Shulou(Shulou.com)06/03 Report--

Yesterday I saw a demonstration about WDS deployment in 51cto moments. Referring to the step by step above, I found a lot of problems, among which I encountered a problem in how to capture the encapsulated windows server 2003, that is, when I was making a boot image of winpe, I added it to the installation image and found that it always reported an error. Later, I was going to write a technical reference blog post about this, and found that I had figured it out. The second point is that when adding a network card driver, if the driver package cannot be installed without the signature certified by Microsoft Windows Lab (WHQL), this is a thorny problem. I believe there is a solution to any problem, but it is only a matter of time. If this problem cannot be solved, then this demonstration appears to be very chicken rib. This demonstration is limited to the signed network card driver certified by WHQL. Can be installed on the corresponding machine, and the other has no effect, this is too lame, I tried two methods on the Internet did not work, through the group policy to ignore the visa, no effect, press F8 to disable the unauthorized driver visa also has no effect, I do not know if the certificate issued to myself in my own local is subject to this restriction, anyway, this demonstration is of little practical value Think of it as how to use the WDS service.

Topology diagram: (drawn using the billion map tool)

Concept:

First of all, let's ask the question, what is the purpose of WDS, and why is it necessary to build WDS services?

OK, let me give you a simple answer. WDS Service is the abbreviation of Windows Deployment Service. It is a tool for mass distribution and deployment of operating systems. The purpose of using this tool is to simplify the installation of operating systems, save time and energy.

Scene analysis

If a company needs to install 510 units, it must be solved by using a flash drive to install the machine directly. it doesn't matter if you use that method, you don't feel anything, you just get tired one by one and waste a little time.

What if a company needs to install 50 million, 100, or even 500?

The problem comes, for the quantity is small, any method is easy to solve, the quantity is large, the problem comes, this is the rhythm of the dead, can you install 500 sets without eating or drinking in a day? Even with 10 USB drives, you can't solve the mutual copy installation, so batch installation is necessary.

Environment:

The choice of hardware is very important. if it is deployed in large quantities, there are still requirements for hardware. the performance of the server you build should be very high, the network environment, the switch should not be too bad, and gigabit network ports should be needed. This is beside the point here.

1. For a computer, it is recommended to install the operating system of windows server 2008 R2 or windows server 2008. The download address is available below.

My computer is configured in the following environment, which is installed in a real machine, not a virtual machine in vmware workstation.

Operating system Windows 2008 R2 Server Enterprise 64-bit SP1 (DirectX 11)

Processor AMD A10-7870K Radeon R7, 12 Compute Cores 4C+8G quad core

Motherboard engraved with MS-A88FX FS M.1 (AMD K15)

Memory 8 GB (unknown DDR3L 1600MHz)

Primary hard drive BR240G (240GB / solid state drive)

2.win7 Mirror

Download address:

If https://msdn.itellyou.cn/ has Xunlei, it is very convenient. If not, it is not recommended. It has been waiting too long, but with md5 verification, it is more secure.

Http://www.panduoduo.net/ this strong suggestion, for example: windows 7 iso, you can download what you need, but the defect is that there is no md5 verification, there may be some risks

3. You can download the Nic driver from the official manufacturer that provides the motherboard, or you can download it through the brand model of the computer. The suggestion is to use the driver of the original system, Master Lu, or driver Life, to make a local backup, and then get this backup ready.

I have not tried the 4.AIK tool successfully here, but I can recommend you to download it. I suggest you try it with the windows server 2008 system.

Download https://technet.microsoft.com/zh-cn/ from the link here. If you are very interested in Microsoft, you can also learn some of the latest dynamic technologies.

The general idea is to say:

Install the active Directory Service, or AD (Active Directory)

To install the DHCP service and deployment service

Enable the client and install the operating system on the client

Details:

Before installing the active Directory service, it is recommended to modify the host name or not. The purpose of attention is to facilitate identification.

To configure a static IP address, you must configure it in advance, otherwise it will be a waste of time to modify it later, so these details must be prepared in advance, otherwise modification will be a headache.

