1. IT Series - Deploying Windows 7 with Free Tools
Donald Hester
October 14, 2010
For audio call Toll Free
and use PIN/code

2. Housekeeping Maximize your CCC Confer window.
Phone audio will be in presenter-only mode.
Ask questions and make comments using the chat window.

3. Do not listen on both computer and phone.
Adjusting Audio
If you’re listening on your computer, adjust your volume using the speaker slider.
If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.

4. Saving Files & Open/close Captions
Save chat window with floppy disc icon
Open/close captioning window with CC icon

5. Emoticons and Polling
Raise hand and Emoticons
Polling options

6. IT Series - Deploying Windows 7 with Free Tools
Micah Orloff

7. Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University of San Francisco / San Diego City College / Los Positas College 7

8. What we will be covering
Microsoft Assessment and Planning Toolkit (MAP)
Microsoft Application Compatibility Toolkit (ACT)
Enterprise Learning Framework (ELF)
Microsoft Deployment Toolkit (MDT)
Microsoft Desktop Optimization Pack (MDOP) for Asset Inventory Planning
MDT Deployment Workbench
Windows Automated Installation Kit (WAIK)
User Settings Migration Tool (USMT) 4.0
Windows Deployment Services (WDS)

9. Deployment Lifecycle

11. Tools Used to Support the Planning Phase
Module 1: Preparing to Deploy Windows 7 Business Desktops
Course 6294A
Tools Used to Support the Planning Phase
Microsoft Assessment and Planning Toolkit (MAP)
Microsoft Application Compatibility Toolkit (ACT)
Key message: The key to a successful desktop deployment is to obtain as much information about the existing desktop environment as possible. Also, you can obtain guidance and best practices to assist in each of your desktop deployment project phases.
Use this topic to introduce each tool included on the slide as it relates to the planning phase. Additional information is provided on the Course Companion CD. If you have an Internet connection, consider demonstrating from your host computer the Enterprise Learning Framework online tool. While on the Internet, you may also want to show students the main Web sites associated with each tool.
The following acronyms are often used for these tools:
MAP – Microsoft Assessment and Planning Toolkit
ACT – Application Compatibility Toolkit
ELF – Enterprise Learning Framework
MDT – Microsoft Deployment Toolkit
MDOP – Microsoft Optimization Pack
Asset inventory planning tools will be discussed in a future topic, so do not go into too much detail here.
To build this slide:
This slide starts with the process graphic and plan image on the right and automatically builds to include each tool. Discuss each.
Question: What is the purpose of the System Configuration Manager 2007?
Answer: Microsoft System Center Configuration Manager 2007 provides a comprehensive solution for change and configuration management for the Microsoft platform.
Enterprise Learning Framework (ELF) P L A N
Microsoft Deployment Toolkit (MDT)
Microsoft Desktop Optimization Pack (MDOP) for Asset Inventory Planning
System Center Configuration Manager 2007

12. Tools Used to Support the Building Phase
Module 1: Preparing to Deploy Windows 7 Business Desktops
Course 6294A
Tools Used to Support the Building Phase
MDT Deployment Workbench
Key message: Deploying a Windows 7 desktop is more straightforward because of a number of enhanced engineering tools used to create and maintain computer images. Windows 7 support for Windows Imaging (WIM) file format provides the ability to create and distribute hardware-independent images to desktops throughout the organization.
Use this topic to introduce each tool on the slide and its relationship to the lifecycle graphic. Additional information about each tool is contained on the Course Companion CD.
The following acronyms are often used for these tools:
MDT – Microsoft Deployment Toolkit
WAIK – Windows Automated Installation Kit
USMT – User State Migration Tool
To build this slide:
This slide starts with the process graphic and build image on the right and automatically builds to include each tool. Discuss each.
The following are the important tools that are included with the Windows AIK:
Question: You have decided to use the Windows AIK to deploy Windows 7. What do you use to create the images for the magazine development group?
Answer: ImageX is a tool used to create system images. B U I L D
Windows Automated Installation Kit (WAIK)
User State Migration Tool (USMT)
Tool
Description
Windows System Image Manager (Windows SIM)
The tool used to open Windows images, create answer files, and manage distribution shares and configuration sets.
ImageX
The tool used to capture, create, modify, and apply Windows images.
Deployment Image Servicing and Management (DISM)
The tool used to apply updates, drivers, and language packs to a Windows image. DISM is available in all installations of Windows 7 and Windows Server 2008 R2.
Windows Pre-installation Environment (Windows PE)
A minimal operating system environment used to deploy Windows. The AIK includes several tools used to build and configure Windows PE environments.
User State Migration Tool (USMT)
A tool used to migrate user data from a previous Windows operating system to Windows 7. USMT is installed as part of the AIK in the %PROGRAMFILES%\Windows AIK\Tools\USMT directory. For more information about USMT, refer to the User State Migration Tool User’s Guide (%PROGRAMFILES%\Windows AIK\Docs\Usmt.chm)

