7. Creating the MDT database
To better automate image
deployments, you can take advantage of the MDT database. With it, you
may query for settings, roles, software assignments, and more based on
computer, location, or make/model. By leveraging this database, you can
dynamically provide details during a deployment that would otherwise
need to be manually input through the Lite Touch Installation wizards.
Alternatively, there are other methods to handle the various properties
that may be specified by the database (See the section "Understanding deployment rules" later in this chapter for details). To establish a deployment database, follow these steps:
NOTE
If you do not have a SQL server already, you may install SQL Server Express Edition, which is free and available online at www.microsoft.com/sql/editions/express/default.mspx.
However, if you are serious about Windows deployment, and you should
be, you will install a real version of SQL Server and make this database
part of your ongoing systems management infrastructure. This lets you
avoid the limitations inherent in Microsoft's free database tool. You
can, however, virtualize this role. For information on doing so, see Build a SQL Server Virtual Appliance at itmanagement.earthweb.com/article.php/31771_3718566_2.
Choose Deployment Workbench =>
Deploy =>
Database from the tree and click the New option from the actions pane on the right to start the New DB Wizard.
On the SQL Server Details page, enter the SQL Server Name and click Next. You may also optionally provide values for Instance
(the name of the instance of SQL Server to be used for querying
property values) and Port (if needed in your environment for
connectivity to the SQL server). You may also specify if Named Pipes or
TCP/IP Sockets should be used for server communications. In most
environments, the SQL Server Name will be the only field that requires
attention here.
On
the next page, Database, you can specify the name of a new database to
be created (or recreated) on the server and click Next to continue.
Optionally, if you have already established a database for this
purpose, you may choose Use an existing database that already contains
the required tables and views and choose from the list of databases
retrieved by the wizard.
On the SQL Share page, you can specify a SQL Share to be used by Windows PE to establish a secure connection to the server.
What share specified here is not important, only that a valid share is
specified which is accessible by the deployment account. Only the share
name should be specified, for example: admin$.
8. Configuring the MDT database
With the database created
and ready to go, the next step is to configure how it is to be used by
your deployment. There are a number of options here, and which of those
you choose depends greatly on your environment. This section provides a
walkthrough of the steps and options available for your consideration.
Choose Deployment Workbench =>
Deploy =>
Deployment
Points, right-click the Image Deployment point, and choose Configure DB
from the context menu to start the Configure DB Wizard.
On
the first page of the wizard, specify which of the computer-related
queries you want to configure and click Next. Choose from the following
options:
Query for computer-specific settings
Query for roles assigned to this computer
Query for applications to be installed on this computer
Query for SMS packages to be installed on this computer
Query for administrators to be assigned to this computer
Next
on the Location Options page, specify which location-related queries
should be configured and click Next. Choose from the following options:
Query for location names based on default gateways
Query for location-specific settings
Query for roles assigned for this location
Query for applications to be installed for this location
Query for SMS packages to be installed for this location
Query for administrators to be assigned for this location
Next
on the Make/Model Options page, specify which of the make/model-related
queries you wish to configure and click next. Choose from the following
options:
Query for model-specific settings
Query for roles assigned to computers with this make and model
Query for applications to be installed on computers with this make and model
Query for SMS packages to be installed on computers with this make and model
Query for administrators to be assigned to machines with this make and model
On
the Role Options page, specify which role-related queries you wish to
add and click Finish to complete the database configuration. Choose from
the following options:
Query for role-specific settings
Query for applications to be installed for this role
Query for SMS packages to be installed for this role
Query for administrators to be assigned for this role
9. Populating the Microsoft Management database
For the queries
specified in the previous steps to succeed, you must populate the
database with information about your target environment. Depending upon
your needs you may populate one or more sections of the database to
support your deployment. These sections are Computers, Roles, Locations,
and Make and Model. Following are the basic steps of adding a computer
entry. Note all follow the same interface for entry creation.
Choose Deployment Workbench =>
Deploy =>
Database =>
Computers
from the tree and click the New option from the actions pane on the
right to view the property form where you may specify the details of a
new computer entry in the database.
For an Asset tag, enter one or more values to identify the computer.
This represents the default primary method of identifying a computer on
this form, so (as in all form fields that require entry) a red circle
with an explanation mark inside is displayed alongside the field until
it contains required data. In this case, however, you may specify any
one of these key values to identify a computer (Asset tag, UUID, Serial
number, or MAC address). If an invalid value is specified, the field
indicator will blink until it is cleared or the value is properly
updated.
NOTE
If using MAC address, you must use all capitals and separate each two digits with a colon to satisfy the field requirement
The Details tab contains a list of the properties available for customization.
Because this is something to be done for each computer added to the
database, it is often desirable to enter a minimal number of unique
values. For example, ComputerName is very commonly specified in this way.
Click the Applications tab and then configure the applications to install and the order of the application installations.
Click the Packages tab, and then configure the packages to install and the order of the package installations.
Click the Roles tab and then configure the roles to associate with the computer.
Click
the Administrators tab, configure the accounts to be made members of
the local Administrator group on the target computers, and then click OK.
10. Understanding deployment rules
In addition to the
database method above, you can use other options to leverage the ability
to define properties such as the computer name or the local
administrator password. To specify general deployment options there are
other options that should be understood. Depending on your environment
or on the item to be defined, one or more of these other methods may be
desirable.
NOTE
There are a number
of standard properties available for customization, and each is
documented in the Toolkit Reference.doc file included in the Deployment
Process documentation. It should also be noted that you can define your
own custom properties if a standard property is not found that meets
your needs.