To configure DNS,DNS, fill in the address of the DHCP server. The address of the local DHCP server is 192.168.1.101.

When you install AD, the first time you create a domain, you must create a new scope, otherwise there will be a problem. If so, go back to the front to see if you have joined the domain, and fill in the server of the domain controller if you have joined the domain.

Address, this scope, can only be used as an additional scope, or auxiliary group scope. If you do not join the domain, there must be a problem with the setting of the computer name. Modify it, then restart it, and then add it. This problem will be solved.

Authorization to start the DHCP server

Set the active directory restore password, this password is not the password of this active directory server, can be the same, it is not recommended, this active directory restore password must be a little more difficult, why? It is very dangerous to prevent the built active directory server from being deleted directly, causing the entire domain controller to lose its function, but it doesn't matter if I demonstrate it here.

When installing winpe, choose to add the winpe boot program to the boot image, which is used to capture the image. Just take the name capture. Any pure version of the system you want to customize can be used in a similar way. In the same way, it cannot be used to guide the installation of a real machine. This is equivalent to booting into windows's pe system after plugging into the USB disk. Therefore, it must be distinguished from the boot program booted by the installation system, and the boot boot is divided into the system booted by the x86 architecture and the system started by the x64 boot program, so when you choose the installed AIK package, choose the corresponding architecture. Because the windows server 2003 captured here is x86 architecture, I choose x86 winpe, and the capture here is better modified to capture x86, so capture x64 Of course it's better to name capture x64.

When downloading AIK, you need to choose to download the version that supports windows server 2008, that is, the address provided here, https://www.microsoft.com/zh-CN/download/details.aspx?id=9085,. Otherwise, you will find that when you enter the system for capture, you do not have it when you enter the wdscapture command. You need to uninstall it and download it again.

After capturing the installation image of windows server 2003, here we need to restart the windows deployment service. In the installation image column, you will have the system installer for windows 2003.wim.

After completing the above windows 2003.wim system program, I now need to verify my installation process on the virtual machine, so I need to download a 32bit image of win7, then decompress it, and add the system boot boot in the boot image. I think it is more appropriate to name it boot 32bit here, so there are up to four boot images in the boot image, namely capture 32bit capture 64bit boot 32bit boot 64bit. This is the most reasonable. There is something wrong with what I am doing here, and it does not affect my effect.

When the real client demonstrates how to deploy and install the operating system through WDS, enter F2 or F3. The function keys for each version of the motherboard to enter the BIOS system are different, some are F11, some are F6, some are F12. After entering, change the boot sequence of BIOS's windows boot, first turn on the network boot service, then change the order of the network startup service, and set the network boot to the top. Similarly, in the virtual machine, you also need to modify the boot sequence through BIOS boot.

If you want to demonstrate the installation of the operating system through a virtual machine, modify the mode of the network to bridge mode, so that you can get the IP address assigned by the real machine. When determining that the virtual machine can get the address, check the DHCP service to see if there is a leased address in the address pool. Then ping, the ping command is the most commonly used and most used command in the network. Especially in the company, whether you are engaged in network engineer, network management, operation and maintenance engineer, this is a necessary tool, very practical

If you want to deploy the operating system through a real machine, driving this level is a big problem. If the manufacturer's movement of the motherboard you are using is authorized by Microsoft, then congratulations. This is too worthwhile for you. It is simply tailor-made for you. Congratulations. If you want to install the operating system in batches in the future, you can do it this way, although it is not perfect. It is not as straightforward as unmanned installation, nor is it easy to operate with one button ghost. Of course, it still has a lot of advantages in terms of batch, which is worth affirming.

Demo process:

Step 1: install the active Directory service

Modify the computer name to facilitate later maintenance and identification

two。 Manually modify the IP address and set the DNS address

Because when configuring the DHCP server, the address of the DHCP server must be set to manual, and the client needs the DHCP server to assign the address; when building the active directory, you must specify DNS, otherwise there is a problem with the built active directory, so the DNS server must specify a fixed IP address, and the DNS server is used for name resolution.