13. Tools Used to Support the Deploying Phase
Module 1: Preparing to Deploy Windows 7 Business Desktops
Course 6294A
Tools Used to Support the Deploying Phase
D E P L O Y
Key message: Deploying Windows 7 using Lite Touch or Zero Touch requires specific tools to support the technologies and scripts used for the deployment scenario.
Use this topic to introduce each tool included on the slide and its relationship to the deployment lifecycle graphic presented previously. Additional information about each tool is included on the Course Companion CD.
The following acronyms are often used for these tools:
MDT – Microsoft Deployment Toolkit
WDS – Windows Deployment Services
SCCM – System Center Configuration Manager
USMT – User State Migration Tool
To build this slide:
This slide starts with the process graphic and deploy image at the top and automatically builds to include each tool. Discuss each.
Question: You are deploying 500 new computers in the enterprise. What tool do you use to migrate user settings and user state to the new computers?
Answer: Use the USMT 4.0 when hardware and operating system upgrades are planned for a large number of computers.
MDT Deployment Workbench
Windows Deployment Services (WDS) 2008
System Center Configuration Manager 2007
User State Migration Tool (USMT)

14. Microsoft Assessment and Planning Toolkit (MAP)
The Microsoft Assessment and Planning (MAP) Toolkit is an agentless tool designed to simplify and streamline the IT infrastructure planning process across multiple scenarios through network-wide automated discovery and assessments. MAP performs an inventory of heterogeneous IT environments and provides you with usage information for SQL Server and servers in the Core CAL Suite, Windows 2000 Server migration assessment, SQL Server 2008 discovery and assessment for consolidation, and a readiness assessment for the most widely used Microsoft technologies including Windows 7, Office 2010, and Windows Server 2008 R2. MAP also provides server virtualization scenarios to help you identify underutilized resources and the hardware specifications needed to successfully consolidate your servers using Microsoft Hyper-V technology.
In-Depth Readiness Reporting
MAP generates reports containing both summary and detailed assessment results for each migration scenario. The results are provided in Microsoft Excel workbooks and Microsoft Word documents. Reports are generated for the following scenarios:
Identification of currently installed Windows client operating systems, their hardware, and recommendations for migration to Windows 7.
Reporting of antivirus and anti-malware programs installed on the desktop and if the Windows Firewall is turned on.
Identification of currently installed Microsoft Office software and recommendations for migration to Microsoft Office 2010.
Identification of currently installed Windows Server operating systems, underlying hardware and devices, as well as recommendations for migration to Windows Server 2008 R2.
Identification of currently installed Linux operating systems and underlying hardware for virtualization on Hyper-V or management by System Center Operations Manager R2.
Detailed assessment and reporting of server utilization, as well as recommendations for server consolidation and virtual machine placement using Hyper-V or Virtual Server 2005 R2.
Discovery of Microsoft SQL Server databases, instances, and selected characteristics.
Identification of SQL Server host machines and SQL Server components.
Identification of virtual machines running on both Hyper-V and VMware, their hosts, and details about hosts and guests.
Assessment of Windows 2000 Server environments and inventory.
For more information on MAP see:

15. MAP Deployment Readiness Software Usage Tracker Feature
Secure and Agentless Inventory
Comprehensive Data Analysis
In-Depth Readiness Reporting
Software Usage Tracker Feature
Provides software usage reports
Software by user/device
Inventory
License Compliance

16. MAP Secure Agentless Inventory
Windows 7
Windows Vista
Windows XP Professional
Office 2010 and previous versions
Windows Server 2008 or Windows Server 2008 R2
Windows Server 2003 or Windows Server 2003 R2
Windows 2000 Professional or Windows 2000 Server
VMware ESX
VMware ESXi
VMware Server
Linux variants
LAMP application stack discovery
SQL Server 2008
Secure and Agentless Inventory
MAP provides secure, agentless, and network-wide inventory that scales from small business to large enterprises. It collects and organizes system resources and device information from a single networked computer. Assessment tools often require users to first deploy software agents on all computers to be inventoried, but this tool does not. MAP uses technologies already available in your IT environment to perform inventory and assessments. These technologies include Windows Management Instrumentation (WMI), the Remote Registry Service, Active Directory Domain Services, and the Computer Browser service.

17. In-Depth Readiness Reporting
Current software, hardware and migration recommendations to:
Windows 7
Windows Server 2008 R2
Office 2010
Virtualization reports
Possible server consolidation
Migrate Linux to virtual environment
In-Depth Readiness Reporting
MAP generates reports containing both summary and detailed assessment results for each migration scenario. The results are provided in Microsoft Excel workbooks and Microsoft Word documents. Reports are generated for the following scenarios:
Identification of currently installed Windows client operating systems, their hardware, and recommendations for migration to Windows 7.
Reporting of antivirus and anti-malware programs installed on the desktop and if the Windows Firewall is turned on.
Identification of currently installed Microsoft Office software and recommendations for migration to Microsoft Office 2010.
Identification of currently installed Windows Server operating systems, underlying hardware and devices, as well as recommendations for migration to Windows Server 2008 R2.
Identification of currently installed Linux operating systems and underlying hardware for virtualization on Hyper-V or management by System Center Operations Manager R2.
Detailed assessment and reporting of server utilization, as well as recommendations for server consolidation and virtual machine placement using Hyper-V or Virtual Server 2005 R2.
Discovery of Microsoft SQL Server databases, instances, and selected characteristics.
Identification of SQL Server host machines and SQL Server components.
Identification of virtual machines running on both Hyper-V and VMware, their hosts, and details about hosts and guests.
Assessment of Windows 2000 Server environments and inventory.

