows PE
Image X - we saw / info / apply / capture
Running IMAGE-X Must use /Flags to work with Setup
From WIM to DVD ISO Replace Original WIM WAIK CMD prompt for ease Make ISO File Oops!
MANY Installation Methods Standard DVD image Standard DVD image + AutoUnattend.xml Apply captured image from command line Boot into Windows deployment services Apply captured image or image from the DVD Create DVD with captured image Restore a complete PC back up Uses recovery environment Least flexible but usually fastest
Install your own like the original
Preparing Vista for imaging Need an image to be ready for first boot New product key Full hardware check and performance test Create a local admin Etc... Done with SysPrep.
SYSPREP
SysPrep the master machine
So far we’ve seen... Catching Patching Burn to a CD /info /apply Which leaves XML and PXE....
So far we know... We can make an PE boot disk We can capture Vista with imagex /capture {more switches} We can prepare a new disk with PE tools DiskPart, Format We can apply Vista to a new machine with imagex /apply {more switches}... Can we make it easier ?
Windows Deployment Services Installation: add RIS, install WDS “patch” Need AD, DHCP and DNS working first Patch is part of WAIK Clients Network boot in WDS WDS manager has images to boot At least the BOOT.WIM from Vista DVD And to install (from DVD or captured)
Install images from the DVD
Boot image, from the DVD
One image to catch them all...
Windows Deployment Services 1 Windows Deployment Services 1 Booting into the capture process and imaging the sysprep’ed PC
Boot into image capture
Breaking into the installation Shift F10 opens CMD X:\sources\recovery\recenv = recovery environment Bmrui = Complete restore
Capture Process
WDS 1: We saw WDS Manager,WDS Manager, PXE boot to the WDS Boot ChoicesPXE boot to the WDS Boot Choices Adding a driver to PE after bootAdding a driver to PE after boot Starting the Capture processStarting the Capture process
Later we’ll do this bit....
Installing normally
System Image Manager All Setup information in one XML file The file is built using SIM Vista Setup looks for AutoUnattend.xml e.g. Boot off CD, insert USB key with XML file
System Image Manager
Manageability and support
User Account Control Windows Resource Protection New Event Viewer and Logging Infrastructure New Task Scheduler Reliability Analysis Component Maintain PC configuration Desktop Troubleshooting and Task Automation Group Policy Enhancements Update Management Improvements New WMI Providers and Windows Remote Management Simplify Configuration Management 3 Management Goals: Features and Improvements
“…a locked and well-managed PC can save 40%.” —Gartner, December 2005 User Account Control Lowers total cost of ownership by making it practical to run as standard user PC is kept in known state Restrict installations of unapproved software Less downtime and higher productivity Reduce need to re-image system
Issues with non-admin users Can user perform required tasks to be productive without help desk support? Will existing 3 rd party and LOB applications run for standard users? Can enterprise support and maintain desktops where users do not have administrator privileges?
Require admin rights less often Allow users to: View clock/calendar & change time zone Configure secure wireless (WEP/WPA) Change power management settings Create and configure a VPN Add pre-approved drivers Run Defrag as a scheduled system process Data redirection to help legacy apps (Demo in Steve’s session)
UAC: Confirm use of rights All users run as Standard User by default Filtered token created during logon Explicit consent required for elevation Installer Detection Predictable shell elevation paths (also Demo’d in Steve’s session)
Cope with misuse of rights Windows Resource Protection resources Only changed by OS Trusted Installer Service If modified are replaced with trusted copies System files and registry settings protected Accidental changes by user Software installers Prevents damaging configuration changes
Elevation Model Administrator Privileges Standard User Privileges (Default) Administrator Account Standard User Account Ways to Request Elevation Application marking Setup detection Compatibility fix (shim) Compatibility assistant Run as administrator
Data Redirection Legacy apps write to admin locations HLKM\Software; %SystemDrive%\Program Files etc. Redirection removes need for elevation Writes to HKLM go to HKCU redirected store Writes to system folders go to per-user store This is a crutch for bad applications !
UAC
Improvements in Group Policy Hundreds more settings extend reach Policy applied more reliably & efficiently Easier to use improved for admins
Power Management Device Installation and Usage Internet Explorer IPSEC & Windows Firewall Printer Deployment Troubleshooting & Diagnostics User Account Control iSCSI Windows Defender Windows Error Reporting Remote Assistance Terminal Services GlobalizationShellTablet Over 500 new settings across key areas Extending Reach
Reliability and ease of use Network aware application of Group Policy Support for editing Group Policy settings in Multilingual Environments Support for Multiple Local GPOs Reliable and Efficient Application of Policy Easier to Use GPMC integrated into Windows Search and filter (Post Windows Vista) Templates (Post Windows Vista)
Group Policy
Screen Shots Here
Updates: less painful… Windows Update requiring fewer reboots Down by 1/6 th since August 2003 Updates less frequent Was weekly, now monthly Consolidated reboots Multiple patches single reboot
…better still in Windows Vista Patches can be applied directly to images Auto-update everything Platform technology to reduce reboots Windows Installer Restart manager Office can resume after a reboot
Lack of Awareness of End-User Problems Unreported issues drive productivity, costs, satisfaction Desktop Crash! Reboot Most common end-user behavior Call Help Desk Few help desks equipped to resolve <10% (1) >90% (1) Productivity/Cost Implications Productivity losses Potential data loss No IT awareness Root problem not fixed All costs above and … Help desk FTE cost Additional productivity loss in time with helpdesk All costs above and … One-off escalations often low priority Little ability to track problems from changes (i.e., patch, new app) + + (1) CER TAP participant interviews; MS Help desk qualitative discussions Resolve Known error fielded before Escalate Desktop Admin likely sees few crashes <5% (1)
New Event logging Right data to diagnose problems The right data…but not too much data Improved supporting information for all events “Schematized” events (XML) Richer information Easy integration with management tools Supports Ad-hoc diagnosis
Better Event Viewer experience One place for events for all components Filters and views put focus on key events Events are actionable Associate a task with an event with one click Event Subscriptions Can subscribe to events & view them centrally Based on Windows Remote Management
Event viewer
New Task Scheduler Power and flexibility New triggers, conditional launch etc Completely scriptable Visibility Task dashboard Improved reliability and resource allocation Retry tasks in case of failure Run when next available
Task Scheduler Task Scheduler Visiting Backup, Restore points and Defrag
Screen Shots Here
Reliability Analysis Console Analyze crashes and hangs Tracks frequency and type of user disruptions Shows connections between application installs and other system events
Reliability Analysis Console
Screen Shots Here
Review Installation has more choices and more control than ever Download the WAIK Many improvements to managability Group Policy Scheduling Event Viewer Analysis Your life really is easier with Vista !
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.