3. Add active Directory service

Check the Active Directory domain service

Pay attention to whether the installation of .NET Framwork is successful or not, and you need to install it later.

Second, install DHCP services and deployment services

1. Configure DHCP service and windows deployment service

Add DHCP server and Windows deployment server

Fill in a name for the DHCP server and try to express what it is used for, for example, to deploy the windows operating system in batches. The one I fill in below is problematic and there is no installation standard.

IPv6 is disabled here to prevent broadcast spread time from being extended when using DHCP servers.

Okay, now the DHP server and the widnows deployment service are set up.

Third, set up an active directory server

Configure the active Directory server

Here I add it directly through the graphical way. You can do it as easily as possible, or through commands, such as typing "dcpromo" in the run.

Note that when you create an active Directory server for the first time, be sure to select "create a domain in the new forest", which is both the root domain and the first domain controller

The name of my active directory scope here is: abc123.com. Note that when you choose a name here, you can't pick it casually. You must think about it in advance. After taking a point, you can't modify it. If you want to modify it, you have to change it every place, so you must be careful. You don't want to use the DHCP server above. If you choose the wrong name, you'll be done.

I have a little problem here, which does not affect this demonstration. For example, my NetBIOS name here has been changed to abc1230.com.

It is best not to do things that are thankless and must be planned and prepared in advance.

Click "Yes" here to build the active Directory server and the DNS server at the same time.

Since it can be restored to an ordinary computer, how terrible you think this is. I think there is something wrong with the design of Microsoft here. I don't know what I think. Just pay attention to this.

In order to make you understand more clearly, I have cut off the help. I can take a look at the last place where I marked it.

OK, active Directory and DNS servers are all set up.

The following must restart the computer before the active directory will take effect. Click "restart".

IV. Manage deployment servers

Note that after the DHCP server is built, you must click "authorize", otherwise the client computer will not be able to get the IP address.

Now to configure the windows deployment server, first add the server

There is only one domain controller here, just choose the local machine.

After the addition is completed, the server configuration begins.

Remote installation folder, this is a random disk, it is recommended to put it on a disk other than the system disk, which stores some deployed startup files, network drivers and so on, and it is better to put it on other disks. if you need to deploy a lot of operating systems, it will still take up some disk space, and security considerations should not be placed on the system disk.

Check both of these two options. DHCP port 60 here is easier to be occupied by other servers. If the client cannot get the IP address, you can check this item.

I don't pay so much attention here. Let's choose all of them.

Whatever you want here, remove the tick first and add it later

Now we complete the preparation for "installing the image" in the widnows deployment server.

Select "add installation Image" in the installation image

Here is the image group for creating the installation image. For easy identification, write more specific.

This is the unzipped image path, which is very clear. I didn't build a folder on disk D, take the name install, and copy the install.wim and boot.wim files in the image to this new folder as I did on the Internet. As mentioned earlier, you can do whatever is convenient, as long as the principle is known.

This is the installation image of windows Server 2008 R2 added on.

Let's start adding a boot image.

As above

This name is the name of the installation system that appears by pressing F12 when starting the client machine. This should be written in more detail so that it is easy to choose.

5. Install AIK below

The path to winpe

Note that you must choose to add a boot image here

I'll take capture as the name here. In fact, it's better to fill in capture 32bit. This is the wipe bootstrap of 32bit.

VI. Encapsulate windows server 2003

Mount the CD of windows server 2003, and copy the two files sysprep.exe and setupcl.exe from it to the root directory of disk C. these two files are encapsulated windows

For the important files of the server 2003 operating system, before encapsulating the operating system, install .NetFramework and MSXML in the operating system that operates windows server 2003, such as the installation package I use.

It must be set to boot from the network card.

7. Start capturing the system image of windows server 2003

Be sure to choose "bridging mode" here.

After turning on the virtual machine, when F12 appears, press F12 to enter the selection interface. Here I choose capture because I want to capture the system image of windows server 2003.