18. Microsoft Application Compatibility Toolkit (ACT)
Description
The Microsoft Application Compatibility Toolkit (ACT) 5.5 is a lifecycle management tool that assists in identifying and managing your overall application portfolio, reducing the cost and time involved in resolving application compatibility issues, and helping you quickly deploy Windows Vista and Windows updates.
With the ACT, you can:
•Analyze your portfolio of applications, Web sites, and computers
•Evaluate operating system deployments, the impact of operating system updates, and your compatibility with Web sites
•Centrally manage compatibility evaluators and configuration settings
•Rationalize and organize applications, Web sites, and computers
•Prioritize application compatibility efforts with filtered reporting
•Add and manage issues and solutions for your enterprise-computing environment
•Deploy automated mitigations to known compatibility issues
•Send and receive compatibility information from the Microsoft Compatibility Exchange
Links to Other Resources
•Application Compatibility Toolkit Download:
•Introduction to the Application Compatibility Toolkit:
•Application Compatibility Toolkit Technical Reference:
•ACT Walkthrough Exercises:
Version 5.6 has support for migration to Windows 7 64-bit

19. ACT Reports

20. Detailed Reports

21. Enterprise Learning Framework (ELF)
Developing a training and communication plan helps with:
Raising Awareness
Minimizing Disruption
Shortening Training
Gaining Productivity
The Enterprise Learning Framework (ELF) is a tool that helps corporations develop a training and communication plan for employees during Windows 7, Windows Vista and the 2007 Microsoft Office system deployment. The ELF identifies the most relevant learning topics on Windows Online Help and Office Online for different stages of deployment and different types of users. With the Enterprise Learning Framework you can:
Minimize concern by preparing employees for deployment and raising awareness of the new versions’ benefits
Minimize disruption on deployment day by getting employees up to speed with a short list of "must know" topics
Select tips-and-tricks and other productivity topics to help employees get the most from Windows 7, Windows Vista and the 2007 Office release after deployment
The Enterprise Learning Framework was developed in response to requests from our corporate customers for help with deployment. The Enterprise Learning Framework can help corporations with:
Raising Awareness: Helping employees understand how the new versions of Windows and Office will benefit them and helping to prepare employees before deployment
Minimizing Disruption: Identifying a small, manageable number of learning topics to get employees up and running quickly with Windows 7, Windows Vista and the 2007 Office release
Shortening Training: Concise learning topics requiring only a few minutes each from employees
Gaining Productivity: Identifying the most important learning topics for improving productivity as employees continue to use Windows 7, Windows Vista and the 2007 Office release

22. The Enterprise Learning Framework (ELF) is a tool that helps corporations develop a training and communication plan for employees during Windows 7, Windows Vista and the 2007 Microsoft Office system deployment. The ELF identifies the most relevant learning topics on Windows Online Help and Office Online for different stages of deployment and different types of users. With the Enterprise Learning Framework you can:
Minimize concern by preparing employees for deployment and raising awareness of the new versions’ benefits
Minimize disruption on deployment day by getting employees up to speed with a short list of "must know" topics
Select tips-and-tricks and other productivity topics to help employees get the most from Windows 7, Windows Vista and the 2007 Office release after deployment

23. Microsoft Deployment Toolkit
Lite Touch
Zero Touch with Configuration Manager 2007
Aligns with ConfigMgr
Evolutionary refinements
Adds server support
Upgrade from BDD 2007 and MDT 2008
Fully integrated experience
Single console
Adds server support
Extends and enhances ConfigMgr 2007
Introduce the concepts of MDT 2010 explaining the difference between Lite Touch and Zero Touch deployment. Explain that we sit on top of the Windows AIK and offer process and tool guidance through our documentation set.
Here are some key talking points for Lite Touch
Uses the task sequencing engine from System Center Configuration Manager
Can deploy Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2
MDT 2010 is an upgrade over previous versions of MDT
Talking points for Zero Touch
MDT integrates in the System Center Configuration Manager console
Extends the SCCM wizards and provides many additional task sequence actions
This module will primarily cover the Lite Touch scenarios. Zero Touch will be covered on Day 2 (optional)
Leverages core deployment tools
Provides process and tool guidance