In addition to the database method described in the previous section, there are a few other ways you can assign values:
Hard-coded values
Variable substitution
Script functions
Dynamic keys
NOTE
The values are collected by a script which gets standard properties from its definition file (ZTIGather.xml). It then uses the CustomSettings.ini
file to determine what custom properties it should use as well as the
actual values for all of the properties required by the deployment.
Each of these methods is discussed briefly in the following section.
Using hard-coded values
One of the simplest ways to
specify values is to use hard-coded values in the CustomSettings.ini
file. For example, you could statically define the time zone (TimeZone)
to the desired time zone offset:
TimeZone=005
Using variable substitution
Similar to the method
above, you can also include variables to make hard-coded values more
dynamic. For example, you could statically define your logging share
(SLShare) to point to the "LOGS" folder on a currently connected SCCM
deployment point:
SLShare=\\%SMSDP%\Logs
Using script functions
Rules can call
script functions as well. A script known as the user exit script serves
as a function library. You may create your own script functions to
return desired values and then place them in a user exit script. These
custom scripts have full access to the global variables and can leverage
them in the creation of dynamic values. By placing the script in the
same directory as the customsettings. ini file, you can then reference
these functions with it by typing the function call along with any
desired parameters within pound symbols. For example, you may want to
assign the ComputerName based on information gathered from the Asset
Tag. To do so you would first create your UserExit script, and then
reference it in the CustomSettings.ini file as shown.
Example UserExit Script:
Function UserExit(sType, sWhen, sDetail, bSkip)
UserExit = Successfs
End Function
Function MakeName(sAssetTag)
Set wmiRoot = GetObject("WinMgmts:root/cimv2")
Set wmiColl = wmiRoot.ExecQuery("Select * FROM Win32_ComputerSystem")
For Each wmiObj In wmiColl
sMan = wmiObj.Manufacturer
Next
Select Case sMan
Case "Dell Inc."
sManCode = "D"
Case "Compaq"
sManCode = "C"
Case "HP"
sManCode = "H"
Case Else
sManCode = "U" ' unknown
End Select
MakeName = sManCode & "-" & sAssetTag
End Function
The preceding MakeName
function is intended to determine the computer's manufacturer and then
use a single character identifier and the asset tag passed to the
function to return a name meeting the organization's desired naming
convention. In order to make use of this, the above would be saved as
UserExit.vbs and then placed in the same folder as the
CustomSettings.ini file. The CustomSettings.ini file would finally need
to be updated to reference the script and function as shown in the
following example:
Example CustomSettings.ini Segment:
ComputerName=#MakeName("%AssetTag%")#
UserExit=UserExit.vbs
Using dynamic keys
Rules can also be
selected based on the value of dynamic keys. The following example will
return the computer name "LabSystem01" if the MAC Address is
"00:03:FF:39:CC:67".
[Settings]
Priority=MACAddress,...
[00:03:FF:39:CC:67]
ComputerName=" LabSystem01"
In the example above, the
settings section leads with Priority which can list multiple methods for
identifying a system in order of how they should be used. Many other
values would also be listed in the setting section of
CustomSettings.ini, but it is simplified here for clarity. The second
section is actually that of a valid MAC address on the network. The
values in this section are used when the computer's MAC address matches
that of the section name (00:03:FF:39:CC:67).
11. Configuring LTI deployment for full automation
Even specifying many of
these values for the setup, the wizard dialogs will still be displayed
by default. The good news is that you have very granular control over
what elements of the wizard are displayed by adding properties to the
CustomSettings.ini file. In fact, the SkipWizard property results in
suppression of the entire Windows Deployment Wizard. To skip individual
pages, the following properties are available:
SkipAdminPassword
SkipApplications
SkipAppsOnUpgrade
SkipBDDWelcome
SkipBitLocker
SkipBitLockerDetails
SkipBuild
SkipCapture
SkipComputerBackup
SkipComputerName
SkipDeploymentType
SkipDomainMembership
SkipFinalSummary
SkipLocaleSelection
SkipPackageDisplay
SkipProductKey
SkipSummary
SkipTimeZone
SkipUserData
Although the names of most
properties are self-explanatory, just what is available requires a bit
of searching the Toolkit Reference.doc file, which is included in the
Deployment Process documentation. Here, each of the available properties
is documented in some detail.
|
When you update your
deployment, such as making changes to the CustomSettings.ini file, it is
necessary to right-click the update deployment point and choose Update
to commit the changes. At this point you will also want to update your
LTI media (ISO file, CD, USB device, and so on).
|
|
12. Deploying the custom image
Now you can deploy your
image. The steps are nearly identical to that of when you prepared your
reference system for imaging, but this time you are dealing with a
production deployment. For testing you can stick with a virtual machine,
or you can apply the LiteTouchPE.iso image to a CD or portable USB
memory drive in order to use this same procedure in the deployment of
physical systems. Just be sure to update the deployment point and use
the updated version of the LiteTouchPE.iso file moving forward.
Choose Deployment Workbench =>
Deploy =>
Deployment
Points, right-click the deployment you have been working with, and
choose Update to re-create the file structure and support file.
Copy the LiteTouchPE_x86.iso image from the deployment point's distribution share to your local computer (for example, \\server\distribution$\Boot\ LiteTouchPE_x86.iso).
Configure your virtual machine to boot from this ISO file by mounting it as a CD image. Alternatively, you could burn the ISO image to a CD.
Boot the virtual machine from the mounted ISO image.
Alternatively, if you burned the ISO to a CD you may boot from it in
order to load the Lite Touch image. Depending on how you have customized
the deployment values and what wizard pages you have suppressed, the
Windows Deployment Wizard will prompt for the values as specified.