Select capture

There is a problem in my place, which is caused by repeatedly pressing the shutdown button, but turn it off again, restart it, and then enter it again.

The wdscaputure tools for this place can be found in the download AIK address provided.

Here I need to capture the image of the system disk. By default, the system is installed under the root directory of disk C, and the image name should be filled in the actual captured system version name, such as windows 2003.wim.

The following is the address of the image server (the host that built the AD). Fill in its address, that is, 192.168.1.101. The verification account abc123\ administrator that needs to be provided is the password of the management account of the host that built the AD. The image files captured here will be automatically transferred to the E:\ RemoteInstall\ Images\ Windows Server 2003 directory.

I created the image group name first, ha, so there is, of course, I chose to put it in this, so I should be ready for this work in advance. If it is not created, you can create this group in the installation image first. Then do it again and you can choose.

It is found that there is a finished image here. Refresh the windows deployment service and there is a corresponding option in the installation image. There is no need to re-add it.

As shown below

Next, you need to add a boot image. Here, I first down a win7 32bit image file on the Internet, then decompress it, and then add the boot boot file as shown below, as shown below:

The name here can be changed to boot 32bit. I didn't think about it so much at that time. It was only equivalent to the boot used to install windows server 2003.

Now there is an x86 boot driver in the boot image, that is, windows 2003 (x86)

8. Install the operating system windows server 2003 made using winpe capture

You need to provide a windows domain account login to install

There are so many operating system versions here that I choose windows server 2003.

Choose to install in partition 0, the first 1 disk, that is, system disk C

Below, if you really want to install, you must have the format words. Here, if you are demonstrating this step in the real machine, the installation can basically be passed, so whether you install it or not depends on you. After the general format here, you really start to install the system again. The behavior of format words has no room to go back on its promise. Be careful when you format your hard disk, the data is precious. The cost of getting it back after formatting is very high, sometimes it may not be found, and the risk is very high, so don't use the format to install the system. By the way, I am a virtual machine. It doesn't matter. I still want to see what the final result will be, so I click "OK".

The latter operation is basically the next step, until it is completed, so it will no longer be shown one by one.

9. Deploy the win7 operating system on the real client (the Nic driver of my desktop is not authorized at present, so show me how to use it.)

After windows vista, the installation files of the operating system are install.wim and boot.wim, so the capture process of the image is omitted and can be used directly. The crux of the problem is to solve the problem of the driver signature of the motherboard network card. If your motherboard network card supports the signature authorized by Microsoft, congratulations, this experiment is helpful to you. The motherboard of my gigabyte H110M-S2 desktop does not support it. The inscription MS-A88FX FS M.1 (ADM K15) motherboard of this desktop I demonstrated is also supported. After all, they are all assembled machines, deployed Dell, Lenovo machines, HP machines, Asustek machines, like brands dare not fake, copyright issues are legal issues, the fine for using piracy is quite severe, so this bottleneck problem is here. If everyone is a brand, then the installation is basically safe and sound. It's called a refreshing one.

Failed to add network card driver

You only need to add the Nic driver, and you don't need to add the rest. For example, the Nic driver is as follows:

Ignoring the installation of the driver package by using group policy, it is found that it still does not work.

If you choose to ignore it here, it will not work either. Press F8 to disable the driver package signature installation by rebooting the system, and it will not be demonstrated.

The client needs to modify the BIOS, set the network startup to the top, and then the following phenomenon will appear, and then when F12 appears, just press F12

Choose to install the 64-bit operating system, windows 7 (x64) and windows server 2008 (x64) here, which one is the same, the meaning is the same, it is used as the system boot of x64 architecture, there is no difference, the startup interface is different, only this difference, so it is better to change it to boot 64bit before, after this step, you can choose which system to install.

Here is the problem of the network card driver. The network card driver signature of my assembly machine is not authorized and cannot be installed. This is the process of the demonstration. If it is a brand machine, it can be directly implemented here. This demonstration ends here. There are many knowledge points involved.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.