24. MDT 2010 Windows 7 and Windows Server 2008 R2 Support
Add support for the latest operating systems
Use the latest tools
Enable new scenarios
Windows 7 and Windows Server 2008 R2 Support
Improve administrative processes
Support more than one user
Enhance automation and extensibility
Task Sequence & Script Enhancements
Deployment Workbench Architecture Enhancements
Improve diagnostics and logging
Better error reporting and recovery
Make scripts as easy to follow as possible
PowerShell Capabilities
Script Architecture Enhancements
Continue to simplify documentation
Cross-linked content
Cover both the “why’s” and the “how’s”
Documentation Improvements
There are four main areas that the new features in MDT 2010 focus on:
Deployment Workbench Architecture Enhancements
The goal of changing the Deployment Workbench was to Improve the administrator’s experience in the workbench and enable new scenarios for administration. One of the most requested features in previous versions of MDT was the ability have multiple users configuring the deployment workbench at the same time. MDT 2010 provides this feature primarily because it is built on top of the Powershell provider.
Here are a few new scenarios now supported by the workbench:
Scenario #1: Simple but reliable
You want to have a single deployment share on a highly-available file server cluster with SAN-attached storage, but you don’t want to install MDT on that server.  That wasn’t possible with MDT 2008, but it’s simple with MDT 2010.  You can install MDT on your workstation (or any other machine) and use it to manage the contents of a deployment share on the file server cluster via the UNC path that you created.
Scenario #2: Private and public
You have a lab environment where you create your reference images.  You import those images into Deployment Workbench and create new task sequences to deploy those.  But you don’t want your end users to ever deploy the reference image task sequences, just the ones that deploy the reference images.  With MDT 2008, you could have done that using a lab deployment point and a network deployment point.
With MDT 2010, you would create two deployment shares, for example \\SERVER1\Lab and \\SERVER1\Production.  You can then replicate only the items you want from lab to production.  This is done using “linked deployment shares”, a new feature that allows you to specify the target deployment share (e.g. \\SERVER1\Production) and the content that should be replicated to it.  Or, you could do this manually as Deployment Workbench could have both deployment shares open at the same time, enabling you to manually copy the needed items from one share to the other.
Scenario #3: Server and desktop
You might have two different teams, one which works on server OSes, images and task sequences, and the other that works on desktop OSes, images, and task sequences.  You can create two deployment shares to support that, and even selectively copy content (e.g. a subset of drivers or applications) between them.
Scenario #4: Cooperative deployment shares
Some companies do not have a completely centralized IT group.  They may have a central team that creates reference images and packages applications, but regional IT groups are responsible for the actual deployment, including figuring out what drivers are needed for the hardware used at that location.  With MDT 2010, you can have a central deployment share, then selectively replicate content to regional deployment shares, e.g. all images and applications, without disturbing the rest of the deployment share content.  The IT administrators at the regional sites can maintain their own task sequences, drivers, etc.
Powershell Capabilities
The Deployment Workbench is built on top of Powershell. That means that every action that can be performed inside of the Deployment Workbench can be automated through Powershell. This allows you to create your own automation scripts to fully populate the MDT configuration.
Task Sequence and Script Enhancements
The Task Sequences and scripts have been enhanced to improve error reporting, provide more accurate errors, and account for many of the most common deployment failures such as failure to join a domain. With Windows 7, we now have to support deploying the Operating System to another partition so MDT provides the ability to choose which disk and partition to deploy the Operating System to
Configuration Manager Improvements
The changes with the Configuration Manager integration are minimal but important. The task sequence now has better error recovery to make sure that Log files and User Data is retained in the event of a failure. Additional Windows 7 enhancements such as hard-link migration with USMT 4 has been added to the task sequence. The wizard for creating a task sequence has been improved in order to limit the amount of information you will need to enter if you are not capturing an image.

25. What’s New in MDT 2010 MDT 2010 is a significant upgrade from MDT 2008
Still supports Windows XP and above
Drops support for SMS 2003
MDT 2010 adds full support for Windows 7 and Windows Server 2008 R2 and latest deployment tools:
Windows Automated Installation Kit 2.0
Windows PE 3.0
New way to construct an image
USMT 4.0
New hardlink and offline migration capabilities
Deployment Image Servicing and Management (DISM) tool
Replaces several previous tools, adds new enumeration capabilities
MDT 2010 makes these changes transparent
MDT 2010 is a major upgrade from MDT We will be talking about the new features in MDT 2010 throughout this module.
MDT 2010 leverages all of the new capabilities in the Windows AIK including Windows PE 3.0, DISM, and the new functionality in the User State Migration Tool 4.0 and makes these changes as transparent as possible. The MDT Administrator will not have to know all of the intricate details of the individual Windows AIK tools that apply to certain operating systems because MDT will automatically run the correct tool no matter if they are deploying Windows XP or Windows 7

26. Microsoft Deployment Using MDT and SCCM
Microsoft Deployment Toolkit (MDT)
Excellent GUI interface to ask questions (variables) prior to deployment
Alternatively, can be fully automated during deployment if variables predefined
No built in mechanism to schedule and initiate itself for deployment
System Center Configuration Manager (SCCM) Operating System Deployment (OSD)
Non-existent GUI interface
All variables configured on SCCM prior to deployment
Excellent built in scheduling and initiating of deployments
$$$

27. Key Features of Windows AIK
Module 5: Deploying Windows 7 by Using Windows AIK
Course 6294A
Key Features of Windows AIK
Key Features
Key message: Explain that Windows AIK is a collection of tools and documentation designed to help IT professionals deploy Windows. Explain the purpose and key benefits of Windows AIK, including scenarios when it is typically used. Clarify that Windows AIK can be used to deploy Windows 7, and that it is ideal for highly customized environments.
Provide a summary of the primary documentation resources available on Windows AIL DVD and installed with the Windows AIK tools.
Windows AIK 2.0 is a collection of tools and documentation designed to help IT professionals deploy Windows.
Highly customized environments are ideal for using Windows AIK.
Windows AIK tools can be used to configure many deployment options.
Organizations can use the tools that satisfy their business requirements, providing a high degree of flexibility.

28. Tools Included in Windows AIK
Course 6291A
Tools Included in Windows AIK
Module 5: Deploying Windows 7 by Using Windows AIK
Tool
Description
Windows System Image Manager (Windows SIM)
Used to create unattended installation answer files and distribution shares, or to modify the files contained in a configuration set.
ImageX
Used to capture, modify, and apply file-based disk images for rapid deployment.
Deployment Image Servicing and Management (DISM)
Used to Apply updates, drivers, and language packs to a Windows image.
Windows Pre-installation Environment (Windows PE)
Designed to prepare a computer for Windows installation.
User State Migration Tool (USMT)
Used to migrate user data from a previous Windows operating system to Windows 7.
Volume Activation Management Tool (VAMT)
Used to automate and centrally manage the Windows volume activation process.
The table shown in this slide demonstrates the tools that are used in most Windows deployment scenarios. Describe the collection of tools that are available for IT professionals to deploy Windows 7.
Key message: Inform students that by default, the AIK is installed to the C:\Program Files\Windows AIK directory. This directory contains all the tools and documentation included in the Windows AIK 2.0 release.
Question: Which Windows AIK 2.0 tool enables OEMs and corporations to capture, modify, and apply file-based disk images for rapid deployment?
Answer: ImageX
Discussion prompt: Ask students to describe their experience working with these tools and technologies. Note that answers can vary. If students have Windows XP background, they will be familiar with Answer Files, Windows Setup, Sysprep. If students have Windows Vista background, they will be familiar with most of these tools, except DISM.

29. What Is Windows Imaging File Format?
Module 4: Designing Standard Windows 7 Images
Course 6294A
What Is Windows Imaging File Format?
A file-based disk image format that contains compressed files used to install operating systems
Key message: Describe the Windows Imaging File format.
Explain that Windows Imaging (WIM) file is a file-based disk image format introduced in Windows Vista. WIM files are compressed packages that contain a number of related files.
The WIM file structure contains up to six types of resources defined as follows:  
WIM Header: defines the .wim file content, such as memory location of key resources (metadata resource, lookup table, and XML data) and .wim file attributes (version, size, and compression type).
File Resource: is a series of packages that contain captured data, such as source files.
Metadata Resource: stores information on how captured data is organized in the .wim file. This includes directory structure and file attributes. There is one metadata resource for each image in a .wim file.
Lookup Table: contains the memory location of resource files in the .wim file.
XML Data: contains additional miscellaneous data about the WIM image, such as directory and file counts, total bytes, creation and modification times, and description information. The ImageX /info command displays information based on this resource.
Integrity Table: contains security hash information used to verify the image’s integrity during an apply operation. This is created when you set the /check switch during an ImageX capture operation.
 All Windows 7 installations use this image file.
Windows Image (.wim) File
WIM
Header
Metadata
Resource
(Image 1)
Metadata
Resource
(Image 2)
File Resource
File Resource
File Resource
Lookup Table
XML Data
Integrity Table
File Resource
File Resource
File Resource
Lookup Table
XML Data
Integrity Table
Image 1
Image 2

30. Module 4: Designing Standard Windows 7 Images
Course 6294A
Types of Images
Three different type of images:
Key message: Explain the three different types of images: thin, thick and hybrid. Define them and describe their advantages and disadvantages.
Thick Image: Thick images are monolithic images that contain core applications, language packs, and other files. Part of the image development process is installing core applications and language packs before capturing the image. To date, most organizations that use imaging to deploy operating systems are building thick images.
Thin Image: Thin images contain few, if any, core applications or language packs. Organizations deploy applications and language packs separately from the image, separate from deploying the operating system. This typically takes more time at the computer, and possibly more total bytes transferred over the network. However, the transfer is spread out over a longer period of time. The network transfer time can be reduced by using trickle-down technology that many software distribution infrastructures provide, such as Background Intelligent Transfer Service (BITS).
Hybrid Image: The more items in an image, the larger the image becomes. Large images involve increased updating, testing, distribution, network, and storage costs. This is because they are more difficult to update and test regularly and slower to deploy over a network, since more storage space is required. A key to reducing image count, size, and cost is to compromise.
By compromising on what is included in an image, you can reduce the number of images you maintain and their size. Ideally, an organization builds and maintains a single, worldwide image that can be customized after deployment.
Hybrid images mix thin and thick image strategies. In a hybrid image, the image is configured to installation of applications and language packs on the first start. This provides a similar experience to that of a thick image, even though the applications and language packs are installed from a network source.
Alternative Strategy: One alternative is to build one-off thick images from a thin image. Start by building a reference thin image. Then, after the thin image is tested, add core applications and language packs, capture them, test them, and distribute the thick image based on the thin image. Testing of the thick image is minimized, because the imaging process is basically the same as a regular deployment. However, be aware of applications that are incompatible with the imaging process.
Thick images
Core application
Language packs
Other files
Thin images
Few applications
Few language packs
Hybrid images
Mix thin and thick image strategies

31. Create your image daily through automation!
How do you reduce management of image creation process?
How do you improve security of images being deployed?
Always have the latest Windows and application updates applied
Always have the latest Virus Definitions applied
Create your image daily through automation!
Patch approval done as separate task
Virus definitions updated often
Viruses attack vulnerable systems

32. Deployment Image Servicing And Management (DISM)
Enable and disable, enumerate, add, remove packages and updates
Add, remove, enumerate drivers
WIM and VHD support
OEMs can select OS editions offline

33. Deployment Image Servicing and Management (DISM)
A command-line tool used to service Windows images offline before deployment
Use it to install, uninstall, configure, and update:
Windows features
packages
drivers
international settings
Deployment Image Servicing and Management Technical Reference Published: October 22, 2009
Updated: October 22, 2009
Applies To: Windows 7
Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows® images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system.
DISM is installed with Windows® 7, and it is also distributed in the Windows OEM Preinstallation Kit (Windows OPK) and the Windows Automated Installation Kit (Windows AIK). It can be used to service Windows Vista® with Service Pack 1 (SP1), Windows Server® 2008, Windows® 7, Windows Server® 2008 R2, or Windows PE images. DISM replaces several Windows OPK tools, including PEimg, Intlcfg, and Package Manager.

34. Windows Deployment Services (WDS)
Windows Deployment Services (WDS) provides the ability to deploy Windows 7 by using a network-based installation.
Module 6: Deploying Windows 7 by using Windows Deployment Services
Course 6294A
Windows Deployment Services (WDS)
Slide is here for manual image only
WDS benefits:
Reduces the complexity of deployments and the costs associated with inefficient manual installation processes. ü
Enables you to perform network-based installation of Windows operating systems.
Deploys Windows images to computers without operating systems.
Provides an end-to-end solution for the deployment of Windows OSs to client computers and servers. 
Uses standard Windows Server 2008 setup technologies, including Windows PE, WIM files, and image-based setup .

35. Windows Deployment Services Multicast Enhancements
Multiple Stream Transfer
Multiple bands to broadcast images to clients
Optimized rates per client connection
Client Auto Removal
Slower clients can be dropped to unicast or entirely (only in standard multicast)
Boot Image Multicast
Windows PE boot images can use multicast (clients with EFI)
Fast
Medium
Slow

36. Windows Deployment Services Dynamic Driver Provisioning
WDS Server
Images Drivers
Client
Driver targeting to match drivers to hardware
Reduces image size and centralizes deployment driver management

37. Module 9: Migrating User State by Using WET and USMT 4.0
Course 6294A
User State Migration
Deployment scenarios
User data
Data stored on local hard drives
User folders such as My Documents, My Pictures etc.
Application settings
Application-specific configuration settings
Preferences
Data files
User preferences
Desktop appearance
Window appearance
Internet browser settings
Mail settings
A user state migration captures all custom settings on a existing computer and restores the settings to newly deployed computer
User state migration components:
User State Migration scenarios
Replace
Refresh
Deployment scenarios
Replace Computer
Deploy a new operating system to new computer
Reinstall applications on the destination computer
Restore user state
Refresh Computer
Deploy a new operating system to computers that already has operating system
Key message: Explain user state migration components and the scenarios in which it is performed.
Make sure you identify which components you need to migrate to the new operating system platform.
User preferences: these include user profile features, Internet browser settings, and mail settings. Consider which user accounts, operating system settings, and user preferences you want to migrate or standardize.
User accounts: computers may have settings related to domain and local user accounts. You must determine whether local user accounts must be migrated. Your consideration must also include whether the account must be enabled on the destination computer and how you will deal with password requirements.
Operating system settings: identify which operating system settings to migrate and to what extent you want to create a new standard environment on the computers. Operating system settings may include appearance, mouse actions (for example, single-click or double-click) and keyboard settings, Internet settings, account settings, dial-up connections, accessibility settings, and fonts.
User data: this includes data that is stored on local hard drives. Typically, critical data is stored on corporate file servers. However, there may be situations in which users store data on local hard drives.
Application settings: these include application-specific configuration settings, preferences, and data files. (User state migration does not include migrating the actual application.)
Determine and locate the application settings that you want to migrate. This information can be acquired when you are testing the new applications for compatibility with the new operating system. Considerations include whether the destination version of the application is newer than the source version and where the specific application settings are stored. Settings may be stored in the registry, .ini files, or a text or binary file. To determine the location of an application setting, review the vendor’s documentation or Web site. Migration does not include migrating the actual application itself.
Use the graphic on the slide to explain how user state migrations happen in Refresh and Replace scenarios.
Replace computer scenario:
A new operating system is deployed to new computers.
User state can be captured from the source computers before (temporary storage) or after (side-by-side) deployment of the operating system to destination computers.
Refresh computer scenario:
A new operating system to computers that already have an operating system (source and destination computers are the same computers).
User state can be captured in temporary storage. You can then deploy the operating system, and then restore the user state on those computers. This is from the Windows.old folder.
User preferences ü
User data ü
Application settings ü

38. Tools for Migrating User State
Module 9: Migrating User State by Using WET and USMT 4.0
Course 6294A
Tools for Migrating User State
User State Migration Tool
Windows Easy Transfer
Use one of the following migration tools: ü
Windows Easy Transfer (WET)
Key message: Explain the features of WET and USMT tools. Also mention in which scenarios these tools are used and what settings and data can be migrated using these tools.
This slide lists the two tools that can be used to perform migration and the elements that the students want to migrate.
Explain the difference between Windows Easy Transfer (WET) and User State Migration Tool (USMT). Explain that you use WET to perform a side-by-side migration for a single computer, or a small number of computers. And you use USMT when performing a side-by-side migration for many computers and to automate the process as much as possible, or to perform a wipe-and-load migration on the same computer.
Question: How do you migrate applications to Windows® 7?
Answer: You can migrate application settings, but you cannot migrate the application itself. You have to re-install your applications on the destination computer before you restore the application settings on that computer. ü
User State Migration Tool (USMT)
Identify which elements are to be migrated to the new operating system

39. Module 9: Migrating User State by Using WET and USMT 4.0
Course 6294A
USMT
To migrate by using USMT 4.0:
Collect Files and Settings from the Source Computer
Close all applications
Run ScanState command
Key message: Explain the process of migrating the user state by using USMT 4.0
USMT is a scriptable command-line tool that provides a highly-customizable user-profile migration experience for IT professionals. The following shows the components of USMT:
ScanState.exe: this scans the source computer, collects the files and settings, and then creates a store.
LoadState.exe: this migrates the files and settings, one at a time, from the store to a temporary location on the destination computer.
Migration .xml files: the .xml files used by USMT for migrations are the MigApp.xml, MigUser.xml, or MigDocs.xml, and any custom .xml files that you create.
The MigApp.xml file: specify this file with the ScanState and LoadState commands to migrate application settings to computers running Windows 7.
The MigUser.xml file: specify this file with the ScanState and LoadState commands to migrate user folders, files, and file types to computers running Windows 7.
The MigDocs.xml file: specify this file with the ScanState and LoadState tools to migrate all user folders and files that are found by the MigXmlHelper.GenerateDocPatterns helper function.
Custom .xml files: you can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior.
Config.xml: to exclude components from the migration, you can create and modify the Config.xml file using the /genconfig option with the ScanState tool.
Component Manifests for Windows Vista® and Windows 7: when the source or destination computer is running Windows Vista or Windows 7, the component-manifest files control which operating system settings are migrated and how they are migrated.
Down-level Manifest files: when the source computer is running a supported version of Windows® XP, these manifest files control which operating system and Internet Explorer settings are migrated and how they are migrated.
USMT internal files: all other .dll, .xml, .dat, .mui, and .inf files included with USMT are for internal use.
Explain the hard-link migration store. The new hard-link migration store is for use only in wipe and load migration. Hard-link migration stores are stored locally on the computer that is being refreshed and can migrate user accounts, files, and settings in less time using megabytes of disk space instead of gigabytes.
Explain the syntax and command line available for USMT.
Additional Reading: User State Migration Tool 4.0 1
Source Computer
Prepare the Destination Computer:
Install the operating system
Install all applications 2
Restore Files and Settings on the Destination Computer
Run the LoadState command
Log off 3
Destination Computer

40. Module 9: Migrating User State by Using WET and USMT 4.0
Course 6294A
Features of USMT 4.0
User State Migration Tool (USMT) 4.0 is a scriptable command-line tool that provides a highly-customizable user-profile migration experience
Benefits of USMT 4.0
Key message: Explain the benefits and key features of USMT 4.0.
USMT 4.0 provides the following benefits to businesses deploying Windows operating systems:
Migrating user accounts, operating system, and application settings safely. It is customizable and highly-scriptable, which increases automation for large deployment scenarios.
Reducing the cost of deploying the Windows operating system by preserving the user state. This reduces the time needed for users to become familiar with the new operating system and the time that is required to customize desktops and locate missing files and settings.
Reducing end-user downtime. This reduces help desk calls and increases employee satisfaction with the migration experience.
USMT 4.0 introduces the following new features:
Hard-link migration store: USMT 4.0 introduces hard-link migration store for use in refresh computer scenario. Hard-link migration stores are stored locally on the computer that is being refreshed. It can be used to migrate user settings and data in less time and requires less storage space.
Offline migration: USMT 4.0 enables you to collect data from an offline Windows operating system using the ScanState command in Windows® PE. In addition, USMT 4.0 supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the ScanState command in Windows PE or to Windows.old when you run the ScanState command in Windows.
Note: For complete information on new features of USMT 4.0, refer to What’s New in USMT 4.0 at
Explain the following scenarios where using USMT is not recommended:
Migrations that require end-user interaction
Migrations that require customization on a machine-by-machine basis
Safely migration of user accounts, operating system, and application settings
Reduces the cost of deploying Windows operating system by preserving user state
Reduces end-user downtime
New Features of USMT 4.0
Hard-link migration store
Offline migration

41. Module 9: Migrating User State by Using WET and USMT 4.0
Course 6294A
User State Data
Operating-System Components
Migrates operating system components to a destination computer that is running Windows 7 from computers that are running Windows XP, Windows Vista, or Windows 7
User Data
Folders from each user profile
Folders from the All Users and Public profiles
File types
Access Control List
Supported Applications
Only the settings that have been used or modified by the user ü
What USMT Does Not Migrate:
Application Settings:
Settings from earlier versions of an application
Local application settings
Microsoft Project settings when migrate from Microsoft Office 2003 to  2007
Operating-System Settings:
Mapped network drives, local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files
Shared folders permissions
Files and settings migrating between operating systems with different languages
Customized icons for shortcuts
Taskbar settings, when the source computer is running Windows XP
Key message: Identify the user state data that can be migrated using USMT 4.0
The first frame lists the User State Data that USMT migrates.
User Data: ScanState uses rules in MigUser.xml to collect everything in a user’s profile. It then performs a file extension-based search on most of the system for other user data. If the data does not match either of these criteria, the data will not be migrated. By default, USMT migrates the following user data and ACLs using the MigUser.xml:
Folders from each user profile: USMT migrates everything in a user’s profile including My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites.
Folders from the All Users and Public profiles: USMT also migrates the following from the All Users profile in Windows XP, or the Public profile in Windows Vista or Windows 7: Shared Documents, Shared Video, Shared Music, Shared desktop files, Shared Pictures, Shared Start menu, and Shared Favorites.
File types: the ScanState tool searches the fixed drives, collects and migrates files that have any of the following file name extensions: .accdb, .ch3, .csv, .dif, .doc*, .dot*, .dqy, .iqy, .mcw, .mdb*, .mpp, .one*, .oqy, .or6, .pot*, .ppa, .pps*, .ppt*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl*, .vsd, .wk*, .wpd, .wps, .wq1, .wri, .xl*, .xla, .xlb, .xls*.
Access Control List: USMT migrates the access control list for specified files and folders from computers that are running Windows XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will be preserved on the destination computer after the migration.
Operating-System Elements: USMT migrates operating system components to a destination computer that is running Windows 7 from computers running Windows XP, Windows Vista, or Windows 7.
To see the list of components that USMT migrates by default, see the Course Companion CD.
Supported Applications: it is recommended that all applications on the destination computer be installed before restoring the user state to make sure that migrated settings are preserved. The versions of installed applications must match on the source and destination computers.
The second frame shows the list of things that USMT does not migrate.
USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. In addition, USMT migrates only the settings that were used or changed by the user. If there is an application setting on the source computer that was not touched by the user, it may not migrate.
To see the list of application settings that USMT migrates by default see the Course Companion CD.
Note that the data that does not migrate using MigUser.xml includes: application settings, existing applications, and operation system settings.
Additional Information: For more information about specific features and application settings migrated, refer students to: What Does USMT Migrate?

42. Migrating User State by Using WET
Module 9: Migrating User State by Using WET and USMT 4.0
Course 6294A
Migrating User State by Using WET
To migrate by using WET:
WET is the recommended tool for scenarios in which you have a small number of computers to migrate
Store the Windows 7 WET files to be Used on the Source Computer
Migrate Files and Settings from the Source Computer to the Destination Computer by using:
Windows Easy Transfer cable
Network
Removable media or a network share 1 2
On destination computer:
Prepare for the migration on the destination computer
Click Next
Select transfer method
Close all active programs
Start Windows Easy Transfer
Click I need to install now (if source computer does not have WET)
Click This is my new computer 3 4 1 2 6 5
Select destination media and save WET files 7
Destination Computer
Transfer files and settings by using a network
Click A Network
Click This is my old computer
Start WET on the source computer
Click Next
On the destination computer, enter WET key and then click Next
WET creates WET key 3 4 1 2 6 5
Click Transfer and proceed with the wizard 7
Source Computer
Destination Computer
Key message: Describe how to migrate the user settings and data by using WET.
This is a build slide. Step through each frame of the slide as you explain how to migrate user settings and data by using WET.
Frame 1: This frame shows the high level procedure that you perform to migrate using WET. It consists of two high-level steps: preparing the migration and the migration process itself. Explain that you can use the following data transfer methods to transfer files and settings from a qualified operating system to Windows 7:
Use an Easy Transfer Cable.
Establish a network connection between the source computer and the target computer.
Use removable media such as a USB flash drive or an external hard disk.
Explain that depending on what transfer method you choose, the WET will show slightly different user interface. The subsequent frames explain how to prepare the migration and migrating using a network connection (second method).
Frame 2: Explain the steps to prepare the destination computer. Emphasize that if your destination computer already has WET, you do not need to install WET on it. Mention that you will only cover migrating using network connection in this topic.
Explain that Windows Vista has an older version of WET, while you can still use Windows Vista WET to migrate user state to Windows 7, you may want to use the latest functionality of Windows 7 WET. Obtain WET from a Windows 7 product DVD, or from any computer that is running Windows 7. Windows 7 WET includes a new file explorer that enables you to select which files to copy to your new PC. If Windows finds a file or setting it cannot work with, Windows 7 WET will complete the transfer and give you a full report of anything that fails to migrate.
Frame 3: Explain the steps to perform migration using a network connection. Mention the WET key here. Explain that this method requires that the source and destination computer be running at the same time, therefore, it is suitable only for side-by-side migration.

43. Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University of San Francisco / San Diego City College / Los Positas College 43

44. Evaluation Survey Link
Help us improve our seminars by filing out a short online evaluation survey at:

45. IT Series - Deploying Windows 7 with Free Tools
Thanks for attending
For upcoming events and links to recently archived seminars, check Web site at: